From fcb36cbd376a025abf2acf931aa242cb37368f14 Mon Sep 17 00:00:00 2001
From: CDFMLR <cdfmlr@163.com>
Date: Sun, 29 Sep 2024 22:13:00 +0800
Subject: [PATCH] ci: update package-lock.json on push

---
 .github/workflows/npm-lock.yml | 81 ++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 .github/workflows/npm-lock.yml

diff --git a/.github/workflows/npm-lock.yml b/.github/workflows/npm-lock.yml
new file mode 100644
index 0000000..3ce85e9
--- /dev/null
+++ b/.github/workflows/npm-lock.yml
@@ -0,0 +1,81 @@
+# update npm's package-lock.json (though we don't use it)
+# to avoid unnecessary dependabot alerts
+
+name: package-lock.json update
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: [ "main" ]
+
+permissions:
+    contents: write
+    pull-requests: write
+    id-token: write
+
+jobs:
+  update-package-lock:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+      - name: Update package-lock.json
+        run: npm install --package-lock-only  --ignore-scripts
+      # https://github.com/microsoft/TypeScript/blob/main/.github/workflows/update-package-lock.yaml
+      - name: Check for changes
+        id: check-for-changes
+        run: |
+          if git diff --exit-code --name-only package-lock.json; then
+            echo "No changes to package-lock.json"
+            echo "has-updates=true" >> $GITHUB_OUTPUT
+          fi
+      # https://github.com/neverendingqs/gh-action-node-update-deps/blob/main/action.yml
+      - name: Commit and push if changes
+        id: push-branch
+        if: ${{ steps.check-for-changes.outputs.has-updates == 'true' }}
+        shell: bash
+        run: |
+          # create a new branch and commit the updated package-lock.json
+          
+          COMMIT_MSG="chore: update package-lock.json ($(date -I))"
+          PR_BRANCH=chore/update-package-lock-$(date +%s)
+          
+          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+          
+          git checkout -b ${PR_BRANCH}
+          git commit -a -m "chore: update package-lock.json"
+          git push origin ${PR_BRANCH}
+          
+          echo "::set-output name=pr-branch::${PR_BRANCH}"
+          echo "::set-output name=pr-title::${COMMIT_MSG}"
+
+      - name: Create pull request
+        uses: actions/github-script@v6
+        env:
+          PR_BRANCH: ${{ steps.push-branch.outputs.pr-branch }}
+          PR_TITLE: ${{ steps.push-branch.outputs.pr-title }}
+          PR_LABELS: chore, dependencies, package-lock.json
+        with:
+          github-token: ${{ inputs.github-token || github.token }}
+          script: |
+            const runLabel = `${process.env.GITHUB_WORKFLOW}@${process.env.GITHUB_RUN_NUMBER}`
+            const runEndpoint = `${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}`
+            
+            const repo = await github.rest.repos.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+            
+            const pr = await github.rest.pulls.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            
+              base: repo.data.default_branch,
+              head: process.env.PR_BRANCH,
+            
+              body: `_Generated by [${runLabel}](${runEndpoint})._`,
+              maintainer_can_modify: true,
+              title: process.env.PR_TITLE,
+            });