google
update all package-locks after lerna version
Category
Github Action
Component
Is your feature request related to a problem? Please describe.
When releasing samples we sometimes have to update package-lock files by running:
npm run clean:node && npm install
Running this and creating a pull request could be done by an action, manually triggered.
Dependabot tries to take care of package-lock files, but it doesn't handle monorepos well.
Describe the solution you'd like
An action that:
- Checks out the repository
- Creates a new branch (
package-lock-update-yymmdd) - Runs
npm install - Runs
git add plugins/*/package-lock.json - Runs
git commit -m "Update package-locks" - Pushes to
google/blockly-samples - Opens a PR
Describe alternatives you've considered
Continue doing this manually
Additional context
Here's a starter:
jobs:
update-package-locks:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: '12'
- run: npm install
- run: |
git add plugins/*/package-lock.json
git commit -m "Update package-locks"
This doesn't create the new branch or actually push--I ran into questions around auth/whose name goes on the commit.
just found this suggested workaround: https://github.com/lerna/lerna/issues/2891#issuecomment-953823502 we may or may not need this if we get release-please working (dunno is release-please can handle the package-locks being out of sync)
