Export dependabot tasks to separate workflow

Since dependabot is creating a commit, it is necessary to wait and retrieve the latest changes before running any other workflow.
apache · Nov 28, 2024 · 00f07e7 · 00f07e7
1 parent 3bbd612
commit 00f07e7
Show file tree

Hide file tree

Showing 6 changed files with 114 additions and 74 deletions.
diff --git a/.github/workflows/bin-solr-test.yml b/.github/workflows/bin-solr-test.yml
@@ -11,6 +11,12 @@ on:
       - 'solr/packaging/**'
       - 'solr/core/src/java/org/apache/solr/cli/**'
       - 'solr/prometheus-exporter/**'
+  # Wait for dependabot tasks to complete, if any
+  workflow_run:
+    workflows:
+      - Dependabot Tasks
+    types:
+      - completed
 
 jobs:
   test:
@@ -24,6 +30,9 @@ jobs:
     steps:
     # Setup
     - uses: actions/checkout@v4
+      with:
+        ref: ${{ github.head_ref }}
+        fetch-depth: 0
     - name: Set up JDK
       uses: actions/setup-java@v4
       with:

diff --git a/.github/workflows/dependabot-tasks.yml b/.github/workflows/dependabot-tasks.yml
@@ -0,0 +1,66 @@
+name: Dependabot Tasks
+
+on:
+  pull_request:
+    branches:
+      - 'main' # dependabot will create PRs only against main
+
+jobs:
+  # Dependabot job that runs only for dependabot PRs
+  # This job is writing locks, updates checksums, and commits the changes on the dependabot PRs.
+  lock-and-verify:
+    name: Lock and verify
+
+    runs-on: ubuntu-latest
+
+    # Run only on PRs created by dependabot, this prevents users from misusing branch names
+    # prefixed with dependabot/**
+    if: github.actor == 'dependabot[bot]'
+
+    # Give the default GITHUB_TOKEN write permission to commit
+    # and push the changed files back to the repository.
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout project
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: 21
+          java-package: jdk
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      - name: Use Gradle cache
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-precommit-${{ hashFiles('versions.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-precommit-
+            ${{ runner.os }}-gradle-
+
+      - name: Write locks
+        run: ./gradlew writeLocks
+
+      - name: Update licenses / checksums
+        run: ./gradlew updateLicenses
+
+      - name: Commit and push changes
+        run: |
+          git config user.name github-actions
+          git config user.email [email protected]
+          git add .
+          git commit -m "Write locks and update checksums"
+          git push origin ${{ github.head_ref }}
diff --git a/.github/workflows/docker-test.yml b/.github/workflows/docker-test.yml
@@ -11,6 +11,12 @@ on:
       - 'solr/prometheus-exporter/bin/**'
       - 'solr/docker/**'
       - 'solr/packaging/**'
+  # Wait for dependabot tasks to complete, if any
+  workflow_run:
+    workflows:
+      - Dependabot Tasks
+    types:
+      - completed
 
 jobs:
   test:
@@ -26,6 +32,9 @@ jobs:
     steps:
     # Setup
     - uses: actions/checkout@v4
+      with:
+        ref: ${{ github.head_ref }}
+        fetch-depth: 0
     - name: Set up JDK 21
       uses: actions/setup-java@v4
       with:

diff --git a/.github/workflows/gradle-precommit.yml b/.github/workflows/gradle-precommit.yml
@@ -5,31 +5,28 @@ on:
     branches:
       - 'main'
       - 'branch_*'
+  # Wait for dependabot tasks to complete, if any
+  workflow_run:
+    workflows:
+      - Dependabot Tasks
+    types:
+      - completed
 
 jobs:
-  # Dependabot job that runs only for dependabot PRs
-  # This job is writing locks, updates checksums, and commits the changes on the dependabot PRs.
-  lockAndVerify:
-    name: Lock and verify
+  test:
+    name: gradle check
 
     runs-on: ubuntu-latest
 
-    # Run only on dependabot PRs (see dependabot-actions.yml)
-    if: github.actor == 'dependabot[bot]'
-
     env:
       DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
 
-    # Give the default GITHUB_TOKEN write permission to commit
-    # and push the changed files back to the repository.
-    permissions:
-      contents: write
-
     steps:
-      - name: Checkout project
-        uses: actions/checkout@v4
+      # Setup
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.head_ref }}
+          fetch-depth: 0
 
       - name: Set up JDK
         uses: actions/setup-java@v4
@@ -44,8 +41,7 @@ jobs:
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
-      - name: Use Gradle cache
-        uses: actions/cache@v4
+      - uses: actions/cache@v4
         with:
           path: |
             ~/.gradle/caches
@@ -54,62 +50,7 @@ jobs:
             ${{ runner.os }}-gradle-precommit-
             ${{ runner.os }}-gradle-
 
-      - name: Write locks
-        run: ./gradlew writeLocks
-
-      - name: Update licenses / checksums
-        run: ./gradlew updateLicenses
-
-      - name: Commit and push changes
-        run: |
-          git config user.name github-actions
-          git config user.email [email protected]
-          git add .
-          git commit -m "Write locks and update checksums"
-          git push origin ${{ github.head_ref }}
-
-  test:
-    name: gradle check
-
-    runs-on: ubuntu-latest
-
-    # Run after "dependabot" job, regardless if skipped or successful
-    needs: lockAndVerify
-    if: always()
-
-    env:
-      DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
-
-    steps:
-    # Setup
-    - uses: actions/checkout@v4
-      with:
-        ref: ${{ github.head_ref }}
-        fetch-depth: 0
-
-    - name: Set up JDK
-      uses: actions/setup-java@v4
-      with:
-        distribution: 'temurin'
-        java-version: 21
-        java-package: jdk
-
-    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
-
-    - name: Grant execute permission for gradlew
-      run: chmod +x gradlew
-
-    - uses: actions/cache@v4
-      with:
-        path: |
-          ~/.gradle/caches
-        key: ${{ runner.os }}-gradle-precommit-${{ hashFiles('versions.lock') }}
-        restore-keys: |
-          ${{ runner.os }}-gradle-precommit-
-          ${{ runner.os }}-gradle-
-
-    - name: Run gradle check (without tests)
-      run: ./gradlew check -x test -Ptask.times=true
+      - name: Run gradle check (without tests)
+        run: ./gradlew check -x test -Ptask.times=true
 
-    - uses: gradle/wrapper-validation-action@v3
+      - uses: gradle/wrapper-validation-action@v3
diff --git a/.github/workflows/solrj-test.yml b/.github/workflows/solrj-test.yml
@@ -8,6 +8,12 @@ on:
     paths:
       - '.github/workflows/solrj-test.yml'
       - 'solr/solrj/**'
+  # Wait for dependabot tasks to complete, if any
+  workflow_run:
+    workflows:
+      - Dependabot Tasks
+    types:
+      - completed
 
 jobs:
   test:
@@ -21,6 +27,9 @@ jobs:
     steps:
     # Setup
     - uses: actions/checkout@v4
+      with:
+        ref: ${{ github.head_ref }}
+        fetch-depth: 0
     - name: Set up JDK 21
       uses: actions/setup-java@v4
       with:

diff --git a/.github/workflows/tests-via-crave.yml b/.github/workflows/tests-via-crave.yml
@@ -5,6 +5,12 @@ on:
     branches:
       - 'main'
       - 'branch_*'
+  # Wait for dependabot tasks to complete, if any
+  workflow_run:
+    workflows:
+      - Dependabot Tasks
+    types:
+      - completed
 
 jobs:
   test: