aevgarik/paperclip
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee7fddf8d5fcd76d7ffc93164f972e717fb15c25
paperclip/.github/workflows/refresh-lockfile.yml
Dotta ee7fddf8d5 fix: convert lockfile refresh to PR-based flow for protected master 
The refresh-lockfile workflow was pushing directly to master, which fails
with branch protection rules. Convert to use peter-evans/create-pull-request
to create a PR instead. Exempt the bot's branch from the lockfile policy check.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 07:22:34 -05:00

65 lines
1.6 KiB
YAML
Raw Blame History

name: Refresh Lockfile
on:
push:
branches:
- master
workflow_dispatch:
concurrency:
group: refresh-lockfile-master
cancel-in-progress: false
jobs:
refresh:
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 9.15.4
run_install: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: pnpm
- name: Refresh pnpm lockfile
run: pnpm install --lockfile-only --ignore-scripts --no-frozen-lockfile
- name: Fail on unexpected file changes
run: |
changed="$(git status --porcelain)"
if [ -z "$changed" ]; then
echo "Lockfile is already up to date."
exit 0
fi
if printf '%s\n' "$changed" | grep -Fvq ' pnpm-lock.yaml'; then
echo "Unexpected files changed during lockfile refresh:"
echo "$changed"
exit 1
fi
- name: Create pull request
uses: peter-evans/create-pull-request@v7
with:
commit-message: "chore(lockfile): refresh pnpm-lock.yaml"
branch: chore/refresh-lockfile
delete-branch: true
title: "chore(lockfile): refresh pnpm-lock.yaml"
body: |
Auto-generated lockfile refresh after dependencies changed on `master`.
This PR only updates `pnpm-lock.yaml` — no source changes.
labels: lockfile-bot
Reference in New Issue View Git Blame Copy Permalink