Add node and npm upgrade workflows as well as a dependency check summary workflow and updated doc proposal #4023
+645
−32
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a comprehensive automated dependency management system for the GitHub Actions Runner, including workflows for Node.js, NPM, .NET SDK, and Docker/Buildx version updates, along with a dependency status checking workflow and accompanying documentation.
Key changes include:
- Addition of 6 new GitHub Actions workflows for automated dependency management
- Creation of comprehensive dependency management documentation
- Minor adjustment to Node.js versions in externals.sh
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/Misc/externals.sh | Updates Node.js version numbers (downgrade for compatibility) |
| docs/dependency-management.md | New comprehensive documentation for dependency management process |
| .github/workflows/setup-labels.yml | Workflow to create necessary labels for dependency management |
| .github/workflows/npm-upgrade.yml | Automated NPM audit fix workflow |
| .github/workflows/npm-audit-ts-fix.yml | Enhanced NPM audit workflow with TypeScript auto-repair |
| .github/workflows/node-upgrade.yml | Automated Node.js version update workflow |
| .github/workflows/dotnet-upgrade.yml | Updates to existing .NET SDK upgrade workflow |
| .github/workflows/docker-buildx-upgrade.yml | Updates to existing Docker/Buildx upgrade workflow |
| .github/workflows/dependency-check.yml | New comprehensive dependency status check workflow |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Change runner from ubuntu-latest to path-test
Change runner from path-test to path-test-2
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add workflows for updating npm and node, also add a dependency review check to give a summary on all the vulnerabilities.
Example dependency summary
see: https://github.com/salmanmkc/runner/actions/runs/17564083794
Example updating node versions
Example updating npm packages