Update and relock NPM packages #117
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update and relock NPM packages | |
on: | |
workflow_dispatch: | |
schedule: | |
# run Thursdays at 05:00 UTC | |
- cron: '0 5 * * THU' | |
jobs: | |
relock: | |
name: Update and relock NPM packages and open PR if necessary | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: staging | |
- name: Import Snyk Deployer GPG key | |
uses: crazy-max/ghaction-import-gpg@v5 | |
with: | |
gpg_private_key: ${{ secrets.GA_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GA_GPG_PRIVATE_KEY_PASS }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- name: Run npm update | |
run: | | |
echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc | |
npm update --save | |
rm -f .npmrc | |
- name: Create Signed Commit | |
id: create-commit | |
run: | | |
git add package* | |
any_changes=$(git diff --cached) | |
echo "::set-output name=changes::${any_changes}" | |
if [[ ! -z "${any_changes}" ]]; then | |
git commit -S -m "fix: update & relock NPM packages" | |
fi | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@v4 | |
if: ${{ success() && steps.create-commit.outputs.changes != null}} | |
with: | |
token: ${{ secrets.DEPLOYER_GITHUB_TOKEN }} | |
branch: chore/update-and-relock-npm-packages | |
delete-branch: true | |
title: 'chore: Update and relock NPM packages' | |
body: | | |
This PR updates and relocks NPM packages. | |
It is created by a recurring github action checking for outdated dependencies. |