Skip to content

fix: Allow pnpm to regenerate lockfile for dependabot#139

Open
lornakelly wants to merge 1 commit intoserverlessworkflow:mainfrom
lornakelly:dependabot-fix
Open

fix: Allow pnpm to regenerate lockfile for dependabot#139
lornakelly wants to merge 1 commit intoserverlessworkflow:mainfrom
lornakelly:dependabot-fix

Conversation

@lornakelly
Copy link
Copy Markdown
Contributor

@lornakelly lornakelly commented May 8, 2026
edited
Loading

Description

Dependabot PRs open but cannot be merged due to the lockfile being out of sync. See the following error

Run pnpm install
Scope: all 3 workspace projects
 ERR_PNPM_OUTDATED_LOCKFILE  Cannot install with "frozen-lockfile" because pnpm-lock.yaml is not up to date with <ROOT>\package.json

Note that in CI environments this setting is true by default. If you still need to run install in such cases, use "pnpm install --no-frozen-lockfile"

  Failure reason:
  specifiers in the lockfile don't match specifiers in package.json:
* 1 dependencies are mismatched:
  - lint-staged (lockfile: 17.0.2, manifest: catalog:)

PR reference #137

Fix

Conditionally append --no-frozen-locakfile when github.event.pull_request_user.login is dependabot. Once merged, close the current dependabot PR and allow it to recreate

Copilot AI review requested due to automatic review settings May 8, 2026 09:01
Copilot AI reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates CI dependency installation behavior to avoid Dependabot PRs failing due to pnpm-lock.yaml being out of sync with package.json when frozen-lockfile is implicitly enabled in CI.

Changes:

  • Conditionally adds --no-frozen-lockfile to pnpm install when the workflow run is attributed to dependabot[bot].

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/ci_build.yaml Outdated
Comment thread .github/workflows/ci_build.yaml Outdated
@lornakelly lornakelly force-pushed the dependabot-fix branch 2 times, most recently from 46b1fee to 0c56ded Compare May 8, 2026 09:15
Copilot AI review requested due to automatic review settings May 8, 2026 09:15
Copilot AI reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Comment thread .github/workflows/ci_build.yaml Outdated
@lornakelly
Allow pnpm to regenerate lockfile for dependabot
b7d2116 
Signed-off-by: lornakelly <lornakelly88@gmail.com>
@lornakelly
Copy link
Copy Markdown
Contributor Author

lornakelly commented May 8, 2026

@ricardozanini if you can merge when you get a chance please

@lornakelly lornakelly requested a review from ricardozanini May 8, 2026 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@fantonangeli fantonangeli Awaiting requested review from fantonangeli

@ricardozanini ricardozanini Awaiting requested review from ricardozanini

+2 more reviewers

@handreyrc handreyrc handreyrc approved these changes

@kumaradityaraj kumaradityaraj kumaradityaraj approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lornakelly @handreyrc @kumaradityaraj