-
Notifications
You must be signed in to change notification settings - Fork 244
149 lines (126 loc) · 5.97 KB
/
yarn-upgrade.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Yarn Upgrade
on:
schedule:
# Every wednesday at 13:37 UTC
- cron: 37 13 * * 3
workflow_dispatch: {}
jobs:
upgrade:
name: Yarn Upgrade
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- name: Check Out
uses: actions/checkout@v4
- name: Set up Node
uses: actions/setup-node@v4
with:
cache: yarn
node-version: 18
- name: Install Tools
run: |-
npm -g install lerna npm-check-updates@^9.0.0
- name: List Mono-Repo Packages
id: monorepo-packages
# These need to be ignored from the `ncu` runs!
run: |-
echo -n "list=" >> $GITHUB_OUTPUT
node -p "$(lerna ls --all --json 2>/dev/null).map(item => item.name).join(',')" >> $GITHUB_OUTPUT
- name: Identify production dependencies
id: production-dependencies
# These should be limited to `--target=minor` in the `ncu` run
# We assume repository-root has no production dependencies (it shouldn't have any!)
# We always consider @types/node to be a production dependency (it must relate to our minimum supported engine)
run: |-
echo -n "list=" >> $GITHUB_OUTPUT
node -p <<-EOF >> $GITHUB_OUTPUT
const path = require('path');
const prodDependencies = new Set(['@types/node']);
function processManifest(file) {
const manifest = require(file);
for (const kind of ['dependencies', 'peerDependencies']) {
// We assume the manifests are well-formed here (should be safe, since it's in the trunk)
if (!(kind in manifest)) {
continue;
}
for (const dep of Object.keys(manifest[kind])) {
prodDependencies.add(dep);
}
}
}
const lernaPackagesDirs = $(lerna ls --all --json 2>/dev/null).map(item => item.location);
for (const packageDir of lernaPackagesDirs) {
processManifest(path.join(packageDir, 'package.json'));
}
Array.from(prodDependencies).sort().join(',');
EOF
- name: Run "ncu -u"
# We special-case typescript because it's not semantically versionned, and major.minor is the API contract
# We special-case @types/fs-extra because 9.0.13 is the last version that supports [email protected]
# We special-case @types/yargs because 17.0.13 is the last version that doesn't break
# We special-case eslint-plugin-import because 26 is the last version that works for us.
run: |-
# Upgrade devDependencies at repository root
ncu --upgrade --target=minor --filter=@types/inquirer,@types/node,@jest/types,jest-config,jest-circus
ncu --upgrade --target=patch --filter=typescript
ncu --upgrade --target=latest --reject=@types/inquirer,@types/node,typescript,@jest/types,jest-config,jest-circus,eslint-plugin-import
# Upgrade all production dependencies (and other always major-pinned dependencies)
lerna exec --parallel ncu -- --upgrade --target=minor \
--filter='@types/fs-extra,${{ steps.production-dependencies.outputs.list }}' \
--reject='typescript,${{ steps.monorepo-packages.outputs.list }}'
# Upgrade all minor-pinned dependencies
lerna exec --parallel ncu -- --upgrade --target=patch \
--filter=typescript
# Upgrade all other dependencies (devDependencies) to the latest
lerna exec --parallel ncu -- --upgrade --target=latest \
--reject='@types/inquirer,@types/node,typescript,@types/fs-extra,@types/yargs,${{ steps.production-dependencies.outputs.list }},${{ steps.monorepo-packages.outputs.list }}'
# This will ensure the current lockfile is up-to-date with the dependency specifications (necessary for "yarn update" to run)
- name: Run "yarn install"
run: yarn install
- name: Run "yarn upgrade"
run: yarn upgrade
# Next, create and upload the changes as a patch file. This will later be downloaded to create a pull request
# Creating a pull request requires write permissions and it's best to keep write privileges isolated.
- name: Create Patch
run: |-
git add .
git diff --patch --staged > ${{ runner.temp }}/upgrade.patch
- name: Upload Patch
uses: actions/upload-artifact@v3
with:
name: upgrade.patch
path: ${{ runner.temp }}/upgrade.patch
pr:
name: Create Pull Request
needs: upgrade
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: Check Out
uses: actions/checkout@v4
- name: Download patch
uses: actions/download-artifact@v3
with:
name: upgrade.patch
path: ${{ runner.temp }}
- name: Apply patch
run: '[ -s ${{ runner.temp }}/upgrade.patch ] && git apply ${{ runner.temp }}/upgrade.patch || echo "Empty patch. Skipping."'
- name: Make Pull Request
uses: peter-evans/create-pull-request@v6
with:
# Git commit details
author: 'AWS CDK Automation <[email protected]>'
branch: automation/yarn-upgrade
commit-message: |-
chore: npm-check-updates && yarn upgrade
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
# Pull Request details
title: 'chore: npm-check-updates && yarn upgrade'
body: |-
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
labels: contribution/core,dependencies,auto-approve
# Privileged token so automated PR validation happens
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}