gui.do / barazo-workspace
pnpm workspace root for Barazo forum development — shared configuration, tooling, and cross-package dependency management barazo.forum
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ci: add automatic lockfile sync for sub-repo dependency updates (#55)

Dependabot updates package.json in sub-repos (barazo-api, barazo-web,
barazo-lexicons) but has no visibility into the workspace root lockfile.
This causes pnpm install --frozen-lockfile to fail in the deploy
workflow's Docker build.

Adds a scheduled workflow (every 6h) that fetches the latest
package.json from each sub-repo, regenerates the lockfile, and
auto-commits if it changed.

authored by

Guido X Jansen and committed by
GitHub 5c72a1ad 118833c7

+61
+61
.github/workflows/sync-lockfile.yml
··· 1 + name: Sync Lockfile 2 + 3 + on: 4 + repository_dispatch: 5 + types: [sync-lockfile] 6 + schedule: 7 + # Every 6 hours -- catches Dependabot merges in sub-repos 8 + - cron: "0 */6 * * *" 9 + workflow_dispatch: {} 10 + 11 + permissions: 12 + contents: write 13 + pull-requests: write 14 + 15 + jobs: 16 + sync: 17 + name: Regenerate workspace lockfile 18 + runs-on: ubuntu-latest 19 + steps: 20 + - name: Checkout workspace 21 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 22 + 23 + - name: Setup pnpm 24 + uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 25 + 26 + - name: Setup Node.js 27 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 28 + with: 29 + node-version: 24 30 + 31 + - name: Fetch workspace member manifests 32 + run: | 33 + for pkg in barazo-api barazo-web barazo-lexicons; do 34 + mkdir -p "$pkg" 35 + curl -sfL "https://raw.githubusercontent.com/barazo-forum/$pkg/main/package.json" \ 36 + -o "$pkg/package.json" 37 + done 38 + 39 + - name: Regenerate lockfile 40 + run: pnpm install --no-frozen-lockfile 41 + 42 + - name: Check for lockfile changes 43 + id: diff 44 + run: | 45 + if git diff --quiet pnpm-lock.yaml; then 46 + echo "changed=false" >> "$GITHUB_OUTPUT" 47 + echo "Lockfile is already up to date." 48 + else 49 + echo "changed=true" >> "$GITHUB_OUTPUT" 50 + echo "Lockfile has changed -- needs update." 51 + git diff --stat pnpm-lock.yaml 52 + fi 53 + 54 + - name: Commit lockfile to main 55 + if: steps.diff.outputs.changed == 'true' 56 + run: | 57 + git config user.name "github-actions[bot]" 58 + git config user.email "github-actions[bot]@users.noreply.github.com" 59 + git add pnpm-lock.yaml 60 + git commit -m "fix(deps): auto-sync lockfile with sub-repo dependencies" 61 + git push origin main