Update dependabot actions #178
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
This PR updates the Dependabot-related GitHub Actions workflows by introducing new automation for Rush.json synchronization and PR auto-approval, while removing the auto-merge workflow and downgrading the rebase action version.
Key Changes:
- Adds automated Rush.json version synchronization when Dependabot updates the Rush dependency
- Replaces auto-merge workflow with a safer auto-approve workflow that waits for status checks
- Downgrades the rebase action from v3 to v2
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
.github/workflows/sync-rush-versions.yml |
New workflow to automatically sync Rush.json version with Dependabot updates and regenerate lockfiles |
.github/workflows/pr-auto-approve.yml |
New workflow to auto-approve PRs from Dependabot and nev21 after status checks pass |
.github/workflows/dependabot-force-rebase.yml |
Downgrades peter-evans/rebase action from v3 to v2 |
.github/workflows/dependabot-auto-merge.yml |
Removes the auto-merge workflow entirely |
| id: detect | ||
| run: | | ||
| # Look for @microsoft/rush in the diff | ||
| if git diff -U0 HEAD~1 -- **/package.json | grep '"@microsoft/rush"'; then |
There was a problem hiding this comment.
The git diff command assumes HEAD1 exists, which will fail on the first commit of a new branch or repository. Consider using 'origin/${{ github.base_ref }}' or checking if HEAD1 exists before running the diff.
| if git diff -U0 HEAD~1 -- **/package.json | grep '"@microsoft/rush"'; then | |
| if git diff -U0 origin/${{ github.base_ref }} -- **/package.json | grep '"@microsoft/rush"'; then |
| run: | | ||
| echo "Syncing rush.json with Dependabot bump..." | ||
| # Extract new Rush version from package.json | ||
| NEW_VERSION=$(jq -r '.devDependencies["@microsoft/rush"] // .dependencies["@microsoft/rush"]' package.json) |
There was a problem hiding this comment.
If the @microsoft/rush dependency is not found in package.json, NEW_VERSION will be empty or 'null', leading to an invalid rush.json update. Add validation to ensure NEW_VERSION is not empty before proceeding with the update.
| echo "No changes to commit." | ||
| else | ||
| git commit -m "chore: sync rush.json and regenerate lockfiles" | ||
| git push --force-with-lease |
There was a problem hiding this comment.
Using --force-with-lease on Dependabot PRs could overwrite commits if the branch has been updated elsewhere. Since this workflow uses GITHUB_TOKEN and runs on pull_request events, consider whether force-pushing is appropriate or if regular push with proper error handling would be safer.
No description provided.