add action to sync dependencies bumped by dependabot
This commit is contained in:
Enoch Riese
parent
9321de0d7f
commit
4fc4172db3
2 changed files with 58 additions and 0 deletions
23
.github/workflows/dependabot-sync.yml
vendored
Normal file
23
.github/workflows/dependabot-sync.yml
vendored
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
name: Sync Dependabot Bump
|
||||
on:
|
||||
pull_request:
|
||||
branches: dependabot/npm_and_yarn/**
|
||||
|
||||
jobs:
|
||||
sync:
|
||||
name: Sync dependency files
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
node-version: [16.x]
|
||||
|
||||
steps:
|
||||
- name: Checkout Repository
|
||||
uses: actions/checkout@v3
|
||||
- name: Setup Node.js ${{ matrix.node-version }}
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: ${{ matrix.node-version }}
|
||||
- name: Run Sync Script
|
||||
run: node ./scripts/sync-dependencies.mjs {{github.ref_name}}
|
||||
35
scripts/sync-dependencies.mjs
Normal file
35
scripts/sync-dependencies.mjs
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
// when dependabot updates a dependency in a package.json,
|
||||
// we want to update it in our dependencies.yaml so the update doesn't get clobbered
|
||||
// This script is run by the github action in dependabot-sync.yml
|
||||
import process from 'node:process'
|
||||
import yaml from 'js-yaml'
|
||||
import { readFileSync, writeFileSync } from 'fs'
|
||||
import path from 'path'
|
||||
import { fileURLToPath } from 'url'
|
||||
|
||||
// when dependabot updates a dependency in a package.json, we want to update it in our dependencies.yaml
|
||||
const __filename = fileURLToPath(import.meta.url)
|
||||
const __dirname = path.dirname(__filename)
|
||||
|
||||
const depsFile = path.join(__dirname, '..', 'config/dependencies.yaml')
|
||||
const oldDepsRaw = readFileSync(depsFile, { encoding: 'utf8' })
|
||||
|
||||
// we get the branch name handed to us by the github action,
|
||||
// and it has all the info we need about the dependency being updated
|
||||
const branchName = process.argv[2]
|
||||
const versionRgx = /\d+\.\d+\.\d+$/
|
||||
const dependencyVersion = branchName.match(versionRgx)[0]
|
||||
const dependency = branchName
|
||||
.replace(`-${dependencyVersion}`, '')
|
||||
.replace('dependabot/npm_and_yarn/', '')
|
||||
|
||||
// because this is from dependabot,
|
||||
// and because we want all our versions synced
|
||||
// we simply find and replace the version wherever it is specified
|
||||
const rgx = new RegExp(`(?<='${dependency}':\\W{0,2}\\w*\\W?')\\d+\\.\\d+\\.\\d+(?=')`, 'g')
|
||||
const newDepsRaw = oldDepsRaw.replace(rgx, dependencyVersion)
|
||||
console.log(`Updating ${dependency} version to ${dependencyVersion} in config/dependencies.yaml`)
|
||||
|
||||
// write the file
|
||||
writeFileSync(depsFile, newDepsRaw)
|
||||
console.log('Successfully updated config/dependencies.yaml')
|
||||
Loading…
Add table
Add a link
Reference in a new issue