feat: auto relock PR github action

Author: KatieArmstr

.github/workflows/relock.yaml

@@ -0,0 +1,54 @@
+name: Update and relock NPM packages
+
+on:
+  workflow_dispatch:
+  schedule:
+    # run Thursdays at 05:00 UTC
+    - cron:  '0 5 * * THU'
+
+jobs:
+  relock:
+    name: Update and relock NPM packages and open PR if necessary
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: main
+
+      - name: Import Snyk Deployer GPG key
+        uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          gpg_private_key: ${{ secrets.GA_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GA_GPG_PRIVATE_KEY_PASS }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - name: Run npm update
+        run: |
+          echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc
+          npm update
+          rm -f .npmrc
+
+      - name: Create Signed Commit
+        id: create-commit
+        run: |
+          git add package*
+          any_changes=$(git diff --cached)
+          echo "::set-output name=changes::${any_changes}"
+          if [[ ! -z "${any_changes}" ]]; then
+            git commit -S -m "chore: update & relock NPM packages"
+          fi
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        if: ${{ success() && steps.create-commit.outputs.changes != null}}
+        with:
+          token: ${{ secrets.DEPLOYER_GITHUB_TOKEN }}
+          branch: chore/update-and-relock-npm-packages
+          delete-branch: true
+          title: 'chore: Update and relock NPM packages'
+          body: |
+            This PR updates and relocks NPM packages.
+
+            It is created by a recurring github action checking for outdated dependencies.