chore: minor updates

chore: wip

fix: restore Configure Git step and BUDDY_BOT_TOKEN support for rebase workflow

- Add missing git config step to prevent 'Author identity unknown' error
- Update workflow to use BUDDY_BOT_TOKEN for workflow file update permissions
- Add token permission check step for better debugging

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: adjust tests

chore: wip

Author: chrisbbreuer

.github/workflows/buddy-bot-rebase.yml

@@ -1,4 +1,4 @@
-name: Buddy Rebase Check
+name: Buddy Update Check
 
 on:
   schedule:
@@ -12,12 +12,17 @@ on:
         type: boolean
 
 env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  # For workflow file updates, you need a Personal Access Token with 'repo' and 'workflow' scopes
+  # Create a PAT at: https://github.com/settings/tokens
+  # Add it as a repository secret named 'BUDDY_BOT_TOKEN'
+  # If BUDDY_BOT_TOKEN is not available, falls back to GITHUB_TOKEN (limited permissions)
+  GITHUB_TOKEN: ${{ secrets.BUDDY_BOT_TOKEN || secrets.GITHUB_TOKEN }}
 
 permissions:
   contents: write
   pull-requests: write
   issues: write
+  actions: write
 
 jobs:
   check-rebase:
@@ -27,7 +32,9 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.BUDDY_BOT_TOKEN || secrets.GITHUB_TOKEN }}
+          fetch-depth: 0 # Fetch full history for rebasing
+          persist-credentials: true
 
       - name: Setup Bun
         uses: oven-sh/setup-bun@v2
@@ -40,6 +47,23 @@ jobs:
       - name: Build buddy-bot
         run: bun run build
 
+      - name: Configure Git
+        run: |
+          git config --global user.name "buddy-bot[bot]"
+          git config --global user.email "buddy-bot[bot]@users.noreply.github.com"
+
+      - name: Check token permissions
+        run: |
+          if [ -z "${{ secrets.BUDDY_BOT_TOKEN }}" ]; then
+            echo "⚠️ Using GITHUB_TOKEN (limited permissions)"
+            echo "💡 For full workflow file update support:"
+            echo "   1. Create a Personal Access Token with 'repo' and 'workflow' scopes"
+            echo "   2. Add it as repository secret 'BUDDY_BOT_TOKEN'"
+            echo "   3. Re-run this workflow"
+          else
+            echo "✅ Using BUDDY_BOT_TOKEN (full permissions)"
+          fi
+
       - name: Check for rebase requests
         run: |
           echo "🔍 Checking for PRs with rebase checkbox enabled..."
@@ -62,7 +86,7 @@ jobs:
           fi
 
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.BUDDY_BOT_TOKEN || secrets.GITHUB_TOKEN }}
 
       - name: Create summary
         if: always()

README.md

@@ -21,6 +21,7 @@ A modern, fast alternative to Dependabot and Renovate built for the JavaScript a
 - 📦 **Multi-Package Manager**: Supports Bun, npm, yarn, pnpm, pkgx, and Launchpad dependency files
 - ⚡ **GitHub Actions**: Automatically updates workflow dependencies (`actions/checkout@v4`, etc.)
 - 📊 **Dependency Dashboard**: Single GitHub issue with overview of all dependencies and open PRs
+- 🔄 **Rebase Functionality**: Interactive checkbox to update PRs with latest dependency versions
 - 🔍 **Intelligent Scanning**: Uses `bun outdated` and GitHub releases for accurate dependency detection
 - 📋 **Flexible Grouping**: Group related packages for cleaner PRs
 - 🎨 **Rich PR Format**: Three separate tables (npm, Launchpad/pkgx, GitHub Actions) with detailed metadata
@@ -87,6 +88,11 @@ buddy scan --strategy patch
 buddy update --dry-run
 buddy update
 
+# Check for rebase requests and update PRs
+buddy check-rebase
+buddy check-rebase --dry-run
+buddy check-rebase --verbose
+
 # Get help
 buddy help
 ```
@@ -200,6 +206,74 @@ The dependency dashboard provides a centralized view of all your repository's de
 - **🏷️ Smart Categorization**: Organized by npm, GitHub Actions, and dependency files
 - **⚡ Auto-Updates**: Refreshes when dependencies change
 
+## Rebase Functionality
+
+Buddy Bot includes powerful rebase functionality that allows you to update existing pull requests with the latest dependency versions, similar to Renovate's rebase feature.
+
+### How It Works
+
+All Buddy Bot pull requests include a rebase checkbox at the bottom:
+
+```markdown
+---
+ - [ ] <!-- rebase-check -->If you want to update/retry this PR, check this box
+---
+```
+
+### Using the Rebase Feature
+
+1. **Check the box**: In any Buddy Bot PR, check the rebase checkbox
+2. **Automatic detection**: The rebase workflow runs every minute to detect checked boxes
+3. **Updates applied**: The PR is automatically updated with the latest dependency versions
+4. **Checkbox unchecked**: After successful rebase, the checkbox is automatically unchecked
+
+### Rebase Command
+
+You can also trigger rebase manually using the CLI:
+
+```bash
+# Check for PRs with rebase checkbox enabled and update them
+buddy-bot check-rebase
+
+# Dry run to see what would be rebased
+buddy-bot check-rebase --dry-run
+
+# With verbose output
+buddy-bot check-rebase --verbose
+```
+
+### Automated Rebase Workflow
+
+Buddy Bot includes a pre-built GitHub Actions workflow (`.github/workflows/buddy-bot-rebase.yml`) that:
+
+- **🕐 Runs every minute**: Automatically checks for rebase requests
+- **🔍 Scans all PRs**: Finds Buddy Bot PRs with checked rebase boxes
+- **📦 Updates dependencies**: Re-scans for latest versions and updates files
+- **📝 Updates PR content**: Refreshes PR title, body, and file changes
+- **✅ Maintains workflow files**: Updates GitHub Actions workflows (requires proper permissions)
+
+### Workflow File Permissions
+
+For the rebase functionality to update GitHub Actions workflow files, you need proper permissions:
+
+#### Option 1: Personal Access Token (Recommended)
+1. Create a [Personal Access Token](https://github.com/settings/tokens) with `repo` and `workflow` scopes
+2. Add it as a repository secret named `BUDDY_BOT_TOKEN`
+3. The workflow automatically uses it when available
+
+#### Option 2: Default GitHub Token (Limited)
+- Uses `GITHUB_TOKEN` with limited permissions
+- Cannot update workflow files (`.github/workflows/*.yml`)
+- Still updates package.json, lock files, and dependency files
+
+### What Gets Updated During Rebase
+
+- ✅ **package.json** - npm/yarn/pnpm dependencies
+- ✅ **Lock files** - package-lock.json, yarn.lock, pnpm-lock.yaml, bun.lockb
+- ✅ **Dependency files** - deps.yaml, dependencies.yaml, pkgx.yaml
+- ✅ **GitHub Actions** - workflow files (with proper permissions)
+- ✅ **PR content** - Updated title, body, and metadata
+
 ### Quick Start
 
 ```bash
@@ -452,7 +526,7 @@ This PR contains the following updates:
 
 ---
 
- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
+ - [ ] <!-- rebase-check -->If you want to update/retry this PR, check this box
 
 ---
 

bin/cli.ts

@@ -524,8 +524,8 @@ cli
         return
       }
 
-      // Generate new package.json changes
-      const packageJsonUpdates = await buddy.generatePackageJsonUpdates(group.updates)
+      // Generate new file changes (package.json, dependency files, GitHub Actions)
+      const packageJsonUpdates = await buddy.generateAllFileUpdates(group.updates)
 
       // Update the branch with new commits
       await gitProvider.commitChanges(pr.head, group.title, packageJsonUpdates)
@@ -673,8 +673,8 @@ cli
                 continue
               }
 
-              // Generate new package.json changes
-              const packageJsonUpdates = await buddy.generatePackageJsonUpdates(group.updates)
+              // Generate new file changes (package.json, dependency files, GitHub Actions)
+              const packageJsonUpdates = await buddy.generateAllFileUpdates(group.updates)
 
               // Update the branch with new commits
               await gitProvider.commitChanges(pr.head, group.title, packageJsonUpdates)

docs/api/buddy.md

@@ -157,9 +157,9 @@ updates.forEach((update) => {
 
 ## Utility Methods
 
-### generatePackageJsonUpdates()
+### generateAllFileUpdates()
 
-Generates package.json file changes for updates.
+Generates file changes for all update types (package.json, dependency files, GitHub Actions).
 
 ```typescript
 interface FileChange {
@@ -169,7 +169,7 @@ interface FileChange {
 }
 
 interface BuddyUtilityMethods {
-  generatePackageJsonUpdates: (updates: PackageUpdate[]) => Promise<FileChange[]>
+  generateAllFileUpdates: (updates: PackageUpdate[]) => Promise<FileChange[]>
 }
 ```
 
@@ -185,7 +185,7 @@ Array of file change objects
 
 ```typescript
 const updates = await buddy.scanForUpdates()
-const fileChanges = await buddy.generatePackageJsonUpdates(updates.updates)
+const fileChanges = await buddy.generateAllFileUpdates(updates.updates)
 
 fileChanges.forEach((change) => {
   console.log(`Updated ${change.path}`)

docs/cli/update.md

@@ -198,14 +198,14 @@ PRs include this checkbox for manual rebase triggers:
 
 ```markdown
 ---
- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
+ - [ ] <!-- rebase-check -->If you want to update/retry this PR, check this box
 ---
 ```
 
 When checked (marked with `x`):
 
 ```markdown
- - [x] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
+ - [x] <!-- rebase-check -->If you want to update/retry this PR, check this box
 ```
 
 ### Process

docs/features/pull-requests.md

@@ -187,7 +187,7 @@ PRs include a rebase checkbox for manual triggers:
 
 ```markdown
 ---
- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
+ - [ ] <!-- rebase-check -->If you want to update/retry this PR, check this box
 ---
 ```