chore: release v0.5.5

- Fix 'Package not found in package.json' warnings by improving workspace detection
- Add findPackageLocation method to locate packages in correct workspace files
- Fix empty commit issues causing major PR creation failures
- Improve cache strategy in CI to avoid cache save failures
- Add proper .env file creation to prevent dotenvx warnings
- Enhance workspace package scanning for better monorepo support
- Validate file changes before creating PRs to prevent empty commits
- Add comprehensive workspace detection with direct package.json scanning
- Improve workflow permission handling and documentation
- Fix workspace package.json file path resolution for updates

This release addresses multiple issues affecting monorepo dependency management
and CI workflow reliability.

chore: release v0.5.5

bump: version 0.5.4

Author: chrisbbreuer

buddy-bot.config.ts

@@ -1,63 +1,39 @@
-import type { BuddyBotConfig } from './src/types'
+import type { BuddyBotConfig } from 'buddy-bot'
 
 const config: BuddyBotConfig = {
-  verbose: true,
-  packages: {
-    strategy: 'all',
-    ignore: ['typescript', 'bun-plugin-dtsx'],
-    includePrerelease: false, // Don't include alpha, beta, rc versions by default
-    excludeMajor: false, // Allow major updates (controlled by ignore list)
-    // No custom groups - use default grouping (major separate, non-major together)
-  },
-
-  // Repository settings for PR creation
   repository: {
-    provider: 'github',
     owner: 'stacksjs',
     name: 'buddy-bot',
-    baseBranch: 'main',
+    provider: 'github',
+    // token: process.env.BUDDY_BOT_TOKEN,
   },
-
-  // Pull request configuration
-  pullRequest: {
-    reviewers: ['chrisbbreuer', 'glennmichael123'],
-    assignees: ['chrisbbreuer', 'glennmichael123'],
-    labels: ['dependencies'],
-    autoMerge: {
-      enabled: true,
-      strategy: 'squash',
-      conditions: ['patch-only'],
-    },
+  dashboard: {
+    enabled: true,
+    title: 'Dependency Dashboard',
+    // issueNumber: undefined, // Auto-generated
   },
-
-  // Workflow generation settings
   workflows: {
     enabled: true,
     outputDir: '.github/workflows',
     templates: {
-      comprehensive: true,
       daily: true,
       weekly: true,
       monthly: true,
-      docker: false, // Disable Docker workflow
-      monorepo: false, // Disable monorepo workflow
     },
-    custom: [
-      {
-        name: 'Security Updates',
-        schedule: '0 6 * * *', // 6 AM daily
-        strategy: 'patch',
-        autoMerge: true,
-        labels: ['security', 'dependencies'],
-      },
+    custom: [],
+  },
+  packages: {
+    strategy: 'all',
+    ignore: [
+      // Add packages to ignore here
+      // Example: '@types/node', 'eslint'
+    ],
+    ignorePaths: [
+      // Add file/directory paths to ignore using glob patterns
+      // Example: 'packages/test-*/**', '**/*test-envs/**', 'apps/legacy/**'
     ],
   },
-
-  // Scheduling (uncomment to enable automated runs)
-  // schedule: {
-  //   cron: '0 2 * * 1', // Monday 2 AM
-  //   timezone: 'America/New_York',
-  // }
+  verbose: false,
 }
 
 export default config

package.json

@@ -1,7 +1,7 @@
 {
   "name": "buddy-bot",
   "type": "module",
-  "version": "0.5.2",
+  "version": "0.5.5",
   "description": "The Stacks CLI.",
   "author": "Chris Breuer <[email protected]>",
   "license": "MIT",

src/buddy.ts

@@ -232,6 +232,34 @@ export class Buddy {
             continue
           }
 
+          // Validate that file changes actually contain updates
+          let hasActualChanges = false
+          for (const fileUpdate of packageJsonUpdates) {
+            try {
+              const fs = await import('node:fs')
+              if (fs.existsSync(fileUpdate.path)) {
+                const currentContent = fs.readFileSync(fileUpdate.path, 'utf-8')
+                if (currentContent !== fileUpdate.content) {
+                  hasActualChanges = true
+                  break
+                }
+              } else {
+                // New file, counts as a change
+                hasActualChanges = true
+                break
+              }
+            } catch (error) {
+              // If we can't read the file, assume it's a change
+              hasActualChanges = true
+              break
+            }
+          }
+
+          if (!hasActualChanges) {
+            this.logger.warn(`ℹ️ No actual content changes for group ${group.name}, skipping PR creation`)
+            continue
+          }
+
           this.logger.info(`📝 Generated ${packageJsonUpdates.length} file changes for ${group.name}`)
 
           // Commit changes

src/registry/registry-client.ts

@@ -71,13 +71,16 @@ export class RegistryClient {
         // Get additional metadata for the package
         const metadata = await this.getPackageMetadata(result.name)
 
+        // Find the actual package.json file that contains this package
+        const packageLocation = await this.findPackageLocation(result.name)
+
         updates.push({
           name: result.name,
           currentVersion: result.current,
           newVersion: result.latest,
           updateType,
           dependencyType: 'dependencies', // Will be refined based on package.json analysis
-          file: 'package.json', // Will be refined based on actual file location
+          file: packageLocation || 'package.json', // Use actual location or fallback
           metadata,
           releaseNotesUrl: this.getReleaseNotesUrl(result.name, metadata),
           changelogUrl: this.getChangelogUrl(result.name, metadata),
@@ -1084,11 +1087,14 @@ export class RegistryClient {
    */
   private async getWorkspaceOutdatedPackages(): Promise<BunOutdatedResult[]> {
     try {
+      // Get both workspace names and direct package.json file scanning
       const workspaceNames = await this.getWorkspaceNames()
+      const packageJsonFiles = await this.findPackageJsonFiles()
       const allResults: BunOutdatedResult[] = []
 
       this.logger.info(`Found ${workspaceNames.length} workspace packages to check`)
 
+      // Check by workspace name (if bun supports it)
       for (const workspaceName of workspaceNames) {
         try {
           const results = await this.runBunOutdatedForWorkspace(workspaceName)
@@ -1099,6 +1105,60 @@ export class RegistryClient {
         }
       }
 
+      // Also directly check packages in each package.json for better coverage
+      this.logger.info(`Checking ${packageJsonFiles.length} package.json files directly`)
+      
+      for (const filePath of packageJsonFiles) {
+        if (filePath === 'package.json') continue // Skip root, already checked
+        
+        try {
+          const fullPath = path.join(this.projectPath, filePath)
+          const content = fs.readFileSync(fullPath, 'utf-8')
+          const packageData = JSON.parse(content)
+          
+          const allDeps = {
+            ...packageData.dependencies,
+            ...packageData.devDependencies,
+            ...packageData.peerDependencies,
+            ...packageData.optionalDependencies,
+          }
+          
+          for (const [packageName, currentVersion] of Object.entries(allDeps)) {
+            // Skip workspace dependencies and invalid versions
+            if (typeof currentVersion !== 'string' || currentVersion.startsWith('workspace:')) {
+              continue
+            }
+            
+            // Check if already found in workspace results
+            if (allResults.some(r => r.name === packageName)) {
+              continue
+            }
+            
+            try {
+              const latestVersion = await this.getLatestVersion(packageName)
+              if (latestVersion) {
+                const cleanCurrentVersion = this.cleanVersionRange(currentVersion)
+                if (cleanCurrentVersion && Bun.semver.order(cleanCurrentVersion, latestVersion) < 0) {
+                  allResults.push({
+                    name: packageName,
+                    current: cleanCurrentVersion,
+                    update: latestVersion,
+                    latest: latestVersion,
+                    file: filePath, // Store which file contains this package
+                  })
+                }
+              }
+            } catch (error) {
+              // Continue if version check fails for this package
+              continue
+            }
+          }
+        }
+        catch (error) {
+          this.logger.warn(`Failed to check packages in ${filePath}:`, error)
+        }
+      }
+
       this.logger.info(`Found ${allResults.length} outdated packages across workspaces`)
       return allResults
     }
@@ -1194,6 +1254,39 @@ export class RegistryClient {
     return skipDirs.includes(dirName) || dirName.startsWith('.')
   }
 
+  /**
+   * Find the actual package.json file that contains a specific package
+   */
+  private async findPackageLocation(packageName: string): Promise<string | null> {
+    const packageJsonFiles = await this.findPackageJsonFiles()
+
+    for (const filePath of packageJsonFiles) {
+      try {
+        const fullPath = path.join(this.projectPath, filePath)
+        const content = fs.readFileSync(fullPath, 'utf-8')
+        const packageData = JSON.parse(content)
+
+        // Check all dependency sections
+        const allDeps = {
+          ...packageData.dependencies,
+          ...packageData.devDependencies,
+          ...packageData.peerDependencies,
+          ...packageData.optionalDependencies,
+        }
+
+        if (allDeps[packageName]) {
+          return filePath
+        }
+      }
+      catch (error) {
+        // Continue searching if this file is malformed
+        continue
+      }
+    }
+
+    return null
+  }
+
   /**
    * Run bun outdated for a specific workspace
    */