name: Update Lockfile on: schedule: - cron: '0 6 * * *' # Daily at 6 AM UTC workflow_dispatch: {} # Allow manual triggering permissions: contents: write pull-requests: write jobs: update-lockfile: if: github.repository == 'pnpm/pnpm' # Only run on the main repository, not forks runs-on: ubuntu-latest steps: - name: Checkout Commit uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.UPDATE_LOCKFILE_TOKEN }} - name: Install pnpm uses: pnpm/action-setup@6e7bdbda5fe05107efc88b23b7ed00aa05f84ca0 with: standalone: true - name: Setup Node run: pnpm runtime -g set node 24.6.0 timeout-minutes: 2 - name: Update lockfile run: | rm pnpm-lock.yaml pnpm install --lockfile-only timeout-minutes: 5 - name: Check for changes id: changes run: | if git diff --quiet pnpm-lock.yaml; then echo "changed=false" >> $GITHUB_OUTPUT else echo "changed=true" >> $GITHUB_OUTPUT fi - name: Create or update PR if: steps.changes.outputs.changed == 'true' env: GH_TOKEN: ${{ secrets.UPDATE_LOCKFILE_TOKEN }} run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" BRANCH="chore/update-lockfile" # Check if branch exists on remote if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then git fetch origin "$BRANCH" git checkout "$BRANCH" git reset --hard origin/main else git checkout -b "$BRANCH" fi # Re-apply the lockfile update on the branch rm pnpm-lock.yaml pnpm install --lockfile-only git add pnpm-lock.yaml git commit -m "chore: update pnpm-lock.yaml" git push -f origin "$BRANCH" # Check if PR already exists if gh pr list --head "$BRANCH" --state open | grep -q "$BRANCH"; then echo "PR already exists, it has been updated" else gh pr create \ --title "chore: update pnpm-lock.yaml" \ --body "This PR updates the lockfile to pick up the latest compatible versions of dependencies. This is an automated PR created by the update-lockfile workflow." \ --base main \ --head "$BRANCH" fi