test-widgets/.github/workflows/claude-dependabot-sweep.yml at main · viamrobotics/test-widgets · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: Claude Dependabot Sweep

on:
  schedule:
    - cron: '0 9 * * 1' # Every Monday at 9:00 UTC
  workflow_dispatch:

permissions:
  contents: read

jobs:
  call-dependabot-sweep:
    permissions:
      contents: write
      pull-requests: write
      issues: write
      id-token: write
    if: github.repository_owner == 'viamrobotics'
    # viamrobotics/claude-ci-workflows@v1.17.3
    uses: viamrobotics/claude-ci-workflows/.github/workflows/claude-dependabot-sweep.yml@3ad96b0ccbb5ee0d7e2cde98653fae0c453e68bb
    with:
      install_command: |
        NODE22_BIN=$(ls -d /opt/hostedtoolcache/node/22.*/x64/bin | tail -1)
        echo "$NODE22_BIN" >> "$GITHUB_PATH"
        export PATH="$NODE22_BIN:$PATH"
        corepack enable
        pnpm install
      allowed_tools: 'Edit,Read,Write,Glob,Grep,Bash(pnpm install*),Bash(pnpm add*),Bash(pnpm update*),Bash(pnpm outdated*),Bash(pnpm ls*),Bash(pnpm why*),Bash(pnpm *),Bash(npx *),Bash(node *),Bash(ls *),Bash(find *),Bash(git config *),Bash(git add *),Bash(git commit *),Bash(git push *),Bash(git status*),Bash(git diff*),Bash(git log*),Bash(git checkout *),Bash(git branch *),Bash(git rev-parse *),Bash(git fetch *),Bash(gh pr create*),Bash(gh pr view*),Bash(gh issue comment*),Bash(gh issue view*)'
      extra_system_prompt: |
        ### Updating JavaScript/TypeScript dependencies (pnpm)
        - This is a single-package Svelte 5 + SvelteKit library using pnpm (not a workspace).
        - To update a package: `pnpm update <package>@<version>`.
        - To check installed version: `pnpm ls <package>`
        - To check why a package is installed: `pnpm why <package>`
        - After updating, `pnpm install` regenerates `pnpm-lock.yaml`.
        - Peer dependencies in `package.json` declare lower bounds (e.g. `>=0.68`) for library consumers. Keep peer ranges backwards-compatible when possible; only widen the lower bound when a security fix requires it.

        ### Build & verify
        - Only run verification commands relevant to the files you changed:
          - Svelte / TS / JS files (.svelte, .ts, .js): `pnpm lint`, `pnpm check`, and `pnpm test`
          - Build regressions: `pnpm build`
        - Do NOT run unrelated commands, they waste turns and time.
        - Do NOT modify `dist/**` (generated), `.changeset/**` (versioning), or `.github/**` (workflows).

        ### Monorepo / framework constraints
        - Svelte 5 runes + SvelteKit 2. Consult the Svelte MCP server when editing `.svelte` / `.svelte.ts` / `.svelte.js` files.
        - Package manager: pnpm. Node: 22.22.1.
    secrets:
      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
      CI_GITHUB_APP_ID: ${{ secrets.CI_GITHUB_APP_ID }}
      CI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.CI_GITHUB_APP_PRIVATE_KEY }}
      SLACK_AI_WORKFLOW_ALERT_WEBHOOK_URL: ${{ secrets.SLACK_AI_WORKFLOW_ALERT_WEBHOOK_URL }}