Dependency Updates #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Updates | |
| on: | |
| pull_request: | |
| paths: | |
| - 'package.json' | |
| types: [opened, synchronize] | |
| schedule: | |
| # Run monthly dependency checks | |
| - cron: '0 4 1 * *' | |
| workflow_dispatch: | |
| jobs: | |
| update-bun-lockfile: | |
| name: Update Bun Lockfile | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event_name == 'pull_request' && | |
| contains(github.event.pull_request.labels.*.name, 'dependencies') && | |
| github.actor == 'dependabot[bot]' | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout PR | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: '1.2.14' | |
| - name: Update Bun lockfile | |
| run: | | |
| # Remove any npm/yarn lockfiles if they exist | |
| rm -f package-lock.json yarn.lock pnpm-lock.yaml | |
| # Update bun lockfile | |
| bun install | |
| # Check if lockfile was modified | |
| if git diff --quiet bun.lock; then | |
| echo "No lockfile changes needed" | |
| else | |
| echo "Lockfile updated" | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add bun.lock | |
| git commit -m "chore: update bun.lock for dependency updates" | |
| git push | |
| fi | |
| check-outdated: | |
| name: Check Outdated Dependencies | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: '1.2.14' | |
| - name: Check for outdated dependencies | |
| run: | | |
| echo "## 📦 Dependency Status Report" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "Generated on: $(date)" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| # Install dependencies first | |
| bun install | |
| # Check for outdated packages | |
| echo "### Checking for outdated dependencies..." >> $GITHUB_STEP_SUMMARY | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| # Bun doesn't have a built-in outdated command, so we'll use npm-check-updates | |
| if bunx npm-check-updates --format group >> $GITHUB_STEP_SUMMARY 2>&1; then | |
| echo "All dependencies are up to date!" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| - name: Create issue if updates available | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { data: issues } = await github.rest.issues.listForRepo({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| labels: 'dependencies,automated', | |
| state: 'open' | |
| }); | |
| const title = '📦 Weekly Dependency Update Report'; | |
| const existingIssue = issues.find(issue => issue.title === title); | |
| const body = `## Dependency Update Report | |
| This is an automated report of available dependency updates. | |
| Please review the [workflow summary](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}) for details. | |
| ### Next Steps | |
| 1. Review available updates | |
| 2. Test compatibility with Bun | |
| 3. Update dependencies as needed | |
| --- | |
| *This issue was automatically created by the dependency update workflow.*`; | |
| if (existingIssue) { | |
| await github.rest.issues.update({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: existingIssue.number, | |
| body: body | |
| }); | |
| } else { | |
| await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: title, | |
| body: body, | |
| labels: ['dependencies', 'automated'] | |
| }); | |
| } | |
| validate-bun-compatibility: | |
| name: Validate Bun Compatibility | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: '1.2.14' | |
| - name: Clean install | |
| run: | | |
| rm -rf node_modules | |
| rm -f bun.lock | |
| bun install | |
| - name: Verify Bun-specific features | |
| run: | | |
| echo "## 🐰 Bun Compatibility Check" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| # Check for Node.js specific imports that might not work with Bun | |
| echo "### Checking for Node.js specific imports..." >> $GITHUB_STEP_SUMMARY | |
| PROBLEMATIC_IMPORTS=( | |
| "node:cluster" | |
| "node:async_hooks" | |
| "node:trace_events" | |
| "node:v8" | |
| "node:vm" | |
| "node:worker_threads" | |
| ) | |
| FOUND_ISSUES=false | |
| for import in "${PROBLEMATIC_IMPORTS[@]}"; do | |
| if grep -r "$import" --include="*.ts" --include="*.js" --exclude-dir=node_modules . > /dev/null 2>&1; then | |
| echo "⚠️ Found usage of $import which may have limited support in Bun" >> $GITHUB_STEP_SUMMARY | |
| FOUND_ISSUES=true | |
| fi | |
| done | |
| if [ "$FOUND_ISSUES" = false ]; then | |
| echo "✅ No problematic Node.js imports found!" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### Bun Version Info" >> $GITHUB_STEP_SUMMARY | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| bun --version >> $GITHUB_STEP_SUMMARY | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| - name: Test with Bun | |
| run: | | |
| bun test | |
| bun run typecheck | |
| bun run lint |