Allow dependabot to rebase over dedupe commit

Merge branch 'dev' into dependabot-dedupe
Move dedupe check up to fail faster
2025-11-11 03:51:07 +00:00 · 2023-02-14 17:30:09 +00:00 · 2023-02-14 17:20:09 +00:00 · 2023-02-06 21:16:38 +00:00 · 2023-02-06 21:12:26 +00:00 · 2023-02-06 20:44:02 +00:00
1 changed files with 54 additions and 0 deletions
--- a/.github/workflows/dedupe.yaml
+++ b/.github/workflows/dedupe.yaml
@@ -0,0 +1,54 @@
+name: Deduplicate Dependabot
+
+on:
+  push:
+    branches:
+      - dependabot/npm_and_yarn/*
+
+env:
+  NODE_VERSION: 16
+  NODE_OPTIONS: --max_old_space_size=6144
+
+permissions:
+  contents: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  dedupe:
+    name: Deduplicate dependencies
+    # Only trigger on initial commit from dependabot
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate app token
+        # Use a GitHub app to checkout and commit in order to re-trigger the CI workflow
+        # (because actions with GITHUB_TOKEN do not trigger new events)
+        id: generate_token
+        uses: tibdex/github-app-token@v1.7.0
+        with:
+          app_id: ${{ secrets.HA_COMMITTER_APP_ID }}
+          private_key: ${{ secrets.HA_COMMITTER_PRIVATE_KEY }}
+      - name: Check out files from GitHub
+        uses: actions/checkout@v3.3.0
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+      - name: Set up Node ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v3.6.0
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: yarn
+      - name: Install dependencies
+        # Do not run build scripts as a security measure since job has write permissions
+        run: yarn install --immutable --mode=skip-build
+      - name: Deduplicate dependencies
+        run: yarn dedupe --mode=skip-build
+      - name: Commit changes
+        run: |
+          git config user.name "Home Assistant Committer"
+          git config user.email "hello@home-assistant.io"
+          git add yarn.lock
+          git commit -m "Deduplicate dependencies [dependabot skip]" || exit 0
+          git push origin "HEAD:${GITHUB_HEAD_REF}"
Author	SHA1	Message	Date
Steve Repsher	f7e2fb5271	Allow dependabot to rebase over dedupe commit	2023-02-14 17:30:09 +00:00
Steve Repsher	6ba567c54e	Merge branch 'dev' into dependabot-dedupe	2023-02-14 17:20:09 +00:00
Steve Repsher	bb6fb5fb89	Move dedupe check up to fail faster	2023-02-06 21:16:38 +00:00
Steve Repsher	7c1b2e01fe	Add concurrency rules to cancel workflows in progress	2023-02-06 21:12:26 +00:00
Steve Repsher	de03c9610b	Revise to use separate workflow with GitHub app	2023-02-06 20:44:02 +00:00
Steve Repsher	2fdb6f1241	Merge dev to bump action versions	2023-01-09 14:28:18 +00:00
Steve Repsher	555c43caeb	Merge dev and pin action versions	2022-12-27 20:34:31 +00:00
Steve Repsher	997455932f	Update bash style to quote variables and use [[ and $()	2022-12-21 14:01:39 +00:00
Steve Repsher	49e2230fb2	Add workflow job to deduplicate dependabot pull requests	2022-12-20 19:59:03 +00:00