GitHub provides the
Dependabto feature. When you use it on
GitHub, you can check periodically the versions of the packages, and libraries in the project, and create the
Pull request automatically if there is a new version.
- GitHub Dependabot: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
GitHub Dependabot supports the
pub package manager for Flutter/Dart.
- GitHub Changelog: pub beta support for Dependabot version updates
In this blog post, I will introduce how to use
GitHub Dependabot to chec the versions of the packages in Flutter, and update it automatically.
Configure Flutter Dependabot
GitHub Dependabot, you need to create the
.github folder in the root directory of the project, and then, create the
If you create the
.github/dependabot.yml file, open the file and modify it like the below.
version: 2 enable-beta-ecosystems: true updates: - package-ecosystem: "pub" directory: "/" schedule: interval: weekly time: "09:00" timezone: Asia/Tokyo open-pull-requests-limit: 5
The supporting the
pub package manger is
beta, so we need to configure
If you use a lot of packages in your Flutter project, too many
Pull requests may be created, which can interfere with your work. So, you can configure the
open-pull-requests-limit: 5 option to limit the number of
Pull requests, and configure the
schedule option to execute
Dependabot at specific intervals.
Configure Android Dependabot
Android manages the versions of the libraries by
Gradle. So, you can add the
Gradle Dependabot to manage the libraries of Android. Open the
.github/dependabot.yml file and modify it like the following to add Gradle Dependabot.
version: 2 enable-beta-ecosystems: true updates: ... - package-ecosystem: "gradle" directory: "/android" schedule: interval: weekly time: "09:00" timezone: Asia/Tokyo
Configure iOS Dependabot
iOS manages the versions of the libraries by
CocoaPods. However, unfortunately Dependabot does not provide iOS Dependabot. You can check the languages that Dependabot supports on the official document.
- Official document: GitHub language support
After configuring the
.github/dependabot.yml file, upload it to
merge it to
main branch.) Then, you can see the
Pull request is created automatically when the version of the package is updated at specific intervals like the below.
When you open the
Pull request, you can see the
Release notes and
Commits of the updating.
When you open each sections, you can see the details about them.
- Release notes
This allows you to check the changes in the new version and to see the scope of impact on your project.
When you open the
File changed tab, you can see the
pubspec.lock files are changed.
Now, you can get an auto-generated
Pull request from
GitHub Dependabot when there is a new version of the package. When you get the
Pull request, you’re debating whether or not to merge it. At this time, if you configured
GitHub Actions to execute the
Linter and test code of
Flutter, you can easily check whether the
Pull request is OK or not.
Also, you can write the following contents to the
.github/dependabot.yml file to check the versions of
GitHub Actions by `Dependabot.
version: 2 enable-beta-ecosystems: true updates: ... - package-ecosystem: github-actions directory: "/" schedule: interval: weekly time: "09:00" timezone: Asia/Tokyo
Done! we’ve seen how to use
GitHub Dependabot to check the versions of the packages in the Flutter project, and update it automatically. From now, please use
Dependabot to keep the versions of the packages in the Flutter project up to date.
Was my blog helpful? Please leave a comment at the bottom. it will be a great help to me!
Dekucreated the applications with Flutter.
If you have interested, please try to download them for free.