From f41fa8771d39a2e6af5a658f1a0704017fb78cfb Mon Sep 17 00:00:00 2001 From: aimee rivers Date: Thu, 25 Apr 2024 07:37:02 +0200 Subject: [PATCH 1/9] feat(workflows): add a workflow to update dependencies --- .github/workflows/update-dependencies.yml | 49 +++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/update-dependencies.yml diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml new file mode 100644 index 0000000..7a9af77 --- /dev/null +++ b/.github/workflows/update-dependencies.yml @@ -0,0 +1,49 @@ +name: Update Dependencies + +on: + workflow_call: + secrets: + HEDIA_BOT_GITHUB_PAT: + description: Needed to run release-please + required: true + +permissions: + contents: write + pull-requests: write + +jobs: + update-dependencies: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Setup Node.js Environment + uses: actions/setup-node@v4 + with: + always-auth: true + cache: "npm" + node-version-file: package.json + registry-url: https://registry.npmjs.org + scope: "@hedia" + + - name: Install npm-check-updates + run: npm install -g npm-check-updates + + - name: Update minor and patch dependencies + run: ncu -t minor -u + + - name: Install updated dependencies + run: npm install + + - name: Create Pull Request + uses: peter-evans/create-pull-request@v6 + with: + token: ${{ secrets.HEDIA_BOT_GITHUB_PAT }} + commit-message: "chore(deps): update dependencies" + title: "chore(deps): update dependencies" + body: Update dependencies using npm-check-updates + branch: update-dependencies From d956f1cf5f46b3bc963c9a9b75c818101cf1a271 Mon Sep 17 00:00:00 2001 From: aimee rivers Date: Thu, 25 Apr 2024 07:59:56 +0200 Subject: [PATCH 2/9] fix(workflows): use NODE_AUTH_TOKEN for ncu --- .github/workflows/update-dependencies.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 7a9af77..17703c5 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -1,11 +1,14 @@ name: Update Dependencies on: - workflow_call: - secrets: - HEDIA_BOT_GITHUB_PAT: - description: Needed to run release-please - required: true + workflow_call: + secrets: + HEDIA_BOT_GITHUB_PAT: + description: Needed to create the PR + required: true + READONLY_NPM_TOKEN: + description: Needed to access private @hedia npm packages + required: true permissions: contents: write @@ -35,6 +38,8 @@ jobs: - name: Update minor and patch dependencies run: ncu -t minor -u + env: + NODE_AUTH_TOKEN: ${{ secrets.READONLY_NPM_TOKEN }} - name: Install updated dependencies run: npm install From bb808c3832cd8beeaef417f7cf0269e828ced1c0 Mon Sep 17 00:00:00 2001 From: aimee rivers Date: Thu, 25 Apr 2024 09:59:29 +0200 Subject: [PATCH 3/9] fix(workflows): add the NODE_AUTH_TOKEN for install, too --- .github/workflows/update-dependencies.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 17703c5..47d4cc6 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -43,6 +43,8 @@ jobs: - name: Install updated dependencies run: npm install + env: + NODE_AUTH_TOKEN: ${{ secrets.READONLY_NPM_TOKEN }} - name: Create Pull Request uses: peter-evans/create-pull-request@v6 From 153c727d9918efd2c453f156323750da0ed53aec Mon Sep 17 00:00:00 2001 From: aimee rivers Date: Thu, 25 Apr 2024 11:10:35 +0200 Subject: [PATCH 4/9] ci(workflows): improve body, branch and labels --- .github/workflows/update-dependencies.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 47d4cc6..6feb4e0 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -52,5 +52,6 @@ jobs: token: ${{ secrets.HEDIA_BOT_GITHUB_PAT }} commit-message: "chore(deps): update dependencies" title: "chore(deps): update dependencies" - body: Update dependencies using npm-check-updates - branch: update-dependencies + body: "Update dependencies using `ncu`" + branch: update-dependencies-${{ github.sha }} + labels: chore From 8a64f3483a659e984fd00d217ec995149262f7b1 Mon Sep 17 00:00:00 2001 From: aimee rivers Date: Thu, 25 Apr 2024 11:20:04 +0200 Subject: [PATCH 5/9] ci(workflows): add reviewers as an input option --- .github/workflows/update-dependencies.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 6feb4e0..e5c3828 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -2,6 +2,11 @@ name: Update Dependencies on: workflow_call: + inputs: + reviewers: + type: string + description: Reviewers for the PR. Comma separated list of GitHub usernames. + default: hedia-team/development secrets: HEDIA_BOT_GITHUB_PAT: description: Needed to create the PR @@ -55,3 +60,4 @@ jobs: body: "Update dependencies using `ncu`" branch: update-dependencies-${{ github.sha }} labels: chore + reviewers: ${{ inputs.reviewers }} From 796270abf0d6d61214f5f901f773fab91d8d2a45 Mon Sep 17 00:00:00 2001 From: aimee rivers Date: Thu, 25 Apr 2024 11:27:49 +0200 Subject: [PATCH 6/9] ci(workflows): rename the workflow to update-please --- .../{update-dependencies.yml => update-please.yml} | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) rename .github/workflows/{update-dependencies.yml => update-please.yml} (91%) diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-please.yml similarity index 91% rename from .github/workflows/update-dependencies.yml rename to .github/workflows/update-please.yml index e5c3828..64d5298 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-please.yml @@ -1,4 +1,4 @@ -name: Update Dependencies +name: Update Please on: workflow_call: @@ -20,7 +20,7 @@ permissions: pull-requests: write jobs: - update-dependencies: + update-please: runs-on: ubuntu-latest steps: @@ -57,7 +57,7 @@ jobs: token: ${{ secrets.HEDIA_BOT_GITHUB_PAT }} commit-message: "chore(deps): update dependencies" title: "chore(deps): update dependencies" - body: "Update dependencies using `ncu`" - branch: update-dependencies-${{ github.sha }} + body: "Update Please has found some dependencies to be updated! 🚀" + branch: update-please-${{ github.sha }} labels: chore reviewers: ${{ inputs.reviewers }} From fca185f929afc222a4525fded8dad1da360a934f Mon Sep 17 00:00:00 2001 From: aimee rivers Date: Thu, 25 Apr 2024 12:19:16 +0200 Subject: [PATCH 7/9] ci(workflows): it seems team-reviewers are handled separately from github username reviewers --- .github/workflows/update-please.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/update-please.yml b/.github/workflows/update-please.yml index 64d5298..ba654d6 100644 --- a/.github/workflows/update-please.yml +++ b/.github/workflows/update-please.yml @@ -4,9 +4,13 @@ on: workflow_call: inputs: reviewers: - type: string - description: Reviewers for the PR. Comma separated list of GitHub usernames. - default: hedia-team/development + type: string + description: A comma-separated list of reviewers (GitHub usernames) to request a review from. + required: false + team-reviewers: + type: string + description: A comma-separated list of GitHub teams to request a review from. + required: false secrets: HEDIA_BOT_GITHUB_PAT: description: Needed to create the PR @@ -61,3 +65,4 @@ jobs: branch: update-please-${{ github.sha }} labels: chore reviewers: ${{ inputs.reviewers }} + team-reviewers: ${{ inputs.team-reviewers }} From 48293ebdf447b8a8b111017cb91207c668cdd49f Mon Sep 17 00:00:00 2001 From: aimee rivers Date: Thu, 25 Apr 2024 12:25:29 +0200 Subject: [PATCH 8/9] ci(workflows): be accurate that it's one or more dependencies (we actually don't know) --- .github/workflows/update-please.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-please.yml b/.github/workflows/update-please.yml index ba654d6..a6624f6 100644 --- a/.github/workflows/update-please.yml +++ b/.github/workflows/update-please.yml @@ -61,7 +61,7 @@ jobs: token: ${{ secrets.HEDIA_BOT_GITHUB_PAT }} commit-message: "chore(deps): update dependencies" title: "chore(deps): update dependencies" - body: "Update Please has found some dependencies to be updated! 🚀" + body: "Update Please has found one or more dependencies to be updated! 🚀" branch: update-please-${{ github.sha }} labels: chore reviewers: ${{ inputs.reviewers }} From 31637d65c40f0a16deae1f3a7e17e1c2bf7dee23 Mon Sep 17 00:00:00 2001 From: aimee rivers Date: Thu, 25 Apr 2024 14:16:55 +0200 Subject: [PATCH 9/9] ci(workflows): use a hedia-fork of create-pull-request action thanks for everything you did, peter-evans --- .github/workflows/update-please.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-please.yml b/.github/workflows/update-please.yml index a6624f6..7bb84fe 100644 --- a/.github/workflows/update-please.yml +++ b/.github/workflows/update-please.yml @@ -56,7 +56,7 @@ jobs: NODE_AUTH_TOKEN: ${{ secrets.READONLY_NPM_TOKEN }} - name: Create Pull Request - uses: peter-evans/create-pull-request@v6 + uses: hedia-team/create-pull-request@v6 with: token: ${{ secrets.HEDIA_BOT_GITHUB_PAT }} commit-message: "chore(deps): update dependencies"