Medplum

name: Upgrade dependencies on: workflow_dispatch: inputs: cooldown: description: 'Minimum age (in days) for packages to be considered for upgrade' required: false type: string excludes: description: 'Additional packages to exclude from upgrades (space separated)' required: false type: string schedule: # Every Monday at 9:00 AM UTC # Every Monday at 1:00 AM PST (2:00 AM PDT) - cron: '0 9 * * 1' permissions: contents: read jobs: upgrade-dependencies: name: Upgrade dependencies runs-on: ubuntu-latest steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 token: ${{ secrets.MEDPLUM_BOT_GITHUB_ACCESS_TOKEN }} - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: '24' registry-url: 'https://registry.npmjs.org' # npm 11.6.2 is currently bundled with Node v24 and has an irksome bug affecting # `peer` attributes in the lockfile (https://github.com/npm/cli/issues/8690). # Upgrade to a patched version; this should be removed after Node has a tagged # release incorporating npm@11.6.3 or later. - name: Upgrade NPM run: npm install --global npm@11.7.0 - name: Setup git run: | git config --global user.email "${{ secrets.MEDPLUM_BOT_EMAIL }}" git config --global user.name "${{ secrets.MEDPLUM_BOT_NAME }}" - name: Upgrade dependencies run: ./scripts/upgrade.sh --cooldown="${{ inputs.cooldown }}" --exclude="${{ inputs.excludes }}" env: GITHUB_TOKEN: ${{ secrets.MEDPLUM_BOT_GITHUB_ACCESS_TOKEN }}