From def28b6510dd15fcd6817274d93c86bad7a9f2e7 Mon Sep 17 00:00:00 2001
From: Iain Lane <iain@orangesquash.org.uk>
Date: Wed, 24 Jul 2024 08:08:53 +0000
Subject: [PATCH] Add new workflow to keep pnpm up to date

This isn't handled by dependabot, so we need to do it ourselves. This workflow
will run every week and open a PR if there are updates available. The PR will be
auto-approved if CI passes.
---
 .devcontainer/devcontainer-lock.json        |   5 +
 .github/workflows/auto-approve.yml          |  38 ++++++
 .github/workflows/dependabot-auto-merge.yml |  33 -----
 .github/workflows/update-pnpm.yml           | 143 ++++++++++++++++++++
 4 files changed, 186 insertions(+), 33 deletions(-)
 create mode 100644 .github/workflows/auto-approve.yml
 delete mode 100644 .github/workflows/dependabot-auto-merge.yml
 create mode 100644 .github/workflows/update-pnpm.yml

diff --git a/.devcontainer/devcontainer-lock.json b/.devcontainer/devcontainer-lock.json
index 02b5177e..4ac5a40d 100644
--- a/.devcontainer/devcontainer-lock.json
+++ b/.devcontainer/devcontainer-lock.json
@@ -4,6 +4,11 @@
       "version": "1.0.11",
       "resolved": "ghcr.io/devcontainers/features/github-cli@sha256:464564228ccdd6028f01f8a62a3cfbaf76e9ba7953b29ac0e53ba2c262604312",
       "integrity": "sha256:464564228ccdd6028f01f8a62a3cfbaf76e9ba7953b29ac0e53ba2c262604312"
+    },
+    "ghcr.io/devcontainers/features/rust:1": {
+      "version": "1.3.0",
+      "resolved": "ghcr.io/devcontainers/features/rust@sha256:dfeb34c48d0aef1f28ba0c70624f79471c3bc91d32d096e3c7015e090831aa9e",
+      "integrity": "sha256:dfeb34c48d0aef1f28ba0c70624f79471c3bc91d32d096e3c7015e090831aa9e"
     }
   }
 }
\ No newline at end of file
diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
new file mode 100644
index 00000000..d89c2812
--- /dev/null
+++ b/.github/workflows/auto-approve.yml
@@ -0,0 +1,38 @@
+name: Auto-merge automated PRs
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: |
+      github.actor == 'dependabot[bot]' || (
+        github.actor == 'github-actions[bot]' &&
+        startsWith(github.event.pull_request.head.ref, 'auto-merge/')
+      )
+
+    steps:
+      - name: Generate installation token
+        id: generate-installation-token
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
+        with:
+          app-id: ${{ secrets.LANEYBOT_APP_ID }}
+          private-key: ${{ secrets.LANEYBOT_PRIVATE_KEY }}
+
+      - name: Approve a PR
+        run: >
+          gh pr review --approve "$PR_URL" --body "${{ github.actor }} PR
+          automatically approved"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{ steps.generate-installation-token.outputs.token }}
+
+      - name: Enable auto-merge for automated PRs
+        run: gh pr merge --auto --rebase "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{ steps.generate-installation-token.outputs.token }}
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
deleted file mode 100644
index 6891b897..00000000
--- a/.github/workflows/dependabot-auto-merge.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-name: Dependabot auto-approve
-on: pull_request
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # v2.2.0
-      - name: Generate token
-        id: generate_token
-        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
-        with:
-          app-id: ${{ secrets.LANEYBOT_APP_ID }}
-          private-key: ${{ secrets.LANEYBOT_PRIVATE_KEY }}
-      - name: Approve a PR
-        run:
-          gh pr review --approve "$PR_URL" --body "Dependabot PR automatically
-          approved"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-      - name: Enable auto-merge for Dependabot PRs
-        run: gh pr merge --auto --rebase "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
diff --git a/.github/workflows/update-pnpm.yml b/.github/workflows/update-pnpm.yml
new file mode 100644
index 00000000..8916ce84
--- /dev/null
+++ b/.github/workflows/update-pnpm.yml
@@ -0,0 +1,143 @@
+name: Update Package Manager
+
+on:
+  schedule:
+    # Run every Monday at 3:27 AM
+    - cron: "27 3 * * 1"
+
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/update-pnpm.yml
+
+  pull_request:
+    paths:
+      - .github/workflows/update-pnpm.yml
+
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  check-for-new-version:
+    name: Check for new pnpm version
+
+    runs-on: ubuntu-latest
+
+    outputs:
+      new-version: ${{ steps.pnpm-info.outputs.version }}
+      branch-exists: ${{ steps.check-branch.outputs.branch-exists }}
+
+    steps:
+      - name: Generate token
+        id: generate-installation-token
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
+        with:
+          app-id: ${{ secrets.LANEYBOT_APP_ID }}
+          private-key: ${{ secrets.LANEYBOT_PRIVATE_KEY }}
+
+      - name: Get user info
+        id: get-user-info
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          LANEYBOT_APP_SLUG:
+            ${{ steps.generate-installation-token.outputs.app-slug }}
+          LANEYBOT_CLIENT_ID: ${{ vars.LANEYBOT_CLIENT_ID }}
+          LANEYBOT_CLIENT_SECRET: ${{ secrets.LANEYBOT_CLIENT_SECRET }}
+          LANEYBOT_PRIVATE_KEY: ${{ secrets.LANEYBOT_PRIVATE_KEY }}
+        with:
+          script: |
+            const appSlug = appInfo.data.slug;
+
+            const appInfo = await github.rest.apps.getBySlug({
+              app_slug: appSlug
+            });
+
+            const displayName = appInfo.data.name;
+            const internalID = appInfo.data.id;
+
+            console.log(`Got app info for '${appSlug}'. Display name: '${displayName}'. ID: '${internalID}'.`);
+
+            core.setOutput("name", displayName);
+            core.setOutput("id", internalID);
+            core.setOutput("slug", appSlug);
+
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          token: ${{ steps.generate-installation-token.outputs.token }}
+
+      - name: Enable Corepack
+        run: |
+          corepack enable
+
+      - name: Setup Node.js
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        env:
+          COREPACK_ENABLE_STRICT: false
+        with:
+          cache-dependency-path: pnpm-lock.yaml
+          node-version-file: "package.json"
+          cache: "pnpm"
+
+      - name: Update Package Manager
+        run: |
+          corepack up
+
+      - name: Check for changes
+        id: git-check
+        run: |
+          git diff --exit-code package.json || echo "changes=true" >> "${GITHUB_OUTPUT}"
+
+      - name: Get new pnpm version and packageManager field
+        if: steps.git-check.outputs.changes == 'true'
+        id: pnpm-info
+        run: |
+          VERSION="$(pnpm --version)"
+          echo "version=${VERSION}" >> "${GITHUB_OUTPUT}"
+          echo "package-manager=$(jq -r .packageManager package.json)" >> "${GITHUB_OUTPUT}"
+          echo "update-branch=auto-merge/pnpm/${VERSION}" >> "${GITHUB_OUTPUT}"
+
+      - name: Check if update branch exists
+        if: steps.git-check.outputs.changes == 'true'
+        id: check-branch
+        run: |
+          git ls-remote --exit-code --heads origin ${{ steps.pnpm-info.outputs.update-branch }} \
+            && echo "branch-exists=true" >> "${GITHUB_OUTPUT}" \
+            || echo "branch-exists=false" >> "${GITHUB_OUTPUT}"
+
+      - name: Create Pull Request
+        if: >
+          steps.git-check.outputs.changes == 'true' &&
+          steps.check-branch.outputs.branch-exists == 'false'
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+        with:
+          commit-message: >
+            chore: update packageManager field to pnpm@${{
+            steps.pnpm-info.outputs.version }}
+          title: >
+            chore: update packageManager field to pnpm@${{
+            steps.pnpm-info.outputs.version }}
+          body: |
+            Update pnpm to version `${{ steps.pnpm-info.outputs.version }}`.
+
+            Changes made:
+            - Updated the `packageManager` field to pnpm@${{ steps.pnpm-info.outputs.package-manager }}.
+
+            This update [was performed automatically][workflow-run] by [the
+            "Update Package Manager" workflow][workflow].
+
+            [workflow]: ./github/workflows-update-pnpm.yml
+            [workflow-run]: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          base: main
+          branch: ${{ steps.pnpm-info.outputs.update-branch }}
+          committer: |-
+            ${{ steps.get-user-info.outputs.name }} <${{ steps.get-user-info.outputs.id }}+${{ steps.get-user-info.outputs.slug }}@users.noreply.github.com>
+          delete-branch: true
+          labels: |
+            dependencies
+            automated pr
+          token: ${{ steps.generate-installation-token.outputs.token }}