Skip to content
This repository was archived by the owner on Feb 3, 2026. It is now read-only.

Create workflow to autofix dependabot PR #9

Merged
Cellule merged 6 commits into from
Jun 27, 2025
Merged

Create workflow to autofix dependabot PR #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3660e41
Create workflow to autofix dependabot PR
Cellule Jun 23, 2025
8530f85
Commit to test workflow
Cellule Jun 23, 2025
30f00b6
Changed env name to avoid conflict with yarn config resolution
Cellule Jun 23, 2025
d4e079d
chore: update lockfiles after yarn install [auto-fix]
github-actions[bot] Jun 23, 2025
1320f93
Use auto-merge squash
Cellule Jun 23, 2025
8098096
Put back dependabot condition
Cellule Jun 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions .github/workflows/dependabot-auto-fix.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: Dependabot Auto Fix and Merge

on:
pull_request:
types: [opened, synchronize, reopened]

permissions:
contents: write
pull-requests: write

jobs:
dependabot-auto-fix:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
token: ${{ secrets.GITHUB_TOKEN }}

- uses: actions/setup-node@v4

- run: yarn install --no-immutable
env:
WORKSPACE_LOCKFILE_FORCE_WRITE: true

- name: Commit and push changes if any
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
if ! git diff --quiet; then
git add -A
git commit -m "update lockfiles after yarn install [auto-fix]"
git push
fi

- name: Enable auto-merge for Dependabot PRs
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
21 changes: 13 additions & 8 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,14 +119,19 @@ Both files use the same format for common fields:
- Non-scoped packages are not quoted: `fastq: "npm:^1.6.0"`
- Alphabetical ordering of packages and their dependencies

### Missing Metadata (Potential Future Additions)
The following fields from `yarn.lock` are currently not included in `yarn.workspace.lock`:
- `checksum`: Package integrity checksums
- `languageName`: The language of the package (e.g., "node")
- `linkType`: How the package should be linked (e.g., "hard")
- `__metadata`: Top-level metadata about the lockfile itself (e.g., version, cacheKey)

These metadata fields could be added in future versions if they prove useful for workspace-specific use cases.
## Environment Variables

### `WORKSPACE_LOCKFILE_FORCE_WRITE`

If set to `true`, this environment variable will force the plugin to write workspace lockfiles even when Yarn is run with the `--immutable` flag. This is useful in CI or automation scenarios where you want to ensure lockfiles are always updated, regardless of the immutable setting.

**Example:**

```sh
WORKSPACE_LOCKFILE_FORCE_WRITE=true yarn install --immutable
```

This will override the immutable check and update the `yarn.workspace.lock` files as needed.

## Publishing

Expand Down
Loading