Skip to content

bumpgen

Actions
handle breaking changes from dependency upgrades
v0.0.1
Latest
StarΒ (106)

logo

πŸ“ Summary

bumpgen bumps your TypeScript / TSX dependencies and makes code changes for you if anything breaks.

demo

Here's a common scenario:

you: "I should upgrade to the latest version of x, it has banging new features and impressive performance improvements"

you (5 minutes later): nevermind, that broke a bunch of stuff

Then use bumpgen!

How does it work?

  • bumpgen builds your project to understand what broke when a dependency was bumped
  • Then bumpgen uses ts-morph to create an abstract syntax tree from your code, to understand the relationships between statements
  • It also uses the AST to get type definitions for external methods to understand how to use new package versions
  • bumpgen then creates a plan graph DAG to execute things in the correct order to handle propagating changes (ref: arxiv 2309.12499)

Note

bumpgen only supports typescript and tsx at the moment, but we're working on adding support for other strongly typed languages. Hit the emoji button on our open issues for Java, golang, C# and Python to request support.

πŸš€ Get Started

To get started, you'll need an OpenAI API key. gpt-4-turbo-preview from OpenAI is the only supported model at this time, though we plan on supporting more soon.

Then, run bumpgen:

> export LLM_API_KEY="<openai-api-key>"
> cd ~/my-repository
> npm install -g bumpgen
> bumpgen @tanstack/react-query 5.28.14

where @tanstack/react-query is the package you want to bump and 5.28.14 is the version you want to bump to.

You can also run bumpgen without arguments and select which package to upgrade from the menu. Use bumpgen --help for a complete list of options.

Github Action

We've created a GitHub action that can be used to run bumpgen. The intended usage is to be triggered on dependabot or renovatebot PRs - if breaking changes are detected, bumpgen will commit to the PR branch.

Note

The action commits changes to the branch it was triggered from. If you would like those commits to trigger other CI workflows, you will need to use a GitHub Personal Access Token.

Example Workflow

name: "Bumpgen"

on:
  pull_request:
    types:
      - opened

permissions:
  pull-requests: read
  contents: write

jobs:
  main:
    name: Run Bumpgen
    runs-on: ubuntu-latest
    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]'}} # Use renovate[bot] for renovate PRs
    steps:
      - uses: actions/checkout@v4
      - name: Setup # Checkout and setup your project before running the bumpgen action
        uses: ./tooling/github/setup
      - name: Bumpgen
        uses: xeol-io/[email protected]
        with:
          path: "./packages/bumpgen-core/" # The location of your project's package.json file
          llm_key: ${{ secrets.LLM_API_KEY }}
          github_token: ${{ secrets.GITHUB_TOKEN }}

Note

If you'd like to be first in line to try the bumpgen GitHub App to replace your usage of dependabot + renovatebot, sign up here.

Limitations

There are some limitations you should know about.

  • bumpgen relies on build errors to determine what needs to be fixed. If an issue is caused by a behavioral change, bumpgen won't detect it.
  • bumpgen can't handle multiple packages at the same time. It will fail to upgrade packages that require peer dependencies to be updated the same time to work such as @octokit/core and @octokit/plugin-retry.
  • bumpgen is not good with very large frameworks like vue. These kind of upgrades (and vue 2 -> 3 specifically) can be arduous even for a human.

πŸ™οΈ Architecture

 > bumpgen @tanstack/react-query 5.28.14
       β”‚
β”Œβ”¬β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚β”‚ CLI                                                                        β”‚
β””β”΄β”€β”€β”€β”€β”€β”¬β”€β”€β–²β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
       β”‚  β”‚
β”Œβ”¬β”€β”€β”€β”€β”€β–Όβ”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚β”‚ Core (Codeplan)                                                            β”‚
β”‚β”‚                                                                            β”‚
β”‚β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚
β”‚β”‚ β”‚ Plan Graph                        β”‚ β”‚ Abstract Syntax Tree             β”‚ β”‚
β”‚β”‚ β”‚                                   β”‚ β”‚                                  β”‚ β”‚
β”‚β”‚ β”‚                                   β”‚ β”‚                                  β”‚ β”‚
β”‚β”‚ β”‚               β”Œβ”€β”                 β”‚ β”‚                  β”Œβ”€β”             β”‚ β”‚
β”‚β”‚ β”‚            β”Œβ”€β”€β”΄β”€β”˜                 β”‚ β”‚               β”Œβ”€β”€β”΄β”€β”΄β”€β”€β”          β”‚ β”‚
β”‚β”‚ β”‚            β”‚                      β”‚ β”‚               β”‚       β”‚          β”‚ β”‚
β”‚β”‚ β”‚           β”Œβ–Όβ”                  β”Œβ”€β”€β”Όβ”€β”Όβ”€β”€β”           β”Œβ–Όβ”     β”Œβ–Όβ”         β”‚ β”‚
β”‚β”‚ β”‚           └─┴──┐               β”‚  β”‚ β”‚  β”‚        β”Œβ”€β”€β”΄β”€β”΄β”€β”€β”  β””β”€β”˜         β”‚ β”‚
β”‚β”‚ β”‚                β”‚                  β”‚ β”‚  β–Ό        β”‚       β”‚              β”‚ β”‚
β”‚β”‚ β”‚               β”Œβ–Όβ”              β–²  β”‚ β”‚          β”Œβ–Όβ”     β”Œβ–Όβ”             β”‚ β”‚
β”‚β”‚ β”‚               └─┴──┐           β”‚  β”‚ β”‚  β”‚       β””β”€β”˜  β”Œβ”€β”€β”΄β”€β”΄β”€β”€β”          β”‚ β”‚
β”‚β”‚ β”‚                    β”‚           β””β”€β”€β”Όβ”€β”Όβ”€β”€β”˜            β”‚       β”‚          β”‚ β”‚
β”‚β”‚ β”‚                   β”Œβ–Όβ”             β”‚ β”‚              β”Œβ–Όβ”     β”Œβ–Όβ”         β”‚ β”‚
β”‚β”‚ β”‚                   β””β”€β”˜             β”‚ β”‚              β””β”€β”˜     β””β”€β”˜         β”‚ β”‚
β”‚β”‚ β”‚                                   β”‚ β”‚                                  β”‚ β”‚
β”‚β”‚ β”‚                                   β”‚ β”‚                                  β”‚ β”‚
β”‚β”‚ β”‚                                   β”‚ β”‚                                  β”‚ β”‚
β”‚β”‚ β”‚                                   β”‚ β”‚                                  β”‚ β”‚
β”‚β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚
β”‚β”‚                                                                            β”‚
β””β”΄β”€β”€β”€β”€β”€β”¬β”€β”€β–²β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
       β”‚  β”‚
β”Œβ”¬β”€β”€β”€β”€β”€β–Όβ”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚β”‚ Prompt Context                     β”‚  β”‚β”‚ LLM                               β”‚
β”‚β”‚                                    β”‚  β”‚β”‚                                   β”‚
β”‚β”‚ - plan graph                       β”‚  β”‚β”‚ GPT4-Turbo, Claude 3, BYOM        β”‚
β”‚β”‚ - errors                           β”œβ”€β”€β–Ίβ”‚                                   β”‚
β”‚β”‚ - code                             β”‚  β”‚β”‚                                   β”‚
β”‚β”‚                                    ◄──┼│                                   β”‚
β”‚β”‚                                    β”‚  β”‚β”‚                                   β”‚
β”‚β”‚                                    β”‚  β”‚β”‚                                   β”‚
β”‚β”‚                                    β”‚  β”‚β”‚                                   β”‚
β””β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Abstract Syntax Tree

The AST is generated from ts-morph. This AST allows bumpgen to understand the relationship between nodes in a codebase.

Plan Graph

The plan graph is a concept detailed in codeplan by Microsoft. The plan graph allows bumpgen to not only fix an issue at a point but also fix the 2nd order breaking changes from the fix itself. In short, it allows bumpgen to propagate a fix to the rest of the codebase.

Prompt Context

We pass the plan graph, the error, and the actual file with the breaking change as context to the LLM to maximize its ability to fix the issue.

LLM

We only support gpt-4-turbo-preview at this time.

meme

⏱️ Benchmark

bumpgen + GPT-4 Turbo         β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘   45% (67 tasks)

We benchmarked bumpgen with GPT-4 Turbo against a suite of version bumps with breaking changes. You can check out the evals here.

🎁 Contributing

Contributions are welcome! To get set up for development, see Development.

Roadmap

  • codeplan
  • Typescript/TSX support
  • bumpgen GitHub app
  • Embeddings for different package versions
  • Use test runners as an oracle
  • C# support
  • Java support
  • Go support

Join our Discord community to contribute, learn more, and ask questions!

bumpgen is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

handle breaking changes from dependency upgrades
v0.0.1
Latest

bumpgen is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.