From b3cab8440e834f89497f087dff6cfecd85895246 Mon Sep 17 00:00:00 2001
From: Dmitryii Osipov <dmith.osipov@gmail.com>
Date: Tue, 21 Jan 2025 15:41:30 +0700
Subject: [PATCH] chore(deps): add workflow to update lockfile (#1729)

---
 .github/dependabot.yml                | 44 ++++++++++++++++-----------
 .github/workflows/update-lockfile.yml | 35 +++++++++++++++++++++
 2 files changed, 61 insertions(+), 18 deletions(-)
 create mode 100644 .github/workflows/update-lockfile.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 4b22ec85a..f1e70f796 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,59 +2,67 @@ version: 2
 updates:
   - package-ecosystem: 'npm'
     directory: /
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 1
     schedule:
       interval: 'weekly'
     commit-message:
       prefix: 'chore(repo):'
     groups:
-      all-dependencies:
+      all:
         patterns:
           - '*'
+
   - package-ecosystem: 'npm'
     directory: '/apis/gear'
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 1
     schedule:
       interval: 'weekly'
     commit-message:
       prefix: 'chore(api):'
     groups:
-      all-dependencies:
-        patterns:
-          - '*'
+      development:
+        dependency-type: 'development'
+      production:
+        dependency-type: 'production'
+
   - package-ecosystem: 'npm'
     directories:
       - '/idea/gear/*'
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 1
     schedule:
       interval: 'weekly'
     commit-message:
       prefix: 'chore(gear-idea):'
     groups:
-      all-dependencies:
-        patterns:
-          - '*'
+      development:
+        dependency-type: 'development'
+      production:
+        dependency-type: 'production'
+
   - package-ecosystem: 'npm'
     directories:
       - '/utils/*'
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 1
     schedule:
       interval: 'weekly'
     commit-message:
       prefix: 'chore(utils):'
     groups:
-      all-dependencies:
-        patterns:
-          - '*'
+      development:
+        dependency-type: 'development'
+      production:
+        dependency-type: 'production'
+
   - package-ecosystem: 'npm'
     directories:
       - '/tools/*'
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 1
     schedule:
       interval: 'weekly'
     commit-message:
       prefix: 'chore(tools):'
     groups:
-      all-dependencies:
-        patterns:
-          - '*'
+      development:
+        dependency-type: 'development'
+      production:
+        dependency-type: 'production'
diff --git a/.github/workflows/update-lockfile.yml b/.github/workflows/update-lockfile.yml
new file mode 100644
index 000000000..f483c16e6
--- /dev/null
+++ b/.github/workflows/update-lockfile.yml
@@ -0,0 +1,35 @@
+# This workflow is needed to update yarn.lock file on dependabot PRs
+# It is needed because dependabot doesn't support yarn v4 yet
+# After https://github.com/dependabot/dependabot-core/issues/8610 is resolved, this workflow should be removed
+
+name: 'Update yarn.lock'
+
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - '**/package.json'
+
+jobs:
+  update-lockfile:
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+
+      - name: 'Install Node.js 20.x'
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+
+      - name: 'Update lock file'
+        run: yarn install --mode=update-lockfile
+
+      - name: 'Commit changes'
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: 'chore: update yarn.lock'
+          file_pattern: 'yarn.lock'