⚗️ Run pnpm dedupe for Dependabot PRs

See: dependabot/dependabot-core#5830
mingjunlu · Feb 6, 2024 · 3f79e64 · 3f79e64
1 parent b38fa8d
commit 3f79e64
Showing 1 changed file with 38 additions and 0 deletions.
diff --git a/.github/workflows/dependabot-dedupe.yaml b/.github/workflows/dependabot-dedupe.yaml
@@ -0,0 +1,38 @@
+name: Deduplicate Dependabot PRs
+on:
+  push:
+    branches:
+      - 'dependabot/npm_and_yarn/*'
+    paths:
+      - 'package.json'
+permissions:
+  content: write
+jobs:
+  dedupe:
+    name: Deduplicate dependencies
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      - name: Set up pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 8
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile --ignore-scripts
+      - name: Deduplicate dependencies
+        run: pnpm dedupe
+      - name: Set up Git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "49699333+dependabot[bot]@users.noreply.github.com"
+      - name: Commit and push changes
+        run: |
+          git add pnpm-lock.yaml
+          git commit -m "♻️ Deduplicate dependencies [dependabot skip]" || echo "No changes to commit"
+          git push origin ${{ github.ref_name }}