Skip to content

Add dependency update workflow action#389

Merged
marccampbell merged 2 commits into
mainfrom
feat/dependency-update-workflow-step
Jun 10, 2026
Merged

Add dependency update workflow action#389
marccampbell merged 2 commits into
mainfrom
feat/dependency-update-workflow-step

Conversation

@marccampbell

@marccampbell marccampbell commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Add a built-in on_enter.dependency_updates workflow action for issue Built-in dependency update workflow step #383.
  • Discover Go and npm manifests, run ecosystem-native update tooling, and persist structured JSON output for later stages.
  • Support config defaults for ecosystems, paths, grouping, major-update behavior, allow/ignore filters, output name, timeout, and continue-on-error behavior.
  • Add tests for YAML parsing, config defaults, manifest discovery, path containment, and generated command output shape.

Accurate workflow example

This PR implements the dependency updater as a workflow stage on_enter action, not as a steps[].uses action. A cron workflow should use the current workflow/stage shape:

schema_version: v1
name: dependency-maintenance
enabled: true

trigger:
  cron:
    schedule: "0 9 * * 1"
    timezone: "America/Chicago"
    overlap_policy: skip

provider: daytona
tags: ["dependencies"]

stages:
  - id: update_dependencies
    label: Update Dependencies
    entry: true
    on_enter:
      dependency_updates:
        ecosystems: [go, npm]
        paths: ["."]
        grouping: all
        include_major: false
        separate_major: true
        separate_security: true
        separate_runtime: true
        allow: ["*"]
        ignore: []
        output: dependency_updates
        timeout: 30m
      inject: |
        Dependency update metadata:
        {{ .Outputs.dependency_updates.files_changed }}

        Run tests. If files changed and tests pass, open one grouped PR.
        If tests fail, fix the failures or explain why the update should be skipped.
        Say [DONE] when finished.

  - id: complete
    label: Complete
    triggers:
      - message_contains: "[DONE]"
    terminal: true

The action updates files and emits structured metadata. It does not run tests, commit changes, or open a PR by itself; later workflow stages and agent instructions handle those decisions.

Validation

  • env GOCACHE=/private/tmp/elasticclaw-go-build go test ./...

Closes #383

@marccampbell marccampbell mentioned this pull request Jun 10, 2026
Merged
@greptile-apps

greptile-apps Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Reviews (1): Last reviewed commit: "Add dependency update workflow action" | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Jun 10, 2026
View reviewed changes
Comment thread pkg/hub/dependency_updates.go Outdated
Comment thread pkg/hub/dependency_updates.go Outdated
@greptile-apps

greptile-apps Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Reviews (2): Last reviewed commit: "Address dependency update review feedbac..." | Re-trigger Greptile

@marccampbell marccampbell merged commit da1a4de into main Jun 10, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@AnaBerg AnaBerg AnaBerg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Built-in dependency update workflow step

2 participants

@marccampbell @AnaBerg