Auto-merge non-breaking vendor updates with improved messaging

[Copilot]

Vendor CI/CD Workflow Improvements - Complete ✅

Summary of Changes

This PR enhances the vendor update CI/CD workflow with improved messaging, semantic versioning analysis, and automatic merging capabilities.

Completed Tasks

• Analyze current workflow structure and update.ps1 script
• Improve pluralization in PR title and messages (singular vs plural)
  • Single dependency: Shows dependency name and version instead of "1 dependency updated"
  • Multiple dependencies: Shows count with proper pluralization
• Add proper emojis to workflow messages for better clarity
  • 🔥 for major version changes (breaking)
  • 🚀 for minor version changes
  • ⬆️ for patch version changes
  • 🔄 for unknown change types
  • 📦 for dependencies (single emoji only)
• Implement semantic version analysis to detect breaking changes
  • Parses version strings (major.minor.patch)
  • Handles complex versions like "2.52.0.windows.1"
  • Filters non-numeric parts from version strings
• Add logic to automatically push minor updates to master without PR
  • Directly commits and pushes to master for non-breaking changes
  • Skips PR creation to avoid bothering maintainers for safe updates
• Add fallback to PR creation if auto-merge fails or breaking changes detected
  • Creates PR for major version updates (potential breaking changes)
  • Falls back to PR if direct push fails
• Update workflow to warn in logs if unable to auto-merge
  • Clear error messages in step summary
  • Explains why manual review is required
• Fix YAML linting issues (trailing spaces)
• Improve version parsing to handle complex version strings
• Test version parsing logic (6/6 tests passing)
• Address code review feedback
  • Removed "Change Type" column from table
  • Added collapsible changelog section for major updates with links
  • Use single emoji only (removed double emoji)
  • Show dependency name and version for single updates
  • Updated emojis to improved visual indicators
  • Made new version bold in dependency table
  • Removed unused $headBeforeReset variable
  • Wrapped dependency count in backticks for consistency
• Fix CI failure with proper variable initialization and error handling
• Fix CodeQL workflow using PowerShell here-string (reverted previous echo/Write-Output attempts)
• Run security checks (0 vulnerabilities found)

Key Features

1. Smart Version Detection: Automatically detects breaking changes using semantic versioning
2. Auto-merge for Safe Updates: Minor/patch updates are automatically merged to master
3. Better User Experience: Clear, emoji-enhanced messages throughout the workflow with intuitive visual indicators (🔥 for major, 🚀 for minor, ⬆️ for patch)
4. Single Dependency Messages: When updating one dependency, shows its name and version (e.g., "Updated git-for-windows from 2.52.0 to 2.53.0")
5. Collapsible Changelog: Major updates include a <details> section with changelog and release notes links
6. Robust Error Handling: Proper variable initialization with warning logging for edge cases
7. Proper Pluralization: Context-aware messages for single vs. multiple dependencies
8. Clear Visual Hierarchy: New versions displayed in bold for easy identification, dependency counts wrapped in backticks
9. Clean Code: Removed unused variables and improved code quality

Visual Examples

Updated dependency table with new emojis:

Security Summary

✅ No security vulnerabilities detected by CodeQL analysis.

Original prompt

Improve pluralization for the update vendor CI/CD task; if there is only 1 vendored dependency, name that (also before/after version) instead of the current phrase that reads Updates to 1 vendored dependencies.

Also, improve the generated messages, in addition to that, use proper emojis where needed. We can look at depandabot's features for inspiration for our own tooling.

Lastly, if all the updated vendored dependencies are only minor (or more insignificant) and don't introduce breaking changes, the CI/CD workflow task can attempt to directly merge without needing a manual PR approve to avoid bothering the developers/maintainers. If this was unable to do so, you can warn about the unability to automatically merge/approve the PR in the step logs. It is prefered not to generate a PR in this case and automatically just push to master. If not, it should not break the current workflow where manual approves result in merging the PR.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[DRSDavidSoft]

@copilot The number of update should be wrapped in (`) like before

[Copilot]

Done in commit 7b86263. The dependency count is now wrapped in backticks for the plural case to match the original format: 📦 Automatically updated {0} dependencies

[daxgames]

@DRSDavidSoft Sorry but I had to get these working. I tried to just fix them without losing any of your changes.

I think they are all at least working at this time.

Not sure they are exactly what you were trying to do yet .