actions/setup-uv
2
0
Fork 0
mirror of https://github.com/astral-sh/setup-uv.git synced 2026-06-05 03:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fac544c07dec837d0ccb6301d7b5580bf5edae39
setup-uv/.agents/skills/dependabot-pr-rollup/SKILL.md
Kevin Stillhammer 7390f777b0 docs: update dependabot rollup biome guidance (#902) 
Updates the dependabot-pr-rollup skill to document that @biomejs/biome
dependency updates must also update the matching schema URL version in
biome.json.
2026-06-03 09:50:08 +02:00

2.3 KiB
Raw Blame History

name, description, license, compatibility
name description license compatibility
dependabot-pr-rollup Find open Dependabot PRs for the current GitHub repo, compare each PR head to its base branch, replay only the net dependency changes in a fresh worktree and branch, run npm validation, and optionally commit, push, and open a PR. Use when you want to batch or manually replicate active Dependabot updates. MIT Requires git, git worktree, gh CLI auth, npm, and a GitHub repo with an origin remote.

Dependabot PR Rollup

When to use

Use this skill when the user wants to:

  • find all open Dependabot PRs in the current repo
  • reproduce their net effect in one local branch
  • validate the result with the repo's standard npm checks
  • optionally commit, push, and open a PR

Workflow

  1. Inspect the current checkout state, but do not reuse a dirty worktree.
  2. List open Dependabot PRs with gh pr list --state open --author app/dependabot.
  3. For each PR, collect the title, base branch, head branch, changed files, and relevant diffs.
  4. Compare each PR head against origin/<base> instead of trusting the PR title. Dependabot PRs can already be partially merged, superseded by newer versions, or have no remaining net effect.
  5. Create a new worktree and branch from origin/<base>.
  6. Reproduce only the remaining dependency changes in the new worktree.
    • Inspect package.json before editing.
    • Run npm ci --ignore-scripts before applying updates.
    • Use npm install ... --ignore-scripts for direct dependency changes so package-lock.json stays in sync.
    • When updating @biomejs/biome, also update the Biome schema URL version in biome.json to match the installed Biome version.
  7. Run npm run all.
  8. If requested, commit the changed source, lockfile, and generated artifacts, then push and open a PR.

Repo-specific notes

  • Use gh for GitHub operations.
  • Keep the user's original checkout untouched by working in a separate worktree.
  • In this repo, npm run all is the safest validation command because it runs build, check, package, and test.
  • If dependency changes affect bundled output, include the regenerated dist/ files.

Report back

Always report:

  • open Dependabot PRs found
  • which PRs required no net changes
  • new branch name
  • new worktree path
  • files changed
  • npm run all result
  • if applicable, commit SHA and PR URL
Reference in New Issue View Git Blame Copy Permalink