Contents
Outline
GitHub provides the Dependabot feature. When you use it on GitHub, you can check periodically the versions of the packages, and libraries in the project, and create the Pull request automatically if there is a new version.
- GitHub Dependabot: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
Recently, GitHub Dependabot supports the pub package manager for Flutter/Dart.
- GitHub Changelog: pub beta support for Dependabot version updates
In this blog post, I will introduce how to use GitHub Dependabot to check the versions of the packages in Flutter, and update it automatically.
Configure Flutter Dependabot
To use GitHub Dependabot, you need to create the .github folder in the root directory of the project, and then, create the dependabot.yml file.
If you create the .github/dependabot.yml file, open the file and modify it like the below.
version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "pub"
directory: "/"
schedule:
interval: weekly
time: "09:00"
timezone: Asia/Tokyo
open-pull-requests-limit: 5
The supporting the pub package manger is beta, so we need to configure enable-beta-ecosystems: true.
If you use a lot of packages in your Flutter project, too many Pull requests may be created, which can interfere with your work. So, you can configure the open-pull-requests-limit: 5 option to limit the number of Pull requests, and configure the schedule option to execute Dependabot at specific intervals.
Configure Android Dependabot
Android manages the versions of the libraries by Gradle. So, you can add the Gradle Dependabot to manage the libraries of Android. Open the .github/dependabot.yml file and modify it like the following to add Gradle Dependabot.
version: 2
enable-beta-ecosystems: true
updates:
...
- package-ecosystem: "gradle"
directory: "/android"
schedule:
interval: weekly
time: "09:00"
timezone: Asia/Tokyo
Configure iOS Dependabot
iOS manages the versions of the libraries by CocoaPods. However, unfortunately Dependabot does not provide iOS Dependabot. You can check the languages that Dependabot supports on the official document.
- Official document: GitHub language support
Check
After configuring the .github/dependabot.yml file, upload it to GitHub.(merge it to main branch.) Then, you can see the Pull request is created automatically when the version of the package is updated at specific intervals like the below.
When you open the Pull request, you can see the Release notes and Commits of the updating.
When you open each sections, you can see the details about them.
- Release notes
- commits
This allows you to check the changes in the new version and to see the scope of impact on your project.
When you open the File changed tab, you can see the pubspec.yaml and pubspec.lock files are changed.
GitHub Actions
Now, you can get an auto-generated Pull request from GitHub Dependabot when there is a new version of the package. When you get the Pull request, you’re debating whether or not to merge it. At this time, if you configured GitHub Actions to execute the Linter and test code of Flutter, you can easily check whether the Pull request is OK or not.
Also, you can write the following contents to the .github/dependabot.yml file to check the versions of Actions in GitHub Actions by `Dependabot.
version: 2
enable-beta-ecosystems: true
updates:
...
- package-ecosystem: github-actions
directory: "/"
schedule:
interval: weekly
time: "09:00"
timezone: Asia/Tokyo
Completed
Done! we’ve seen how to use GitHub Dependabot to check the versions of the packages in the Flutter project, and update it automatically. From now, please use Dependabot to keep the versions of the packages in the Flutter project up to date.
Was my blog helpful? Please leave a comment at the bottom. it will be a great help to me!
App promotion
Deku.Deku created the applications with Flutter.If you have interested, please try to download them for free.
