Update dependencies #566
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Update dependencies | |
| on: | |
| schedule: | |
| # Run daily (Monday-Friday) at 12:15 UTC (08:15 EDT/07:15 EST) | |
| - cron: "15 12 * * 1-5" | |
| workflow_dispatch: | |
| # This workflow needs to leverage a GitHub Personal Access Token (PAT) in order | |
| # to open the pull request. While the GitHub Actions token _could_ create the | |
| # pull request if the `permissions` block were edited to allow that, the created | |
| # PR would not actually trigger any status checks, which would be mostly useless. | |
| # Therefore a PAT is used. Theoretically, any of the mechanisms listed in the | |
| # peter-evans/create-pull-request Action's README could be used (and we may | |
| # eventually switch to using the app). | |
| permissions: | |
| contents: read | |
| jobs: | |
| npm: | |
| name: NPM Dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Setup node | |
| uses: actions/setup-node@v3 | |
| with: | |
| # The specific version of node itself isn't especially important | |
| # to us. | |
| node-version: "lts/*" | |
| cache: npm | |
| cache-dependency-path: end-to-end-tests/package-lock.json | |
| - name: Install latest npm and and npm-check-updates | |
| run: npm install -g npm@latest npm-check-updates@latest | |
| - name: Update project dependencies | |
| run: ncu --upgrade | |
| working-directory: end-to-end-tests | |
| - name: Install updated dependencies | |
| run: |- | |
| npm install | |
| npm update | |
| working-directory: end-to-end-tests | |
| - name: Login as the automation app | |
| # This Action generates a token from the GitHub App and provides it as | |
| # an output. It _does_ register that token as a secret so that it will be | |
| # filtered from log output automatically | |
| id: generate-token | |
| # This maps to v1.8.0 https://github.com/tibdex/github-app-token/releases/tag/v1.8.0 | |
| uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 | |
| with: | |
| app_id: ${{ secrets.APP_ID }} | |
| private_key: ${{ secrets.APP_PRIVATE_KEY }} | |
| permissions: >- | |
| { | |
| "contents": "write", | |
| "pull_requests": "write" | |
| } | |
| - name: Create update pull request | |
| uses: peter-evans/create-pull-request@v5 | |
| with: | |
| commit-message: "chore(deps): update NPM dependencies" | |
| title: "chore(deps): update NPM dependencies" | |
| body: >- | |
| This was generated by the "${{ github.workflow }}" workflow, primarily | |
| by running `npm-check-updates` and `npm install`. | |
| branch: automation/update-npm-dependencies | |
| delete-branch: true | |
| base: main | |
| committer: Easy Dynamics Automation <[email protected]> | |
| author: Easy Dynamics Automation <[email protected]> | |
| token: "${{ steps.generate-token.outputs.token }}" |