Skip to content

upgrade-dependencies #30

upgrade-dependencies

upgrade-dependencies #30

name: upgrade-dependencies
on:
schedule:
- cron: 28 5 * * 0
workflow_dispatch: {}
concurrency: ${{ github.workflow }}-${{ github.ref }}
jobs:
upgrade:
name: Upgrade dependencies using yarn
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install
run: yarn install
- name: Run yarn outdated
run: yarn outdated > outdated.txt
continue-on-error: true
# Took me way too much debugging to figure out: `yarn outdated` uses exit code 1 if outdated packages are present
# See also: https://github.com/yarnpkg/yarn/issues/7573
- name: Save the output from yarn outdated in a variable to reference in the PR body
id: yarn
# See: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
# See also https://github.com/github/docs/issues/21529 for more info on why this is not quite so simple
run: |
YARN_OUTDATED=$(cat outdated.txt)
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "outdated<<$EOF" >> "$GITHUB_OUTPUT"
echo "$YARN_OUTDATED" >> "$GITHUB_OUTPUT"
echo "$EOF" >> "$GITHUB_OUTPUT"
- name: Remove temporary file
run: rm outdated.txt
- name: Do the upgrade
run: yarn upgrade
- name: Create Pull Request
uses: peter-evans/create-pull-request@d121e62763d8cc35b5fb1710e887d6e69a52d3a4 # v7.0.2
with:
branch: auto/upgrade-dependencies
base: main
commit-message: "chore(deps): upgrade dependencies for this repo only"
title: "chore(deps): upgrade dependencies for this repo only"
body: |
This PR upgrades dependencies used by this repo (`cdktf-repository-manager`) to their latest version based on the version range specified in the `package.json` file.
For reference, here is the output from `yarn outdated` prior to running `yarn upgrade` which was used to produce this PR:
```
${{ steps.yarn.outputs.outdated }}
```
Note that this auto-update process only stays within specified version ranges (typically minor or patch). If you want to upgrade to newer versions beyond those, you will need to manually check out this repository and run the command `yarn upgrade [package] --latest`.
For future reference: the reason why we're not using Dependabot for this is because this repo has a tendency to run into rate limits, and Dependabot produces so many PRs and workflow runs that it'd be likely to hit those limits quickly.
labels: automerge,auto-approve,dependencies
token: ${{ secrets.GH_TOKEN_ACTIONS_UPDATER }}
author: team-tf-cdk <[email protected]>
committer: team-tf-cdk <[email protected]>
signoff: true
delete-branch: true