feat: auto-sanitize n8n@ version prefix in upstream bump PRs

[Copilot]

n8n release tags use the form n8n@2.x.y, which the dappnodesdk writes verbatim into dappnode_package.json and docker-compose.yml. Docker rejects image tags containing @, causing builds to fail on every automated bump PR.

Changes

• .github/workflows/sanitize_upstream_version_pr.yml — new workflow that:
  • Triggers on pull_request (opened / synchronize / reopened), scoped to PRs by github-actions[bot] whose title starts with bump n8n-io/n8n to
  • Checks out the PR branch and strips the n8n@ prefix via sed from:
    • "upstreamVersion" in dappnode_package.json
    • UPSTREAM_VERSION: build arg in docker-compose.yml
  • Commits back to the PR branch only when a change is needed; no-ops otherwise
  • Commits as github-actions[bot] with permissions: contents: write

Example

Before (bump PR as opened by dappnodesdk):

# docker-compose.yml
UPSTREAM_VERSION: n8n@2.12.0   # ❌ invalid Docker tag

After (commit added by this workflow):

UPSTREAM_VERSION: 2.12.0        # ✅ valid Docker tag

Original prompt

Create a pull request against the main branch of dappnode/DAppNodePackage-n8n to automatically sanitize upstream n8n release tags containing n8n@ when the SDK opens bump PRs.

Context:

• The repo uses npx @dappnode/dappnodesdk github-action bump-upstream (see .github/workflows/auto_check.yml) to open PRs bumping the upstream n8n version.
• n8n release tags are in the form n8n@2.x.y (example PR title: "bump n8n-io/n8n to n8n@2.11.0"; existing merged PR: bump n8n-io/n8n to n8n@2.11.0 #109).
• Docker tags cannot contain @, and the build fails when UPSTREAM_VERSION becomes n8n@... and the Dockerfile does FROM n8nio/n8n:${UPSTREAM_VERSION}.

Goal:

• Keep the PR-based flow (no direct pushes to default branch).
• Add automation that, when the bump-upstream PR is opened/updated by github-actions[bot], checks out the PR branch, sanitizes version values by stripping a leading n8n@ prefix, commits the change, and pushes back to the same PR branch so the PR remains manually mergeable.

Required changes:

1. Add a new GitHub Actions workflow file (suggested path: .github/workflows/sanitize_upstream_version_pr.yml) that runs on pull_request events (opened, synchronize, reopened).
2. The job should run only for upstream bump PRs. Use one or more of:
   • PR title starts with bump n8n-io/n8n to , and/or contains n8n@
   • PR author is github-actions[bot]
     (Prefer title-based filtering + actor to avoid running on unrelated PRs.)
3. The workflow must have permissions to push commits to the PR branch (permissions: contents: write) and must check out github.head_ref.
4. Sanitization logic:
   • In dappnode_package.json, if upstreamVersion starts with n8n@, replace with version without the prefix.
   • In docker-compose.yml, if the build arg line contains UPSTREAM_VERSION: n8n@..., strip the n8n@ prefix while preserving spacing.
   • Only commit & push if there are changes (git diff --quiet check).
   • Use github-actions[bot] name/email.
5. Add/update documentation comments in the workflow explaining why it exists (Docker tag constraints).

Acceptance criteria:

• A bump PR that contains n8n@ in the version gets an additional commit automatically that changes it to 2.x.y in the relevant files.
• Non-bump PRs are unaffected.
• No changes are pushed directly to main by scheduled workflows; changes happen only on PR branches.

This pull request was created from Copilot chat.

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.