Merge pull request #30 from Harsh-Microsoft/grp-depbot-security-pr

Harsh-Microsoft · web-flow · commit 1a69ecc87152 · 2025-07-18T16:07:21.000+05:30
refactor: Optimize dependency installation commands to run once for a…
diff --git a/.github/workflows/group-dependabot-security-updates.yml b/.github/workflows/group-dependabot-security-updates.yml
@@ -216,13 +216,13 @@ jobs:
                       if [ -s deps_to_install.txt ]; then
                         if [ -f "$project_dir/yarn.lock" ]; then
                           echo "Using yarn to add/update dependencies in $project_dir..."
-                          # Use $GITHUB_WORKSPACE for an absolute path to the deps file.
-                          (cd "$project_dir" && xargs -n 1 yarn add < "$GITHUB_WORKSPACE/deps_to_install.txt")
+                          # Remove -n 1 to run yarn add only once with all dependencies.
+                          (cd "$project_dir" && xargs yarn add < "$GITHUB_WORKSPACE/deps_to_install.txt")
                           git add "$project_dir/yarn.lock"
                         else
                           echo "Using npm to install/update dependencies in $project_dir..."
-                          # Use $GITHUB_WORKSPACE for an absolute path to the deps file.
-                          (cd "$project_dir" && xargs -n 1 npm install < "$GITHUB_WORKSPACE/deps_to_install.txt")
+                          # Remove -n 1 to run npm install only once with all dependencies.
+                          (cd "$project_dir" && xargs npm install < "$GITHUB_WORKSPACE/deps_to_install.txt")
                           git add "$project_dir/package-lock.json"
                         fi
                         # Stage the manifest file that npm/yarn updated.
