add action to sync dependencies bumped by dependabot
This commit is contained in:
Enoch Riese
parent
9321de0d7f
commit
4fc4172db3
2 changed files with 58 additions and 0 deletions
23
.github/workflows/dependabot-sync.yml
vendored
Normal file
23
.github/workflows/dependabot-sync.yml
vendored
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
name: Sync Dependabot Bump
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
branches: dependabot/npm_and_yarn/**
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
sync:
|
||||||
|
name: Sync dependency files
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
node-version: [16.x]
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout Repository
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
- name: Setup Node.js ${{ matrix.node-version }}
|
||||||
|
uses: actions/setup-node@v3
|
||||||
|
with:
|
||||||
|
node-version: ${{ matrix.node-version }}
|
||||||
|
- name: Run Sync Script
|
||||||
|
run: node ./scripts/sync-dependencies.mjs {{github.ref_name}}
|
||||||
35
scripts/sync-dependencies.mjs
Normal file
35
scripts/sync-dependencies.mjs
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
// when dependabot updates a dependency in a package.json,
|
||||||
|
// we want to update it in our dependencies.yaml so the update doesn't get clobbered
|
||||||
|
// This script is run by the github action in dependabot-sync.yml
|
||||||
|
import process from 'node:process'
|
||||||
|
import yaml from 'js-yaml'
|
||||||
|
import { readFileSync, writeFileSync } from 'fs'
|
||||||
|
import path from 'path'
|
||||||
|
import { fileURLToPath } from 'url'
|
||||||
|
|
||||||
|
// when dependabot updates a dependency in a package.json, we want to update it in our dependencies.yaml
|
||||||
|
const __filename = fileURLToPath(import.meta.url)
|
||||||
|
const __dirname = path.dirname(__filename)
|
||||||
|
|
||||||
|
const depsFile = path.join(__dirname, '..', 'config/dependencies.yaml')
|
||||||
|
const oldDepsRaw = readFileSync(depsFile, { encoding: 'utf8' })
|
||||||
|
|
||||||
|
// we get the branch name handed to us by the github action,
|
||||||
|
// and it has all the info we need about the dependency being updated
|
||||||
|
const branchName = process.argv[2]
|
||||||
|
const versionRgx = /\d+\.\d+\.\d+$/
|
||||||
|
const dependencyVersion = branchName.match(versionRgx)[0]
|
||||||
|
const dependency = branchName
|
||||||
|
.replace(`-${dependencyVersion}`, '')
|
||||||
|
.replace('dependabot/npm_and_yarn/', '')
|
||||||
|
|
||||||
|
// because this is from dependabot,
|
||||||
|
// and because we want all our versions synced
|
||||||
|
// we simply find and replace the version wherever it is specified
|
||||||
|
const rgx = new RegExp(`(?<='${dependency}':\\W{0,2}\\w*\\W?')\\d+\\.\\d+\\.\\d+(?=')`, 'g')
|
||||||
|
const newDepsRaw = oldDepsRaw.replace(rgx, dependencyVersion)
|
||||||
|
console.log(`Updating ${dependency} version to ${dependencyVersion} in config/dependencies.yaml`)
|
||||||
|
|
||||||
|
// write the file
|
||||||
|
writeFileSync(depsFile, newDepsRaw)
|
||||||
|
console.log('Successfully updated config/dependencies.yaml')
|
||||||
Loading…
Add table
Add a link
Reference in a new issue