Yarn Upgrade #67
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Yarn Upgrade | |
on: | |
schedule: | |
# Every wednesday at 13:37 UTC | |
- cron: 37 13 * * 3 | |
workflow_dispatch: {} | |
jobs: | |
upgrade: | |
name: Yarn Upgrade | |
permissions: | |
contents: read | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check Out | |
uses: actions/checkout@v3 | |
- name: Set up Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: yarn | |
node-version: 12 | |
- name: Install Tools | |
run: |- | |
npm -g install lerna npm-check-updates@^9.0.0 | |
- name: List Mono-Repo Packages | |
id: monorepo-packages | |
# These need to be ignored from the `ncu` runs! | |
run: |- | |
echo -n "::set-output name=list::" | |
node -p "$(lerna ls --all --json 2>/dev/null).map(item => item.name).join(',')" | |
- name: Identify production dependencies | |
id: production-dependencies | |
# These should be limited to `--target=minor` in the `ncu` run | |
# We assume repository-root has no production dependencies (it shouldn't have any!) | |
# We always consider @types/node to be a production dependency (it must relate to our minimum supported engine) | |
run: |- | |
echo -n "::set-output name=list::" | |
node -p <<-EOF | |
const path = require('path'); | |
const prodDependencies = new Set(['@types/node']); | |
function processManifest(file) { | |
const manifest = require(file); | |
for (const kind of ['dependencies', 'peerDependencies']) { | |
// We assume the manifests are well-formed here (should be safe, since it's in the trunk) | |
if (!(kind in manifest)) { | |
continue; | |
} | |
for (const dep of Object.keys(manifest[kind])) { | |
prodDependencies.add(dep); | |
} | |
} | |
} | |
const lernaPackagesDirs = $(lerna ls --all --json 2>/dev/null).map(item => item.location); | |
for (const packageDir of lernaPackagesDirs) { | |
processManifest(path.join(packageDir, 'package.json')); | |
} | |
Array.from(prodDependencies).sort().join(','); | |
EOF | |
- name: Run "ncu -u" | |
# We special-case typescript because it's not semantically versionned, and major.minor is the API contract | |
run: |- | |
# Upgrade devDependencies at repository root | |
ncu --upgrade --target=minor --filter=@types/node,@jest/types,jest-config,jest-circus | |
ncu --upgrade --target=patch --filter=typescript | |
ncu --upgrade --target=latest --reject=@types/node,typescript,@jest/types,jest-config,jest-circus | |
# Upgrade all production dependencies (and other always major-pinned dependencies) | |
lerna exec --parallel ncu -- --upgrade --target=minor \ | |
--filter='${{ steps.production-dependencies.outputs.list }}' \ | |
--reject='typescript,${{ steps.monorepo-packages.outputs.list }}' | |
# Upgrade all minor-pinned dependencies | |
lerna exec --parallel ncu -- --upgrade --target=patch \ | |
--filter=typescript | |
# Upgrade all other dependencies (devDependencies) to the latest | |
lerna exec --parallel ncu -- --upgrade --target=latest \ | |
--reject='@types/node,typescript,${{ steps.production-dependencies.outputs.list }},${{ steps.monorepo-packages.outputs.list }}' | |
# This will ensure the current lockfile is up-to-date with the dependency specifications (necessary for "yarn update" to run) | |
- name: Run "yarn install" | |
run: yarn install | |
- name: Run "yarn upgrade" | |
run: yarn upgrade | |
# Next, create and upload the changes as a patch file. This will later be downloaded to create a pull request | |
# Creating a pull request requires write permissions and it's best to keep write privileges isolated. | |
- name: Create Patch | |
run: |- | |
git add . | |
git diff --patch --staged > ${{ runner.temp }}/upgrade.patch | |
- name: Upload Patch | |
uses: actions/upload-artifact@v3 | |
with: | |
name: upgrade.patch | |
path: ${{ runner.temp }}/upgrade.patch | |
pr: | |
name: Create Pull Request | |
needs: upgrade | |
permissions: | |
contents: write | |
pull-requests: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check Out | |
uses: actions/checkout@v3 | |
- name: Download patch | |
uses: actions/download-artifact@v3 | |
with: | |
name: upgrade.patch | |
path: ${{ runner.temp }} | |
- name: Apply patch | |
run: '[ -s ${{ runner.temp }}/upgrade.patch ] && git apply ${{ runner.temp }}/upgrade.patch || echo "Empty patch. Skipping."' | |
- name: Make Pull Request | |
uses: peter-evans/create-pull-request@v4 | |
with: | |
# Git commit details | |
author: 'AWS CDK Automation <aws-cdk-automation@users.noreply.github.com>' | |
branch: automation/yarn-upgrade | |
commit-message: |- | |
chore: npm-check-updates && yarn upgrade | |
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date. | |
# Pull Request details | |
title: 'chore: npm-check-updates && yarn upgrade' | |
body: |- | |
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date. | |
labels: contribution/core,dependencies,auto-approve | |
team-reviewers: aws-cdk-team | |
# Privileged token so automated PR validation happens | |
token: ${{ secrets.PROJEN_GITHUB_TOKEN }} | |