Bit components used or maintained in your repository might have newer versions available in their remote scopes. These component changes can be introduced by other collaborators who maintain these components outside of your repository.
For this reason, we recommend that updates to the main branch, including those originating from the components' remote scopes, should be made via the standard feature-branch workflow.
- Create a new feature branch
- Update components in the repository with the latest versions from the remote scopes
- Commit and push the changes to the remote repository
- Create a pull request and merge the changes to the main branch
See the Automated updates section for an automated workflow.
External dependencies are Bit components or packages that are not maintained in the repository, but are consumed by components in the repository.
Repositories without a Bit workspace can update their external dependencies, components and packages, using the standard package manager commands.
To update dependencies to their latest version within the permissible range, as listed in the workspace.jsonc or package.json files, run the following command:
Note that component-to-component dependencies are always concrete. That means, that a component's dependency graph will include version ranges for packages, but will only include concrete versions for components.
When updating external dependencies based on a range, the range for component versions will only be read from the workspace dependency policy or the package.json file, but not in the component's dependency graph.
For example, the following workspace dependency policy permits updating the @my-org/design.icon dependency (component) to any version within the ^1.1.0 range (i.e, 1.1.0 up to 2.0.0 - excluding 2.0.2):
/* @filename: workspace.jsonc */ { "teambit.dependencies/dependency-resolver": { "policy": { "dependencies": { "@my-org/design.icon": "^1.1.0" } } } }
Assuming the latest available version is 1.1.1, the output for the previous command should be:
dependencies:
- @my-org/design.icon 1.1.0
+ @my-org/design.icon 1.1.1
This option is particularly useful when component dependencies are not listed in the workspace dependency policy or the package.json file.
As mentioned earlier, a component's dependency graph will only include concrete versions for components. In this case, updates withing a range will not be possible.
Run the following command to update external dependencies in your repository:
Use the
--yesflag to skip the interactive prompt, and accept all available updates.
The interactive prompt displays the available updates for dependencies listed in your workspace.jsonc, but also for dependencies that are read from the component snaps.
For example, the following prompt lists two available updates, and the Bit components that will be affected by these updates:
○ @my-org/design.input-text (runtime) 0.0.2 ❯ 1.0.9 because of my-org.shop/form@0.0.1
A component is more than its source code. It also includes, among other things, its dependency graph. When Bit resolves a component's dependency version to a newer version, the component's dependency graph is modified (and so is the component).
Run the following to examine the changes introduced to components in your repository, as a result of a dependency update:
The output should list the affected components and the changes made to their dependency graph:
-------------------------------------------------------------------------
--- dependencies 0.0.1 original
+++ dependencies 0.0.1 modified
@my-org/design.icon
- @my-org/design.icon@0.0.8
+ @my-org/design.icon@0.0.10
@my-org/design.input-text
- @my-org/design.input-text@0.0.2
+ @my-org/design.input-text@1.0.9
Workspace components are components maintained in your repository.
To learn how to checkout the latest version of a component (available in its remote scope) into your repository, see Update workspace components.
To update your components' envs to the latest version available run the following command:
Changes to the component configuration (in this case, their env version) are registered in the .bitmap file, until the components are snapped (at which point the changes are stored in the component snap).
For example, the following .bitmap file lists the updated env version for the my-component component:
/* @filename: .bitmap */ { "my-component": { "scope": "my-org.my-scope", "version": "0.0.1", "mainFile": "index.ts", "rootDir": "my-scope/my-component", "config": { "teambit.react/react-env@0.1.13": {} } }, }
The following workflows automate the process of updating external dependencies, components and envs in your repository.
- The CI job is triggered by a schedule or by a webhook
- One or more of the following actions are performed (in the order listed below):
- A pull request is created with the changes
See a demo of this automated workflow using Github Actions, scheduled to run at every midnight.
Choose the implementation that best fits your needs:
- Download this file and place it in your
.github/workflowsdirectory.
- Set the following env variables:
| Environment Variable | Value/Description |
|---|---|
GITHUB_TOKEN | a Github secret set with a Github token that has the permission levels required to perform the CI actions in your repository |
BIT_CONFIG_USER_TOKEN | a Github secret set with a Bit token that has the permission levels required for your workflow |
GIT_USER_NAME | a username for git commits made by the CI |
GIT_USER_EMAIL | an email for git commits made by the CI |
To learn more read the docs for this implementation of the workflow or check out this demo.
- Choose the schedule for the job using
cron, or replace it with a different trigger.
name: Dependency Update on: schedule: - cron: '0 0 * * *' # run every day at midnight
- Set the
allowinput to one if the following:workspace-components: checkout the latest version of components maintained in the workspace (components that might be updated from another workspace)external-dependencies: update component dependencies that are not maintained in the repo (packages or Bit components)envs: update the envs of components maintained in that workspaceall: update all of the above
For example:
- name: Bit Dependency Update uses: bit-tasks/dependency-update@v1 branch: 'main' # the target branch to update allow: 'all' # permissible updates
To learn more read the full documentation for this type of implementation, or check out this demo.
This option is only available for repositories using the
package.jsonfile to manage their dependencies.
This option uses Dependabot to update components used (but not maintained) in your repository. For more information read the full documentation or check out this demo.
- Create a file named
dependabot.ymlunder your.githubdirectory and add the following configuration:
version: 2 updates: - package-ecosystem: "npm" directory: "/" schedule: interval: "daily" groups: bit-scope-dependencies: patterns: - "@my-bit-org*" # your bit.cloud organization or account name
- At the root of your project (next to
package.json), create npm configuration file named.npmrcand add the following (replaceyour-bit-cloud-organizationwith your bit.cloud account or organization name):
registry=https://registry.npmjs.org/ @your-bit-cloud-organization:registry=https://node-registry.bit.cloud @bit:registry=https://node.bit.cloud @teambit:registry=https://node-registry.bit.cloud //node.bit.cloud/:_authToken=${BIT_CONFIG_USER_TOKEN}
