Update Dependabot + add Create Pull Request action to our generate-lockfile action

Andrei Jiroh Eugenio Halili · Andrei Jiroh Eugenio Halili · commit 52292f754e5f · 2021-06-23T19:30:41.000+08:00
Signed-off-by: Andrei Jiroh Eugenio Halili &lt;andreijiroh@madebythepins.tk&gt;
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -8,6 +8,10 @@ updates:
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     reviewers:
       - AndreiJirohHaliliDev2006
+    labels:
+      - packages/nodejs-npm
+      - dependencies
+      - Updated by Dependabot
diff --git a/.github/workflows/generate-lockfile.yml b/.github/workflows/generate-lockfile.yml
@@ -1,4 +1,4 @@
-name: Generate Yarn lockfile
+name: Update dependencies and generate new lockfile
 
 on:
   workflow_dispatch:
@@ -21,12 +21,8 @@ jobs:
         run: curl -fsSL https://github.com/code-server-boilerplates/charts/raw/main/scripts/setup-ci | bash
       - name: Update npmjs
         run: npm i -g npm@latest
-      - name: Setup Yarn Berry
-        shell: bash
-        run: |
-          git switch -c update-lockfiles-$GITHUB_RUN_ID origin/master
       - name: Run install CI
-        run: npm ci
+        run: npm install && npm ci || true
       - name: Attempt to upgrade dependencies
         run: |
           echo "::addgroup::List outdated packages"
@@ -44,7 +40,33 @@ jobs:
           git status -s
           echo "::endgroup::"
           sleep 30
-      - name: Commit changes
+      - name: Generate pull request
+        uses: peter-evans/create-pull-request@v3
+        id: cpr
+        with:
+          token: ${{ secrets.GH_SERVICE_ACCOUNT_API_KEY }}
+          author: Recap Time Bot <releases@madebythepins.tk>
+          commiter: Recap Time Bot <releases@madebythepins.tk>
+          signoff: true
+          commit-message: Update npm dependencies and lockfile
+          branch: update-dependencies-npmjs
+          labels: |
+            packages/nodejs-npm
+            dependencies
+          reviewers: ${{ github.actor }}
+          assignees:
+          title: Update npmjs lockfiles and dependencies
+          description: |
+            Hey, ${{ github.actor }}.
+
+            Your PR has been successfully generated to update dependencies and lockfile. Please wait while Vercel is doing an build for our website to ensure there will be no breaking changes to be merged to production.
+
+            When the build status goes green, approve and add `Ready to Ship` label to automagically merge.
+            Before merging, make sure you read the changelog of these updated packages before proceeding.
+
+            ---
+
+            _This PR is generated using [this GitHub action](https://github.com/peter-evans/create-pull-request), btw._
+      - name: Extract PR link
         run: |
-          git commit -m "Updated npmjs lockfiles and dependencies" --signoff
-          git push origin update-lockfiles-$GITHUB_RUN_ID
+          echo "An PR has been generated to update npm dependencies. Go to ${{ steps.cpr.outputs.pull-request-url }} to complete the merge request workflow."
diff --git a/.github/workflows/update-labels.yml b/.github/workflows/update-labels.yml
@@ -24,7 +24,6 @@ jobs:
           # These labels included in your default labels settings are excluded
           # you need to manually add them to .github/labels.yml and remove the entries here
           exclude: |
-            documentation
             help wanted
             wontfix
             bug
