Update Deno dependencies with Renovate

[5ouma]

⚠️ Issue

close #

✏️ Description

Update the lock file with GitHub Actions.

• I agree to follow the Code of Conduct.

[Copilot]

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

Files not reviewed (1)

• .github/workflows/deps-update.yml: Language not supported

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (4f11f2b) to head (a9e4f8b).
Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #201   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            6         6           
  Lines           97        97           
  Branches         6         6           
=========================================
  Hits            97        97           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Caution

Review failed

The head commit changed during the review from a9e4f8b to f6b42a5.

Walkthrough

This pull request modifies the repository’s GitHub Actions workflows. A new workflow_call trigger was added to the workflows in .github/workflows/ci.yml and .github/workflows/pre-commit.yml, allowing them to be invoked by other workflows. The dependency update workflow file was removed entirely. Additionally, a new workflow named update-lock.yml was introduced to handle Deno lock file updates on pull requests modifying the deno.json file, with conditions set to trigger subsequent CI and pre-commit jobs based on file changes.

Changes

File(s)	Change Summary
.github/workflows/ci.yml and .github/workflows/pre-commit.yml	Added new event trigger workflow_call that allows these workflows to be invoked by other workflows.
.github/workflows/deps-update.yml	Deleted the workflow that automatically updated dependencies via daily cron and manual triggers.
.github/workflows/update-lock.yml	Introduced a new workflow triggered on pull requests affecting deno.json to update the lock file and conditionally trigger the CI and pre-commit workflows based on file changes.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/update-lock.yml (1)

28-38: Conditional Execution of Downstream CI and Pre-commit Jobs

The downstream jobs (ci and pre-commit) are configured to run only when the update job’s output (file_changed) is 'true'. This conditional setup is effective for triggering additional checks only when necessary. Verify that the comparison against the string 'true' aligns with how file_changed is output from the update action.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b3e1169 and 6eaaf0a.

📒 Files selected for processing (4)

• .github/workflows/ci.yml (1 hunks)
• .github/workflows/deps-update.yml (0 hunks)
• .github/workflows/pre-commit.yml (1 hunks)
• .github/workflows/update-lock.yml (1 hunks)

💤 Files with no reviewable changes (1)

• .github/workflows/deps-update.yml

🔇 Additional comments (6)

.github/workflows/ci.yml (2)

16-16: Enhanced Workflow Reusability with "workflow_call" Trigger

The addition of the workflow_call: trigger (line 16) enables this CI workflow to be invoked from other workflows. This modular approach improves integration and reuse. Please verify that all workflows intended to call this one have been updated accordingly.

---

1-15: Overall CI Workflow Structure

The rest of the workflow remains well configured with appropriate triggers for push and pull_request, and clear job definitions for linting, formatting, type checking, testing, and a dry-run publish. No additional changes are required here.

Also applies to: 17-104

.github/workflows/pre-commit.yml (2)

8-8: Improved Pre-commit Workflow Trigger

Adding the workflow_call: trigger (line 8) enhances the flexibility of triggering pre-commit checks from other workflows. This change aligns it with the modular reusability improvements made to the CI workflow.

---

1-7: Pre-commit Workflow Configuration

The overall configuration is clear, with triggers for push and pull_request alongside the new workflow_call trigger. The job definition that runs the pre-commit check leverages the custom action appropriately.

Also applies to: 9-19

.github/workflows/update-lock.yml (2)

1-7: New Lock File Update Workflow Trigger Setup

This new workflow is triggered on pull requests modifying deno.json, which is a suitable trigger for updating the Deno lock file. The specified path pattern appears appropriate for the project structure.

---

11-27: Lock File Update Job Configuration

The update job is well configured:

• It runs only when the actor is renovate[bot] (line 15), ensuring that automated dependency updates trigger this job.
• The job checks out the repository and uses the 5ouma/utils/update-deno-lock-file@main action.
• The output file_changed is then captured and passed on.

Please confirm that the action reliably provides the expected file_changed output, as it forms the condition for the downstream jobs.

[5ouma]

@coderabbitai fullreview

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get a list of changed files in this PR
git diff --name-status HEAD^..HEAD

Length of output: 230

---

🏁 Script executed:

#!/bin/bash
# Check git status and information about the repo
echo "=== Git Status ==="
git status

echo -e "\n=== Current Branch ==="
git branch

echo -e "\n=== Repository Information ==="
git remote -v

echo -e "\n=== List Files in Main Directories ==="
ls -la .github/workflows/

Length of output: 968

---

🏁 Script executed:

#!/bin/bash
# Check the content of update-lock.yml (new file)
echo "=== Content of update-lock.yml ==="
cat .github/workflows/update-lock.yml

echo -e "\n=== Content of ci.yml ==="
cat .github/workflows/ci.yml

echo -e "\n=== Content of pre-commit.yml ==="
cat .github/workflows/pre-commit.yml

# Check if deps-update.yml still exists
echo -e "\n=== Checking for deps-update.yml ==="
if [ -f ".github/workflows/deps-update.yml" ]; then
  echo "deps-update.yml exists"
  cat .github/workflows/deps-update.yml
else
  echo "deps-update.yml has been deleted"
  # Let's try to find it in the git history
  echo -e "\n=== Looking for deleted deps-update.yml in git history ==="
  git log --diff-filter=D --summary | grep -A2 "deps-update.yml" | head -n 3
fi

# Get the diff of ci.yml to see what changed
echo -e "\n=== Diff for ci.yml ==="
git diff main...coderabbit_201 -- .github/workflows/ci.yml

# Get the diff of pre-commit.yml to see what changed
echo -e "\n=== Diff for pre-commit.yml ==="
git diff main...coderabbit_201 -- .github/workflows/pre-commit.yml

Length of output: 4855

---

🏁 Script executed:

#!/bin/bash
# Try to get more information about the PR and its changes
echo "=== Checking git log ==="
git log --oneline -n 5

echo -e "\n=== Commit message of the latest commit ==="
git log -n 1 --pretty=format:"%s%n%b"

# List all files in the current branch
echo -e "\n=== PR files comparison ==="
git ls-files | grep -E ".github/workflows" | sort

# Look for the deleted file in the main branch
echo -e "\n=== Check if deps-update.yml exists in main branch ==="
git checkout main -- .github/workflows/deps-update.yml 2>/dev/null && echo "File exists in main branch" || echo "File doesn't exist in main branch"

# If it exists in main branch, show its content
if [ -f ".github/workflows/deps-update.yml" ]; then
  echo -e "\n=== Content of deps-update.yml from main branch ==="
  cat .github/workflows/deps-update.yml
  # Cleanup
  rm .github/workflows/deps-update.yml
fi

# Get more detailed information about deno.json
echo -e "\n=== Look for deno.json ==="
find . -name "deno.json" -type f

Length of output: 1658

---

🏁 Script executed:

#!/bin/bash
# Get the content of deno.json
echo "=== Content of deno.json ==="
cat ./deno.json

# Check if there's information about Renovate in the repo
echo -e "\n=== Check for Renovate configuration ==="
find . -name "renovate.json" -o -name ".renovaterc" -o -name ".renovaterc.json" 2>/dev/null

# Check for renovate config in package.json or other locations
echo -e "\n=== Additional Renovate config checks ==="
grep -r "renovate" --include="*.json" .

# Get information about the deno lock file
echo -e "\n=== Check deno.lock ==="
if [ -f "deno.lock" ]; then
  echo "deno.lock exists"
  head -n 20 deno.lock  # Show just the first 20 lines as it might be large
else
  echo "deno.lock doesn't exist"
fi

Length of output: 2326

---

@5ouma I'll perform a full review of your PR #201 "Update Deno dependencies with Renovate".

🔍 PR Review

Overall Changes

This PR changes how Deno dependencies are managed in the project:

1. Removes the scheduled dependency update workflow (.github/workflows/deps-update.yml) that used molt-action
2. Adds a new workflow (.github/workflows/update-lock.yml) that responds to Renovate PRs
3. Modifies existing workflows to support being called by the new workflow

Detailed Analysis

✅ Positive Aspects

• The new approach using Renovate is more maintainable as it separates dependency updates into individual PRs
• Adding workflow_call triggers to existing workflows promotes code reuse
• The conditional CI triggers ensure that tests only run when changes are actually made
• Specific handling for Renovate bot PRs allows for automated updates

🔧 Implementation Details

• The new workflow only runs when deno.json is modified by Renovate bot
• It updates the lock file and outputs whether changes were made
• Subsequent jobs (CI and pre-commit) only run if the lock file changed
• The checkout changes (fetch-depth: 2 and git checkout HEAD^) ensure proper testing of changes

🤔 Considerations

• The workflow is specifically designed for Renovate and won't run for manual dependency updates
• The implementation assumes Renovate will be the primary method for dependency updates

Conclusion

This is a well-structured change that modernizes the dependency management approach. By switching from scheduled bulk updates to Renovate-driven targeted updates, the project will have better visibility into individual dependency changes, making reviews more straightforward.

The changes are focused and minimal, only modifying what's needed to implement the new workflow while reusing existing CI and pre-commit checks.

I recommend approving this PR as it improves the development process without introducing significant risks.