@@ -519,35 +519,61 @@ async function initDependabot(projectPath: string, answers: InitAnswers) {
519519 await removeFiles ( projectPath , files ) // 如果存在 dependabot.yml/mergify.yml
520520 } else {
521521 const pkg : IPackage = await getProjectJson ( projectPath )
522- if ( pkg ?. devDependencies ?. [ 'semantic-release' ] ) { // 如果有 semantic-release 依赖
523- // 解决 semantic-release 高版本出错问题,禁用 semantic-release 版本更新
524- const dependabotPath = path . join ( projectPath , '.github/dependabot.yml' )
525- if ( await fs . pathExists ( dependabotPath ) ) { // 如果存在 dependabot
526- const dependabot : Dependabot = yaml . parse ( await fs . readFile ( dependabotPath , 'utf-8' ) )
527- if ( dependabot ?. updates ?. [ 0 ] [ 'package-ecosystem' ] === 'npm' ) { // 如果为 npm
528- dependabot . updates [ 0 ] . ignore = uniqBy ( [
529- ...dependabot ?. updates ?. [ 0 ] . ignore || [ ] ,
530- {
531- 'dependency-name' : 'semantic-release' ,
532- versions : [ '>= 21.0.1' ] ,
533- } ,
534- {
535- 'dependency-name' : '@commitlint/cli' ,
536- versions : [ '>= 19.0.0' ] ,
537- } ,
538- {
539- 'dependency-name' : '@commitlint/config-conventional' ,
540- versions : [ '>= 19.0.0' ] ,
541- } ,
542- {
543- 'dependency-name' : 'art-template' ,
544- versions : [ '>= 4.13.3' ] , // 高版本涉嫌危险代码,参考 https://github.com/yoimiya-kokomi/Miao-Yunzai/pull/515
545- } ,
546- ] , ( e ) => e [ 'dependency-name' ] )
547- fs . writeFile ( dependabotPath , yaml . stringify ( dependabot ) )
522+ const dependabotPath = path . join ( projectPath , '.github/dependabot.yml' )
523+ if ( await fs . pathExists ( dependabotPath ) ) { // 如果存在 dependabot
524+ const dependabot : Dependabot = yaml . parse ( await fs . readFile ( dependabotPath , 'utf-8' ) )
525+ if ( dependabot ?. updates ?. [ 0 ] [ 'package-ecosystem' ] === 'npm' ) { // 如果为 npm
526+ const dependencies = [ ]
527+ if ( pkg ?. devDependencies ?. [ 'semantic-release' ] ) { // 如果有 semantic-release 依赖
528+ // 解决 semantic-release 高版本出错问题,禁用 semantic-release 版本更新
529+ dependencies . push ( {
530+ 'dependency-name' : 'semantic-release' ,
531+ versions : [ '>= 21.0.1' ] ,
532+ } )
533+ }
534+ if ( pkg ?. devDependencies ?. [ '@commitlint/cli' ] ) { // 如果有 @commitlint/cli 依赖
535+ // 解决 @commitlint/cli 高版本出错问题,禁用 @commitlint/cli 版本更新
536+ dependencies . push ( {
537+ 'dependency-name' : '@commitlint/cli' ,
538+ versions : [ '>= 19.0.0' ] ,
539+ } )
540+ }
541+ if ( pkg ?. devDependencies ?. [ '@commitlint/config-conventional' ] ) { // 如果有 @commitlint/config-conventional 依赖
542+ // 解决 @commitlint/config-conventional 高版本出错问题,禁用 @commitlint/config-conventional 版本更新
543+ dependencies . push ( {
544+ 'dependency-name' : '@commitlint/config-conventional' ,
545+ versions : [ '>= 19.0.0' ] ,
546+ } )
548547 }
548+ if ( pkg ?. dependencies ?. [ 'art-template' ] ) { // 如果有 art-template 依赖
549+ // 高版本涉嫌危险代码,参考 https://github.com/yoimiya-kokomi/Miao-Yunzai/pull/515
550+ dependencies . push ( {
551+ 'dependency-name' : 'art-template' ,
552+ versions : [ '>= 4.13.3' ] ,
553+ } )
554+ }
555+ dependabot . updates [ 0 ] . ignore = uniqBy ( [
556+ ...dependabot ?. updates ?. [ 0 ] . ignore || [ ] ,
557+ ...dependencies ,
558+ ] , ( e ) => e [ 'dependency-name' ] )
549559 }
560+ if ( dependabot ?. updates ?. every ( ( e ) => e [ 'package-ecosystem' ] !== 'github-actions' ) ) { // 如果不存在 github-actions
561+ // 增加 github-actions 版本自动更新
562+ dependabot . updates . push ( {
563+ 'package-ecosystem' : 'github-actions' ,
564+ directory : '/' ,
565+ 'open-pull-requests-limit' : 20 ,
566+ schedule : {
567+ interval : 'weekly' ,
568+ time : '04:00' ,
569+ timezone : 'Asia/Shanghai' ,
570+ } ,
571+ ignore : [ ] ,
572+ } )
573+ }
574+ fs . writeFile ( dependabotPath , yaml . stringify ( dependabot ) )
550575 }
576+
551577 }
552578 } catch ( error ) {
553579 console . error ( error )
0 commit comments