test-widgets/.github/workflows/weekly-dependency-update.yml at 3d4815c9994a431cd4d0e33f623896db6af578a9 · viamrobotics/test-widgets · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Weekly Dependency Update

on:
  schedule:
    - cron: '0 9 * * 2' # Every Monday at 9:00 UTC
  workflow_dispatch:

permissions:
  contents: write
  pull-requests: write
  issues: write

jobs:
  update-dependencies:
    runs-on: ubuntu-latest
    if: github.repository_owner == 'viamrobotics'

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Setup pnpm
        uses: pnpm/action-setup@v6

      - name: Setup Node
        uses: actions/setup-node@v6
        with:
          node-version: 24
          cache: 'pnpm'

      - name: Install dependencies
        run: pnpm install

      - name: Capture outdated packages
        run: |
          pnpm outdated --format json > /tmp/outdated.json || true
          [ -s /tmp/outdated.json ] || echo '[]' > /tmp/outdated.json

      - name: Upgrade dependencies
        run: pnpm upgrade

      - name: Create PR for dependency updates
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          if git diff --quiet; then
            echo "No changes after upgrade, skipping PR"
            exit 0
          fi
          DATE=$(date +%Y-%m-%d)
          BRANCH="deps/weekly-update-${DATE}"
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git checkout -b "${BRANCH}"
          git add package.json pnpm-lock.yaml
          git commit -m "chore: weekly dependency update ${DATE}"
          git push origin "${BRANCH}"
          gh pr create \
            --title "chore: weekly dependency update ${DATE}" \
            --body "Automated weekly dependency update via \`pnpm upgrade\`. Upgrades all packages to the latest version within their declared semver ranges." \
            --base main \
            --head "${BRANCH}"

      - name: Open issues for major version bumps
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');

            let packages;
            try {
              const raw = fs.readFileSync('/tmp/outdated.json', 'utf8').trim();
              const parsed = raw ? JSON.parse(raw) : [];
              // Handle both array (pnpm v10) and object (older pnpm) formats
              packages = Array.isArray(parsed)
                ? parsed
                : Object.entries(parsed).map(([name, info]) => ({ packageName: name, ...info }));
            } catch (e) {
              core.warning(`Could not parse outdated packages: ${e.message}`);
              return;
            }

            for (const info of packages) {
              const pkg = info.packageName || info.name || '';
              const current = String(info.current ?? '');
              const latest = String(info.latest ?? '');

              if (!pkg || !current || !latest) continue;

              const currentMajor = parseInt(current.split('.')[0], 10);
              const latestMajor = parseInt(latest.split('.')[0], 10);

              if (isNaN(currentMajor) || isNaN(latestMajor) || latestMajor <= currentMajor) continue;

              // Skip if an open issue for this package already exists
              const { data: found } = await github.rest.search.issuesAndPullRequests({
                q: `repo:${context.repo.owner}/${context.repo.repo} is:issue is:open in:title "major version bump for ${pkg}"`,
              });
              if (found.total_count > 0) {
                core.info(`Open issue already exists for ${pkg}, skipping`);
                continue;
              }

              const depType = info.dependencyType ?? 'unknown';
              const title = `chore: investigate major version bump for \`${pkg}\` (${current} → ${latest})`;

              const body = [
                `## Major version upgrade available: \`${pkg}\``,
                '',
                '| | Version |',
                '|---|---|',
                `| **Current** | \`${current}\` |`,
                `| **Latest** | \`${latest}\` |`,
                `| **Dependency type** | \`${depType}\` |`,
                '',
                '@claude Please investigate this major version bump:',
                '',
                `1. **Safety check** — Review the changelog and release notes for \`${pkg}\` between \`${current}\` and \`${latest}\`. Identify any breaking changes that would affect this library (\`@viamrobotics/test-widgets\`).`,
                '',
                '2. **Migration docs** — Are there official migration guides or upgrade documentation available?',
                '',
                '3. **Action**:',
                `   - If the upgrade is **straightforward**, open a PR bumping \`${pkg}\` to \`${latest}\` with any necessary code changes included.`,
                `   - If the upgrade is **too complex or risky**, update this issue with a detailed breakdown: what breaking changes exist, what files in this repo would need to change, and a rough effort estimate.`,
                '',
                '> _Opened automatically by the weekly dependency update workflow._',
              ].join('\n');

              await github.rest.issues.create({
                owner: context.repo.owner,
                repo: context.repo.repo,
                title,
                body,
              });

              core.info(`Created issue: ${title}`);
            }