From 8ab53cf22264fa13a31485909ec8e973f6abdc5d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Brunner?= <stephane.brunner@camptocamp.com>
Date: Tue, 28 Nov 2023 17:48:33 +0100
Subject: [PATCH] CI updates

This is done by the automated script named upgrade-c2cciutils-to-1.7
---
 .github/renovate.json5                        |  5 ++++
 .github/workflows/audit.yaml                  | 14 +++++++++--
 .github/workflows/backport.yaml               |  2 +-
 .../workflows/delete-old-workflow-run.yaml    | 23 +++++++++++++++++++
 .github/workflows/dependency-auto-review.yaml |  2 +-
 .github/workflows/main.yaml                   |  7 +++---
 .github/workflows/pr-checks.yaml              |  1 +
 7 files changed, 47 insertions(+), 7 deletions(-)
 create mode 100644 .github/workflows/delete-old-workflow-run.yaml

diff --git a/.github/renovate.json5 b/.github/renovate.json5
index 70377d2b042b..6b4b7054775d 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -69,5 +69,10 @@
       matchPackageNames: ['shellcheck-py/shellcheck-py'],
       versioning: 'regex:^v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)\\.(?<build>\\d+)$',
     },
+    /** Auto merge the GitHub action and pre-commit updates */
+    {
+      matchDatasources: ['github-actions', 'pre-commit'],
+      automerge: true,
+    },
   ],
 }
diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
index 016bc76f40a0..64eac0e53096 100644
--- a/.github/workflows/audit.yaml
+++ b/.github/workflows/audit.yaml
@@ -6,8 +6,8 @@ on:
 
 jobs:
   audit:
-    runs-on: ubuntu-22.04
     name: Audit
+    runs-on: ubuntu-22.04
     timeout-minutes: 15
 
     strategy:
@@ -54,7 +54,17 @@ jobs:
         if: failure()
       - run: python --version
 
-      - name: Audit
+      - name: Snyk audit
         run: ~/.venv/bin/c2cciutils-audit --branch=${{ matrix.branch }}
         env:
           GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
+      - name: Check ci/dpkg-versions.yaml file existence
+        id: dpkg-versions
+        uses: andstor/file-existence-action@v2
+        with:
+          files: ci/dpkg-versions.yaml
+      - name: Update dpkg packages versions
+        run: ~/.venv/bin/c2cciutils-docker-versions-update --branch=${{ matrix.branch }}
+        if: steps.dpkg-versions.outputs.files_exists == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml
index ea959e8eef35..d0cc8dbfc7c3 100644
--- a/.github/workflows/backport.yaml
+++ b/.github/workflows/backport.yaml
@@ -11,8 +11,8 @@ env:
 
 jobs:
   backport:
-    runs-on: ubuntu-22.04
     name: Backport
+    runs-on: ubuntu-22.04
     timeout-minutes: 5
 
     steps:
diff --git a/.github/workflows/delete-old-workflow-run.yaml b/.github/workflows/delete-old-workflow-run.yaml
new file mode 100644
index 000000000000..76f7117a6369
--- /dev/null
+++ b/.github/workflows/delete-old-workflow-run.yaml
@@ -0,0 +1,23 @@
+name: Delete old workflow runs
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+env:
+  HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
+
+jobs:
+  build:
+    name: Delete old workflow runs
+    runs-on: ubuntu-22.04
+    timeout-minutes: 25
+
+    steps:
+      - name: Delete old workflow runs
+        uses: MajorScruffy/delete-old-workflow-runs@v0.3.0
+        with:
+          repository: ${{ github.repository }}
+          older-than-seconds: 43200000 # 500 days
+        env:
+          GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
diff --git a/.github/workflows/dependency-auto-review.yaml b/.github/workflows/dependency-auto-review.yaml
index d09719021d91..8a0eb528e907 100644
--- a/.github/workflows/dependency-auto-review.yaml
+++ b/.github/workflows/dependency-auto-review.yaml
@@ -11,6 +11,7 @@ jobs:
     name: Auto reviews updates
     runs-on: ubuntu-22.04
     timeout-minutes: 5
+    if: github.event.pull_request.user.login == 'renovate[bot]'
 
     steps:
       - uses: actions/github-script@v6
@@ -22,4 +23,3 @@ jobs:
               pull_number: context.payload.pull_request.number,
               event: 'APPROVE',
             })
-    if: github.event.pull_request.user.login == 'renovate[bot]'
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index f55d828bee1f..7ff7f45eba0e 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -18,16 +18,17 @@ env:
 
 jobs:
   not-failed-backport:
-    runs-on: ubuntu-22.04
     name: Test that's not a failed backport
+    runs-on: ubuntu-22.04
     timeout-minutes: 5
+
     steps:
       - run: 'false'
         if: github.event.head_commit.message == '[skip ci] Add instructions to finish the backport.'
 
   main:
-    runs-on: ubuntu-22.04
     name: Continuous integration
+    runs-on: ubuntu-22.04
     timeout-minutes: 50
     if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
 
@@ -219,8 +220,8 @@ jobs:
         if: env.HAS_SECRETS == 'HAS_SECRETS'
 
   gh-pages:
-    runs-on: ubuntu-22.04
     name: Github Pages
+    runs-on: ubuntu-22.04
     timeout-minutes: 10
     concurrency: gh-pages-push
     needs:
diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml
index 9bef144dfc59..5a0ec4b417e2 100644
--- a/.github/workflows/pr-checks.yaml
+++ b/.github/workflows/pr-checks.yaml
@@ -15,6 +15,7 @@ jobs:
     name: Pull request check
     runs-on: ubuntu-22.04
     timeout-minutes: 5
+    if: github.event.pull_request.user.login != 'renovate[bot]'
 
     steps:
       - run: pip install --upgrade attrs