Skip to content

Commit b148f9c

Browse files
committed
ci(deps): re-enable lockfile workflow without syncpack
Dependabot needs lockfile regeneration but syncpack fix-mismatches was reverting Dependabot's version updates. Now it only regenerates the lockfile based on the new versions in package.json.
1 parent cb266aa commit b148f9c

File tree

1 file changed

+4
-13
lines changed

1 file changed

+4
-13
lines changed

.github/workflows/dependabot-lockfile.yml

Lines changed: 4 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,8 @@ permissions:
1111

1212
jobs:
1313
lockfile:
14-
# DISABLED: Dependabot groups now handle version alignment
15-
# This workflow was causing conflicts by reverting Dependabot's version updates
16-
if: false
14+
# Only run for Dependabot PRs to update lockfiles after version changes
15+
if: github.event.pull_request.user.login == 'dependabot[bot]'
1716
runs-on: ubuntu-latest
1817
env:
1918
# Use environment variables for any github context to avoid injection risks
@@ -40,14 +39,6 @@ jobs:
4039
node-version: 20
4140
cache: pnpm
4241

43-
- name: Install dependencies
44-
run: pnpm install --no-frozen-lockfile
45-
46-
- name: Align versions with syncpack
47-
run: |
48-
pnpm syncpack fix-mismatches
49-
pnpm syncpack format
50-
5142
- name: Regenerate lockfile
5243
run: pnpm install --no-frozen-lockfile
5344

@@ -65,6 +56,6 @@ jobs:
6556
run: |
6657
git config user.name "dependabot[bot]"
6758
git config user.email "49699333+dependabot[bot]@users.noreply.github.com"
68-
git add -A
69-
git commit -m "chore(deps): align versions and update lockfile"
59+
git add pnpm-lock.yaml
60+
git commit -m "chore(deps): update lockfile"
7061
git push origin "$PR_HEAD_REF"

0 commit comments

Comments
 (0)