pr-package-json-comment.yml•3.64 kB
name: PR Package.json Comment
on:
pull_request:
types: [opened, synchronize, reopened]
paths:
- 'package.json'
permissions:
contents: read
pull-requests: write
jobs:
comment-on-package-json-changes:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Get package.json changes
id: package-changes
run: |
# Get the base branch (usually main)
BASE_BRANCH="${{ github.event.pull_request.base.ref }}"
HEAD_BRANCH="${{ github.event.pull_request.head.sha }}"
# Get the diff for package.json
git diff origin/${BASE_BRANCH}...${HEAD_BRANCH} -- package.json > package_diff.txt
# Check if there are actual changes
if [ -s package_diff.txt ]; then
echo "changes_detected=true" >> $GITHUB_OUTPUT
echo "Package.json has been modified in this PR"
else
echo "changes_detected=false" >> $GITHUB_OUTPUT
echo "No changes detected in package.json"
fi
- name: Comment on PR
if: steps.package-changes.outputs.changes_detected == 'true'
uses: actions/github-script@v8
with:
script: |
const fs = require('fs');
// Read the package.json diff
let diffContent = '';
try {
diffContent = fs.readFileSync('package_diff.txt', 'utf8');
} catch (error) {
console.log('Could not read diff file:', error);
diffContent = 'Unable to read package.json diff';
}
// Create the comment body
const commentBody = `## 📦 Package.json Changes Detected
This PR modifies \`package.json\`. Please review the following changes carefully, and tick the following checklist boxes:
### Checklist for Reviewers
- [ ] Verify that new and/or updated dependencies are necessary and from trusted sources
- [ ] Review any script changes for (security) implications
- [ ] Verify whether a new version should be released after merging the PR
### Package.json Diff
\`\`\`diff
${diffContent}
\`\`\`
---
_This comment was automatically generated by the PR Package.json Comment workflow._`;
// Check if we already commented on this PR
const comments = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
const existingComment = comments.data.find(comment =>
comment.body.includes('📦 Package.json Changes Detected') &&
comment.user.type === 'Bot'
);
if (existingComment) {
// Update existing comment
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: existingComment.id,
body: commentBody
});
console.log('Updated existing comment');
} else {
// Create new comment
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: commentBody
});
console.log('Created new comment');
}