Dependency Version Check #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Version Check | |
| on: | |
| schedule: | |
| # Run every Monday at 9am UTC | |
| - cron: "0 9 * * 1" | |
| workflow_dispatch: | |
| inputs: | |
| update_mode: | |
| description: "Update mode" | |
| type: choice | |
| options: | |
| - check-only | |
| - patch-minor | |
| - all | |
| default: "check-only" | |
| ecosystem: | |
| description: "Specific ecosystem to check (leave empty for all)" | |
| required: false | |
| type: string | |
| concurrency: | |
| group: deps-check | |
| cancel-in-progress: true | |
| jobs: | |
| check-versions: | |
| name: Check Dependency Versions | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| outputs: | |
| has_major_updates: ${{ steps.check.outputs.has_major_updates }} | |
| major_packages: ${{ steps.check.outputs.major_packages }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Cache Dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| node_modules | |
| ~/.bun/install/cache | |
| key: deps-check-${{ runner.os }}-bun-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| deps-check-${{ runner.os }}-bun- | |
| - name: Install Dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Build Template Generator | |
| run: | | |
| cd packages/types && bun run build | |
| cd ../template-generator && bun run build | |
| - name: Run Version Check | |
| id: check | |
| run: | | |
| cd packages/template-generator | |
| # Scheduled runs should auto-open PRs with safe updates by default. | |
| EFFECTIVE_UPDATE_MODE="${{ inputs.update_mode }}" | |
| if [ -z "$EFFECTIVE_UPDATE_MODE" ]; then | |
| if [ "${{ github.event_name }}" = "schedule" ]; then | |
| EFFECTIVE_UPDATE_MODE="patch-minor" | |
| else | |
| EFFECTIVE_UPDATE_MODE="check-only" | |
| fi | |
| fi | |
| echo "effective_update_mode=$EFFECTIVE_UPDATE_MODE" >> "$GITHUB_OUTPUT" | |
| # Run the check script | |
| if [ -n "${{ inputs.ecosystem }}" ]; then | |
| bun run scripts/check-deps.ts --markdown --ecosystem "${{ inputs.ecosystem }}" > ../deps-report.md || true | |
| else | |
| bun run scripts/check-deps.ts --markdown > ../deps-report.md || true | |
| fi | |
| # Fallback if script output wasn't written for any reason. | |
| if ! grep -q "^has_updates=" "$GITHUB_OUTPUT"; then | |
| echo "has_updates=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| if ! grep -q "^downgrade_count=" "$GITHUB_OUTPUT"; then | |
| echo "downgrade_count=0" >> "$GITHUB_OUTPUT" | |
| fi | |
| if ! grep -q "^has_major_updates=" "$GITHUB_OUTPUT"; then | |
| echo "has_major_updates=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| if ! grep -q "^major_packages=" "$GITHUB_OUTPUT"; then | |
| echo "major_packages=" >> "$GITHUB_OUTPUT" | |
| fi | |
| # Store the report | |
| { | |
| echo 'report<<EOF' | |
| cat ../deps-report.md | |
| echo EOF | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Display Report | |
| run: | | |
| echo "## Dependency Check Report" | |
| echo "${{ steps.check.outputs.report }}" | |
| - name: Apply Updates (if requested) | |
| if: steps.check.outputs.effective_update_mode == 'patch-minor' || steps.check.outputs.effective_update_mode == 'all' | |
| run: | | |
| cd packages/template-generator | |
| if [ "${{ steps.check.outputs.effective_update_mode }}" == "patch-minor" ]; then | |
| bun run scripts/check-deps.ts --apply-patch || true | |
| else | |
| bun run scripts/check-deps.ts --apply-all || true | |
| fi | |
| - name: Disable Git Hooks For Automation Commit | |
| if: steps.check.outputs.has_updates == 'true' && (steps.check.outputs.effective_update_mode == 'patch-minor' || steps.check.outputs.effective_update_mode == 'all') | |
| run: git config core.hooksPath /dev/null | |
| - name: Create Pull Request | |
| if: steps.check.outputs.has_updates == 'true' && (steps.check.outputs.effective_update_mode == 'patch-minor' || steps.check.outputs.effective_update_mode == 'all') | |
| uses: peter-evans/create-pull-request@v6 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| commit-message: "chore(deps): update dependency versions" | |
| title: "chore(deps): Update dependency versions" | |
| body: | | |
| ## Dependency Version Updates | |
| This PR was automatically generated by the dependency version check workflow. | |
| - Mode: `${{ steps.check.outputs.effective_update_mode }}` | |
| - Downgrades detected in check report: `${{ steps.check.outputs.downgrade_count }}` | |
| - Note: `patch-minor` mode only applies patch/minor changes; downgrades/major updates remain for manual review. | |
| ${{ steps.check.outputs.report }} | |
| ### Review Checklist | |
| - [ ] Review the version changes | |
| - [ ] Run `bun install` to update lockfile | |
| - [ ] Run tests to verify compatibility | |
| - [ ] Check for any breaking changes in major updates | |
| --- | |
| *Automated by [deps-check.yaml](.github/workflows/deps-check.yaml)* | |
| branch: deps/version-updates | |
| delete-branch: true | |
| labels: | | |
| dependencies | |
| automated | |
| - name: Post Summary | |
| run: | | |
| echo "## Dependency Check Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Event:** ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY | |
| echo "**Mode:** ${{ steps.check.outputs.effective_update_mode }}" >> $GITHUB_STEP_SUMMARY | |
| echo "**Has Updates:** ${{ steps.check.outputs.has_updates }}" >> $GITHUB_STEP_SUMMARY | |
| echo "**Downgrades Detected:** ${{ steps.check.outputs.downgrade_count }}" >> $GITHUB_STEP_SUMMARY | |
| echo "**Major Updates:** ${{ steps.check.outputs.has_major_updates }}" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### Report" >> $GITHUB_STEP_SUMMARY | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| echo "${{ steps.check.outputs.report }}" >> $GITHUB_STEP_SUMMARY | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| major-deps-smoke: | |
| name: Major Deps Smoke Test | |
| needs: check-versions | |
| if: needs.check-versions.outputs.has_major_updates == 'true' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: deps/version-updates | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - name: Cache Dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| node_modules | |
| ~/.bun/install/cache | |
| key: major-smoke-${{ runner.os }}-bun-${{ hashFiles('bun.lock') }} | |
| restore-keys: | | |
| major-smoke-${{ runner.os }}-bun- | |
| - name: Install Dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Build Packages | |
| run: | | |
| bun run --cwd packages/types build | |
| bun run --cwd packages/template-generator build | |
| bun run --cwd apps/cli build | |
| - name: Install Playwright | |
| run: bunx playwright install chromium --with-deps | |
| - name: Run Major Deps Smoke Test | |
| run: | | |
| bun run testing/smoke-test.ts \ | |
| --major-deps \ | |
| --major-deps-packages "${{ needs.check-versions.outputs.major_packages }}" \ | |
| --dev-check \ | |
| --route-check \ | |
| --output testing/.smoke-output | |
| continue-on-error: true | |
| - name: Post Step Summary | |
| if: always() | |
| run: | | |
| if [ -f testing/.smoke-output/summary.md ]; then | |
| cat testing/.smoke-output/summary.md >> $GITHUB_STEP_SUMMARY | |
| fi | |
| - name: Upload Results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: major-deps-smoke-results | |
| path: testing/.smoke-output/ | |
| retention-days: 7 |