CI/CD Integration
Integrate PCU into your continuous integration and deployment pipelines. PCU can seamlessly integrate with existing CI/CD workflows, supporting GitHub Actions, GitLab CI, Jenkins, Azure DevOps, and other platforms.
GitHub Actions Integration
Basic Dependency Check Workflow
name: PCU Dependency Check
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
check-dependencies:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v2
with:
version: latest
- uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
- name: Install PCU
run: pnpm add -g pnpm-catalog-updates
- name: Check updates
run: pcu -c --format table
- name: Security scan
run: pcu security --severity high
GitLab CI Integration
GitLab CI pipeline for PCU dependency management:
stages:
- check
- security
- update
variables:
PNPM_CACHE_FOLDER: .pnpm-store
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- .pnpm-store
before_script:
- corepack enable
- pnpm config set store-dir $PNPM_CACHE_FOLDER
- pnpm install
- pnpm add -g pnpm-catalog-updates
dependency-check:
stage: check
script:
- pcu -c --format table
- pcu workspace --validate
artifacts:
reports:
junit: dependency-report.xml
only:
- merge_requests
- main
security-scan:
stage: security
script:
- pcu security --format json --severity moderate > security.json
- |
if [ -s security.json ] && [ "$(cat security.json | jq length)" -gt 0 ]; then
echo "Security vulnerabilities found:"
cat security.json | jq '.'
exit 1
fi
artifacts:
reports:
security: security.json
only:
- merge_requests
- main
weekly-update:
stage: update
script:
- git config user.name "PCU Bot"
- git config user.email "pcu@gitlab.com"
- pcu -c --format json > updates.json
- |
if [ -s updates.json ]; then
pcu -u --target minor --create-backup
git add .
git commit -m "chore: weekly dependency updates"
git push origin HEAD:pcu/weekly-updates
fi
only:
- schedules
variables:
GIT_STRATEGY: clone
Jenkins Pipeline Integration
Enterprise-grade Jenkins pipeline for dependency management:
pipeline {
agent any
tools {
nodejs '18'
}
environment {
PNPM_HOME = "${env.WORKSPACE}/.pnpm"
PATH = "${env.PNPM_HOME}:${env.PATH}"
}
stages {
stage('Setup') {
steps {
sh 'corepack enable'
sh 'pnpm install'
sh 'pnpm add -g pnpm-catalog-updates'
}
}
stage('Dependency Check') {
steps {
sh 'pcu -c --format json > dependency-check.json'
script {
def updates = readJSON file: 'dependency-check.json'
if (updates.size() > 0) {
env.HAS_UPDATES = 'true'
echo "Found ${updates.size()} packages to update"
} else {
env.HAS_UPDATES = 'false'
echo "No updates available"
}
}
}
post {
always {
archiveArtifacts artifacts: 'dependency-check.json'
}
}
}
stage('Security Scan') {
when {
environment name: 'HAS_UPDATES', value: 'true'
}
steps {
sh 'pcu security --format json --severity high > security-report.json'
script {
def securityReport = readJSON file: 'security-report.json'
if (securityReport.vulnerabilities && securityReport.vulnerabilities.size() > 0) {
error "Critical security vulnerabilities found: ${securityReport.vulnerabilities.size()}"
}
}
}
post {
always {
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: '.',
reportFiles: 'security-report.json',
reportName: 'Security Report'
])
}
}
}
stage('Update Dependencies') {
when {
allOf {
environment name: 'HAS_UPDATES', value: 'true'
branch 'main'
}
}
steps {
sh 'pcu -u --target minor --create-backup'
sh 'pnpm test'
script {
sh '''
git config user.name "Jenkins PCU"
git config user.email "jenkins@company.com"
git add .
git commit -m "chore: automated dependency updates [skip ci]"
'''
// Create merge request (GitLab) or pull request (GitHub)
sh '''
git push origin HEAD:pcu/automated-updates-${BUILD_NUMBER}
'''
}
}
}
}
post {
always {
cleanWs()
}
success {
echo 'PCU dependency check completed successfully'
}
failure {
emailext (
subject: "PCU Dependency Check Failed - ${env.JOB_NAME} - ${env.BUILD_NUMBER}",
body: "Dependency check failed. Please review the console output.",
to: "${env.CHANGE_AUTHOR_EMAIL}"
)
}
}
}
Azure DevOps Pipeline
Azure DevOps pipeline for PCU integration:
trigger:
branches:
include:
- main
- develop
schedules:
- cron: '0 8 * * 1'
displayName: Weekly dependency check
branches:
include:
- main
always: true
pool:
vmImage: 'ubuntu-latest'
variables:
PNPM_CACHE_FOLDER: $(Pipeline.Workspace)/.pnpm-store
stages:
- stage: DependencyCheck
displayName: 'Dependency Check'
jobs:
- job: CheckUpdates
displayName: 'Check for updates'
steps:
- task: Cache@2
inputs:
key: 'pnpm | "$(Agent.OS)" | pnpm-lock.yaml'
restoreKeys: |
pnpm | "$(Agent.OS)"
path: $(PNPM_CACHE_FOLDER)
displayName: Cache pnpm
- script: |
corepack enable
pnpm config set store-dir $(PNPM_CACHE_FOLDER)
pnpm install
pnpm add -g pnpm-catalog-updates
displayName: 'Setup PNPM and PCU'
- script: |
pcu -c --format json > $(Agent.TempDirectory)/updates.json
pcu workspace --validate
displayName: 'Check dependencies'
- script: |
pcu security --format json --severity moderate > $(Agent.TempDirectory)/security.json
displayName: 'Security scan'
- task: PublishTestResults@2
condition: always()
inputs:
testResultsFormat: 'JUnit'
testResultsFiles: '**/*-results.xml'
failTaskOnFailedTests: true
displayName: 'Publish security results'
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: '$(Agent.TempDirectory)'
artifactName: 'dependency-reports'
displayName: 'Publish artifacts'
- stage: UpdateDependencies
displayName: 'Update Dependencies'
condition: and(succeeded(), or(eq(variables['Build.Reason'], 'Schedule'), eq(variables['Build.Reason'], 'Manual')))
jobs:
- job: UpdateCatalog
displayName: 'Update catalog dependencies'
steps:
- checkout: self
persistCredentials: true
- script: |
corepack enable
pnpm install
pnpm add -g pnpm-catalog-updates
displayName: 'Setup environment'
- script: |
pcu -u --target minor --create-backup
pnpm test
displayName: 'Update and test'
- script: |
git config user.name "Azure DevOps PCU"
git config user.email "azuredevops@company.com"
git add .
git commit -m "chore: Azure DevOps automated dependency updates"
git push origin HEAD:refs/heads/pcu/azure-updates-$(Build.BuildNumber)
displayName: 'Commit changes'
General CI/CD Best Practices
Environment Variable Configuration
Configure these environment variables across all CI/CD platforms to optimize PCU behavior:
# Core configuration
PCU_NO_COLOR=true # Disable colored output
PCU_CHECK_UPDATES=false # Disable PCU update checks in CI
PCU_VERBOSE=true # Enable verbose logging
PCU_OUTPUT_FORMAT=json # Use JSON output for easier parsing
# Cache configuration
PCU_CACHE_ENABLED=true # Enable caching for better performance
PCU_CACHE_TTL=1800000 # 30-minute cache TTL
# Security configuration
PCU_SECURITY_SEVERITY=high # Check high severity vulnerabilities
PCU_AUTO_FIX=false # Manual control of fixes in CI
# Performance configuration
PCU_TIMEOUT=120000 # 2-minute timeout
PCU_RETRIES=3 # Network request retry count
PCU_CONCURRENCY=5 # Concurrent request limit
Security Considerations
Access Token Management
Ensure secure management of access tokens in CI/CD environments:
# GitHub Actions
- name: Configure Git
run: |
git config user.name "PCU Bot"
git config user.email "bot@company.com"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# GitLab CI
script:
- git remote set-url origin https://oauth2:${CI_PUSH_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git
Branch Protection Strategy
Configure branch protection to prevent direct pushes to main branch:
- Require pull request reviews
- Require status checks to pass
- Restrict pushes to protected branches
- Require signed commits
Troubleshooting
Common CI/CD Issues
Permission Errors
# Fix npm permission issues
npm config set prefix ~/.npm-global
export PATH=~/.npm-global/bin:$PATH
# Or use pnpm (recommended)
pnpm add -g pnpm-catalog-updates
Cache Issues
# Clear CI cache
rm -rf node_modules pnpm-lock.yaml
pnpm install
# Clear PCU cache
PCU_CACHE_ENABLED=false pcu check
Network Timeouts
# Increase timeout
PCU_TIMEOUT=300000 pcu check
# Reduce concurrent requests
PCU_CONCURRENCY=2 pcu update
Monitoring and Reporting
Creating Dashboards
Use CI/CD platform native features to create dependency management dashboards:
- GitHub Actions: Use Action insights and dependency graphs
- GitLab CI: Leverage Security Dashboard and dependency scanning
- Jenkins: Configure HTML Publisher plugin
- Azure DevOps: Use Dashboards and Analytics
Notification Configuration
Set up appropriate notifications to keep teams informed:
# Slack notification example (GitHub Actions)
- name: Slack Notification
if: failure()
uses: 8398a7/action-slack@v3
with:
status: failure
text: PCU dependency check failed
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
Docker Integration
Containerized PCU Workflows
FROM node:18-alpine
# Install pnpm and PCU
RUN corepack enable
RUN pnpm add -g pnpm-catalog-updates
# Set working directory
WORKDIR /workspace
# Copy package files
COPY package.json pnpm-lock.yaml ./
COPY pnpm-workspace.yaml .pcurc.json ./
# Install dependencies
RUN pnpm install --frozen-lockfile
# Set environment variables
ENV PCU_NO_COLOR=true
ENV PCU_VERBOSE=true
# Default command
CMD ["pcu", "--help"]
These CI/CD integration examples provide comprehensive automated dependency management solutions, ensuring your projects stay up-to-date and secure.