Keeping your .nvmrc
file up-to-date ensures your project always uses the latest Node.js version. While Dependabot is a fantastic tool for managing dependencies, it doesn't handle .nvmrc
files. This can be achieved using a GitHub Action.
Keeping your .nvmrc
file updated is not just about staying current; it’s about ensuring your development environment is consistent and reliable. By leveraging GitHub Actions, you can automate this process, reducing the risk of errors and saving valuable time. This guide will walk you through setting up a workflow to handle .nvmrc
updates seamlessly.
Create a GitHub Actions workflow file (e.g., .github/workflows/update-nvm-rc.yaml
) with the following steps:
.nvmrc
file..nvmrc
: If a new version is available, update the file with the latest version..nvmrc
file, including details about the version change.name: Update Node.js
on:
schedule:
- cron: "0 11 * * *"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
update:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Get current Node.js version
id: current_version
run: echo "version=$(cat .nvmrc)" >> "$GITHUB_OUTPUT"
- name: Set version in .nvmrc
id: latest_version
run: |
version=$(curl -s https://nodejs.org/download/release/index.json | jq -r '[.[] | select(.lts != false)][0].version')
echo "${version}" > .nvmrc
echo "version=$(cat .nvmrc)" >> "$GITHUB_OUTPUT"
- name: Create pull request
if: steps.current_version.outputs.version != steps.latest_version.outputs.version
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
title: "Bump Node.js from ${{ steps.current_version.outputs.version }} to ${{ steps.latest_version.outputs.version }}"
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: "Bump Node.js from ${{ steps.current_version.outputs.version }} to ${{ steps.latest_version.outputs.version }}"
author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
sign-commits: true
branch: update-nodejs
add-paths: .nvmrc
body: |
This PR updates the Node.js version in `.nvmrc` from `${{ steps.current_version.outputs.version }}` to `${{ steps.latest_version.outputs.version }}`.
- https://github.com/nodejs/node/releases/tag/${{ steps.latest_version.outputs.version }}
- https://github.com/nodejs/node/compare/${{ steps.current_version.outputs.version }}...${{ steps.latest_version.outputs.version }}
on
types:schedule
: This triggers the workflow at a specific time interval, defined using a cron expression. In this case, it runs daily at 11:00 UTC.workflow_dispatch
: This allows the workflow to be triggered manually via the GitHub Actions interface, providing flexibility for on-demand updates.The workflow requires specific permissions to function correctly. The contents: write
permission allows the workflow to push changes to the repository, such as updating the .nvmrc
file. The pull-requests: write
permission is necessary to create and manage pull requests for these updates. These permissions are scoped to the update
job to ensure minimal access.
Using a SHA1 hash instead of branches or tags ensures your workflow uses a fixed, immutable version of the action. This guarantees stability by avoiding unexpected changes and enhances security by preventing supply chain attacks. Always verify the SHA1 hash from a trusted source.
If you prefer to use the latest Node.js release instead of the LTS version, modify the workflow step that fetches the version. Replace the filter [.[] | select(.lts != false)][0].version
with [0].version
to always get the latest release.
Imagine this: You’re working on a critical project, and suddenly, a teammate encounters an issue because they’re using an outdated Node.js version. Time is wasted troubleshooting, and the team’s momentum is disrupted. Now, picture a different scenario: Your .nvmrc
file is always up-to-date with the latest stable Node.js version, thanks to a GitHub Action. No more manual updates, no more inconsistencies, and no more wasted time.
With this GitHub Action, you can:
This GitHub Action is your silent teammate, working in the background to keep your project running smoothly. Say goodbye to version mismatches and hello to a more efficient development process.
.nvmrc
files to manage Node.js versions.