Automatically Creating GitHub Pull Requests

We recently shipped an RWX package to create GitHub pull requests. It's the fastest and easiest way to automate opening PRs.

Speed of Implementation

I built an example for this blog post showing how to automate an npm update – more information below on why we often prefer this over using tools like dependabot.

It only took a few minutes to build this workflow.

In the demo video I made a mistake in the first implementation and inadvertently showcased one of the biggest benefits of RWX's caching.

Running npm update takes a little bit over 2 minutes. I initially had a typo in my command to open the pull request.

Normally, this means I would have to wait a full 2 minutes again to check the fix. However, since RWX had just run npm update, the update execution was fully cached. This meant that when I re-ran the workflow with the typo fixed, the run immediately skipped to creating the pull request, producing a cache hit on the npm update.

Between the local CLI and caching mechanics, implementing workflows on RWX can be an order of magnitude faster than on CI/CD platforms without automatic caching.

Using the Create Pull Request Package

Because the default RWX GitHub App does not have permissions to create pull requests, you'll need to create a private GitHub App for your bot.

After that, automating pull requests is easy.

• Clone a git repository using the git/clone package. Remember to pass preserve-git-dir: true
• Define a task to make the desired changes
• Call the github/create-pull-request package

Use Cases

You can use this package to automatically open PRs for anything that you want.

Running package manager updates is a fairly good use case. Although tools like dependabot and Mend Renovate can handle updates, they often work less well than the native package manager CLIs for a couple of reasons:

• The third-party tools don't always update transitive dependencies, which are relevant for security and bug fixes
• Third-party tools start blurring the lines of where configuration happens, sometimes pinning versions in the native package specification, and sometimes pinning in the third-party tool configuration

Code

1
on:
2
  cron:
3
    - key: npm-update
4
      schedule: '0 7 * * 1 America/New_York' # At 7am ET on Monday
5

6
base:
7
  os: ubuntu 24.04
8
  tag: 1.1
9

10
tasks:
11
  - key: code
12
    call: git/clone 1.6.8
13
    with:
14
      repository: https://github.com/rwx-cloud/rwx.com.git
15
      ref: main
16
      github-access-token: ${{ github-apps.rwx-cloud-bot.token }}
17
      preserve-git-dir: true
18

19
  - key: tool-versions
20
    use: code
21
    call: rwx/tool-versions 1.0.4
22
    filter: [.tool-versions]
23

24
  - key: nodejs
25
    call: nodejs/install 1.1.7
26
    with:
27
      node-version: ${{ tasks.tool-versions.values.nodejs }}
28

29
  - key: npm-install
30
    use: [nodejs, code]
31
    run: npm install
32
    filter: [package.json, package-lock.json]
33

34
  - key: npm-update
35
    use: npm-install
36
    run: |
37
      npm update | tee $RWX_VALUES/update-output
38
      (npm outdated || true) | tee $RWX_VALUES/outdated-output
39

40
  - key: create-pull-request
41
    call: github/create-pull-request 1.0.1
42
    use: npm-update
43
    with:
44
      github-token: ${{ github-apps.rwx-cloud-bot.token }}
45
      branch-prefix: npm-update
46
      pull-request-title: npm update
47
      pull-request-body: |
48
        ## Updated Packages
49

50
        ```
51
        ${{ tasks.npm-update.values.update-output }}
52
        ```
53

54
        ## Outdated Packages
55

56
        ```
57
        ${{ tasks.npm-update.values.outdated-output }}
58
        ```

Demo