📅 6/10 @ 1pm PT - How to update lock files silently (Part II)

[gr2m]

💁🏻 How to update lock files silently (Part II)
📅 Thursday, June 10, 2021
🕐 1:00pm Pacific Time (in your timezone)
🎙️ no guests
🏷️ Automation

---

Subscribe to this issues to get a notification before the show begins and a summary after the show concludes.

How to update lock files silently (Part II)

This show is a follow up to #22.

In the first episode, we established the problem space we are trying to solve and created a GitHub Action workflow that updates the package-lock.json file on a schedule and pushes it to a lockfile-update branch.

Next, we want to run a workflow whenever CI completed on the lockfile-update branch. If all checks are green, merge it into the repositories default branch and delete the lockfile-update branch. If it fails, create a pull-request to notify the maintainers that their CI broke because of in-range file updates.

Stretch goal will be to be more smart about updates. If there are any pull requests that will conflict with an update to package-lock.json, do not update the repository's default branch. Unless it's a weekly run when we want to enforce an update either way.

Outline

• Run a GitHub Action workflow when we create or update the lockfile-update branch from the update workflow
• Run a GitHub Action workflow each time commit status and check runs are set on a commit in the lockfile-update branch. Determine whether the status is green based on the branch protection settings.
• If any check failed, create a pull request. If all required checks are green, merge and delete the lockfile-update branch.

Preparation

• 30 minute announcement tweet
• start of show tweet
• comment on issue
• recording available tweet

Recording

Shownotes

• run a GitHub Action whenever a status was set or a check run completed on a lockfile-update branch commit

[gr2m]

recording is now live on YouTube: https://youtu.be/LKCrofYOf9A