deps: pnpm up #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # update npm's package-lock.json (though we don't use it) | |
| # to avoid unnecessary dependabot alerts | |
| name: Update package-lock.json | |
| on: | |
| # Runs on pushes targeting the default branch | |
| push: | |
| branches: [ "main" ] | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write | |
| jobs: | |
| update-package-lock: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| - name: Update package-lock.json | |
| run: npm install --package-lock-only --ignore-scripts | |
| # https://github.com/microsoft/TypeScript/blob/main/.github/workflows/update-package-lock.yaml | |
| - name: Check for changes | |
| id: check-for-changes | |
| run: | | |
| if git diff --exit-code --name-only package-lock.json; then | |
| echo "No changes to package-lock.json" | |
| else | |
| echo "has-updates=true" >> $GITHUB_OUTPUT | |
| fi | |
| # https://github.com/neverendingqs/gh-action-node-update-deps/blob/main/action.yml | |
| - name: Commit and push if changes | |
| id: push-branch | |
| if: ${{ steps.check-for-changes.outputs.has-updates == 'true' }} | |
| shell: bash | |
| run: | | |
| # create a new branch and commit the updated package-lock.json | |
| COMMIT_MSG="chore: update package-lock.json ($(date -I))" | |
| PR_BRANCH=chore/update-package-lock-$(date +%s) | |
| git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git config --local user.name "github-actions[bot]" | |
| git checkout -b ${PR_BRANCH} | |
| git commit -a -m "chore: update package-lock.json" | |
| git push origin ${PR_BRANCH} | |
| echo "::set-output name=pr-branch::${PR_BRANCH}" | |
| echo "::set-output name=pr-title::${COMMIT_MSG}" | |
| - name: Create pull request | |
| if: ${{ steps.check-for-changes.outputs.has-updates == 'true' }} | |
| uses: actions/github-script@v6 | |
| env: | |
| PR_BRANCH: ${{ steps.push-branch.outputs.pr-branch }} | |
| PR_TITLE: ${{ steps.push-branch.outputs.pr-title }} | |
| PR_LABELS: chore, dependencies, package-lock.json | |
| with: | |
| github-token: ${{ inputs.github-token || github.token }} | |
| script: | | |
| const runLabel = `${process.env.GITHUB_WORKFLOW}@${process.env.GITHUB_RUN_NUMBER}` | |
| const runEndpoint = `${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}` | |
| const repo = await github.rest.repos.get({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| }); | |
| const pr = await github.rest.pulls.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| base: repo.data.default_branch, | |
| head: process.env.PR_BRANCH, | |
| body: `_Generated by [${runLabel}](${runEndpoint})._`, | |
| maintainer_can_modify: true, | |
| title: process.env.PR_TITLE, | |
| }); |