Weekly Dependency Update #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Weekly Dependency Update | |
| on: | |
| schedule: | |
| - cron: '0 9 * * 2' # Every Monday at 9:00 UTC | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| jobs: | |
| update-dependencies: | |
| runs-on: ubuntu-latest | |
| if: github.repository_owner == 'viamrobotics' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v6 | |
| - name: Setup Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 24 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Capture outdated packages | |
| run: | | |
| pnpm outdated --format json > /tmp/outdated.json || true | |
| [ -s /tmp/outdated.json ] || echo '[]' > /tmp/outdated.json | |
| - name: Upgrade dependencies | |
| run: pnpm upgrade | |
| - name: Create PR for dependency updates | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if git diff --quiet; then | |
| echo "No changes after upgrade, skipping PR" | |
| exit 0 | |
| fi | |
| DATE=$(date +%Y-%m-%d) | |
| BRANCH="deps/weekly-update-${DATE}" | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git checkout -b "${BRANCH}" | |
| git add package.json pnpm-lock.yaml | |
| git commit -m "chore: weekly dependency update ${DATE}" | |
| git push origin "${BRANCH}" | |
| gh pr create \ | |
| --title "chore: weekly dependency update ${DATE}" \ | |
| --body "Automated weekly dependency update via \`pnpm upgrade\`. Upgrades all packages to the latest version within their declared semver ranges." \ | |
| --base main \ | |
| --head "${BRANCH}" | |
| - name: Open issues for major version bumps | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| let packages; | |
| try { | |
| const raw = fs.readFileSync('/tmp/outdated.json', 'utf8').trim(); | |
| const parsed = raw ? JSON.parse(raw) : []; | |
| // Handle both array (pnpm v10) and object (older pnpm) formats | |
| packages = Array.isArray(parsed) | |
| ? parsed | |
| : Object.entries(parsed).map(([name, info]) => ({ packageName: name, ...info })); | |
| } catch (e) { | |
| core.warning(`Could not parse outdated packages: ${e.message}`); | |
| return; | |
| } | |
| for (const info of packages) { | |
| const pkg = info.packageName || info.name || ''; | |
| const current = String(info.current ?? ''); | |
| const latest = String(info.latest ?? ''); | |
| if (!pkg || !current || !latest) continue; | |
| const currentMajor = parseInt(current.split('.')[0], 10); | |
| const latestMajor = parseInt(latest.split('.')[0], 10); | |
| if (isNaN(currentMajor) || isNaN(latestMajor) || latestMajor <= currentMajor) continue; | |
| // Skip if an open issue for this package already exists | |
| const { data: found } = await github.rest.search.issuesAndPullRequests({ | |
| q: `repo:${context.repo.owner}/${context.repo.repo} is:issue is:open in:title "major version bump for ${pkg}"`, | |
| }); | |
| if (found.total_count > 0) { | |
| core.info(`Open issue already exists for ${pkg}, skipping`); | |
| continue; | |
| } | |
| const depType = info.dependencyType ?? 'unknown'; | |
| const title = `chore: investigate major version bump for \`${pkg}\` (${current} → ${latest})`; | |
| const body = [ | |
| `## Major version upgrade available: \`${pkg}\``, | |
| '', | |
| '| | Version |', | |
| '|---|---|', | |
| `| **Current** | \`${current}\` |`, | |
| `| **Latest** | \`${latest}\` |`, | |
| `| **Dependency type** | \`${depType}\` |`, | |
| '', | |
| '@claude Please investigate this major version bump:', | |
| '', | |
| `1. **Safety check** — Review the changelog and release notes for \`${pkg}\` between \`${current}\` and \`${latest}\`. Identify any breaking changes that would affect this library (\`@viamrobotics/test-widgets\`).`, | |
| '', | |
| '2. **Migration docs** — Are there official migration guides or upgrade documentation available?', | |
| '', | |
| '3. **Action**:', | |
| ` - If the upgrade is **straightforward**, open a PR bumping \`${pkg}\` to \`${latest}\` with any necessary code changes included.`, | |
| ` - If the upgrade is **too complex or risky**, update this issue with a detailed breakdown: what breaking changes exist, what files in this repo would need to change, and a rough effort estimate.`, | |
| '', | |
| '> _Opened automatically by the weekly dependency update workflow._', | |
| ].join('\n'); | |
| await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title, | |
| body, | |
| }); | |
| core.info(`Created issue: ${title}`); | |
| } |