feat: add workflow update lockfile

a11rew · Sep 28, 2023 · 0574b30 · 0574b30
1 parent 7a67c96
commit 0574b30
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/.github/workflows/dependabot-lock-file.yml b/.github/workflows/dependabot-lock-file.yml
@@ -0,0 +1,27 @@
+# Dependabot is configured to only run on /packages/plugin
+# Since the lockfile is at the root of the repo, we need to
+# manually update it when Dependabot runs on a PR
+name: Dependabot Lockfile Update
+on: pull_request_target
+permissions: read-all
+jobs:
+  update-lockfile:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    permissions:
+      pull-requests: write
+      contents: write
+    steps:
+      - uses: pnpm/action-setup@v2
+        with:
+          version: ^8.8.0
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+      - run: pnpm i --lockfile-only
+      - run: |
+          git config --global user.name github-actions[bot]
+          git config --global user.email github-actions[bot]@users.noreply.github.com
+          git add pnpm-lock.yaml
+          git commit -m "Update pnpm-lock.yaml"
+          git push