Update Dependencies #45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Dependencies | |
| on: | |
| schedule: | |
| - cron: "0 6 * * MON" # Run every Monday at 6 AM UTC | |
| workflow_dispatch: # Allow manual triggering | |
| jobs: | |
| check-updates: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| lfs: true | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version: 20 | |
| cache: "npm" | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Update dependencies | |
| id: update | |
| run: | | |
| # Capture current package.json content | |
| cp package.json package.json.backup | |
| # Run npm-check-updates to update dependencies (using package.json | |
| # scripts which have custom npm-check-updates options) | |
| npm run ncu | |
| # Check if package.json was modified | |
| if diff -q package.json package.json.backup > /dev/null; then | |
| echo "changed=false" >> $GITHUB_OUTPUT | |
| echo "No updates available" | |
| else | |
| echo "changed=true" >> $GITHUB_OUTPUT | |
| echo "Dependencies updated" | |
| # Generate summary of changes | |
| { | |
| echo 'update_summary<<EOF' | |
| echo "Updated dependencies to their latest versions:" | |
| echo "" | |
| echo '```diff' | |
| # Show the diff in a readable format | |
| diff -u package.json.backup package.json | grep "^[-+]" | grep -v "^[-+][-+][-+]" | |
| echo '```' | |
| echo 'EOF' | |
| } >> $GITHUB_OUTPUT | |
| fi | |
| # Clean up backup | |
| rm -f package.json.backup | |
| - name: Install updated dependencies | |
| if: steps.update.outputs.changed == 'true' | |
| run: npm install | |
| - name: Create Pull Request | |
| if: steps.update.outputs.changed == 'true' | |
| uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 | |
| with: | |
| # Use GITHUB_TOKEN for signed commits (like the working exiftool-vendored.pl workflow) | |
| # This allows automatic GitHub signing and you can approve PRs created by github-actions[bot] | |
| # NOTE: We tried using a PAT to trigger CI workflows automatically, | |
| # but hit issues with signed commits and self-approval restrictions. The trade-offs: | |
| # GITHUB_TOKEN (current): | |
| # ✅ Works with signed commit requirements | |
| # ✅ You can approve PRs (created by github-actions[bot], not you) | |
| # ❌ CI workflows don't auto-trigger (must manually trigger if needed) | |
| # PAT approach: | |
| # ✅ CI workflows auto-trigger | |
| # ❌ Can't approve your own PRs (PAT owner becomes author) | |
| # ❌ Bot accounts require signed commit setups | |
| # Conclusion: GITHUB_TOKEN is simpler and more reliable for this use | |
| # case. We lose automatic CI triggering, but at least it works. | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| sign-commits: true | |
| commit-message: "chore(deps): update dependencies" | |
| title: "Update dependencies" | |
| body: | | |
| Updates dependencies to their latest versions. | |
| This is an automated update created by the check-updates workflow. | |
| ## Changes | |
| ${{ steps.update.outputs.update_summary }} | |
| ## Next Steps | |
| After merging this PR, consider creating a new release to publish the updated dependencies. | |
| Please review the changes and merge if everything looks good. | |
| branch: update-dependencies-${{ github.run_id }} | |
| delete-branch: true | |
| labels: | | |
| dependencies | |
| automated |