Use "Rebuild" workflow instead of "Update dependencies"

.github/dependabot.yml

@@ -5,7 +5,7 @@ updates:
     schedule:
       interval: weekly
     labels:
-      - Update dependencies
+      - Rebuild
     # Ignore incompatible dependency updates
     ignore:
       # There is a type incompatibility issue between v0.0.9 and our other dependencies.

.github/update-release-branch.py

@@ -97,8 +97,8 @@ def open_pr(
   body.append(' - [ ] Ensure the docs team is aware of any documentation changes that need to be released.')
 
   if not is_primary_release:
-    body.append(' - [ ] Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow.')
-    body.append(' - [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies.')
+    body.append(' - [ ] Remove and re-add the "Rebuild" label to the PR to trigger just this workflow.')
+    body.append(' - [ ] Wait for the "Rebuild" workflow to push a commit updating the distribution files.')
 
   body.append(' - [ ] Mark the PR as ready for review to trigger the full set of PR checks.')
   body.append(' - [ ] Approve and merge this PR. Make sure `Create a merge commit` is selected rather than `Squash and merge` or `Rebase and merge`.')
@@ -108,7 +108,7 @@ def open_pr(
     body.append(' - [ ] Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.')
 
   title = f'Merge {source_branch} into {target_branch}'
-  labels = ['Update dependencies'] if not is_primary_release else []
+  labels = ['Rebuild'] if not is_primary_release else []
 
   # Create the pull request
   # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft so that
@@ -389,7 +389,7 @@ def main():
 
     # Migrate the package version number from a vLatest version number to a vOlder version number
     print(f'Setting version number to {version} in package.json')
-    replace_version_package_json(get_current_version(), version) # We rely on the `Update dependencies` workflow to update package-lock.json
+    replace_version_package_json(get_current_version(), version) # We rely on the `Rebuild` workflow to update package-lock.json
     run_git('add', 'package.json')
 
     # Migrate the changelog notes from vLatest version numbers to vOlder version numbers

.github/workflows/post-release-mergeback.yml

@@ -3,7 +3,7 @@
 #    tag
 # 2. Updates the `vN` tag to refer to this merge commit.
 # 3. Iff vN == vLatest, merges any changes from the release back into the main branch.
-#    Typically, this is two commits – one to update the version number and one to update dependencies.
+#    Typically, this is two commits – one to update the version number and one to rebuild.
 name: Tag release and merge back
 
 on:
@@ -138,8 +138,8 @@ jobs:
 
             Please do the following:
 
-            - [ ] Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow.
-            - [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies.
+            - [ ] Remove and re-add the "Rebuild" label to the PR to trigger just this workflow.
+            - [ ] Wait for the "Rebuild" workflow to push a commit updating the distribution files.
             - [ ] Mark the PR as ready for review to trigger the full set of PR checks.
             - [ ] Approve and merge the PR. When merging the PR, make sure "Create a merge commit" is
                   selected rather than "Squash and merge" or "Rebase and merge".
@@ -162,7 +162,7 @@ jobs:
             --head "${NEW_BRANCH}" \
             --base "${BASE_BRANCH}" \
             --title "${pr_title}" \
-            --label "Update dependencies" \
+            --label "Rebuild" \
             --body "${pr_body}" \
             --assignee "${GITHUB_ACTOR}" \
             --draft

.github/workflows/pr-checks.yml

@@ -17,9 +17,6 @@ jobs:
       contents: read
       security-events: write # needed to upload ESLint results
 
-    strategy:
-      fail-fast: false
-
     steps:
       - name: Checkout
         uses: actions/checkout@v5
@@ -37,19 +34,6 @@ jobs:
       - name: Check generated JS
         run: .github/workflows/script/check-js.sh
 
-  check-node-modules:
-    if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
-    name: Check modules up to date
-    permissions:
-      contents: read
-    runs-on: macos-latest
-    timeout-minutes: 45
-
-    steps:
-      - uses: actions/checkout@v5
-      - name: Check node modules up to date
-        run: .github/workflows/script/check-node-modules.sh
-
   check-file-contents:
     if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
     name: Check file contents
@@ -74,7 +58,6 @@ jobs:
   npm-test:
     if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
     name: Unit Test
-    needs: [check-js, check-node-modules]
     strategy:
       fail-fast: false
       matrix:

.github/workflows/script/check-node-modules.sh

@@ -1,20 +0,0 @@
-#!/bin/bash
-set -eu
-
-# Sanity check that repo is clean to start with
-if [ ! -z "$(git status --porcelain)" ]; then
-    # If we get a fail here then this workflow needs attention...
-    >&2 echo "Failed: Repo should be clean before testing!"
-    exit 1
-fi
-
-"$(dirname "$0")/update-node-modules.sh" check-only
-
-# Check that repo is still clean
-if [ ! -z "$(git status --porcelain)" ]; then
-    # If we get a fail here then the PR needs attention
-    >&2 echo "Failed: node_modules are not up to date. Add the 'Update dependencies' label to your PR to update them. Note it is important that node modules are updated on macOS and not any other operating system as there is one dependency (fsevents) that is needed for macOS and may not be installed if dependencies are updated on a Windows or Linux machine."
-    git status
-    exit 1
-fi
-echo "Success: node_modules are up to date"

.github/workflows/script/update-node-modules.sh

@@ -1,21 +0,0 @@
-#!/bin/bash
-set -eu
-
-if [ "$1" != "update" ] && [ "$1" != "check-only" ]; then
-    >&2 echo "Failed: Invalid argument. Must be 'update' or 'check-only'"
-    exit 1
-fi
-
-npm install --force -g npm@9.2.0
-
-# clean the npm cache to ensure we don't have any files owned by root
-sudo npm cache clean --force
-
-if [ "$1" = "update" ]; then
-    npm install
-fi
-
-# Reinstall modules and then clean to remove absolute paths
-# Use 'npm ci' instead of 'npm install' as this is intended to be reproducible
-npm ci
-npm run removeNPMAbsolutePaths

.github/workflows/update-dependencies.yml

@@ -1,45 +0,0 @@
-name: Update dependencies
-on:
-  pull_request_target:
-    types: [opened, synchronize, reopened, ready_for_review, labeled]
-
-jobs:
-  update:
-    name: Update dependencies
-    timeout-minutes: 45
-    runs-on: macos-latest
-    if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action')
-    permissions:
-      contents: write # needed to push the updated dependencies
-      pull-requests: write # needed to comment on the PR
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v5
-
-    - name: Remove PR label
-      env:
-        GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
-        REPOSITORY: '${{ github.repository }}'
-        PR_NUMBER: '${{ github.event.pull_request.number }}'
-      run: |
-        gh api "repos/$REPOSITORY/issues/$PR_NUMBER/labels/Update%20dependencies" -X DELETE
-
-    - name: Push updated dependencies
-      env:
-        BRANCH: '${{ github.head_ref }}'
-        GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
-      run: |
-        git fetch origin "$BRANCH" --depth=1
-        git checkout "origin/$BRANCH"
-        .github/workflows/script/update-node-modules.sh update
-        if [ ! -z "$(git status --porcelain)" ]; then
-          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --global user.name "github-actions[bot]"
-          git add node_modules
-          git commit -am "Update checked-in dependencies"
-          git push origin "HEAD:$BRANCH"
-          echo "Pushed a commit to update the checked-in dependencies." \
-            "Please mark the PR as ready for review to trigger PR checks." |
-            gh pr comment --body-file - --repo github/codeql-action "${{ github.event.pull_request.number }}"
-          gh pr ready --undo --repo github/codeql-action "${{ github.event.pull_request.number }}"
-        fi