From 98a8f9d305510c577e163249ab6560e243ebf70c Mon Sep 17 00:00:00 2001 From: Federico Brigante Date: Wed, 28 Feb 2024 16:47:23 +0800 Subject: [PATCH 1/3] Warn of wrong lockfile changes in PR --- .github/workflows/pr.yml | 42 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 4644b58a6a..7bc88bcd17 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -38,3 +38,45 @@ jobs: }); process.exitCode = 1; } + lockfile: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + sparse-checkout: package-lock.json + - name: Detect changes + id: stats + run: | + git fetch origin ${{ github.base_ref }} + STAT="$(git diff --numstat origin/${{ github.base_ref }}..HEAD -- package-lock.json)" + DELETED=$(echo $STAT | cut -d " " -f 1) + ADDED=$(echo $STAT | cut -d " " -f 2) + TOTAL_CHANGES=$((DELETED + ADDED)) + echo "STAT=$STAT" + echo "DELETED=$DELETED" + echo "ADDED=$ADDED" + echo "TOTAL_CHANGES=$TOTAL_CHANGES" + echo "changes=$TOTAL_CHANGES" >> $GITHUB_OUTPUT + - if: steps.stats.outputs.changes <= 1000 + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: lockfile # Unique identifier for the comment + hide: true + - if: steps.stats.outputs.changes > 1000 + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: lockfile # Unique identifier for the comment + recreate: true + message: | + ## ⚠️ Large diff for package-lock.json + + There are ${{ steps.stats.outputs.changes }} line changes in package-lock.json. This should not happen unless you're updating a lot of dependencies at once. Regenerating the lockfile should not be necessary. + + If you're seeing Vercel deployment failures, this is likely the cause. Run these commands to reset these changes: + + ```sh + git checkout origin/main -- package-lock.json + npm install + ``` + - if: steps.stats.outputs.changes > 1000 + run: exit 1 From a57cd706d23dae9cdfeaad5d101557b9b07796ac Mon Sep 17 00:00:00 2001 From: Federico Brigante Date: Wed, 28 Feb 2024 16:56:38 +0800 Subject: [PATCH 2/3] Extend message --- .github/workflows/pr.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 7bc88bcd17..f309290760 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -72,11 +72,15 @@ jobs: There are ${{ steps.stats.outputs.changes }} line changes in package-lock.json. This should not happen unless you're updating a lot of dependencies at once. Regenerating the lockfile should not be necessary. - If you're seeing Vercel deployment failures, this is likely the cause. Run these commands to reset these changes: + If you're seeing Vercel deployment failures, this is likely the cause. + + Run these commands to reset these changes: ```sh git checkout origin/main -- package-lock.json npm install ``` + + You might want to click on "Update branch" first so that the results are accurate. - if: steps.stats.outputs.changes > 1000 run: exit 1 From 3b231c7ac5f6de9b354ade8dae5f41beb5022725 Mon Sep 17 00:00:00 2001 From: Federico Brigante Date: Wed, 28 Feb 2024 19:37:10 +0800 Subject: [PATCH 3/3] Disable `dependabot-auto-merge` on unrelated PRs --- .github/workflows/dependabot-auto-merge.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 6fbc0fb343..82293b67e4 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -1,5 +1,8 @@ name: Dependabot auto-approve -on: pull_request +on: + pull_request: + paths: + - package-lock.json permissions: contents: write