chore(ci): update dependencies without force push COMPASS-9939 (#7445)

kraenhansen · web-flow · commit a8086e39e274 · 2025-10-28T16:08:11.000+01:00
* Add branch check to avoid force-pushes to existing PRs

* Add existing-branch-checkout to gitignore
diff --git a/.github/workflows/update-dependencies.yaml b/.github/workflows/update-dependencies.yaml
@@ -44,6 +44,8 @@ jobs:
     name: Update ${{ matrix.group_name }} to latest
     runs-on: ubuntu-latest
     needs: configure_matrix
+    env:
+      UPDATE_BRANCH_NAME: ci/update-${{ matrix.group_name }}
     strategy:
       matrix:
         group_name: ${{ fromJSON(needs.configure_matrix.outputs.group_name) }}
@@ -77,12 +79,36 @@ jobs:
       - name: Run "update dependencies" script
         run: npx compass-scripts update-dependencies preset-${{ matrix.group_name }}
 
+      # Conditionally performing a sparse checkout of the existing branch to compare changes
+      # and avoid the "create-pull-request" action force-pushing when changes aren't necessary.
+      # This also allows us pushing commits to the update branch to fix any breaking changes
+      # without risking these commits being overwritten by the action.
+      - name: Check existence of an existing branch
+        id: check-branch-exists
+        run: |
+          if git ls-remote --exit-code --heads origin ${{ env.UPDATE_BRANCH_NAME }}; then
+            echo "branch_exists=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "branch_exists=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Checkout existing branch
+        if: steps.check-branch-exists.outputs.branch_exists == 'true'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.UPDATE_BRANCH_NAME }}
+          path: existing-branch-checkout
+          sparse-checkout: |
+            package-lock.json
+          sparse-checkout-cone-mode: false
+
       - name: Create Pull Request
+        if: steps.check-branch-exists.outputs.branch_exists == 'false' || hashFiles('package-lock.json') != hashFiles('existing-branch-checkout/package-lock.json')
         uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # 7.0.5
         with:
           token: ${{ steps.app-token.outputs.token }}
           commit-message: 'chore(deps): update ${{ matrix.group_name }} to latest'
-          branch: ci/update-${{ matrix.group_name }}
+          branch: ${{ env.UPDATE_BRANCH_NAME }}
           title: 'chore(deps): update ${{ matrix.group_name }} to latest'
           labels: |
             no-title-validation
diff --git a/.gitignore b/.gitignore
@@ -35,3 +35,7 @@ config/*/.npmrc
 .sbom
 .logs
 .evergreen/logs
+
+# The update-dependencies workflow does a sparse checkout
+# and we don't want to include these files in the PRs it creates.
+existing-branch-checkout/
