I have been automating the maintenance of the modules I created so that dependencies are quickly updated and security issues prevented.
I now have a fully automated pipeline based on dependabot, snyk security checks, github actions, travis builds with testing and semantic release to publish to npm.
There is only 1 step missing: requesting the refresh on the node-red portal. I would love to automate that as well. Is there an API endpoint available for this or do you know of another way how I could signal the refresh in an automated way?
It is feasible to automate, but it isn't really setup to be done so.
A refresh can be triggered in two different ways
one way is by clicking the 'request refresh' link in the sidebar. That will trigger an HTTP GET to https://flows.nodered.org/node/<name of module>/refresh.
the other is submitting the 'add node' form - that will trigger an HTTP POST to https://flows.nodered.org/add/node with the module payload property set to the name of the module.
However, in both cases, the request must be from a logged in user, and must include a valid CSRF token. The CSRF token can be obtained by loading the /add/node page and scraping the token out of it. But getting a valid login session will be very hard to automate - it requires a browser-based flow against GitHub.
So, TLDR; it is probably quite a bit of work to do properly and may just be unfeasible with the current APIs.
To be honest, the API has been designed to provide some amount of protection against automated access - hence lots of CSRF token usage and needing to be logged in to do anything.