generated from nhcarrigan/template
hikari
d9f959d115
## Summary Minori now automatically merges dependency update PRs when they meet safety criteria, reducing manual work whilst maintaining safety for potentially breaking changes. ## Changes - β¨ Add version comparison utility to detect major version bumps - β¨ Add Gitea service methods for checking commit status and merging PRs - β¨ Add auto-merge logic that checks: - Is it a major version bump? (if yes, skip auto-merge) - Did CI checks pass? (if no, skip auto-merge) - If both conditions pass β auto-merge! π - β Add comprehensive tests for all new functionality - π Maintain ~94% test coverage ## How It Works When Minori processes a dependency update: 1. Check if a PR already exists for that dependency 2. If it exists, verify: - **Not a major version bump** (major bumps need manual review) - **CI status = "success"** (all checks must pass) 3. If both conditions are met β automatically merge the PR and delete the branch ## Test Plan - [x] All 114 tests passing - [x] New tests for version comparison utility - [x] New tests for Gitea service extensions - [x] Build successful - [x] Linting clean --- β¨ This PR was created with help from Hikari~ πΈ Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com> Reviewed-on: #5 Co-authored-by: Hikari <hikari@nhcarrigan.com> Co-committed-by: Hikari <hikari@nhcarrigan.com>
Minori - Dependency Update Manager
Minori is an automated dependency management system for Gitea repositories. It checks all repositories in your organisation for outdated npm dependencies and creates pull requests with changelogs for each update.
Features
- π Scans all repositories in a Gitea organisation
- π¦ Checks npm dependencies for updates
- π Fetches changelogs from GitHub releases when available
- π Creates individual PRs for each dependency update
- β° Runs on a configurable schedule or one-time
- πΈ Adds a friendly signature to each PR
Prerequisites
- Node.js v20 or higher
- pnpm package manager
- A Gitea instance with API access
- 1Password CLI (for secret management)
Installation
- Clone the repository:
git clone https://git.nhcarrigan.com/nhcarrigan/minori.git
cd minori
- Install dependencies:
pnpm install
- Build the project:
pnpm build
Configuration
Minori uses the prod.env file for secrets management with 1Password vault references:
# Gitea Authentication
GITEA_TOKEN=op://Personal/Gitea Personal Access Token/credential
Other configuration values are set in src/config.ts:
GITEA_URL: https://git.nhcarrigan.comGITEA_ORG: nhcarriganCHECK_INTERVAL: 0 7 * * * (daily at 7am)PR_BRANCH_PREFIX: dependencies/update-
Required Permissions
Your Gitea personal access token needs the following permissions:
- Read access to repositories
- Write access to create branches
- Write access to create pull requests
- Write access to push commits
Usage
Run Once (Testing)
To run a single dependency check without scheduling:
RUN_ONCE=true op run --env-file=prod.env -- node prod/index.js
Note: RUN_ONCE is a runtime flag, not a configuration value
Run as Service
To run continuously on a schedule:
op run --env-file=prod.env -- node prod/index.js
Systemd Service (Production)
Create a systemd service file at /etc/systemd/system/minori.service:
[Unit]
Description=Minori Dependency Update Manager
After=network.target
[Service]
Type=simple
User=naomi
WorkingDirectory=/path/to/minori
ExecStart=/usr/bin/op run --env-file=prod.env -- /usr/bin/node prod/index.js
Restart=on-failure
RestartSec=30
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
Enable and start the service:
sudo systemctl enable minori
sudo systemctl start minori
How It Works
- Repository Discovery: Minori fetches all repositories from your Gitea organisation
- Package Analysis: For each repository with a
package.json, it checks all dependencies - Version Comparison: Compares current versions with latest npm releases
- PR Creation: For each outdated dependency:
- Creates a new branch
- Updates the version in
package.json - Fetches changelog information
- Creates a pull request with details
- Deduplication: Skips creating PRs if one already exists for that dependency
Development
# Install dependencies
pnpm install
# Run linting
pnpm lint
# Build the project
pnpm build
# Run tests
pnpm test
Scripts
pnpm lint- Run ESLintpnpm build- Build TypeScript to JavaScriptpnpm start- Run the built application with 1Passwordpnpm test- Run tests (placeholder)
License
See LICENSE.md
Credits
Created with π by Naomi Carrigan
β¨ Minori was built with help from Hikari~ πΈ