[No BZ] Warn developers if they upgrade a dependency but not a patch

[roryabraham]

Coming from #36775...

Problem

When upgrading dependencies, it's possible that you may break a patch for that dependency. It's also possible that the patch may no longer be needed. It's easy to forget this, which leaves unused patch files in our repo.

Solution

Add a simple PR check to our webhook that looks for PRs that upgrade a dependency with a patch without updating the patch and include a PR comment like:

Heads up! It looks like you updated a dependency without updating the patch. Do you need to update the patch?

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~019999ca1782dc1db6
• Upwork Job ID: 1759309916923375616
• Last Price Increase: 2024-02-18

[melvin-bot]

Triggered auto assignment to @puneetlath (NewFeature), see https://stackoverflowteams.com/c/expensify/questions/14418#:~:text=BugZero%20process%20steps%20for%20feature%20requests for more details.

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~019999ca1782dc1db6

[melvin-bot]

Triggered auto assignment to Contributor Plus for review of internal employee PR - @rushatgabhane (Internal)

[roryabraham]

I was thinking this should be internal like other similar-style warnings in our webhook. Don't need a C+, not sure why we assign them for issues labelled Internal...

[roryabraham]

Some notes:

• We should split up commentIfPatchFileDiffers into commentIfPackageJsonUpdated and commentIfComposerJsonUpdated
• We should create constants for REPOS_WITH_PACKAGE_JSON and REPOS_WITH_COMPOSER_JSON
• We need to do some json parsing of the package.json diff to see which dependencies were updated so we can check for patches in that specific dependency

[roryabraham]

No near-term plans to push this DX improvement forward. Going to drop for focus

[mallenexpensify]

Updated title to denote this NewFeature doesn't need a BZ assigned.

[roryabraham]

This also isn't really in the roadmap anywhere - it's more of an automation to prevent developer mistakes

[melvin-bot]

@roryabraham, this Monthly task hasn't been acted upon in 6 weeks; closing.

If you disagree, feel encouraged to reopen it -- but pick your least important issue to close instead.

[roryabraham]

This was quick and easy to implement, and failing to correctly update our patches can lead to headaches. So I created a PR to add this check. It's all-too-common for patches to be added with limited context and then basically left forever, so hopefully this should help curb that practice.

[melvin-bot]

@roryabraham, this Monthly task hasn't been acted upon in 6 weeks; closing.

If you disagree, feel encouraged to reopen it -- but pick your least important issue to close instead.

[roryabraham]

oh, this has been done for a while 🙈