diff --git a/.github/WORKFLOWS.md b/.github/WORKFLOWS.md index 7c6a75a6e..fca0d4f1d 100644 --- a/.github/WORKFLOWS.md +++ b/.github/WORKFLOWS.md @@ -240,6 +240,51 @@ Generates and updates CHANGELOG.md from git history. **Note**: Requires `cliff.toml` configuration file for customization. +### 13. Auto-fix pnpm-lock.yaml Conflicts + +**File**: `pnpm-lock-autofix.yml` +**Triggers**: Pull Requests (when pnpm-lock.yaml or package.json files change) + +Automatically detects and resolves `pnpm-lock.yaml` merge conflicts. + +**What It Does**: +1. Detects when a PR has merge conflicts with the base branch +2. Checks if the conflict is only in `pnpm-lock.yaml` +3. Automatically regenerates the lockfile by running `pnpm install` +4. Commits and pushes the resolved lockfile back to the PR +5. Notifies the PR author with a comment + +**When It Runs**: +- When a PR is opened, synchronized, or reopened +- Only if `pnpm-lock.yaml` or any `package.json` files are modified +- Only for PRs from the same repository (not forks, for security) + +**Behavior**: + +```mermaid +graph TD + A[PR Updated] --> B{Has merge conflicts?} + B -->|No| C[Skip - No action needed] + B -->|Yes| D{Only pnpm-lock.yaml?} + D -->|Yes| E[Regenerate lockfile] + E --> F[Commit & Push] + F --> G[Comment: Success] + D -->|No| H[Comment: Manual resolution needed] +``` + +**Benefits**: +- Eliminates manual resolution of lockfile conflicts +- Reduces merge friction in monorepo environments +- Saves developer time on routine lockfile conflicts +- Ensures lockfile consistency across branches + +**When Manual Resolution Is Needed**: +- If conflicts exist in files other than `pnpm-lock.yaml` +- If the PR is from a fork (security restriction) +- If `pnpm install` fails for any reason + +**Security**: Only runs on PRs from the same repository to prevent malicious code execution from forks. + ## Security Features ### CodeQL Analysis @@ -316,6 +361,10 @@ Add these badges to show workflow status: **Problem**: CodeQL analysis fails - **Solution**: Check for syntax errors, review CodeQL logs +**Problem**: pnpm-lock.yaml merge conflicts +- **Solution**: The `pnpm-lock-autofix.yml` workflow automatically resolves these conflicts +- **Manual Fix**: Run `pnpm install --no-frozen-lockfile` and commit the updated lockfile + ### Getting Help - Check [GitHub Actions documentation](https://docs.github.com/en/actions) @@ -347,6 +396,7 @@ Potential workflow additions: - [ ] Integration tests with examples - [ ] Automated component documentation generation - [ ] npm package publishing automation +- [x] Automatic pnpm-lock.yaml conflict resolution (implemented) ## Resources diff --git a/.github/workflows/pnpm-lock-autofix.yml b/.github/workflows/pnpm-lock-autofix.yml new file mode 100644 index 000000000..5878b8b93 --- /dev/null +++ b/.github/workflows/pnpm-lock-autofix.yml @@ -0,0 +1,185 @@ +name: Auto-fix pnpm-lock.yaml Conflicts + +on: + pull_request: + types: [opened, synchronize, reopened] + paths: + - 'pnpm-lock.yaml' + - 'package.json' + - '**/package.json' + +permissions: + contents: write + pull-requests: write + +jobs: + autofix-lockfile: + name: Auto-fix pnpm-lock.yaml + runs-on: ubuntu-latest + + # Only run on PRs from the same repository (not forks) for security + if: github.event.pull_request.head.repo.full_name == github.repository + + steps: + - name: Checkout PR branch + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Configure Git + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + - name: Check for merge conflicts + id: check_conflicts + run: | + # Fetch the base branch + git fetch origin ${{ github.event.pull_request.base.ref }} + + # Try to merge base into current branch + if git merge --no-commit --no-ff origin/${{ github.event.pull_request.base.ref }} 2>&1 | tee merge_output.txt; then + echo "has_conflicts=false" >> $GITHUB_OUTPUT + git merge --abort 2>/dev/null || true + else + # Check if conflicts exist + if grep -q "CONFLICT" merge_output.txt; then + echo "has_conflicts=true" >> $GITHUB_OUTPUT + + # Check if pnpm-lock.yaml has conflicts + if git status | grep -q "pnpm-lock.yaml"; then + echo "lockfile_conflict=true" >> $GITHUB_OUTPUT + else + echo "lockfile_conflict=false" >> $GITHUB_OUTPUT + fi + + git merge --abort 2>/dev/null || true + else + echo "has_conflicts=false" >> $GITHUB_OUTPUT + fi + fi + + - name: Setup pnpm + if: steps.check_conflicts.outputs.lockfile_conflict == 'true' + uses: pnpm/action-setup@v4 + with: + version: 10 + + - name: Setup Node.js + if: steps.check_conflicts.outputs.lockfile_conflict == 'true' + uses: actions/setup-node@v4 + with: + node-version: '20.x' + cache: 'pnpm' + + - name: Resolve lockfile conflicts + if: steps.check_conflicts.outputs.lockfile_conflict == 'true' + id: resolve + run: | + echo "🔧 Attempting to resolve pnpm-lock.yaml conflicts..." + + # Merge the base branch + git merge origin/${{ github.event.pull_request.base.ref }} || true + + # Check if only pnpm-lock.yaml has conflicts + CONFLICT_FILES=$(git diff --name-only --diff-filter=U) + echo "Conflicted files: $CONFLICT_FILES" + + # Only proceed if pnpm-lock.yaml is the only conflicted file + if [ "$CONFLICT_FILES" = "pnpm-lock.yaml" ]; then + echo "Only pnpm-lock.yaml has conflicts. Regenerating lockfile..." + + # Remove the conflicted lockfile + # We remove it completely to let pnpm regenerate from package.json files + # This ensures both branches' dependency changes are merged correctly + rm -f pnpm-lock.yaml + + # Regenerate the lockfile + pnpm install --no-frozen-lockfile + + # Check if lockfile was modified + if git diff --quiet pnpm-lock.yaml; then + echo "resolved=false" >> $GITHUB_OUTPUT + echo "reason=no_changes" >> $GITHUB_OUTPUT + else + # Stage and commit the resolved lockfile + git add pnpm-lock.yaml + git commit -m "chore: auto-resolve pnpm-lock.yaml conflicts" \ + -m "" \ + -m "Automatically regenerated pnpm-lock.yaml to resolve merge conflicts." \ + -m "" \ + -m "Co-authored-by: github-actions[bot] " + + git push origin ${{ github.event.pull_request.head.ref }} + + echo "resolved=true" >> $GITHUB_OUTPUT + echo "✅ Successfully resolved and pushed pnpm-lock.yaml" + fi + else + echo "⚠️ Multiple files have conflicts. Manual resolution required." + echo "Conflicted files:" + echo "$CONFLICT_FILES" + echo "resolved=false" >> $GITHUB_OUTPUT + echo "reason=multiple_conflicts" >> $GITHUB_OUTPUT + fi + + - name: Comment on PR - Success + if: steps.resolve.outputs.resolved == 'true' + uses: actions/github-script@v7 + with: + script: | + const message = `🤖 **Auto-fix Applied** + + ✅ Successfully resolved \`pnpm-lock.yaml\` merge conflicts! + + The lockfile has been automatically regenerated and committed to this PR. + Please review the changes and re-run any necessary checks. + +
+ What happened? + + When merging branches, \`pnpm-lock.yaml\` conflicts are common because multiple branches may have updated dependencies independently. This automation detected the conflict and regenerated the lockfile by running \`pnpm install\`, which merges the dependency changes from both branches. + +
`; + + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: message + }); + + - name: Comment on PR - Multiple Conflicts + if: steps.resolve.outputs.reason == 'multiple_conflicts' + uses: actions/github-script@v7 + with: + script: | + const message = `🤖 **Auto-fix Skipped** + + ⚠️ This PR has merge conflicts in multiple files, not just \`pnpm-lock.yaml\`. + + **Action Required**: Please resolve the conflicts manually: + + \`\`\`bash + # Merge the base branch into your branch + git fetch origin + git merge origin/${{ github.event.pull_request.base.ref }} + + # Resolve conflicts in other files first + # Then regenerate pnpm-lock.yaml + pnpm install --no-frozen-lockfile + + # Commit and push + git add . + git commit -m "chore: resolve merge conflicts" + git push + \`\`\``; + + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: message + }); diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 06d63e4ce..9fd7ad2e3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,6 +14,7 @@ Thank you for your interest in contributing to Object UI! This document provides - [Pull Request Process](#pull-request-process) - [Documentation](#documentation) - [Adding Components](#adding-components) +- [Troubleshooting](#troubleshooting) - [Questions & Support](#questions--support) ## Getting Started @@ -368,6 +369,24 @@ Our repository includes several automated GitHub workflows that will run when yo - **Auto-labeling**: Automatically labels PRs based on changed files - **Bundle Size**: Reports bundle size changes in PR comments - **PR Checks**: Validates PR requirements and posts status +- **Lockfile Auto-fix**: Automatically resolves `pnpm-lock.yaml` merge conflicts + +#### Lockfile Conflict Resolution + +When you create a PR that has merge conflicts in `pnpm-lock.yaml`, our automation will: + +1. **Detect the conflict** automatically +2. **Regenerate the lockfile** by running `pnpm install` +3. **Commit the fix** back to your PR branch +4. **Notify you** with a comment explaining what happened + +**What this means for you:** +- No need to manually resolve `pnpm-lock.yaml` conflicts +- Your PR will be automatically updated with the resolved lockfile +- You can focus on code changes, not dependency conflicts + +**When manual resolution is needed:** +If your PR has conflicts in files **other than** `pnpm-lock.yaml`, the automation will notify you with instructions for manual resolution. #### What to Expect 1. All checks must pass before merging @@ -569,6 +588,62 @@ git push origin feat/add-date-picker 5. **Add documentation** in `docs/components/my-component.md` +## Troubleshooting + +### pnpm-lock.yaml Conflicts + +**Problem**: You have merge conflicts in `pnpm-lock.yaml` + +**Solution**: Our automated workflow will resolve this for you! Just wait for the bot to regenerate and commit the lockfile. + +**Manual Resolution** (if needed): +```bash +# Update your branch with the latest changes from main +git fetch origin +git merge origin/main + +# If only pnpm-lock.yaml has conflicts, regenerate it +pnpm install --no-frozen-lockfile + +# Commit and push +git add pnpm-lock.yaml +git commit -m "chore: resolve pnpm-lock.yaml conflicts" +git push +``` + +### Dependency Issues + +**Problem**: `pnpm install` fails or dependencies are missing + +**Solution**: +```bash +# Clear cache and reinstall +rm -rf node_modules +rm -rf .pnpm-store +pnpm store prune +pnpm install +``` + +### Build Failures + +**Problem**: `pnpm build` fails with errors + +**Solution**: +1. Check TypeScript errors: Run `pnpm build` in the specific package +2. Ensure dependencies are installed: `pnpm install` +3. Clear build artifacts: `rm -rf dist` in the package directory +4. Rebuild: `pnpm build` + +### Test Failures + +**Problem**: Tests are failing locally but pass in CI + +**Solution**: +1. Ensure you're on the correct Node.js version (18.x or 20.x) +2. Clear test cache: `pnpm test --clearCache` (if using Jest) +3. Update snapshots if needed: `pnpm test -u` +4. Ensure all dependencies are installed: `pnpm install` + ## Questions & Support ### Where to Ask Questions