Skip to content

Update v2 packages/dependencies #110

Update v2 packages/dependencies

Update v2 packages/dependencies #110

Workflow file for this run

name: Update v2 packages/dependencies # Updates dependencies twice a month
on:
workflow_dispatch:
schedule:
- cron: '0 4 1,15 * *' # Updates will happen every 1st/15th of the month
jobs:
carbon:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install
run: yarn
- name: Update Carbon packages
run: |
yarn upgrade:carbon
yarn
env:
YARN_ENABLE_IMMUTABLE_INSTALLS: false
- name: Generate token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
id: generate_token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Create PR
id: create-pr
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with:
token: ${{ steps.generate_token.outputs.token }}
commit-message: 'build(deps): update Carbon 11 compatible versions to latest'
delete-branch: true
branch: 'deps/update-carbon-packages'
branch-suffix: random
title: 'build(deps): update to Carbon 11 compatible versions to latest'
body: |
This PR was automatically generated to update Carbon 11 compatible versions on a regular basis. This is not intended to create any breaking changes, and will be reflected as a minor version bump for affected packages. NB we'll run all tests and do visual verifications, but there is always the opportunity for unexpected regressions. If you're using one of the packages in a stable or production context you may want to check this before taking the next minor version, and do let us know ASAP if you see anything problematic.
The goal is to update to the latest Carbon 11 compatible versions each Friday, to ensure we remain up-to-date with the latest changes (often published on Thursdays) and to ensure interoperability with other packages that also depend on Carbon. We will normally update all other dependencies at the same time to their latest versions, except for specific cases where we have found the updates to be problematic or require further work before they can be used. By using the latest stable version of each dependency we ensure we get fixes and improvements in a timely fashion and reduce the impact of updating the versions that can arise if versions are allowed to become stale for an extended period.
#### What did you change?
This action ran `yarn upgrade:carbon` to upgrade all carbon-related packages to the latest versions.
This PR includes the various `package.json` that pull our dependencies forward to the latest versions, and updates the offline mirror.
#### How did you test and verify your work?
This PR should not be merged until the following checks have been made:
- [ ] A reminder message has been posted onto the ibmproducts-pal-dev Slack channel that a version update PR is going through.
- [ ] `yarn ci-check` runs cleanly and all tests pass (done automatically as part of the PR checks).
- [ ] the Netlify deploy-preview has been used to ensure that storybook runs and the main published components render correctly.
dependencies:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install
run: yarn
- name: Update packages
run: |
yarn set version latest
yarn upgrade:automatic
rm yarn.lock
yarn
yarn update-gallery-config
env:
YARN_ENABLE_IMMUTABLE_INSTALLS: false
- name: Generate token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
id: generate_token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Create PR
id: create-pr
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with:
token: ${{ steps.generate_token.outputs.token }}
commit-message: 'build(deps): update dev dependencies'
delete-branch: true
branch: 'deps/update-dev-packages'
branch-suffix: random
title: 'build(deps): update dev dependencies'
body: |
This PR was automatically generated to update versions of dev dependencies to their latest versions. This helps ensure we get fixes and improvements in a timely fashion and reduces the impact of updating the versions that can arise if versions are allowed to become stale for an extended period.
#### What did you change?
This action ran `yarn upgrade:automatic` to update `package.json` files to request the latest versions of each package. Certain critical packages are intentionally excluded.
This action also deleted the `yarn.lock` file in order to recreate it with the latest matching versions of secondary dependencies.
This PR includes the various `package.json` that pull our dependencies forward to the latest versions, the `yarn.lock` update that maps required versions to the actual versions to be used, and updates the offline mirror.
#### How did you test and verify your work?
This PR should not normally significantly affect the build outputs or runtime packages. Ensure that `yarn ci-check` runs cleanly and all tests pass (done automatically as part of the PR checks).