Automating Updates

The recommended approach to automating updates to Altis is to use GitHub's Dependabot feature. This feature is provided for free by GitHub.

The service monitors the dependencies in your project and creates automatic pull requests whenever there are updates. This will help you to keep your projects healthy and always running the latest patch release of all Altis modules.

Setting Up Dependabot

To get started create a dependabot.yml file in your project's .github directory, or if you already have an existing dependabot.yml, add the following config to it.

The minimum recommended configuration for Altis updates is as follows:

version: 2
updates:
# Enable version updates for Altis modules
- package-ecosystem: composer
  # Look for `composer.json` and `composer.lock` files in the `root` directory
  directory: /
  # Create pull requests for updates (if any) once a day:
  schedule:
    interval: daily
  versioning-strategy: lockfile-only
  # Ensure all Altis modules recieve update PRs
  allow:
  - dependency-name: altis/*
  - dependency-type: all
  # Increase limit to number of Altis modules
  open-pull-requests-limit: 15

Finally commit this file to your repo, and you're done.

Automatically Merging Dependabot PRs

You can also optionally use the Dependabot Auto Merge GitHub Action to automatically merge Dependabot Pull Requests for Altis modules.

To get started add the following to a new workflow called .github/workflows/auto-merge.yml:

name: auto-merge

on:
  pull_request_target:

jobs:
  auto-merge:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: ahmadnassri/action-dependabot-auto-merge@v2
        with:
          github-token: ${{!span!}}

Secondly to target Altis modules only add a config file called .github/auto-merge.yml with the following configuration:

- match:
    dependency_name: altis/*
    dependency_type: all
    update_type: semver:patch

Further Configuration

There are many more configuration options available and you can add additional update rules for different package ecosystems like npm to this file as well.

The full Dependabot configuration documentation can be found here.