Skip to content

ci: add workflow to auto-bump deps on upstream release#26

Open
congminh1254 wants to merge 3 commits into
mainfrom
bump-deps-on-upstream-release
Open

ci: add workflow to auto-bump deps on upstream release#26
congminh1254 wants to merge 3 commits into
mainfrom
bump-deps-on-upstream-release

Conversation

@congminh1254

@congminh1254 congminh1254 commented Jun 25, 2026

Copy link
Copy Markdown
Member

Summary

  • Adds a new GitHub Actions workflow (bump-deps.yml) that listens for repository_dispatch events from box-node-sdk and boxcli
  • When an upstream release is published, this workflow automatically updates the dependency version in package.json and opens a PR
  • The PR commit type matches the semver bump: feat! for major, feat for minor, fix for patch

How it works

  1. Upstream repo publishes a release → dispatches event to box/npm-box
  2. This workflow compares the new version against the current dep version
  3. Updates package.json with the new version
  4. Creates a PR with the appropriate conventional commit prefix

Test plan

  • Verify workflow syntax is valid
  • Test with a manual repository_dispatch event using gh api
  • Confirm PR is created with correct title and version bump

🤖 Generated with Claude Code

@congminh1254 @claude
ci: add workflow to auto-bump deps on upstream release
8dab526 
When box-node-sdk or boxcli publishes a release, a repository_dispatch
event triggers this workflow to update the dependency version in
package.json and open a PR with the appropriate conventional commit type
(feat!/feat/fix) matching the semver bump.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@congminh1254 congminh1254 requested a review from a team June 25, 2026 13:38
congminh1254 and others added 2 commits June 25, 2026 15:41
@congminh1254 @claude
docs: add badges to README
e2bfbb8 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@congminh1254 @claude
ci: add spell-check-lint and semantic PR workflows
da5b2c1 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@socket-security

socket-security Bot commented Jun 25, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedgithub/​amannn/​action-semantic-pull-request@​505e44b4f33b4c801f063838b3f053990ee46ea797100100100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KwiatkowskiML KwiatkowskiML KwiatkowskiML approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@congminh1254 @KwiatkowskiML