-
-
Notifications
You must be signed in to change notification settings - Fork 0
79 lines (78 loc) · 2.8 KB
/
dependabot-dedupe.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Dependabot Dedupe
#
# Deduplicate dependencies for @dependabot.
#
# Note: This workflow can be removed once dependabot supports some type of automatic deduplication.
# See https://github.com/dependabot/dependabot-core/issues/5830 for details.
#
# References:
#
# - https://docs.github.com/actions/learn-github-actions/contexts
# - https://docs.github.com/actions/learn-github-actions/expressions
# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request
# - https://docs.github.com/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request
# - https://github.com/actions/checkout
# - https://github.com/actions/create-github-app-token
# - https://github.com/actions/setup-node
# - https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#yarn2-configuration
# - https://github.com/hmarr/debug-action
# - https://github.com/tohgarashi/verified-commit
---
name: dependabot-dedupe
on:
pull_request:
branches:
- main
paths:
- package.json
concurrency:
cancel-in-progress: true
group: ${{ github.workflow }}-${{ github.ref }}
jobs:
dependabot-dedupe:
if: github.actor == 'dependabot[bot]' && startsWith(github.head_ref, 'dependabot/npm_and_yarn/')
permissions:
packages: read
runs-on: ubuntu-latest
steps:
- id: debug
name: Print environment variables and event payload
uses: hmarr/[email protected]
- id: bot-token
name: Get bot token
uses: actions/[email protected]
with:
app-id: ${{ secrets.BOT_APP_ID }}
private-key: ${{ secrets.BOT_PRIVATE_KEY }}
- id: checkout
name: Checkout ${{ github.head_ref }}
uses: actions/[email protected]
with:
persist-credentials: false
ref: ${{ github.head_ref }}
token: ${{ steps.bot-token.outputs.token }}
- id: node
name: Setup Node.js
uses: actions/[email protected]
with:
cache: yarn
cache-dependency-path: yarn.lock
node-version-file: .nvmrc
- id: dedupe
name: Deduplicate dependencies
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
YARN_ENABLE_GLOBAL_CACHE: true
YARN_ENABLE_IMMUTABLE_INSTALLS: false
YARN_ENABLE_SCRIPTS: false
run: yarn dedupe --mode=update-lockfile
- id: commit
name: Commit and push yarn.lock
uses: tohgarashi/[email protected]
env:
GH_TOKEN: ${{ steps.bot-token.outputs.token }}
with:
commit-message: 'build(yarn): [dependabot skip] deduplicate dependencies for @dependabot'
detect-changed: true
ref: ${{ github.ref }}