Update Dependencies #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Dependencies | |
| on: | |
| schedule: | |
| # Run weekly on Mondays at 9 AM UTC | |
| - cron: "0 9 * * 1" | |
| workflow_dispatch: # Allow manual trigger | |
| jobs: | |
| update-dependencies: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| cache: "npm" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Check for security vulnerabilities | |
| run: npm audit --audit-level high | |
| - name: Update dependencies | |
| run: | | |
| npm update | |
| npm audit fix --force || true | |
| - name: Run tests to ensure updates don't break anything | |
| run: | | |
| npx playwright install --with-deps | |
| npm run test || echo "Tests failed after dependency update" | |
| - name: Create Pull Request | |
| uses: peter-evans/create-pull-request@v5 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| commit-message: "chore: update dependencies and fix security vulnerabilities" | |
| title: "chore: automated dependency updates" | |
| body: | | |
| Automated dependency updates and security fixes. | |
| This PR was automatically created to: | |
| - Update npm dependencies | |
| - Fix security vulnerabilities | |
| - Ensure tests still pass | |
| Please review the changes and merge if everything looks good. | |
| branch: automated-dependency-updates | |
| delete-branch: true |