update all package-locks after lerna version

[rachel-fenichel]

Category

Github Action

Component

Is your feature request related to a problem? Please describe.

When releasing samples we sometimes have to update package-lock files by running:
npm run clean:node && npm install

Running this and creating a pull request could be done by an action, manually triggered.

Dependabot tries to take care of package-lock files, but it doesn't handle monorepos well.

Describe the solution you'd like

An action that:

• Checks out the repository
• Creates a new branch (package-lock-update-yymmdd)
• Runs npm install
• Runs git add plugins/*/package-lock.json
• Runs git commit -m "Update package-locks"
• Pushes to google/blockly-samples
• Opens a PR

Describe alternatives you've considered

Continue doing this manually

Additional context

Here's a starter:

jobs:
  update-package-locks:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: '12'
      - run: npm install
      - run: |
          git add plugins/*/package-lock.json
          git commit -m "Update package-locks"

This doesn't create the new branch or actually push--I ran into questions around auth/whose name goes on the commit.

[maribethb]

just found this suggested workaround: lerna/lerna#2891 (comment) we may or may not need this if we get release-please working (dunno is release-please can handle the package-locks being out of sync)