Upgrade Upstream Dependencies #177
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upgrade Upstream Dependencies | |
| on: | |
| schedule: | |
| - cron: '0 0 * * *' # Daily at midnight UTC | |
| workflow_dispatch: # Manual trigger | |
| permissions: {} | |
| jobs: | |
| upgrade: | |
| if: github.event.repository.fork == false | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| actions: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: ./.github/actions/clone | |
| - uses: oxc-project/setup-rust@23f38cfb0c04af97a055f76acee94d5be71c7c82 # v1.0.16 | |
| with: | |
| save-cache: ${{ github.ref_name == 'main' }} | |
| cache-key: upgrade-deps | |
| tools: just,cargo-shear | |
| - uses: oxc-project/setup-node@4c26e7cb3605b6bdef5450dacd02c434b10fd8ba # v1.2.0 | |
| - name: Rustup Adds Target | |
| run: rustup target add x86_64-unknown-linux-gnu | |
| - name: Rustup Adds Target for rolldown | |
| working-directory: rolldown | |
| run: rustup target add x86_64-unknown-linux-gnu | |
| - name: Upgrade dependencies | |
| id: upgrade | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: node .github/scripts/upgrade-deps.mjs | |
| - name: Sync remote and build | |
| id: build | |
| continue-on-error: true # Create PR even if build fails | |
| run: | | |
| pnpm install --no-frozen-lockfile | |
| pnpm tool sync-remote | |
| pnpm install --no-frozen-lockfile | |
| - name: Build | |
| uses: ./.github/actions/build-upstream | |
| id: build-upstream | |
| continue-on-error: true | |
| with: | |
| target: x86_64-unknown-linux-gnu | |
| print-after-build: 'true' | |
| env: | |
| RELEASE_BUILD: 'true' | |
| - uses: anthropics/claude-code-action@eb99fb38f09dedf69f423f1315d6c0272ace56a0 # Claude Code to 2.1.72 | |
| env: | |
| RELEASE_BUILD: 'true' | |
| with: | |
| claude_code_oauth_token: ${{ secrets.ANTHROPIC_API_KEY }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| show_full_output: 'true' | |
| prompt: | | |
| Check if the build-upstream steps failed and fix them. | |
| ### Background | |
| - The build-upstream steps are at ./.github/actions/build-upstream/action.yml | |
| - The deps upgrade script is at ./.github/scripts/upgrade-deps.mjs | |
| ### Instructions | |
| - We are using `pnpm` as the package manager | |
| - We are aiming to upgrade all dependencies to the latest versions in this workflow, so don't downgrade any dependencies. | |
| - Compare tsdown CLI options with `vp pack` and sync any new or removed options. Follow the instructions in `.claude/skills/sync-tsdown-cli/SKILL.md`. | |
| - Check `.claude/agents/cargo-workspace-merger.md` if rolldown hash is changed. | |
| - Run the steps in `build-upstream` action.yml after your fixing. If no errors are found, you can safe to exit. | |
| - Install global CLI after the build-upstream steps are successful, by running the following commands: | |
| - `pnpm bootstrap-cli:ci` | |
| - `echo "$HOME/.vite-plus/bin" >> $GITHUB_PATH` | |
| - Run `pnpm run lint` to check if there are any issues after the build, if has, deep investigate it and fix it. You need to run `just build` before you can run `pnpm run lint`. | |
| - Run `pnpm run test` after `just build` to ensure all tests are successful. | |
| - The snapshot tests in `pnpm run test` are always successful, you need to check the snapshot diffs in git to see if there is anything wrong after our deps upgrade. | |
| - If deps in our `Cargo.toml` need to be upgraded, you can refer to the `./.claude/agents/cargo-workspace-merger.md` | |
| - If `Cargo.toml` has been modified, you need to run `cargo shear` to ensure there is nothing wrong with our dependencies. | |
| - Run `cargo check --all-targets --all-features` to ensure everything works fine if any Rust related codes are modified. | |
| - Run the following commands to ensure everything works fine: | |
| vp -h | |
| vp run -h | |
| vp lint -h | |
| vp test -h | |
| vp build -h | |
| vp fmt -h | |
| vp pack -h | |
| - Your final step is to run `just build` to ensure all builds are successful. | |
| Help me fix the errors in `build-upstream` steps if exists. | |
| No need to commit changes after your fixing we have a following step to commit all file changes. | |
| claude_args: | | |
| --model opus --allowedTools "Bash,Edit,Replace,NotebookEditCell" | |
| additional_permissions: | | |
| actions: read | |
| - name: Update lockfile | |
| run: | | |
| pnpm install --no-frozen-lockfile | |
| pnpm dedupe | |
| - name: Checkout binding files | |
| run: | | |
| git checkout packages/cli/binding/index.cjs | |
| git checkout packages/cli/binding/index.d.cts | |
| - name: Format code | |
| run: pnpm fmt | |
| - name: Close and delete previous PR | |
| env: | |
| GH_TOKEN: ${{ secrets.AUTO_UPDATE_BRANCH_TOKEN }} | |
| run: | | |
| # Find PR with the deps/upstream-update branch | |
| PR_NUMBER=$(gh pr list --head deps/upstream-update --json number --jq '.[0].number') | |
| if [ -n "$PR_NUMBER" ]; then | |
| echo "Found existing PR #$PR_NUMBER, closing and deleting branch…" | |
| gh pr close "$PR_NUMBER" --delete-branch | |
| else | |
| echo "No existing PR found with branch deps/upstream-update" | |
| fi | |
| - name: Create/Update PR | |
| uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11 | |
| with: | |
| base: main | |
| branch: deps/upstream-update | |
| title: 'feat(deps): upgrade upstream dependencies' | |
| sign-commits: true | |
| token: ${{ secrets.AUTO_UPDATE_BRANCH_TOKEN }} | |
| branch-token: ${{ secrets.GITHUB_TOKEN }} | |
| body: | | |
| Automated daily upgrade of upstream dependencies: | |
| - rolldown (latest tag) | |
| - vite (latest tag) | |
| - vitest (latest npm version) | |
| - tsdown (latest npm version) | |
| Build status: ${{ steps.build.outcome }} | |
| commit-message: 'feat(deps): upgrade upstream dependencies' |