ci: auto-dedupe yarn.lock file for PRs created by bots (#5982)

Otherwise this would block the PR if the `yarn.lock` file wasn't
properly deduped by the changes made by the bot.

Author: watson

.github/scripts/yarn-dedupe.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+set -ex
+
+if git diff --exit-code yarn.lock; then
+  echo "✅ yarn.lock is already properly deduplicated"
+else
+  echo "📝 yarn.lock was modified by dedupe command"
+
+  PR_AUTHOR="${PR_AUTHOR:-}"
+  PR_USER_TYPE="${PR_USER_TYPE:-}"
+
+  if [[ "$PR_USER_TYPE" == "Bot" ]] && [[ "${GITHUB_EVENT_NAME:-}" == "pull_request" ]]; then
+    echo "🤖 Bot-created PR detected. Auto-committing yarn.lock changes..."
+
+    git config --local user.email "action@github.com"
+    git config --local user.name "GitHub Action"
+
+    git add yarn.lock
+    git commit -m "Auto-dedupe yarn.lock dependencies"
+
+    git push origin HEAD:${GITHUB_HEAD_REF}
+
+    echo "✅ Successfully committed and pushed yarn.lock deduplication"
+  else
+    echo "❌ The yarn.lock file needs deduplication!"
+    echo ""
+    echo "The yarn dedupe command has modified your yarn.lock file."
+    echo "This means there were duplicate dependencies that could be optimized."
+    echo ""
+    echo "To fix this issue:"
+    echo "1. Run 'yarn dependencies:dedupe' locally"
+    echo "2. Commit the updated yarn.lock file"
+    echo "3. Push your changes"
+    echo ""
+    echo "This helps keep the dependency tree clean."
+    exit 1
+  fi
+fi

.github/workflows/project.yml

@@ -99,9 +99,15 @@ jobs:
 
   yarn-dedupe:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: read
     steps:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
 
       - name: Setup Node.js
         uses: ./.github/actions/node/active-lts
@@ -112,21 +118,9 @@ jobs:
       - name: Run yarn dependencies:dedupe
         run: yarn dependencies:dedupe
 
-      - name: Check if yarn.lock was modified
-        run: |
-          if git diff --exit-code yarn.lock; then
-            echo "✅ yarn.lock is already properly deduplicated"
-          else
-            echo "❌ The yarn.lock file needs deduplication!"
-            echo ""
-            echo "The yarn dedupe command has modified your yarn.lock file."
-            echo "This means there were duplicate dependencies that could be optimized."
-            echo ""
-            echo "To fix this issue:"
-            echo "1. Run 'yarn dependencies:dedupe' locally"
-            echo "2. Commit the updated yarn.lock file"
-            echo "3. Push your changes"
-            echo ""
-            echo "This helps keep the dependency tree clean."
-            exit 1
-          fi
+      - name: Run yarn dedupe check
+        run: ./.github/scripts/yarn-dedupe.sh
+        env:
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+          PR_USER_TYPE: ${{ github.event.pull_request.user.type }}
+          GITHUB_EVENT_NAME: ${{ github.event_name }}