Dependabot/npm and yarn/lint staged 15.2.9 #278
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependabot | |
| # Fix yarn v2 cache files from dependabot PRs | |
| # source: https://github.com/dependabot/dependabot-core/issues/1297#issuecomment-671131912 | |
| on: | |
| - pull_request_target | |
| jobs: | |
| fix-lockfile: | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.actor == 'dependabot[bot]' && | |
| contains(github.event.pull_request.head.ref, 'dependabot/npm_and_yarn/') | |
| env: | |
| YARN_ENABLE_SCRIPTS: false | |
| YARN_ENABLE_IMMUTABLE_INSTALLS: false | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| token: ${{ secrets.DEPENDABOT_GITHUB_TOKEN }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| fetch-depth: 2 | |
| - name: Use Node.js 16.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 16.x | |
| cache: yarn | |
| - name: Autofix lockfile | |
| run: | | |
| # restore yarn.lock from the previous commit | |
| git checkout HEAD^1 -- yarn.lock | |
| # install dependencies | |
| yarn install --mode=skip-build | |
| # deduplicate lockfile | |
| yarn dedupe | |
| - name: Commit changes | |
| run: | | |
| # configure the github user | |
| git config --global user.name 'bc-dependabot' | |
| git config --global user.email '[email protected]' | |
| git add yarn.lock .yarn/cache | |
| # [dependabot skip] is required so that dependabot will fix conflicts automatically | |
| git commit -m "[dependabot skip] autofix yarn cache" | |
| git push |