👷 Run pnpm dedupe for Dependabot PRs

See: dependabot/dependabot-core#5830
mingjunlu · Feb 6, 2024 · d93ac2a · d93ac2a
1 parent 20cf933
commit d93ac2a
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/.github/workflows/dependabot-dedupe.yaml b/.github/workflows/dependabot-dedupe.yaml
@@ -0,0 +1,34 @@
+name: Deduplicate Dependabot PRs
+on:
+  push:
+    branches:
+      - "dependabot/npm_and_yarn/*"
+    paths:
+      - "package.json"
+jobs:
+  dedupe:
+    name: Deduplicate dependencies
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      - name: Set up pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 8
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile --ignore-scripts
+      - name: Deduplicate dependencies
+        run: pnpm dedupe
+      - name: Commit and push changes
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "49699333+dependabot[bot]@users.noreply.github.com"
+          git add yarn.lock
+          git commit -m "♻️ Deduplicate dependencies [dependabot skip]" || echo "No changes to commit"
+          git push origin "HEAD:${GITHUB_HEAD_REF}"