Add new workflow to keep pnpm up to date

This isn't handled by dependabot, so we need to do it ourselves. This workflow will run every week and open a PR if there are updates available. The PR will be auto-approved if CI passes.
iainlane · Jul 25, 2024 · be92552 · be92552
1 parent bb775fe
commit be92552
Show file tree

Hide file tree

Showing 4 changed files with 196 additions and 33 deletions.
diff --git a/.devcontainer/devcontainer-lock.json b/.devcontainer/devcontainer-lock.json
@@ -4,6 +4,11 @@
       "version": "1.0.11",
       "resolved": "ghcr.io/devcontainers/features/github-cli@sha256:464564228ccdd6028f01f8a62a3cfbaf76e9ba7953b29ac0e53ba2c262604312",
       "integrity": "sha256:464564228ccdd6028f01f8a62a3cfbaf76e9ba7953b29ac0e53ba2c262604312"
+    },
+    "ghcr.io/devcontainers/features/rust:1": {
+      "version": "1.3.0",
+      "resolved": "ghcr.io/devcontainers/features/rust@sha256:dfeb34c48d0aef1f28ba0c70624f79471c3bc91d32d096e3c7015e090831aa9e",
+      "integrity": "sha256:dfeb34c48d0aef1f28ba0c70624f79471c3bc91d32d096e3c7015e090831aa9e"
     }
   }
 }
diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
@@ -0,0 +1,38 @@
+name: Auto-merge automated PRs
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: |
+      github.actor == 'dependabot[bot]' || (
+        github.actor == 'github-actions[bot]' &&
+        startsWith(github.event.pull_request.head.ref, 'auto-merge/')
+      )
+
+    steps:
+      - name: Generate installation token
+        id: generate-installation-token
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
+        with:
+          app-id: ${{ secrets.LANEYBOT_APP_ID }}
+          private-key: ${{ secrets.LANEYBOT_PRIVATE_KEY }}
+
+      - name: Approve a PR
+        run: >
+          gh pr review --approve "$PR_URL" --body "${{ github.actor }} PR
+          automatically approved"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{ steps.generate-installation-token.outputs.token }}
+
+      - name: Enable auto-merge for automated PRs
+        run: gh pr merge --auto --rebase "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{ steps.generate-installation-token.outputs.token }}
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
diff --git a/.github/workflows/update-pnpm.yml b/.github/workflows/update-pnpm.yml
@@ -0,0 +1,153 @@
+name: Update Package Manager
+
+on:
+  schedule:
+    # Run every Monday at 3:27 AM
+    - cron: "27 3 * * 1"
+
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/update-pnpm.yml
+
+  pull_request:
+    paths:
+      - .github/workflows/update-pnpm.yml
+
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  check-for-new-version:
+    name: Check for new pnpm version
+
+    runs-on: ubuntu-latest
+
+    outputs:
+      new-version: ${{ steps.pnpm-info.outputs.version }}
+      branch-exists: ${{ steps.check-branch.outputs.branch-exists }}
+
+    steps:
+      - name: Get user info
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          LANEYBOT_APP_ID: ${{ vars.LANEYBOT_APP_ID }}
+          LANEYBOT_CLIENT_ID: ${{ vars.LANEYBOT_CLIENT_ID }}
+          LANEYBOT_CLIENT_SECRET: ${{ secrets.LANEYBOT_CLIENT_SECRET }}
+          LANEYBOT_PRIVATE_KEY: ${{ secrets.LANEYBOT_PRIVATE_KEY }}
+        with:
+          script: |
+            const app = await octokit.auth({
+              appId: process.env.LANEYBOT_APP_ID,
+              clientId: process.env.LANEYBOT_CLIENT_ID,
+              clientSecret: process.env.LANEYBOT_CLIENT_SECRET,
+              privateKey: process.env.LANEYBOT_PRIVATE_KEY,
+            });
+
+            const repoInstallation = await app.apps.getRepoInstallation({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+
+            const appID = repoInstallation.data.id;
+            const appSlug = repoInstallation.data.account.login;
+
+            const appInfo = await app.apps.get({
+              app_id: appID,
+            });
+
+            const displayName = appInfo.data.name;
+
+            console.log(`Got app info for '${appSlug}'. Display name: '${displayName}'. ID: '${appID}'.`);
+
+            core.setOutput("name", displayName);
+            core.setOutput("id", appSlug);
+            core.setOutput("login", appSlug);
+
+      - name: Generate token
+        id: generate-installation-token
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
+        with:
+          app-id: ${{ secrets.LANEYBOT_APP_ID }}
+          private-key: ${{ secrets.LANEYBOT_PRIVATE_KEY }}
+
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          token: ${{ steps.generate-installation-token.outputs.token }}
+
+      - name: Enable Corepack
+        run: |
+          corepack enable
+
+      - name: Setup Node.js
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        env:
+          COREPACK_ENABLE_STRICT: false
+        with:
+          cache-dependency-path: pnpm-lock.yaml
+          node-version-file: "package.json"
+          cache: "pnpm"
+
+      - name: Update Package Manager
+        run: |
+          corepack up
+
+      - name: Check for changes
+        id: git-check
+        run: |
+          git diff --exit-code package.json || echo "changes=true" >> "${GITHUB_OUTPUT}"
+
+      - name: Get new pnpm version and packageManager field
+        if: steps.git-check.outputs.changes == 'true'
+        id: pnpm-info
+        run: |
+          VERSION="$(pnpm --version)"
+          echo "version=${VERSION}" >> "${GITHUB_OUTPUT}"
+          echo "package-manager=$(jq -r .packageManager package.json)" >> "${GITHUB_OUTPUT}"
+          echo "update-branch=auto-merge/pnpm/${VERSION}" >> "${GITHUB_OUTPUT}"
+
+      - name: Check if update branch exists
+        if: steps.git-check.outputs.changes == 'true'
+        id: check-branch
+        run: |
+          git ls-remote --exit-code --heads origin ${{ steps.pnpm-info.outputs.update-branch }} \
+            && echo "branch-exists=true" >> "${GITHUB_OUTPUT}" \
+            || echo "branch-exists=false" >> "${GITHUB_OUTPUT}"
+
+      - name: Create Pull Request
+        if: >
+          steps.git-check.outputs.changes == 'true' &&
+          steps.check-branch.outputs.branch-exists == 'false'
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+        with:
+          commit-message: >
+            chore: update packageManager field to pnpm@${{
+            steps.pnpm-info.outputs.version }}
+          title: >
+            chore: update packageManager field to pnpm@${{
+            steps.pnpm-info.outputs.version }}
+          body: |
+            Update pnpm to version `${{ steps.pnpm-info.outputs.version }}`.
+
+            Changes made:
+            - Updated the `packageManager` field to pnpm@${{ steps.pnpm-info.outputs.package-manager }}.
+
+            This update [was performed automatically][workflow-run] by [the
+            "Update Package Manager" workflow][workflow].
+
+            [workflow]: ./github/workflows-update-pnpm.yml
+            [workflow-run]: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          base: main
+          branch: ${{ steps.pnpm-info.outputs.update-branch }}
+          committer: |-
+            ${{ steps.get-user-info.outputs.name }} <${{ steps.get-user-info.outputs.id }}+${{ steps.get-user-info.outputs.login }}@users.noreply.github.com>
+          delete-branch: true
+          labels: |
+            dependencies
+            automated pr
+          token: ${{ steps.generate-installation-token.outputs.token }}