chore: Added a Package.json check workflow that comments on a PR (#77)

christian-kreuzberger-dtx · web-flow · commit d7c84ff32b45 · 2025-07-25T10:42:21.000+02:00
diff --git a/.github/workflows/pr-package-json-comment.yml b/.github/workflows/pr-package-json-comment.yml
@@ -0,0 +1,105 @@
+name: PR Package.json Comment
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths:
+      - 'package.json'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  comment-on-package-json-changes:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Get package.json changes
+        id: package-changes
+        run: |
+          # Get the base branch (usually main)
+          BASE_BRANCH="${{ github.event.pull_request.base.ref }}"
+          HEAD_BRANCH="${{ github.event.pull_request.head.sha }}"
+
+          # Get the diff for package.json
+          git diff origin/${BASE_BRANCH}...${HEAD_BRANCH} -- package.json > package_diff.txt
+
+          # Check if there are actual changes
+          if [ -s package_diff.txt ]; then
+            echo "changes_detected=true" >> $GITHUB_OUTPUT
+            echo "Package.json has been modified in this PR"
+          else
+            echo "changes_detected=false" >> $GITHUB_OUTPUT
+            echo "No changes detected in package.json"
+          fi
+
+      - name: Comment on PR
+        if: steps.package-changes.outputs.changes_detected == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+
+            // Read the package.json diff
+            let diffContent = '';
+            try {
+              diffContent = fs.readFileSync('package_diff.txt', 'utf8');
+            } catch (error) {
+              console.log('Could not read diff file:', error);
+              diffContent = 'Unable to read package.json diff';
+            }
+
+            // Create the comment body
+            const commentBody = `## 📦 Package.json Changes Detected
+
+            This PR modifies \`package.json\`. Please review the following changes carefully, and tick the following checklist boxes:
+
+            ### Checklist for Reviewers
+            - [ ] Verify that new and/or updated dependencies are necessary and from trusted sources
+            - [ ] Review any script changes for (security) implications
+            - [ ] Verify whether a new version should be released after merging the PR
+
+            ### Package.json Diff
+            \`\`\`diff
+            ${diffContent}
+            \`\`\`
+
+            ---
+            _This comment was automatically generated by the PR Package.json Comment workflow._`;
+
+            // Check if we already commented on this PR
+            const comments = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
+
+            const existingComment = comments.data.find(comment =>
+              comment.body.includes('📦 Package.json Changes Detected') &&
+              comment.user.type === 'Bot'
+            );
+
+            if (existingComment) {
+              // Update existing comment
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: existingComment.id,
+                body: commentBody
+              });
+              console.log('Updated existing comment');
+            } else {
+              // Create new comment
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                body: commentBody
+              });
+              console.log('Created new comment');
+            }
