From 1399b46c6d86f727313c114182f6e55d3e6f274c Mon Sep 17 00:00:00 2001 From: umair Date: Tue, 14 Apr 2026 15:48:44 +0100 Subject: [PATCH 1/4] Extend Dependabot workflow to auto-fix build and lint errors with Claude After regenerating the lockfile, the workflow now attempts to build and lint. If either fails, Claude Code is invoked to diagnose and fix the issue with minimal changes, then commit and push the fix. --- .github/workflows/dependabot-lockfile.yml | 76 +++++++++++++++++++---- 1 file changed, 65 insertions(+), 11 deletions(-) diff --git a/.github/workflows/dependabot-lockfile.yml b/.github/workflows/dependabot-lockfile.yml index e103df3f..71a55611 100644 --- a/.github/workflows/dependabot-lockfile.yml +++ b/.github/workflows/dependabot-lockfile.yml @@ -1,4 +1,4 @@ -name: Fix Dependabot Lockfile +name: Fix Dependabot PRs on: pull_request_target: @@ -6,13 +6,13 @@ on: permissions: contents: write - pull-requests: read + pull-requests: write jobs: - fix-lockfile: + fix-dependabot: runs-on: ubuntu-latest if: github.actor == 'dependabot[bot]' - timeout-minutes: 10 + timeout-minutes: 15 steps: - name: Generate App Token @@ -41,11 +41,65 @@ jobs: - name: Regenerate lockfile run: pnpm install --no-frozen-lockfile --ignore-scripts - - name: Commit and push if lockfile changed + - name: Commit lockfile changes + id: lockfile run: | - git diff --exit-code pnpm-lock.yaml && exit 0 - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git add pnpm-lock.yaml - git commit -m "fix(deps): regenerate pnpm-lock.yaml" - git push + if git diff --quiet pnpm-lock.yaml; then + echo "changed=false" >> "$GITHUB_OUTPUT" + else + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git add pnpm-lock.yaml + git commit -m "fix(deps): regenerate pnpm-lock.yaml" + git push + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Try building + id: build + continue-on-error: true + run: | + pnpm install --frozen-lockfile + pnpm run build 2>&1 | tee /tmp/build-output.txt + + - name: Try linting + id: lint + if: steps.build.outcome == 'success' + continue-on-error: true + run: pnpm exec eslint . 2>&1 | tee /tmp/lint-output.txt + + - name: Fix issues with Claude + if: steps.build.outcome == 'failure' || steps.lint.outcome == 'failure' + uses: anthropics/claude-code-action@v1 + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + github_token: ${{ steps.generate-token.outputs.token }} + direct_prompt: | + This is a Dependabot PR that bumps dependencies. The lockfile has been + regenerated but the build or lint is failing. + + Read .claude/CLAUDE.md for project context. + + ## Errors + + Build output (if failed): + $(cat /tmp/build-output.txt 2>/dev/null || echo "Build succeeded") + + Lint output (if failed): + $(cat /tmp/lint-output.txt 2>/dev/null || echo "Lint succeeded") + + ## Instructions + + 1. Diagnose why the build/lint fails after the dependency bump + 2. Make the MINIMUM changes needed to fix it — do not refactor unrelated code + 3. Run `pnpm run build` and `pnpm exec eslint .` to verify your fixes + 4. Commit your changes with a descriptive message + 5. Push to the current branch + + If the fix requires significant code changes beyond simple type/import + adjustments, leave a PR comment explaining what's needed instead of + attempting a risky fix. + claude_args: | + --max-turns 30 + --model claude-sonnet-4-6 + --allowedTools "Bash,Read,Write,Edit,Glob,Grep" From 41f1f855d06eebdb0443ecd9c4426e81120a9380 Mon Sep 17 00:00:00 2001 From: umair Date: Tue, 14 Apr 2026 16:13:41 +0100 Subject: [PATCH 2/4] Fix shell substitution and pipefail bugs in Dependabot workflow - Add set -o pipefail so build/lint exit codes propagate through tee - Capture error output in step outputs instead of using $() in direct_prompt (GitHub Actions doesn't expand shell substitution in with: values) --- .github/workflows/dependabot-lockfile.yml | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dependabot-lockfile.yml b/.github/workflows/dependabot-lockfile.yml index 71a55611..f6da4afb 100644 --- a/.github/workflows/dependabot-lockfile.yml +++ b/.github/workflows/dependabot-lockfile.yml @@ -59,6 +59,7 @@ jobs: id: build continue-on-error: true run: | + set -o pipefail pnpm install --frozen-lockfile pnpm run build 2>&1 | tee /tmp/build-output.txt @@ -66,7 +67,20 @@ jobs: id: lint if: steps.build.outcome == 'success' continue-on-error: true - run: pnpm exec eslint . 2>&1 | tee /tmp/lint-output.txt + run: | + set -o pipefail + pnpm exec eslint . 2>&1 | tee /tmp/lint-output.txt + + - name: Capture error output + id: errors + if: steps.build.outcome == 'failure' || steps.lint.outcome == 'failure' + run: | + echo "build_output<> "$GITHUB_OUTPUT" + cat /tmp/build-output.txt 2>/dev/null || echo "Build succeeded" + echo "ENDOFOUTPUT" >> "$GITHUB_OUTPUT" + echo "lint_output<> "$GITHUB_OUTPUT" + cat /tmp/lint-output.txt 2>/dev/null || echo "Lint succeeded" + echo "ENDOFOUTPUT" >> "$GITHUB_OUTPUT" - name: Fix issues with Claude if: steps.build.outcome == 'failure' || steps.lint.outcome == 'failure' @@ -83,10 +97,10 @@ jobs: ## Errors Build output (if failed): - $(cat /tmp/build-output.txt 2>/dev/null || echo "Build succeeded") + ${{ steps.errors.outputs.build_output }} Lint output (if failed): - $(cat /tmp/lint-output.txt 2>/dev/null || echo "Lint succeeded") + ${{ steps.errors.outputs.lint_output }} ## Instructions From 8dad0a520f4256a44823825025a326236d9848e1 Mon Sep 17 00:00:00 2001 From: umair Date: Tue, 14 Apr 2026 16:14:40 +0100 Subject: [PATCH 3/4] Fix output capture step to redirect all lines to GITHUB_OUTPUT The cat output was going to stdout instead of the output file. Use a group command to redirect everything to GITHUB_OUTPUT together. --- .github/workflows/dependabot-lockfile.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependabot-lockfile.yml b/.github/workflows/dependabot-lockfile.yml index f6da4afb..5f3f9ba0 100644 --- a/.github/workflows/dependabot-lockfile.yml +++ b/.github/workflows/dependabot-lockfile.yml @@ -75,12 +75,14 @@ jobs: id: errors if: steps.build.outcome == 'failure' || steps.lint.outcome == 'failure' run: | - echo "build_output<> "$GITHUB_OUTPUT" - cat /tmp/build-output.txt 2>/dev/null || echo "Build succeeded" - echo "ENDOFOUTPUT" >> "$GITHUB_OUTPUT" - echo "lint_output<> "$GITHUB_OUTPUT" - cat /tmp/lint-output.txt 2>/dev/null || echo "Lint succeeded" - echo "ENDOFOUTPUT" >> "$GITHUB_OUTPUT" + { + echo "build_output</dev/null || echo "Build succeeded" + echo "ENDOFOUTPUT" + echo "lint_output</dev/null || echo "Lint succeeded" + echo "ENDOFOUTPUT" + } >> "$GITHUB_OUTPUT" - name: Fix issues with Claude if: steps.build.outcome == 'failure' || steps.lint.outcome == 'failure' From 859d2309203eee357f00e924a6e9a3539496b894 Mon Sep 17 00:00:00 2001 From: umair Date: Wed, 15 Apr 2026 11:40:14 +0100 Subject: [PATCH 4/4] Address PR review feedback for Dependabot workflow - Move git config before any steps that might commit, so Claude's commits don't fail when lockfile is unchanged but code fixes are needed - Truncate build/lint output to last 200 lines to avoid GITHUB_OUTPUT size limits - Use accurate fallback messages ("No build output captured" / "Lint was not run") instead of misleading "succeeded" text --- .github/workflows/dependabot-lockfile.yml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dependabot-lockfile.yml b/.github/workflows/dependabot-lockfile.yml index 5f3f9ba0..2ccee8b0 100644 --- a/.github/workflows/dependabot-lockfile.yml +++ b/.github/workflows/dependabot-lockfile.yml @@ -38,6 +38,11 @@ jobs: with: node-version: "22.x" + - name: Configure git identity + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + - name: Regenerate lockfile run: pnpm install --no-frozen-lockfile --ignore-scripts @@ -47,8 +52,6 @@ jobs: if git diff --quiet pnpm-lock.yaml; then echo "changed=false" >> "$GITHUB_OUTPUT" else - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git add pnpm-lock.yaml git commit -m "fix(deps): regenerate pnpm-lock.yaml" git push @@ -77,10 +80,18 @@ jobs: run: | { echo "build_output</dev/null || echo "Build succeeded" + if [ -f /tmp/build-output.txt ]; then + tail -n 200 /tmp/build-output.txt + else + echo "No build output captured" + fi echo "ENDOFOUTPUT" echo "lint_output</dev/null || echo "Lint succeeded" + if [ -f /tmp/lint-output.txt ]; then + tail -n 200 /tmp/lint-output.txt + else + echo "Lint was not run" + fi echo "ENDOFOUTPUT" } >> "$GITHUB_OUTPUT"