112 lines
3.8 KiB
YAML
112 lines
3.8 KiB
YAML
name: Refresh Lockfile
|
|
|
|
on:
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
types:
|
|
- opened
|
|
- synchronize
|
|
- reopened
|
|
- ready_for_review
|
|
|
|
concurrency:
|
|
group: refresh-lockfile-pr-${{ github.event.pull_request.number }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
refresh:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 10
|
|
permissions:
|
|
contents: write
|
|
pull-requests: read
|
|
|
|
steps:
|
|
- name: Detect dependency manifest changes
|
|
id: changes
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
changed="$(gh api "repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files" --paginate --jq '.[].filename')"
|
|
manifest_pattern='(^|/)package\.json$|^pnpm-workspace\.yaml$|^\.npmrc$|^pnpmfile\.(cjs|js|mjs)$'
|
|
|
|
if printf '%s\n' "$changed" | grep -Eq "$manifest_pattern"; then
|
|
echo "manifest_changed=true" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "manifest_changed=false" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
if [ "${{ github.event.pull_request.head.repo.full_name }}" = "${{ github.repository }}" ]; then
|
|
echo "same_repo=true" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "same_repo=false" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Checkout pull request head
|
|
if: steps.changes.outputs.manifest_changed == 'true'
|
|
uses: actions/checkout@v4
|
|
with:
|
|
repository: ${{ github.event.pull_request.head.repo.full_name }}
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
fetch-depth: 0
|
|
|
|
- name: Setup pnpm
|
|
if: steps.changes.outputs.manifest_changed == 'true'
|
|
uses: pnpm/action-setup@v4
|
|
with:
|
|
version: 9.15.4
|
|
run_install: false
|
|
|
|
- name: Setup Node.js
|
|
if: steps.changes.outputs.manifest_changed == 'true'
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
cache: pnpm
|
|
|
|
- name: Refresh pnpm lockfile
|
|
if: steps.changes.outputs.manifest_changed == 'true'
|
|
run: pnpm install --lockfile-only --ignore-scripts --no-frozen-lockfile
|
|
|
|
- name: Fail on unexpected file changes
|
|
if: steps.changes.outputs.manifest_changed == 'true'
|
|
run: |
|
|
changed="$(git status --porcelain)"
|
|
if [ -z "$changed" ]; then
|
|
echo "Lockfile is already up to date."
|
|
exit 0
|
|
fi
|
|
if printf '%s\n' "$changed" | grep -Fvq ' pnpm-lock.yaml'; then
|
|
echo "Unexpected files changed during lockfile refresh:"
|
|
echo "$changed"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Commit refreshed lockfile to same-repo PR branch
|
|
if: steps.changes.outputs.manifest_changed == 'true' && steps.changes.outputs.same_repo == 'true'
|
|
run: |
|
|
if git diff --quiet -- pnpm-lock.yaml; then
|
|
echo "Lockfile unchanged, nothing to do."
|
|
exit 0
|
|
fi
|
|
|
|
git config user.name "lockfile-bot"
|
|
git config user.email "lockfile-bot@users.noreply.github.com"
|
|
git add pnpm-lock.yaml
|
|
git commit -m "chore(lockfile): refresh pnpm-lock.yaml"
|
|
git push origin "HEAD:${{ github.event.pull_request.head.ref }}"
|
|
|
|
- name: Fail fork PRs that need a lockfile refresh
|
|
if: steps.changes.outputs.manifest_changed == 'true' && steps.changes.outputs.same_repo != 'true'
|
|
run: |
|
|
if git diff --quiet -- pnpm-lock.yaml; then
|
|
echo "Lockfile unchanged, nothing to do."
|
|
exit 0
|
|
fi
|
|
|
|
echo "This fork PR changes dependency manifests and requires a refreshed pnpm-lock.yaml." >&2
|
|
echo "Run: pnpm install --lockfile-only --ignore-scripts --no-frozen-lockfile" >&2
|
|
echo "Then commit pnpm-lock.yaml to the PR branch." >&2
|
|
exit 1
|