ci: auto-rebuild action bundle on Renovate dependency bumps#103
Merged
Conversation
Renovate bumps to bundled deps (@actions/*, yaml, zod) or the vite-plus bundler change dist/index.mjs, which fails the 'Verify dist is up to date' check until someone manually runs 'vp run build' and commits. Add a label-triggered workflow that rebuilds dist/ and pushes it back to the PR branch, and configure Renovate to attach the needs-bundle-rebuild label to those bumps. A GitHub App token is used for the push so the PR's required checks re-run.
Drop the hardcoded pnpm version (read from package.json packageManager) and use .node-version instead of a pinned node-version, matching the existing build job and avoiding version drift.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds automation to keep the GitHub Action’s bundled output (dist/) in sync when Renovate updates dependencies that affect the bundle, by labeling such PRs and running an auto-rebuild workflow that commits refreshed dist/ back to the PR branch.
Changes:
- Add a new
rebuild-bundleworkflow triggered by theneeds-bundle-rebuildPR label to rebuild and push updateddist/. - Update Renovate configuration to automatically apply
needs-bundle-rebuildto runtime dependency bumps andvite-plusbumps.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/rebuild-bundle.yml | Adds a label-triggered workflow intended to rebuild dist/ and push the result back to the PR branch. |
| .github/renovate.json | Adds package rules so Renovate applies needs-bundle-rebuild to dependency updates that can change dist/. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+51
to
+55
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Rebuild the action bundle | ||
| run: pnpm build |
Comment on lines
+66
to
+67
| git commit -m "chore: rebuild action bundle for dependency update" | ||
| git push |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Renovate bumps to bundled deps (`@actions/*`, `yaml`, `zod`) or to the `vite-plus` bundler change `dist/index.mjs`, which fails the "Verify dist is up to date" check until someone manually runs `vp run build` and commits.
This adapts the label-triggered rebuild approach from voidzero-dev/pkg-pr-registry-bridge#47:
Relies on the org secrets `APP_ID` / `APP_PRIVATE_KEY` (same App/secrets as the reference repo).