Merge pull request #3515 from eriese/eriese-dependency-action
(Feature) Add action to sync dependencies bumped by dependabot
This commit is contained in:
Joost De Cock
GitHub
commit
18c44c6fa3
2 changed files with 68 additions and 0 deletions
33
.github/workflows/dependabot-sync.yml
vendored
Normal file
33
.github/workflows/dependabot-sync.yml
vendored
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
name: Sync Dependabot Bump
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened, synchronize]
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
sync:
|
||||
if: ${{ github.actor == 'dependabot[bot]' }}
|
||||
name: Sync dependency files
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout Repository
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
ref: ${{ github.head_ref }}
|
||||
- name: Setup Node.js ${{ matrix.node-version }}
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: ${{ matrix.node-version }}
|
||||
- name: Run Sync Script
|
||||
run: node ./scripts/sync-dependencies.mjs ${{ github.head_ref }}
|
||||
- name: Commit Changes
|
||||
run: |
|
||||
git add .
|
||||
git status
|
||||
git config user.name github-actions
|
||||
git config user.email github-actions@github.com
|
||||
git commit -m "[dependabot skip] bumped ${{ github.head_ref }} changes in config/dependencies.yaml"
|
||||
git push
|
||||
35
scripts/sync-dependencies.mjs
Normal file
35
scripts/sync-dependencies.mjs
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
// when dependabot updates a dependency in a package.json,
|
||||
// we want to update it in our dependencies.yaml so the update doesn't get clobbered
|
||||
// This script is run by the github action in dependabot-sync.yml
|
||||
import process from 'node:process'
|
||||
import { readFileSync, writeFileSync } from 'fs'
|
||||
import path from 'path'
|
||||
import { fileURLToPath } from 'url'
|
||||
|
||||
// when dependabot updates a dependency in a package.json, we want to update it in our dependencies.yaml
|
||||
const __filename = fileURLToPath(import.meta.url)
|
||||
const __dirname = path.dirname(__filename)
|
||||
|
||||
const depsFile = path.join(__dirname, '..', 'config/dependencies.yaml')
|
||||
const oldDepsRaw = readFileSync(depsFile, { encoding: 'utf8' })
|
||||
|
||||
// we get the branch name handed to us by the github action,
|
||||
// and it has all the info we need about the dependency being updated
|
||||
const branchName = process.argv[2]
|
||||
console.log('processing updates from ', branchName)
|
||||
const versionRgx = /\d+\.\d+\.\d+$/
|
||||
const dependencyVersion = branchName.match(versionRgx)[0]
|
||||
const dependency = branchName
|
||||
.replace(`-${dependencyVersion}`, '')
|
||||
.replace('dependabot/npm_and_yarn/', '')
|
||||
|
||||
// because this is from dependabot,
|
||||
// and because we want all our versions synced
|
||||
// we simply find and replace the version wherever it is specified
|
||||
const rgx = new RegExp(`(?<='@?${dependency}':\\W{0,2}\\w*\\W?')\\d+\\.\\d+\\.\\d+(?=')`, 'g')
|
||||
const newDepsRaw = oldDepsRaw.replace(rgx, dependencyVersion)
|
||||
console.log(`Updating ${dependency} version to ${dependencyVersion} in config/dependencies.yaml`)
|
||||
|
||||
// write the file
|
||||
writeFileSync(depsFile, newDepsRaw)
|
||||
console.log('Successfully updated config/dependencies.yaml')
|
||||
Loading…
Add table
Add a link
Reference in a new issue