Not node-red specific, but I did recently discover that there are a bunch of recommended GH actions that greatly improve the security and stability of your repo's - check out stepsecurity.io
I recently applied this to the UIBUILDER repo. One of the things it does is to automatically create pull requests against any GH action scripts and other dependencies. You can then apply or ignore as needed. I do this on my
main branch and pull through any updates to development branches.
It also helps you lock down the repo to prevent unauthorised changes and will warn of any known dependency chain issues.
I get your point, might be nice to have something for node-red users. However, this is standard Git stuff which is easily looked up. Indeed GitHub themselves have good documentation.
This has been covered in the forum before but you are right, this should probably be another FAQ.
Here is how I do it.
Clone the repo to my own GH account.
Clone the copy to my local dev machine via GitHub Desktop.
Manually (command line) install the local clone to my dev instance of Node-RED:
npm install /local/path/to/clone/node-red-contrib-something
That last 2 lines are important to get all the sub-dependencies locally installed. By default, you will get all the dev dependencies as well which is probably what you want.
Edit using VSCode (some nodes might also need a build step)
Restart Node-RED on changes to any runtime components
Reload the Node-RED Editor on changes to any Admin components
I make use of PM2 with its file/folder watch feature to run my dev instance. When a watched file changes, it auto-restarts node-red for me.
If using something similar to the above process, at a command line inside the folder for the local clone of the repo, either install the updated dependency using
@latest on the end of the dependency name. Alternatively, edit the package.json file in that folder and then just run
npm install which, of course, is easier if you've multiple dependencies to update.
After restarting Node-RED again, you will need to run through suitable tests to check everything is working. Some nodes might have test suites you can use. In that case, you'll also need to install the test apps as well - they may or may not have been included in the dev dependencies in package.json.
If you've made some successful changes, push them back upstream to your GH clone. Then in GH use the link it gives you to create a pull request against the original repo.
Along the way, check out the requirements that each repo will have for contributions. And before starting, engage with the node's author(s) on GH to make sure they are happy to get a PR.