Yarn Upgrade #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Yarn Upgrade | |
on: | |
schedule: | |
# Every wednesday at 13:37 UTC | |
- cron: 37 13 * * 3 | |
workflow_dispatch: {} | |
jobs: | |
upgrade: | |
name: Yarn Upgrade | |
permissions: | |
contents: read | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check Out | |
uses: actions/checkout@v4 | |
- name: Set up Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "*" | |
env: | |
NODE_OPTIONS: "--max-old-space-size=8196 --experimental-worker ${NODE_OPTIONS:-}" | |
- name: Locate Yarn cache | |
id: yarn-cache | |
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT | |
- name: Restore Yarn cache | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.yarn-cache.outputs.dir }} | |
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: |- | |
${{ runner.os }}-yarn- | |
- name: Yarn Install | |
run: yarn install --frozen-lockfile | |
- name: Install Tools | |
run: |- | |
npm -g install lerna npm-check-updates | |
- name: Build Integ Runner | |
run: | | |
export NODE_OPTIONS="--max-old-space-size=8196 --experimental-worker ${NODE_OPTIONS:-}" | |
npx lerna run build --scope @aws-cdk/integ-runner | |
- name: List Mono-Repo Packages | |
id: list-packages | |
# These need to be ignored from the `ncu` runs! | |
run: |- | |
echo "list=$(lerna ls --all --json 2>/dev/null | jq -r 'map(.name) | join(",")')" >> $GITHUB_OUTPUT | |
- name: Run "ncu -u" | |
# Upgrade special cases: | |
# - Various `@types/*` packages need to be pinned to specific versions due to breaking changes in minor upgrades https://github.com/DefinitelyTyped/DefinitelyTyped/issues/64266 | |
# - `typescript` is not semantically versioned, so we only upgrade the patch version | |
# - `jsii`, `jsii-rosetta` is not semantically versioned and needs to be upgrades alongside typescript | |
# - `constructs` because we need to stay in control of the minimum compatible version | |
# - `aws-sdk-mock` because of breaking changes in type exports https://github.com/dwyl/aws-sdk-mock/pull/260. We are not respecting `@ts-ignore`. | |
# - `@aws-cdk/aws-service-spec` and `@aws-cdk/service-spec-types` have their own update workflow | |
run: |- | |
# Upgrade dependencies at repository root | |
ncu --upgrade --filter=jsii,jsii-rosetta,typescript --target=patch | |
ncu --upgrade --reject=@types/node,@types/prettier,constructs,jsii,jsii-rosetta,typescript --target=minor | |
# Upgrade all the packages | |
lerna exec --parallel ncu -- --upgrade --filter=jsii,jsii-rosetta,typescript --target=patch | |
lerna exec --parallel ncu -- --upgrade --reject='@types/conventional-commits-parser,@types/node,@types/prettier,constructs,jsii,jsii-rosetta,typescript,aws-sdk-mock,@aws-sdk/*,@aws-cdk/aws-service-spec,@aws-cdk/service-spec-types,${{ steps.list-packages.outputs.list }}' --target=minor | |
# Upgrade package.json files in init templates | |
for pj in $(find packages/aws-cdk/lib/init-templates -name package.json); do | |
(cd $(dirname $pj) && ncu --upgrade --reject='constructs,${{ steps.list-packages.outputs.list }}') | |
done | |
# Upgrade dependencies at an aws-eks integ test docker image | |
cd packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/sdk-call-integ-test-docker-app/app/ && ncu --upgrade --reject='@aws-sdk/*,${{ steps.list-packages.outputs.list }}' | |
# This will ensure the current lockfile is up-to-date with the dependency specifications (necessary for "yarn upgrade" to run) | |
- name: Run "yarn install" | |
run: yarn install | |
- name: Run "yarn upgrade" | |
run: yarn upgrade | |
- name: Regenerate CLI attributions | |
run: cd packages/aws-cdk && yarn pkglint | |
- name: Regenerate Integ Runner attributions | |
run: cd packages/@aws-cdk/integ-runner && yarn pkglint | |
# Next, create and upload the changes as a patch file. This will later be downloaded to create a pull request | |
# Creating a pull request requires write permissions and it's best to keep write privileges isolated. | |
- name: Create Patch | |
run: |- | |
git add . | |
git diff --patch --staged > ${{ runner.temp }}/upgrade.patch | |
- name: Upload Patch | |
uses: actions/upload-artifact@v4 | |
with: | |
name: upgrade.patch | |
path: ${{ runner.temp }}/upgrade.patch | |
pr: | |
name: Create Pull Request | |
needs: upgrade | |
permissions: | |
contents: write | |
pull-requests: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check Out | |
uses: actions/checkout@v4 | |
- name: Download patch | |
uses: actions/download-artifact@v4 | |
with: | |
name: upgrade.patch | |
path: ${{ runner.temp }} | |
- name: Apply patch | |
run: '[ -s ${{ runner.temp }}/upgrade.patch ] && git apply ${{ runner.temp | |
}}/upgrade.patch || echo "Empty patch. Skipping."' | |
- name: Make Pull Request | |
uses: peter-evans/create-pull-request@v6 | |
with: | |
# Git commit details | |
branch: automation/yarn-upgrade | |
author: aws-cdk-automation <aws-cdk-automation@users.noreply.github.com> | |
commit-message: |- | |
chore: npm-check-updates && yarn upgrade | |
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date. | |
# Pull Request details | |
title: 'chore: npm-check-updates && yarn upgrade' | |
body: |- | |
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date. | |
labels: contribution/core,dependencies,auto-approve | |
team-reviewers: aws-cdk-team | |
# Github prevents further Github actions to be run if the default Github token is used. | |
# Instead use a privileged token here, so further GH actions can be triggered on this PR. | |
token: ${{ secrets.PROJEN_GITHUB_TOKEN }} |