Eleventy: A GitHub Workflow to Check if an Automated Dependency Update Would Break Your Site

Published on Apr 22, 2025, filed under development (feed). (Share this on Mastodon or Bluesky?)

If you use Eleventy, GitHub, and automated dependency management (like Dependabot or Depfu), you might have run into the situation that an update would not work.

Personally, relying on few dependencies, I only experienced this with Node updates, but I ran into it a couple of times.

Here’s a simple GitHub workflow [even more simple thanks to feedback from Nicolas Hoizey—cheers!] to run on changes to package.json, package-lock.json, and .nvmrc, to tell if Eleventy still builds successfully (gist):

name: "Tests"

on:
  push:
    paths:
      - ".nvmrc"
      - "package.json"
      - "package-lock.json"

jobs:
  build:
    name: "Test changed package*.json and changed Node versions"
    runs-on: ubuntu-latest
    steps:
      - name: "Check out repository"
        uses: actions/checkout@v4
      - name: "Set up Node.js using .nvmrc information"
        uses: actions/setup-node@v4
        with:
          node-version-file: ".nvmrc"
      - name: "Install dependencies"
        run: npm ci
      - name: "Run Eleventy"
        run: npx @11ty/eleventy --incremental

(Don’t mind the naming, for some reason all my workflows end up containing tests, which is why I call this all “tests.”)

Save this as tests.yml in your repo’s .github/workflows directory, and you should be good to go. (As it has been a while since I set this up, let me know if I missed some setting, but I do believe it’s just that.)

Also, of course, do with and change this as you please.

A final note: You may notice that this runs “npm ci”. That’s deliberate and, so I grew up, really what we should do in these environments. “ci” will do a clean install and consider what’s in package-lock.json (a file that’s sometimes not put, but should be under version control). In essence, “npm ci” is more precise and reliable than using “npm i”.