English | 中文
A GitHub Action that syncs third-party libraries from npm into a local directory (e.g. assets/lib), and updates CDN config files plus the dependency versions in librarybot.yml. Useful for Hugo themes/components and other “vendored dependency” workflows.
- Resolves
dist-tags.latestfrom npm - Downloads and extracts the package tarball
- Syncs configured files/directories into your repo (files by default;
type: dirfor directories) - Strips trailing
sourceMappingURLfrom local.js/.cssfiles to avoid sourcemap 404s - Replaces
pkg@oldVersion→pkg@newVersionin CDN config files - Bumps the corresponding
versioninlibrarybot.yml - Emits a reusable
pr_branchoutput (handy for “one dependency per PR” workflows)
By default, this action reads ./librarybot.yml from the repository root (override via config_path).
schemaVersion: 1
baseDir: assets/lib
libraries:
- npm: aplayer
version: 1.10.1
local:
items:
- from: dist/APlayer.min.css
to: aplayer/APlayer.min.css
- from: dist/APlayer.min.js
to: aplayer/APlayer.min.js
- npm: simple-icons
version: 9.19.0
local:
items:
- type: dir
from: icons
to: simple-icons/icons
clean: trueRules:
schemaVersion: currently fixed to1baseDir: required; local sync destination rootlibraries[].npm: npm package name (scoped packages supported, e.g.@waline/client)libraries[].version: current version (must be a valid semver to be upgraded)libraries[].local.items[]:- Defaults to file copy: omit
typeand only setfrom/to - For directories use
type: dir; optionalclean: trueclears the destination before copying fromis always relative to the extractedpackage/directorytois resolved relative tobaseDirwith the following precedence: item-levelbaseDir> library-levellocal.baseDir> globalbaseDir- Optional
baseDiron item or library level overrides the globalbaseDir(useful when a library needs to be synced to multiple directories, e.g.assets/libfor JS/CSS andstatic/libfor fonts)
- Defaults to file copy: omit
- name: Update one library
uses: hugo-fixit/librarybot@v1
with:
mode: update
library: aplayer
config_path: ./librarybot.ymlmode:listorupdate(default:update)library: npm package name to update (required whenmode=update)config_path: config file path (default:./librarybot.yml)cdn_files: comma-separated list of CDN YAML files to update (default:./assets/data/cdn/jsdelivr.yml,./assets/data/cdn/unpkg.yml)update_cdn: whether to update CDN config files (default:true)update_local: whether to sync local files/directories (default:true)npm_registry: npm registry base url (default:https://registry.npmjs.org)
changed: whether the working tree changed (true/false)from_version: previous versionto_version: updated versionpackage: npm package namepr_branch: suggested PR branch name (e.g.librarybot/aplayer-1.10.2)
This example lists all dependencies first, then uses a matrix job to open a PR per dependency.
name: Update libraries from npm
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
permissions:
contents: write
pull-requests: write
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
libraries: ${{ steps.list.outputs.libraries_json }}
steps:
- uses: actions/checkout@v6
- id: list
uses: hugo-fixit/librarybot@v1
with:
mode: list
config_path: ./librarybot.yml
update:
needs: prepare
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
library: ${{ fromJson(needs.prepare.outputs.libraries) }}
steps:
- uses: actions/checkout@v6
- id: update
uses: hugo-fixit/librarybot@v1
with:
mode: update
library: ${{ matrix.library }}
config_path: ./librarybot.yml
- name: Create Pull Request
if: steps.update.outputs.changed == 'true'
uses: peter-evans/create-pull-request@v8
with:
title: 'chore(deps): bump ${{ steps.update.outputs.package }} to ${{ steps.update.outputs.to_version }}'
commit-message: 'chore(deps): bump ${{ steps.update.outputs.package }} to ${{ steps.update.outputs.to_version }}'
branch: ${{ steps.update.outputs.pr_branch }}
body: |
Automated update of `${{ steps.update.outputs.package }}` from `${{ steps.update.outputs.from_version }}` to `${{ steps.update.outputs.to_version }}`.
labels: dependenciesIn repository Settings → Actions → General, set “Workflow permissions” to “Read and write permissions”.
pnpm install
pnpm typecheck
pnpm buildThis action is bundled with esbuild into dist/index.cjs. Before releasing, commit the updated dist/ output.