auto approve should process npm package uupdates (#45)

simongdavies · Copilot · web-flow · commit 5fccd4c2701a · 2026-04-09T13:42:15.000Z
* auto approve should process npm package uupdates

Signed-off-by: Simon Davies &lt;simongdavies@users.noreply.github.com&gt;

* Update scripts/auto-approve-dependabot.sh

Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;

---------

Signed-off-by: Simon Davies &lt;simongdavies@users.noreply.github.com&gt;
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/scripts/auto-approve-dependabot.sh b/scripts/auto-approve-dependabot.sh
@@ -18,8 +18,8 @@ REPO="$1"
 echo "Checking for open Dependabot PRs to approve and merge in $REPO..."
 
 # Get all open PRs from dependabot
-# We filter so that only PRs that are not from forks and are in branches starting with "dependabot/cargo" are included.
-dependabot_prs=$(gh pr list -R "$REPO" --author "dependabot[bot]" --state open --json number,title,reviews,headRepositoryOwner,headRefName | jq --arg repo_owner "$(echo "$REPO" | cut -d'/' -f1)" '[.[] | select(.headRepositoryOwner.login == $repo_owner and (.headRefName | startswith("dependabot/cargo")))]')
+# We filter so that only PRs that are not from forks and are in branches starting with "dependabot/cargo" or "dependabot/npm_and_yarn" are included.
+dependabot_prs=$(gh pr list -R "$REPO" --author "dependabot[bot]" --state open --json number,title,reviews,headRepositoryOwner,headRefName | jq --arg repo_owner "$(echo "$REPO" | cut -d'/' -f1)" '[.[] | select(.headRepositoryOwner.login == $repo_owner and ((.headRefName | startswith("dependabot/cargo")) or (.headRefName | startswith("dependabot/npm_and_yarn"))))]')
 # Exit early if no PRs found
 if [ -z "$dependabot_prs" ] || [ "$dependabot_prs" = "[]" ]; then
     echo "No open Dependabot PRs found in $REPO"
@@ -39,16 +39,16 @@ echo "$dependabot_prs" | jq -c '.[]' | while read -r pr; do
     
     # Check if PR only modifies allowed files
     pr_files=$(gh pr view "$pr_number" -R "$REPO" --json files)
-    invalid_files=$(echo "$pr_files" | jq -r '.files[].path' | grep -v -E '(Cargo\.toml|Cargo\.lock)' || true)
+    invalid_files=$(echo "$pr_files" | jq -r '.files[].path' | grep -v -E '(^|/)(Cargo\.toml|Cargo\.lock|package\.json|package-lock\.json)$' || true)
     
     if [ -n "$invalid_files" ]; then
         echo "  ❌ PR #$pr_number modifies files that are not allowed for auto-merge:"
         printf '%s\n' "$invalid_files" | sed 's/^/    - /'
-        echo "  ℹ️ Only changes to Cargo.toml and Cargo.lock are allowed"
+        echo "  ℹ️ Only changes to Cargo.toml, Cargo.lock, package.json, and package-lock.json are allowed"
         continue
     fi
 
-    echo "  ✅ PR #$pr_number only modifies allowed files (Cargo.toml and Cargo.lock)"
+    echo "  ✅ PR #$pr_number only modifies allowed files (Cargo.toml, Cargo.lock, package.json, package-lock.json)"
 
     # First, get detailed PR information including all checks
     pr_details=$(gh pr view "$pr_number" -R "$REPO" --json statusCheckRollup,state)
