chore(deps): add workflow to update lockfile (#1729)

.github/dependabot.yml

@@ -2,59 +2,67 @@ version: 2
 updates:
   - package-ecosystem: 'npm'
     directory: /
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 1
     schedule:
       interval: 'weekly'
     commit-message:
       prefix: 'chore(repo):'
     groups:
-      all-dependencies:
+      all:
         patterns:
           - '*'
+
   - package-ecosystem: 'npm'
     directory: '/apis/gear'
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 1
     schedule:
       interval: 'weekly'
     commit-message:
       prefix: 'chore(api):'
     groups:
-      all-dependencies:
-        patterns:
-          - '*'
+      development:
+        dependency-type: 'development'
+      production:
+        dependency-type: 'production'
+
   - package-ecosystem: 'npm'
     directories:
       - '/idea/gear/*'
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 1
     schedule:
       interval: 'weekly'
     commit-message:
       prefix: 'chore(gear-idea):'
     groups:
-      all-dependencies:
-        patterns:
-          - '*'
+      development:
+        dependency-type: 'development'
+      production:
+        dependency-type: 'production'
+
   - package-ecosystem: 'npm'
     directories:
       - '/utils/*'
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 1
     schedule:
       interval: 'weekly'
     commit-message:
       prefix: 'chore(utils):'
     groups:
-      all-dependencies:
-        patterns:
-          - '*'
+      development:
+        dependency-type: 'development'
+      production:
+        dependency-type: 'production'
+
   - package-ecosystem: 'npm'
     directories:
       - '/tools/*'
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 1
     schedule:
       interval: 'weekly'
     commit-message:
       prefix: 'chore(tools):'
     groups:
-      all-dependencies:
-        patterns:
-          - '*'
+      development:
+        dependency-type: 'development'
+      production:
+        dependency-type: 'production'

.github/workflows/update-lockfile.yml

@@ -0,0 +1,35 @@
+# This workflow is needed to update yarn.lock file on dependabot PRs
+# It is needed because dependabot doesn't support yarn v4 yet
+# After https://github.com/dependabot/dependabot-core/issues/8610 is resolved, this workflow should be removed
+
+name: 'Update yarn.lock'
+
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - '**/package.json'
+
+jobs:
+  update-lockfile:
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+
+      - name: 'Install Node.js 20.x'
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+
+      - name: 'Update lock file'
+        run: yarn install --mode=update-lockfile
+
+      - name: 'Commit changes'
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: 'chore: update yarn.lock'
+          file_pattern: 'yarn.lock'