Skip to content

Auto-rebuild dist files for Dependabot npm PRs #3455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

Auto-rebuild dist files for Dependabot npm PRs #3455

Copilot wants to merge 7 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jan 13, 2026
edited
Loading

Dependabot updates package.json/package-lock.json but doesn't rebuild dist files, causing CI to fail when it checks for drift between source and built artifacts.

Changes

Added .github/workflows/dependabot-rebuild.yml that:

  • Triggers via workflow_run after JavaScript CI fails on a PR
  • Verifies PR author is dependabot[bot] using gh pr view
  • Runs npm ci && npm run build for all 9 JS packages
  • Commits rebuilt dist files back to the PR branch using appauth

Implementation Notes

  • Uses workflow_run event to gain write permissions (Dependabot PRs have read-only GITHUB_TOKEN)
  • Leverages existing appauth action with ENVOY_CI_PUBLISH_APP_ID/ENVOY_CI_PUBLISH_APP_KEY secrets
  • Only commits when git status --porcelain shows changes
  • Filters to same-repo PRs only (excludes forks)
on:
  workflow_run:
    workflows:
    - JavaScript CI
    types:
    - completed
Original prompt

#3452 fails because dependabot doesnt know how to rebuild the dist files

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@netlify
Copy link

netlify bot commented Jan 13, 2026
edited
Loading

Deploy Preview for nifty-bassi-e26446 ready!

Name Link
🔨 Latest commit d8d8105
🔍 Latest deploy log https://app.netlify.com/projects/nifty-bassi-e26446/deploys/696647619226f700081582ce
😎 Deploy Preview https://deploy-preview-3455--nifty-bassi-e26446.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Copilot AI and others added 6 commits January 13, 2026 13:17
@phlax
Add workflow to rebuild dist files for Dependabot PRs
e296e37 
Co-authored-by: phlax <454682+phlax@users.noreply.github.com>
@phlax
Improve workflow: simplify PR details extraction and add error handling
1ebfa70 
Co-authored-by: phlax <454682+phlax@users.noreply.github.com>
@phlax
Improve workflow: verify PR author is dependabot and add conditional …
6c4e792 
…execution

Co-authored-by: phlax <454682+phlax@users.noreply.github.com>
@phlax
Use gh CLI instead of github-script and 4-space indent for bash
1c0b3b4 
Co-authored-by: phlax <454682+phlax@users.noreply.github.com>
@phlax
Fix toJson expression quoting in workflow
183ff5d 
Co-authored-by: phlax <454682+phlax@users.noreply.github.com>
@phlax
Improve git status check with explicit -n flag
d8d8105 
Co-authored-by: phlax <454682+phlax@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix dependabot rebuild issue for dist files Auto-rebuild dist files for Dependabot npm PRs Jan 13, 2026
Copilot AI requested a review from phlax January 13, 2026 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@phlax phlax Awaiting requested review from phlax

At least 1 approving review is required to merge this pull request.

Assignees

@phlax phlax

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@phlax