Roots Discourse

Update plugins & WordPress core for large amount of projects

Hi ,

Is there anyone who could tell me whats the most efficient/time saving way to update multiple bedrock/sage projects. Has anyone experience with this?

I’ve multiple WordPress(bedrock/sage) projects of which the codebase is stored in Bitbucket. Are there automated proceses to keep plugins & WordPress core up to date.

Some applications I’ve already looking for are InfiniteWP and MainWP but the seem not compatible with git.

I did also check the opportunities of Dependabot, but this appliction seems to be not supporting Bitbucket.

please let me know!

GitHub bought Dependabot, so it is unlikely to add Bitbucket support.

But there are Dependabot alternatives, e.g:
Or, you can roll your own solution via CI/CD sevrers, something like


thanks for your reply I will check this out

Does anyone know a way to avoid conflicts when using Dependabot?

I’ve set up auto-merge (with Dependabot Preview, the old one), but when the bot runs once per week and finds each time multiple updates within just few minutes, PRs often have conflicting composer.lock versions and auto-merging won’t be possible for the bot.

Introducing a delay of 10-15 minutes between PRs has been one idea of mine; a PR would get auto-merged before the next one is raised, thus avoiding conflicting files, but I haven’t found any way of doing that.

The conflicts are always with content-hash of composer.lock. It’s been discussed in this stackoverflow post, and I guess there’s no realistic way of avoiding the conflict, other than having enough time between PRs so that auto-merge gets it’s job done. I rather keep composer.lock in version control.

Live / continuous checks would raise PRs as new plugin versions become available, thus reducing the likelyhood of conflicts, but it causes constant noise - I rather book a weekly slot in calendar to run updates, tests, deploys, etc.

There are probably other bots that take care of auto-merging, but I ventured there yet.

The problem is annoying, as @dependabot rebase takes a long of time (sometimes a loooooong time) and has to be run way too often.