chore(deps-dev): bump vite from 5.4.19 to 5.4.20 #117
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependabot Auto-Merge | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| pull_request_review: | |
| types: [submitted] | |
| check_suite: | |
| types: [completed] | |
| workflow_run: | |
| workflows: ['CI', 'Lighthouse CI'] | |
| types: [completed] | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| auto-merge: | |
| name: Auto-merge Dependabot PRs | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| (github.event.workflow_run && github.event.workflow_run.actor.login == 'dependabot[bot]') | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Fetch Dependabot metadata | |
| id: metadata | |
| uses: dependabot/fetch-metadata@v2 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check if PR should be auto-merged | |
| id: check-merge | |
| run: | | |
| # Default to not merging | |
| echo "should_merge=false" >> $GITHUB_OUTPUT | |
| # Get update type and dependency type | |
| UPDATE_TYPE="${{ steps.metadata.outputs.update-type }}" | |
| DEPENDENCY_TYPE="${{ steps.metadata.outputs.dependency-type }}" | |
| echo "Update type: $UPDATE_TYPE" | |
| echo "Dependency type: $DEPENDENCY_TYPE" | |
| # Auto-merge conditions: | |
| # 1. Patch updates for all dependencies | |
| # 2. Minor updates for dev dependencies | |
| # 3. Minor updates for certain safe production dependencies | |
| if [[ "$UPDATE_TYPE" == "version-update:semver-patch" ]]; then | |
| echo "✅ Patch update - will auto-merge" | |
| echo "should_merge=true" >> $GITHUB_OUTPUT | |
| elif [[ "$UPDATE_TYPE" == "version-update:semver-minor" ]]; then | |
| if [[ "$DEPENDENCY_TYPE" == "development" ]]; then | |
| echo "✅ Minor update for dev dependency - will auto-merge" | |
| echo "should_merge=true" >> $GITHUB_OUTPUT | |
| else | |
| # Check if it's a safe production dependency | |
| DEPENDENCY_NAME="${{ steps.metadata.outputs.dependency-names }}" | |
| # List of production dependencies safe for minor updates | |
| SAFE_DEPS="@sveltejs/adapter-static @sveltejs/kit svelte vite postcss tailwindcss autoprefixer" | |
| if echo "$SAFE_DEPS" | grep -q "$DEPENDENCY_NAME"; then | |
| echo "✅ Minor update for safe production dependency - will auto-merge" | |
| echo "should_merge=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "⚠️ Minor update for production dependency - requires manual review" | |
| fi | |
| fi | |
| else | |
| echo "⚠️ Major update - requires manual review" | |
| fi | |
| - name: Wait for CI checks | |
| if: steps.check-merge.outputs.should_merge == 'true' | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { owner, repo } = context.repo; | |
| const pr_number = context.payload.pull_request?.number || context.payload.workflow_run?.pull_requests[0]?.number; | |
| if (!pr_number) { | |
| console.log('Could not determine PR number'); | |
| return; | |
| } | |
| // Wait up to 10 minutes for checks to complete | |
| const maxAttempts = 20; | |
| const delaySeconds = 30; | |
| for (let attempt = 1; attempt <= maxAttempts; attempt++) { | |
| console.log(`Attempt ${attempt}/${maxAttempts}: Checking PR status...`); | |
| const { data: pr } = await github.rest.pulls.get({ | |
| owner, | |
| repo, | |
| pull_number: pr_number | |
| }); | |
| // Check if PR is mergeable | |
| if (pr.mergeable_state === 'clean' || pr.mergeable_state === 'unstable') { | |
| console.log(`PR is in mergeable state: ${pr.mergeable_state}`); | |
| // Get check runs | |
| const { data: checkRuns } = await github.rest.checks.listForRef({ | |
| owner, | |
| repo, | |
| ref: pr.head.sha | |
| }); | |
| const requiredChecks = ['Test & Lint', 'Security Audit']; | |
| const requiredChecksPassed = requiredChecks.every(checkName => { | |
| const check = checkRuns.check_runs.find(run => run.name.includes(checkName)); | |
| return check && check.conclusion === 'success'; | |
| }); | |
| if (requiredChecksPassed) { | |
| console.log('All required checks passed!'); | |
| return; | |
| } else { | |
| console.log('Required checks not yet passed'); | |
| } | |
| } | |
| if (attempt < maxAttempts) { | |
| console.log(`Waiting ${delaySeconds} seconds before next check...`); | |
| await new Promise(resolve => setTimeout(resolve, delaySeconds * 1000)); | |
| } | |
| } | |
| throw new Error('Timeout waiting for checks to complete'); | |
| - name: Auto-merge PR | |
| if: steps.check-merge.outputs.should_merge == 'true' | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { owner, repo } = context.repo; | |
| const pr_number = context.payload.pull_request?.number || context.payload.workflow_run?.pull_requests[0]?.number; | |
| if (!pr_number) { | |
| console.log('Could not determine PR number'); | |
| return; | |
| } | |
| try { | |
| // Enable auto-merge | |
| await github.rest.pulls.merge({ | |
| owner, | |
| repo, | |
| pull_number: pr_number, | |
| merge_method: 'squash', | |
| commit_title: `chore(deps): ${context.payload.pull_request?.title || 'update dependencies'}`, | |
| commit_message: 'Auto-merged by Dependabot workflow' | |
| }); | |
| console.log(`Successfully merged PR #${pr_number}`); | |
| } catch (error) { | |
| console.log(`Failed to merge PR: ${error.message}`); | |
| // If merge fails, try to enable auto-merge for when checks pass | |
| try { | |
| await github.graphql(` | |
| mutation enableAutoMerge($pullRequestId: ID!) { | |
| enablePullRequestAutoMerge(input: { | |
| pullRequestId: $pullRequestId, | |
| mergeMethod: SQUASH | |
| }) { | |
| pullRequest { | |
| autoMergeRequest { | |
| enabledAt | |
| } | |
| } | |
| } | |
| } | |
| `, { | |
| pullRequestId: context.payload.pull_request?.node_id | |
| }); | |
| console.log('Enabled auto-merge for when checks pass'); | |
| } catch (graphqlError) { | |
| console.log(`Failed to enable auto-merge: ${graphqlError.message}`); | |
| } | |
| } | |
| - name: Add comment about manual review | |
| if: steps.check-merge.outputs.should_merge == 'false' | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { owner, repo } = context.repo; | |
| const pr_number = context.payload.pull_request?.number; | |
| if (!pr_number) return; | |
| const updateType = '${{ steps.metadata.outputs.update-type }}'; | |
| const dependencyType = '${{ steps.metadata.outputs.dependency-type }}'; | |
| let message = '👋 This Dependabot PR requires manual review:\n\n'; | |
| if (updateType.includes('major')) { | |
| message += '- **Major version update** detected\n'; | |
| } else if (updateType.includes('minor') && dependencyType === 'production') { | |
| message += '- **Minor update for production dependency** detected\n'; | |
| } | |
| message += '\nPlease review the changes and merge manually if appropriate.'; | |
| await github.rest.issues.createComment({ | |
| owner, | |
| repo, | |
| issue_number: pr_number, | |
| body: message | |
| }); |