Skip to content

chore(deps): Bump the npm_and_yarn group across 24 directories with 6 updates #694

chore(deps): Bump the npm_and_yarn group across 24 directories with 6 updates

chore(deps): Bump the npm_and_yarn group across 24 directories with 6 updates #694

# This workflow runs `lerna bootstrap` after dependabot updates a package-lock file.
# Without it, package-locks become cluttered with incorrect dependencies that
# normally would be removed by lerna. It wouldn't be necessary if we weren't using
# lerna bootstrap.
name: Clean up after dependabot
# Triggered when a PR is (re)opened or synchronized
on:
pull_request:
paths:
- 'plugins/**'
permissions:
pull-requests: write # This action modifies PRs
contents: write # This action adds commits to PRs
jobs:
update:
runs-on: ubuntu-latest
# Only run on dependabot PRs
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Check out the dependabot PR so commits are added there
- name: Checkout PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh pr checkout ${{ github.event.pull_request.number }}
# This uses a reverse-engineered email for the github actions bot. See
# https://github.com/actions/checkout/issues/13#issuecomment-724415212
- name: Git identity
run: |
git config --global user.name 'blockly[bot]'
git config --global user.email '[email protected]'
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: 20
# Install packages
- name: Npm install
run: npm ci
# Run lerna bootstrap again, this time using `install` instead of `ci` so that
# it will do the magic update we need to remove local dependencies.
- name: Fix package locks
run: npm run clean:node && npm run boot -- --no-ci
# If any package-locks were updated by lerna bootstrap, commit them
# Using `[dependabot skip]` in the commit message allows dependabot
# to continue making changes to this PR after it is updated
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#allowing-dependabot-to-rebase-and-force-push-over-extra-commits
- name: Commit changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git status
if [[ $(git status | grep '.package-lock.json') ]]; then
git commit -am "chore: update package-locks [dependabot skip]"
git push
else
echo "No changes detected"
fi