diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 3381f255bc5..ba21cd9bb04 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -64,17 +64,15 @@ }, /** Group Poetry packages */ { - matchPackageNames: ['poetry', 'pip'], matchPackagePrefixes: ['poetry-'], groupName: 'Poetry', automerge: true, - separateMajorMinor: false, - separateMinorPatch: false, + matchDepNames: ['poetry', 'pip'], }, /** Support the 4 parts of shellcheck-py version with a v prefix */ { - matchPackageNames: ['shellcheck-py/shellcheck-py'], versioning: 'regex:^v(?\\d+)\\.(?\\d+)\\.(?\\d+)\\.(?\\d+)$', + matchDepNames: ['shellcheck-py/shellcheck-py'], }, /** Accept only the patch on stabilization branches */ { @@ -91,14 +89,14 @@ /** Disable upgrading the supported Python version */ { matchFileNames: ['pyproject.toml'], - matchPackageNames: ['python'], enabled: false, + matchDepNames: ['python'], }, /** Don't allows update on ubuntu:mantic-* Docker images */ { - matchPackageNames: ['ubuntu'], matchNewValue: '!/^[0-9][0-9]\\.[0-9][0-9]$/', enabled: false, + matchDepNames: ['ubuntu'], }, ], } diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml deleted file mode 100644 index d0cc8dbfc7c..00000000000 --- a/.github/workflows/backport.yaml +++ /dev/null @@ -1,22 +0,0 @@ -name: Backport - -on: - pull_request: - types: - - closed - - labeled - -env: - HAS_SECRETS: ${{ secrets.HAS_SECRETS }} - -jobs: - backport: - name: Backport - runs-on: ubuntu-22.04 - timeout-minutes: 5 - - steps: - - uses: camptocamp/backport-action@master - with: - token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} - if: env.HAS_SECRETS == 'HAS_SECRETS' diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 4439b720b68..9c448d6a375 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -41,9 +41,7 @@ jobs: key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-" - run: pre-commit run --all-files - env: - SKIP: poetry-lock - - run: git diff + - run: git diff --exit-code --patch > /tmp/pre-commit.patch || true if: failure() - run: git diff --patch > /tmp/pre-commit.patch || true if: failure() @@ -84,10 +82,13 @@ jobs: - name: Publish run: c2cciutils-publish if: env.HAS_SECRETS == 'HAS_SECRETS' - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - GITHUB_TOKEN: ${{ secrets.TOKEN }} - - run: git diff --patch ci/dpkg-versions.yaml > /tmp/dpkg.patch + - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true + if: failure() + - uses: actions/upload-artifact@v4 + with: + name: Update dpkg versions list.patch + path: /tmp/dpkg-versions.patch + retention-days: 1 if: failure() - uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml deleted file mode 100644 index b3e991a226d..00000000000 --- a/.github/workflows/pr-checks.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Pull request check - -on: - pull_request: - types: - - opened - - reopened - - edited - - synchronize - -jobs: - build: - name: Pull request check - runs-on: ubuntu-22.04 - timeout-minutes: 5 - if: github.event.pull_request.user.login != 'renovate[bot]' - - steps: - - run: pip install --upgrade attrs - - uses: actions/checkout@v4 - - - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} - - run: python3 -m pip install --user --pre c2cciutils[pr_checks] - - - name: Check pull request - run: c2cciutils-pull-request-checks - env: - GITHUB_EVENT: ${{ toJson(github) }} - GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} diff --git a/.github/workflows/pull-request-automation.yaml b/.github/workflows/pull-request-automation.yaml index 14746f28944..74240590a3f 100644 --- a/.github/workflows/pull-request-automation.yaml +++ b/.github/workflows/pull-request-automation.yaml @@ -26,6 +26,23 @@ jobs: with: script: |- console.log(context); + - name: Auto reviews GHCI updates + uses: actions/github-script@v7 + with: + script: |- + github.rest.pulls.createReview({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: context.payload.pull_request.number, + event: 'APPROVE', + }) + if: |- + startsWith(github.head_ref, 'ghci/audit/') + && (github.event.pull_request.user.login == 'ghci-test[bot]' + || github.event.pull_request.user.login == 'ghci-int[bot]' + || github.event.pull_request.user.login == 'ghci[bot]') + && (github.event.action == 'opened' + || github.event.action == 'reopened') - name: Auto reviews Renovate updates uses: actions/github-script@v7 with: @@ -40,7 +57,7 @@ jobs: github.event.pull_request.user.login == 'renovate[bot]' && (github.event.action == 'opened' || github.event.action == 'reopened') - - name: Auto review and merge snyk auto fix + - name: Auto review and merge dpkg updates uses: actions/github-script@v7 with: script: |- @@ -66,45 +83,6 @@ jobs: `) if: |- github.event.pull_request.user.login == 'c2c-bot-gis-ci-2' - && startsWith(github.head_ref, 'snyk-fix/') - && (github.event.action == 'opened' - || github.event.action == 'reopened') - - name: Restart audit workflow - uses: actions/github-script@v7 - with: - script: |- - let runs = await github.rest.actions.listWorkflowRuns({ - owner: context.repo.owner, - repo: context.repo.repo, - workflow_id: 'audit.yaml', - per_page: 1, - }); - runs = runs.data.workflow_runs; - if (runs.length == 1 && runs[0].status != 'success') { - console.log(`Rerun workflow ${runs[0].id} ${runs[0].status}`); - github.rest.actions.reRunWorkflowFailedJobs({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: runs[0].id, - }); - } - if: |- - github.event.pull_request.user.login == 'c2c-bot-gis-ci-2' - && (startsWith(github.head_ref, 'snyk-fix/') - || startsWith(github.head_ref, 'dpkg-update/')) - && github.event.action == 'closed' - && github.event.pull_request.merged == true - - name: Auto close pre-commit.ci autoupdate - uses: actions/github-script@v7 - with: - script: |- - github.rest.pulls.update({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.payload.pull_request.number, - state: 'closed', - }); - if: |- - github.event.pull_request.user.login == 'pre-commit-ci' + && startsWith(github.head_ref, 'dpkg-update/') && (github.event.action == 'opened' || github.event.action == 'reopened') diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1d88c654ce9..335e9713a44 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -106,10 +106,10 @@ repos: - id: jsonschema-gentypes files: |- (?x)^( - github_app_geo_project/project-schema\.json - |github_app_geo_project/application-schema\.json - |github_app_geo_project/module/.*/schema\.json - |github_app_geo_project/module/.*/.*-schema\.json + github_app_geo_project/project-schema\.json + |github_app_geo_project/application-schema\.json + |github_app_geo_project/module/.*/schema\.json + |github_app_geo_project/module/.*/.*-schema\.json )$ - repo: https://github.com/sbrunner/jsonschema2md rev: 1.2.0 @@ -175,9 +175,25 @@ repos: - id: jsonschema-validator files: |- (?x)^( - ci/config\.yaml - |github_app_geo_project/project-schema\.json - |github_app_geo_project/application-schema\.json - |github_app_geo_project/module/.*/schema\.json - |github_app_geo_project/module/.*/.*-schema\.json + ci/config\.yaml + |github_app_geo_project/project-schema\.json + |github_app_geo_project/application-schema\.json + |github_app_geo_project/module/.*/schema\.json + |github_app_geo_project/module/.*/.*-schema\.json )$ + - repo: https://github.com/mheap/json-schema-spell-checker + rev: main + hooks: + - id: json-schema-spell-checker + files: |- + (?x)^( + github_app_geo_project/module/audit/schema\.json + |github_app_geo_project/module/delete_old_workflow_runs/schema\.json + |github_app_geo_project/module/versions/schema\.json + )$ + args: + - --fields=description,title + - --spelling=.github/spell-ignore-words.txt + - --ignore-numbers + - --ignore-acronyms + - --en-us