chore(ci): update dependencies without force push COMPASS-9939

[kraenhansen]

Description

Merging this PR will:

• Check for an existing branch.
• Perform a sparse checkout of the package-lock.json of any existing branch.
• Only create the PR (or force-push) if the branch doesn't already exist or the package-lock.json differs after the upgrade has been applied.

Checklist

• New tests and/or benchmarks are included
• Documentation is changed or added
• If this change updates the UI, screenshots/videos are added and a design review is requested
• I have signed the MongoDB Contributor License Agreement (https://www.mongodb.com/legal/contributor-agreement)

Motivation and Context

• Bugfix
• New feature
• Dependency update
• Misc

See peter-evans/create-pull-request#3977 and section in the action's README.md for a bit more context on the lack of this feature in the "create-pull-request" action.

Open Questions

Dependents

Types of changes

• Backport Needed
• Patch (non-breaking change which fixes an issue)
• Minor (non-breaking change which adds functionality)
• Major (fix or feature that would cause existing functionality to change)

[gribnoysup]

A bit hard to validate until we actually manage to make this task update an exiting PR, but just reading through this change seems like this checked out file will continue to be there if the PR is being created updated and I think the create-pull-request will commit it with other files. We probably want to clean it up before this happens?

[kraenhansen]

Good catch. Perhaps we should just add it to the .gitignore?

[kraenhansen]

Dispatched this manually on "eslint", which at the time of running already had a PR open and it did seem to skip the create-pull-request action as expected.

[Copilot]

Pull Request Overview

This PR improves the CI dependency update workflow to avoid unnecessary force pushes by checking for existing branches and comparing package-lock.json files before creating or updating pull requests.

• Adds branch existence checking to prevent overwriting manual commits on update branches
• Implements sparse checkout of existing branches to compare package-lock.json changes
• Makes PR creation conditional based on branch existence and actual file differences

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The hashFiles() function will return an empty string when the file doesn't exist. If the existing branch checkout fails or the sparse checkout doesn't work as expected, hashFiles('existing-branch-checkout/package-lock.json') could return an empty string, making the comparison unreliable. Consider adding a check to ensure the existing branch checkout was successful before comparing hashes.

Suggested change

	- name: Create Pull Request
	if: steps.check-branch-exists.outputs.branch_exists == 'false' || hashFiles('package-lock.json') != hashFiles('existing-branch-checkout/package-lock.json')
	- name: Check if existing branch lockfile exists
	if: steps.check-branch-exists.outputs.branch_exists == 'true'
	id: check-existing-lockfile
	run: |
	if [ -f "existing-branch-checkout/package-lock.json" ]; then
	echo "exists=true" >> "$GITHUB_OUTPUT"
	else
	echo "exists=false" >> "$GITHUB_OUTPUT"
	fi
	- name: Create Pull Request
	if: steps.check-branch-exists.outputs.branch_exists == 'false' || (steps.check-branch-exists.outputs.branch_exists == 'true' && steps.check-existing-lockfile.outputs.exists == 'true' && hashFiles('package-lock.json') != hashFiles('existing-branch-checkout/package-lock.json')) || (steps.check-branch-exists.outputs.branch_exists == 'true' && steps.check-existing-lockfile.outputs.exists == 'false')