自动更新项目依赖项的最佳方法是什么 [英] What is the best way to authomatically update project dependecnies
问题描述
我希望我的一些依赖关系是最新的,并且我想确保只要有依赖关系的新版本,我的项目就使用该依赖关系的最新版本。我想在我的持续集成管道中运行一个作业,以便更新我的依赖关系并在项目中运行所有测试,以确保在更新过程中没有发生任何不良情况。
I want some of my dependencies to be up-to-date and I want to make sure whenever there is a new version of my dependencies, my project uses the last version of that dependencies. I want to run a job in my Continuous Integration pipeline in order to update my dependencies and run all test in my project to make sure nothing bad happened during update. It can help us to overcome security vulnerabilities sooner And make changes to my project continuously.
推荐答案
幸运的是,经过大量的搜索和支出,它可以帮助我们更快地克服安全漏洞并不断对我的项目进行更改。很多时间,我发现了一个非常有用的开源工具,并且想在这里与其他寻求解决方案的人分享。有一个名为 Renovate 的工具,它独立于语言,可与所有软件包管理器(如maven,npm,pip和任何其他软件包管理器)一起使用。它已在github和gitlab中使用,也可以在自托管gitlab中使用。
Fortunately after a lot of search and spending lots of time I found a very useful open source tool and I want to share it here for anyone else looking for the solution. there is a tool out there which is called Renovate it is language independent and works with all package managers like maven, npm, pip, and any other package manager. it is already used in github and gitlab and it can also be used in self-hosted gitlab.
工作原理:
它检查您的项目是否有依赖项更新,并且是否有任何可用于您的依赖项的更新,它会为您创建新的合并请求(带有这些更新),并且您可以将管道设置为在合并请求上运行并确保所有操作在更新后就可以了。
It checks your project for dependency update and if there is an update available for any of your dependencies it create new merge request for you (with those update) and you can set your pipeline to run on merge requestour and make sure everything is OK after update.
可以使用Renovate CLI进行不同的安装方式,并且还提供了一个docker映像。
there are different ways for installing it you can use Renovate CLI and also there is a docker image available.
此处是链接:
https ://resources.whitesourcesoftware.com/blog-whitesource/welcome-to-whitesource-renovate
这是gitlab项目链接: https://github.com/renovatebot/renovate
and here is the gitlab project link: https://github.com/renovatebot/renovate
那里是该项目的绝佳文档: https://docs.renovatebot.com/
And there is a great doc for this project: https://docs.renovatebot.com/
这篇关于自动更新项目依赖项的最佳方法是什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
