From 4d69e43c72fa52101c417c306efb19ccb04682e7 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 09:41:26 +0100 Subject: [PATCH 01/17] chore(cicd): automating pipeline progression of dependabot bumps --- ...e-dependabot-prs-into-collected-branch.yml | 26 ++++++++++++++++--- ...collected-dependabot-staging-to-master.yml | 1 + .../collected-dependabot-to-staging.yml | 1 + 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 6021872..9e3d50b 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -1,19 +1,38 @@ +# qqqq in development # This script seperate major and minor but we do merge them into the same branch. # Having two steps allows us to easily turn off major changes in future and then script them to their own branch and pipeline. name: Auto-merge Dependabot PRs into collected branch on: pull_request: - types: [opened, synchronize] + # synchronize + types: [opened] branches: [Automatic_version_update_dependabot] # Make sure this matches your actual branch name - + check_suite: + types: [completed] + workflow_dispatch: permissions: contents: write pull-requests: write jobs: + debug: + runs-on: ubuntu-latest + steps: + - name: Debug info + run: | + echo "Actor: ${{ github.actor }}" + echo "PR Title: ${{ github.event.pull_request.title }}" + echo "Target Branch: ${{ github.event.pull_request.base.ref }}" + echo "Source Branch: ${{ github.event.pull_request.head.ref }}" + - name: Wait for other checks to start + - name: Delay for check + run: | + # drop later qqqq shouldnt need but its running before auto + echo "Waiting 4 minutes for other checks to start running..." + sleep 240 auto-merge: runs-on: ubuntu-latest - if: github.actor == 'dependabot[bot]' + if: github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch' steps: - name: Extract update type id: extract @@ -27,6 +46,7 @@ jobs: - name: Auto-merge minor and patch updates if: steps.extract.outputs.update_type == 'minor_or_patch' + # Auto should set the the request to merge once checks complete run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/collected-dependabot-staging-to-master.yml b/.github/workflows/collected-dependabot-staging-to-master.yml index 822ba31..fbb0e0f 100644 --- a/.github/workflows/collected-dependabot-staging-to-master.yml +++ b/.github/workflows/collected-dependabot-staging-to-master.yml @@ -1,3 +1,4 @@ +# qqqq in development name: Collected Dependabot Promotion From Staging To Master on: schedule: diff --git a/.github/workflows/collected-dependabot-to-staging.yml b/.github/workflows/collected-dependabot-to-staging.yml index 4306f22..c0a0376 100644 --- a/.github/workflows/collected-dependabot-to-staging.yml +++ b/.github/workflows/collected-dependabot-to-staging.yml @@ -1,3 +1,4 @@ +# qqqq in development name: Dependabot Collected Promotion To Staging # this logic will require branch ruleset checks of running the dev pipeline on: From 59b6a1faca3c976fdf77265b54931dc19db308a7 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 10:53:21 +0100 Subject: [PATCH 02/17] chore(checks): fail due to artifact --- ...e-dependabot-prs-into-collected-branch.yml | 7 +- .../collected-dependabot-to-staging.yml | 84 +++++++++---------- .github/workflows/reuseable-ci-checks.yml | 4 +- .github/workflows/workflow-readme.md | 33 +++++++- 4 files changed, 82 insertions(+), 46 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 9e3d50b..0c420fc 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -5,7 +5,7 @@ name: Auto-merge Dependabot PRs into collected branch on: pull_request: # synchronize - types: [opened] + types: [opened, synchronize] branches: [Automatic_version_update_dependabot] # Make sure this matches your actual branch name check_suite: types: [completed] @@ -13,6 +13,7 @@ on: permissions: contents: write pull-requests: write + checks: read jobs: debug: @@ -32,7 +33,8 @@ jobs: sleep 240 auto-merge: runs-on: ubuntu-latest - if: github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch' + # if dependabot and checks ran + if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') steps: - name: Extract update type id: extract @@ -53,6 +55,7 @@ jobs: - name: Auto-merge major updates if: steps.extract.outputs.update_type == 'major' + # Auto should set the the request to merge once checks complete run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/collected-dependabot-to-staging.yml b/.github/workflows/collected-dependabot-to-staging.yml index c0a0376..eb067b9 100644 --- a/.github/workflows/collected-dependabot-to-staging.yml +++ b/.github/workflows/collected-dependabot-to-staging.yml @@ -1,46 +1,46 @@ -# qqqq in development -name: Dependabot Collected Promotion To Staging -# this logic will require branch ruleset checks of running the dev pipeline -on: - schedule: - # Promotion from staging to release should be a week apart so alternating weeks (also live updates dangerous) - - cron: '0 9 1-7 * 1' # First Monday of month - - cron: '0 9 15-21 * 1' # Third Monday of month - workflow_dispatch: # Allow manual trigger +# # qqqq in development +# name: Dependabot Collected Promotion To Staging +# # this logic will require branch ruleset checks of running the dev pipeline +# on: + # schedule: + # # Promotion from staging to release should be a week apart so alternating weeks (also live updates dangerous) + # - cron: '0 9 1-7 * 1' # First Monday of month + # - cron: '0 9 15-21 * 1' # Third Monday of month + # workflow_dispatch: # Allow manual trigger -jobs: - promote-to-automatic-collected-dependabot-staging: - runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 +# jobs: + # promote-to-automatic-collected-dependabot-staging: + # runs-on: ubuntu-latest + # permissions: + # contents: write + # pull-requests: write + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # fetch-depth: 0 - - name: Check for changes - id: changes - run: | - git fetch origin Automatic_version_update_dependabot:Automatic_version_update_dependabot - git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging + # - name: Check for changes + # id: changes + # run: | + # git fetch origin Automatic_version_update_dependabot:Automatic_version_update_dependabot + # git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging - if git diff --quiet Automatic_collected_dependabot_staging Automatic_version_update_dependabot; then - echo "has_changes=false" >> $GITHUB_OUTPUT - else - echo "has_changes=true" >> $GITHUB_OUTPUT - fi + # if git diff --quiet Automatic_collected_dependabot_staging Automatic_version_update_dependabot; then + # echo "has_changes=false" >> $GITHUB_OUTPUT + # else + # echo "has_changes=true" >> $GITHUB_OUTPUT + # fi - - name: Create PR to Automatic_collected_dependabot_staging - if: steps.changes.outputs.has_changes == 'true' - run: | - gh pr create \ - --base Automatic_collected_dependabot_staging \ - --head Automatic_version_update_dependabot \ - --title "Fortnightly dependabot collected to staging - $(date +%Y-%m-%d)" \ - --body "Automated Fortnightly promotion of dependency updates from dependabot" \ - --auto-merge \ - --merge - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + # - name: Create PR to Automatic_collected_dependabot_staging + # if: steps.changes.outputs.has_changes == 'true' + # run: | + # gh pr create \ + # --base Automatic_collected_dependabot_staging \ + # --head Automatic_version_update_dependabot \ + # --title "Fortnightly dependabot collected to staging - $(date +%Y-%m-%d)" \ + # --body "Automated Fortnightly promotion of dependency updates from dependabot" \ + # --auto-merge \ + # --merge + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/reuseable-ci-checks.yml b/.github/workflows/reuseable-ci-checks.yml index 172443c..9523b66 100644 --- a/.github/workflows/reuseable-ci-checks.yml +++ b/.github/workflows/reuseable-ci-checks.yml @@ -340,7 +340,9 @@ jobs: # Echo the entire artifact list for debugging purposes echo "Artifact List: $ARTIFACT_LIST" - ARTIFACT_URL=$(echo "$ARTIFACT_LIST" | jq -r '.artifacts[] | select(.name=="coverage-report") | .url') + #qqqq worked mostly ARTIFACT_URL=$(echo "$ARTIFACT_LIST" | jq -r '.artifacts[] | select(.name=="coverage-report") | .url') + ARTIFACT_URL=$(echo "$ARTIFACT_LIST" | jq -r '.artifacts | map(select(.name=="coverage-report")) | sort_by(.created_at) | last | .url') + # Echo the artifact URL to confirm echo "Artifact URL: $ARTIFACT_URL" diff --git a/.github/workflows/workflow-readme.md b/.github/workflows/workflow-readme.md index e008223..cef6cb3 100644 --- a/.github/workflows/workflow-readme.md +++ b/.github/workflows/workflow-readme.md @@ -85,12 +85,43 @@ The individual steps also automatically pass so can see if any error at the end - autoverging is being tried for major and minor - branch checks must pass for merge on automated_version - checks required but overrideable for all workflows +- dependabot secret names to match repos ones where need to share +- dependabot not need to build package later brnch does + +## Dependabot Pipeline (AI generatated diag) + +```mermaid +flowchart TD + %% Dependabot PR to initial branch + A[Dependabot PR] --> B[Automatic_version_update_dependabot] + + %% Checks on the dependabot branch + B --> C[Run Checks] + C --> C1[Commit name check ❌ skipped] + C --> C2[Branch name check ❌ skipped] + C --> C3[Build as release] + C --> C4[Unit tests] + C --> C5[E2E tests] + + %% Weekly merge to staging + B -->|Weekly merge via collected-dependabot-to-staging.yml| D[Automatic_collected_dependabot_staging] + + %% Staging checks and dev build + D --> E[Run Checks & Dev Build] + E --> E1[Checks again] + E --> E2[Build dev package] + E --> E3[Showcase dev page] + + %% Weekly merge to master + D -->|Weekly merge via collected-dependabot-staging-to-master.yml| F[Master] +``` + ## Versioning Via semantic release and recorded as a generate c# file used by a blazor component ## Alternative Approaches -``` + name: Pull Request Checks # ⚠️ pull_request_target is dangerous it allows secrets to be used by forks and bots, ⚠️ From 306ec36b73e8007657367228d256123f4491634e Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 10:58:21 +0100 Subject: [PATCH 03/17] chore(cicd): safer disabling of scripts --- ...collected-dependabot-staging-to-master.yml | 87 ++++++++++--------- .../collected-dependabot-to-staging.yml | 3 + 2 files changed, 48 insertions(+), 42 deletions(-) diff --git a/.github/workflows/collected-dependabot-staging-to-master.yml b/.github/workflows/collected-dependabot-staging-to-master.yml index fbb0e0f..ffcb013 100644 --- a/.github/workflows/collected-dependabot-staging-to-master.yml +++ b/.github/workflows/collected-dependabot-staging-to-master.yml @@ -1,49 +1,52 @@ -# qqqq in development name: Collected Dependabot Promotion From Staging To Master on: - schedule: - # we want the opposite weeks to staging so we get a week where it occurs in manual testing - - cron: '0 9 8-14 * 1' # Second Monday of month - - cron: '0 9 22-28 * 1' # Fourth Monday of month workflow_dispatch: +# # qqqq in development +# name: Collected Dependabot Promotion From Staging To Master +# on: + # schedule: + # # we want the opposite weeks to staging so we get a week where it occurs in manual testing + # - cron: '0 9 8-14 * 1' # Second Monday of month + # - cron: '0 9 22-28 * 1' # Fourth Monday of month + # workflow_dispatch: -jobs: - promote-to-master: - runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 +# jobs: + # promote-to-master: + # runs-on: ubuntu-latest + # permissions: + # contents: write + # pull-requests: write + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # fetch-depth: 0 - - name: Check for changes - id: changes - run: | - git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging - git fetch origin master:master # or main/master - whatever your prod branch is + # - name: Check for changes + # id: changes + # run: | + # git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging + # git fetch origin master:master - if git diff --quiet master Automatic_collected_dependabot_staging; then - echo "has_changes=false" >> $GITHUB_OUTPUT - else - echo "has_changes=true" >> $GITHUB_OUTPUT - fi + # if git diff --quiet master Automatic_collected_dependabot_staging; then + # echo "has_changes=false" >> $GITHUB_OUTPUT + # else + # echo "has_changes=true" >> $GITHUB_OUTPUT + # fi - - name: Create PR to master - if: steps.changes.outputs.has_changes == 'true' - run: | - if gh pr list --head Automatic_collected_dependabot_staging --base master --json number --jq '.[0].number' | grep -q .; then - echo "PR already exists, skipping creation" - else - gh pr create \ - --base master \ - --head Automatic_collected_dependabot_staging \ - --title "Fortnightly dependabot collected master promotion - $(date +%Y-%m-%d)" \ - --body "Automated weekly promotion from staging to master after testing period" \ - --auto-merge \ - --merge - fi - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + # - name: Create PR to master + # if: steps.changes.outputs.has_changes == 'true' + # run: | + # if gh pr list --head Automatic_collected_dependabot_staging --base master --json number --jq '.[0].number' | grep -q .; then + # echo "PR already exists, skipping creation" + # else + # gh pr create \ + # --base master \ + # --head Automatic_collected_dependabot_staging \ + # --title "Fortnightly dependabot collected master promotion - $(date +%Y-%m-%d)" \ + # --body "Automated weekly promotion from staging to master after testing period" \ + # --auto-merge \ + # --merge + # fi + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/collected-dependabot-to-staging.yml b/.github/workflows/collected-dependabot-to-staging.yml index eb067b9..817768d 100644 --- a/.github/workflows/collected-dependabot-to-staging.yml +++ b/.github/workflows/collected-dependabot-to-staging.yml @@ -1,4 +1,7 @@ # # qqqq in development +name: Dependabot Collected Promotion To Staging +on: + workflow_dispatch: # name: Dependabot Collected Promotion To Staging # # this logic will require branch ruleset checks of running the dev pipeline # on: From db831a2c2f306f11f77425f91d2434ca0b0534fc Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 12:21:43 +0100 Subject: [PATCH 04/17] chore(automerge): gh docs --- ...e-dependabot-prs-into-collected-branch.yml | 52 ++++++++++--------- README.md | 5 ++ 2 files changed, 32 insertions(+), 25 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 0c420fc..dbbcfb1 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -1,12 +1,12 @@ # qqqq in development -# This script seperate major and minor but we do merge them into the same branch. -# Having two steps allows us to easily turn off major changes in future and then script them to their own branch and pipeline. -name: Auto-merge Dependabot PRs into collected branch +# this script seperate major and minor but we do merge them into the same branch. +# having two steps allows us to easily turn off major changes in future and then script them to their own branch and pipeline. +name: auto-merge dependabot prs into collected branch on: pull_request: # synchronize types: [opened, synchronize] - branches: [Automatic_version_update_dependabot] # Make sure this matches your actual branch name + branches: [automatic_version_update_dependabot] # make sure this matches your actual branch name check_suite: types: [completed] workflow_dispatch: @@ -19,43 +19,45 @@ jobs: debug: runs-on: ubuntu-latest steps: - - name: Debug info + - name: debug info run: | - echo "Actor: ${{ github.actor }}" - echo "PR Title: ${{ github.event.pull_request.title }}" - echo "Target Branch: ${{ github.event.pull_request.base.ref }}" - echo "Source Branch: ${{ github.event.pull_request.head.ref }}" - - name: Wait for other checks to start - - name: Delay for check + echo "actor: ${{ github.actor }}" + echo "pr title: ${{ github.event.pull_request.title }}" + echo "target branch: ${{ github.event.pull_request.base.ref }}" + echo "source branch: ${{ github.event.pull_request.head.ref }}" + - name: wait for other checks to start + - name: delay for check run: | # drop later qqqq shouldnt need but its running before auto - echo "Waiting 4 minutes for other checks to start running..." + echo "waiting 4 minutes for other checks to start running..." sleep 240 auto-merge: runs-on: ubuntu-latest # if dependabot and checks ran if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') steps: - - name: Extract update type + - name: extract update type id: extract run: | - PR_TITLE="${{ github.event.pull_request.title }}" - if [[ $PR_TITLE == *"(major)"* ]]; then - echo "update_type=major" >> $GITHUB_OUTPUT + pr_title="${{ github.event.pull_request.title }}" + if [[ $pr_title == *"(major)"* ]]; then + echo "update_type=major" >> $github_output else - echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT + echo "update_type=minor_or_patch" >> $github_output fi - - name: Auto-merge minor and patch updates + - name: auto-merge minor and patch updates if: steps.extract.outputs.update_type == 'minor_or_patch' - # Auto should set the the request to merge once checks complete - run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}" + # auto should set the the request to merge once checks complete + # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" + run: gh pr merge --auto 1 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ secrets.GITHUB_TOKEN }} - - name: Auto-merge major updates + - name: auto-merge major updates if: steps.extract.outputs.update_type == 'major' - # Auto should set the the request to merge once checks complete - run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}" + # auto should set the the request to merge once checks complete + # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" + run: gh pr merge --auto 1 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + github_token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/README.md b/README.md index 404d9b3..4ec4215 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ the ability to produce static prerendered html. The prerendered html is written - **Node.js 18+** and npm - **Git** configured with your credentials - **PowerShell 5.1+** +- **Longfile names enabled on the system** > ⚠️ **Important:** All commands in this guide require **PowerShell running as Administrator** ### Quick Setup ⚡ @@ -116,6 +117,10 @@ The project should now work. See other sections for what projects to run, and co > ⚠️ read the contribution section before creating a branch or commits ⚠️ +### Trouble Shooting +- Longpaths may be required if E2E Client is not building. + - Follow [microsoft docs](https://learn.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation?tabs=registry) + - or Win + R -> type regedit -> path to the option HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem -> set LongPathsEnabled to 1 ### Getting Started with the Project following Setup From 8db2b137b755697948e9fb9ccb8c397cb6e3df72 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 12:47:25 +0100 Subject: [PATCH 05/17] chore(dependabot): auto --- .../automerge-dependabot-prs-into-collected-branch.yml | 3 ++- .gitignore | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index dbbcfb1..72540d9 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -25,12 +25,13 @@ jobs: echo "pr title: ${{ github.event.pull_request.title }}" echo "target branch: ${{ github.event.pull_request.base.ref }}" echo "source branch: ${{ github.event.pull_request.head.ref }}" - - name: wait for other checks to start + - name: delay for check run: | # drop later qqqq shouldnt need but its running before auto echo "waiting 4 minutes for other checks to start running..." sleep 240 + auto-merge: runs-on: ubuntu-latest # if dependabot and checks ran diff --git a/.gitignore b/.gitignore index fad9453..ca74745 100644 --- a/.gitignore +++ b/.gitignore @@ -237,3 +237,4 @@ TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/Logs/* # Generated version info files TELBlazor.Components/TELBlazorPackageVersion/VersionInfo*.cs /.github/workflows/test.yml +/Optimisation Notes.md From 8167b1b02aeec95f548d40f402b623cae090e905 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 13:21:45 +0100 Subject: [PATCH 06/17] chore(dependabot): automated --- ...e-dependabot-prs-into-collected-branch.yml | 5 +- ...collected-dependabot-staging-to-master.yml | 52 ------------------- ...-dependabot-staging-to-master.yml-disabled | 49 +++++++++++++++++ .../collected-dependabot-to-staging.yml | 49 ----------------- ...llected-dependabot-to-staging.yml-disabled | 47 +++++++++++++++++ 5 files changed, 100 insertions(+), 102 deletions(-) delete mode 100644 .github/workflows/collected-dependabot-staging-to-master.yml create mode 100644 .github/workflows/collected-dependabot-staging-to-master.yml-disabled delete mode 100644 .github/workflows/collected-dependabot-to-staging.yml create mode 100644 .github/workflows/collected-dependabot-to-staging.yml-disabled diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 72540d9..c52c612 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -23,6 +23,8 @@ jobs: run: | echo "actor: ${{ github.actor }}" echo "pr title: ${{ github.event.pull_request.title }}" + echo "github event_name: ${{ github.event_name }}" + echo "github event_suite conlusion: ${{ github.event.check_suite.conclusion }}" echo "target branch: ${{ github.event.pull_request.base.ref }}" echo "source branch: ${{ github.event.pull_request.head.ref }}" @@ -35,7 +37,8 @@ jobs: auto-merge: runs-on: ubuntu-latest # if dependabot and checks ran - if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') + # if: (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') + # qqqq put back in later if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') steps: - name: extract update type id: extract diff --git a/.github/workflows/collected-dependabot-staging-to-master.yml b/.github/workflows/collected-dependabot-staging-to-master.yml deleted file mode 100644 index ffcb013..0000000 --- a/.github/workflows/collected-dependabot-staging-to-master.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Collected Dependabot Promotion From Staging To Master -on: - workflow_dispatch: -# # qqqq in development -# name: Collected Dependabot Promotion From Staging To Master -# on: - # schedule: - # # we want the opposite weeks to staging so we get a week where it occurs in manual testing - # - cron: '0 9 8-14 * 1' # Second Monday of month - # - cron: '0 9 22-28 * 1' # Fourth Monday of month - # workflow_dispatch: - -# jobs: - # promote-to-master: - # runs-on: ubuntu-latest - # permissions: - # contents: write - # pull-requests: write - # steps: - # - name: Checkout - # uses: actions/checkout@v4 - # with: - # fetch-depth: 0 - - # - name: Check for changes - # id: changes - # run: | - # git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging - # git fetch origin master:master - - # if git diff --quiet master Automatic_collected_dependabot_staging; then - # echo "has_changes=false" >> $GITHUB_OUTPUT - # else - # echo "has_changes=true" >> $GITHUB_OUTPUT - # fi - - # - name: Create PR to master - # if: steps.changes.outputs.has_changes == 'true' - # run: | - # if gh pr list --head Automatic_collected_dependabot_staging --base master --json number --jq '.[0].number' | grep -q .; then - # echo "PR already exists, skipping creation" - # else - # gh pr create \ - # --base master \ - # --head Automatic_collected_dependabot_staging \ - # --title "Fortnightly dependabot collected master promotion - $(date +%Y-%m-%d)" \ - # --body "Automated weekly promotion from staging to master after testing period" \ - # --auto-merge \ - # --merge - # fi - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/collected-dependabot-staging-to-master.yml-disabled b/.github/workflows/collected-dependabot-staging-to-master.yml-disabled new file mode 100644 index 0000000..5a1332e --- /dev/null +++ b/.github/workflows/collected-dependabot-staging-to-master.yml-disabled @@ -0,0 +1,49 @@ +# qqqq in development +name: Collected Dependabot Promotion From Staging To Master +on: + schedule: + # we want the opposite weeks to staging so we get a week where it occurs in manual testing + - cron: '0 9 8-14 * 1' # Second Monday of month + - cron: '0 9 22-28 * 1' # Fourth Monday of month + workflow_dispatch: + +jobs: + promote-to-master: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check for changes + id: changes + run: | + git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging + git fetch origin master:master + + if git diff --quiet master Automatic_collected_dependabot_staging; then + echo "has_changes=false" >> $GITHUB_OUTPUT + else + echo "has_changes=true" >> $GITHUB_OUTPUT + fi + + - name: Create PR to master + if: steps.changes.outputs.has_changes == 'true' + run: | + if gh pr list --head Automatic_collected_dependabot_staging --base master --json number --jq '.[0].number' | grep -q .; then + echo "PR already exists, skipping creation" + else + gh pr create \ + --base master \ + --head Automatic_collected_dependabot_staging \ + --title "Fortnightly dependabot collected master promotion - $(date +%Y-%m-%d)" \ + --body "Automated weekly promotion from staging to master after testing period" \ + --auto-merge \ + --merge + fi + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/collected-dependabot-to-staging.yml b/.github/workflows/collected-dependabot-to-staging.yml deleted file mode 100644 index 817768d..0000000 --- a/.github/workflows/collected-dependabot-to-staging.yml +++ /dev/null @@ -1,49 +0,0 @@ -# # qqqq in development -name: Dependabot Collected Promotion To Staging -on: - workflow_dispatch: -# name: Dependabot Collected Promotion To Staging -# # this logic will require branch ruleset checks of running the dev pipeline -# on: - # schedule: - # # Promotion from staging to release should be a week apart so alternating weeks (also live updates dangerous) - # - cron: '0 9 1-7 * 1' # First Monday of month - # - cron: '0 9 15-21 * 1' # Third Monday of month - # workflow_dispatch: # Allow manual trigger - -# jobs: - # promote-to-automatic-collected-dependabot-staging: - # runs-on: ubuntu-latest - # permissions: - # contents: write - # pull-requests: write - # steps: - # - name: Checkout - # uses: actions/checkout@v4 - # with: - # fetch-depth: 0 - - # - name: Check for changes - # id: changes - # run: | - # git fetch origin Automatic_version_update_dependabot:Automatic_version_update_dependabot - # git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging - - # if git diff --quiet Automatic_collected_dependabot_staging Automatic_version_update_dependabot; then - # echo "has_changes=false" >> $GITHUB_OUTPUT - # else - # echo "has_changes=true" >> $GITHUB_OUTPUT - # fi - - # - name: Create PR to Automatic_collected_dependabot_staging - # if: steps.changes.outputs.has_changes == 'true' - # run: | - # gh pr create \ - # --base Automatic_collected_dependabot_staging \ - # --head Automatic_version_update_dependabot \ - # --title "Fortnightly dependabot collected to staging - $(date +%Y-%m-%d)" \ - # --body "Automated Fortnightly promotion of dependency updates from dependabot" \ - # --auto-merge \ - # --merge - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/collected-dependabot-to-staging.yml-disabled b/.github/workflows/collected-dependabot-to-staging.yml-disabled new file mode 100644 index 0000000..b3dba35 --- /dev/null +++ b/.github/workflows/collected-dependabot-to-staging.yml-disabled @@ -0,0 +1,47 @@ +# qqqq in development + +name: Dependabot Collected Promotion To Staging +# this logic will require branch ruleset checks of running the dev pipeline +on: + schedule: + # Promotion from staging to release should be a week apart so alternating weeks (also live updates dangerous) + - cron: '0 9 1-7 * 1' # First Monday of month + - cron: '0 9 15-21 * 1' # Third Monday of month + workflow_dispatch: # Allow manual trigger + +jobs: + promote-to-automatic-collected-dependabot-staging: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check for changes + id: changes + run: | + git fetch origin Automatic_version_update_dependabot:Automatic_version_update_dependabot + git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging + + if git diff --quiet Automatic_collected_dependabot_staging Automatic_version_update_dependabot; then + echo "has_changes=false" >> $GITHUB_OUTPUT + else + echo "has_changes=true" >> $GITHUB_OUTPUT + fi + + - name: Create PR to Automatic_collected_dependabot_staging + if: steps.changes.outputs.has_changes == 'true' + run: | + gh pr create \ + --base Automatic_collected_dependabot_staging \ + --head Automatic_version_update_dependabot \ + --title "Fortnightly dependabot collected to staging - $(date +%Y-%m-%d)" \ + --body "Automated Fortnightly promotion of dependency updates from dependabot" \ + --auto-merge \ + --merge + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From e962141c131aa4a0502a19ae65e7158c6f7d7494 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 13:49:41 +0100 Subject: [PATCH 07/17] chore(dependabot): autom --- ...e-dependabot-prs-into-collected-branch.yml | 22 ++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index c52c612..dc03fe3 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -1,15 +1,17 @@ # qqqq in development +# qqqq not getting the events # this script seperate major and minor but we do merge them into the same branch. # having two steps allows us to easily turn off major changes in future and then script them to their own branch and pipeline. name: auto-merge dependabot prs into collected branch on: - pull_request: + # pull_request: # synchronize - types: [opened, synchronize] - branches: [automatic_version_update_dependabot] # make sure this matches your actual branch name + # types: [opened, synchronize] + # branches: [automatic_version_update_dependabot] # make sure this matches your actual branch name check_suite: types: [completed] workflow_dispatch: + permissions: contents: write pull-requests: write @@ -27,6 +29,10 @@ jobs: echo "github event_suite conlusion: ${{ github.event.check_suite.conclusion }}" echo "target branch: ${{ github.event.pull_request.base.ref }}" echo "source branch: ${{ github.event.pull_request.head.ref }}" + echo "Check Suite ID: ${{ github.event.check_suite.id }}" + echo "Conclusion: ${{ github.event.check_suite.conclusion }}" + echo "Target Branch: ${{ github.event.check_suite.pull_requests[0].base.ref }}" + echo "PR Number: ${{ github.event.check_suite.pull_requests[0].number }}" - name: delay for check run: | @@ -36,10 +42,20 @@ jobs: auto-merge: runs-on: ubuntu-latest + # if: github.event.check_suite.pull_requests[0].base.ref == 'main' # if dependabot and checks ran # if: (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') # qqqq put back in later if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') steps: + - name: Checkout the repository + uses: actions/checkout@v3 + + - name: Set up GitHub CLI + run: | + # Install GitHub CLI (gh) + sudo apt-get update + sudo apt-get install gh + - name: extract update type id: extract run: | From d744e96a1861e6dd018be26dc151212c84b6cc1c Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 14:21:21 +0100 Subject: [PATCH 08/17] chore(dependabot): naming caps --- .../automerge-dependabot-prs-into-collected-branch.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index dc03fe3..74c4e86 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -7,7 +7,7 @@ on: # pull_request: # synchronize # types: [opened, synchronize] - # branches: [automatic_version_update_dependabot] # make sure this matches your actual branch name + # branches: [Automatic_version_update_dependabot] # make sure this matches your actual branch name check_suite: types: [completed] workflow_dispatch: @@ -33,12 +33,7 @@ jobs: echo "Conclusion: ${{ github.event.check_suite.conclusion }}" echo "Target Branch: ${{ github.event.check_suite.pull_requests[0].base.ref }}" echo "PR Number: ${{ github.event.check_suite.pull_requests[0].number }}" - - - name: delay for check - run: | - # drop later qqqq shouldnt need but its running before auto - echo "waiting 4 minutes for other checks to start running..." - sleep 240 + auto-merge: runs-on: ubuntu-latest @@ -46,6 +41,7 @@ jobs: # if dependabot and checks ran # if: (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') # qqqq put back in later if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') + if: github.event.check_suite.conclusion == 'success' && github.actor == 'dependabot[bot]' && github.event.check_suite.pull_requests[0].base.ref == 'Automatic_version_update_dependabot' steps: - name: Checkout the repository uses: actions/checkout@v3 From 942f2ed1aa62d6cbd87bd0051da23166d979f0f0 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 14:34:50 +0100 Subject: [PATCH 09/17] chore(dep): remove check for now --- .../automerge-dependabot-prs-into-collected-branch.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 74c4e86..5ceface 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -41,7 +41,10 @@ jobs: # if dependabot and checks ran # if: (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') # qqqq put back in later if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') - if: github.event.check_suite.conclusion == 'success' && github.actor == 'dependabot[bot]' && github.event.check_suite.pull_requests[0].base.ref == 'Automatic_version_update_dependabot' + + + # qqqq add in after testing && github.actor == 'dependabot[bot]' + if: github.event.check_suite.conclusion == 'success' && github.event.check_suite.pull_requests[0].base.ref == 'Automatic_version_update_dependabot' steps: - name: Checkout the repository uses: actions/checkout@v3 @@ -57,9 +60,9 @@ jobs: run: | pr_title="${{ github.event.pull_request.title }}" if [[ $pr_title == *"(major)"* ]]; then - echo "update_type=major" >> $github_output + echo "update_type=major" >> $GITHUB_OUTPUT else - echo "update_type=minor_or_patch" >> $github_output + echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT fi - name: auto-merge minor and patch updates From 15aa4b365a725e756aaabf830b6801dd95ca6ca0 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 14:46:21 +0100 Subject: [PATCH 10/17] chore(deps): token definition --- .../automerge-dependabot-prs-into-collected-branch.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 5ceface..b6f25f3 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -69,14 +69,16 @@ jobs: if: steps.extract.outputs.update_type == 'minor_or_patch' # auto should set the the request to merge once checks complete # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" - run: gh pr merge --auto 1 + # run: gh pr merge --auto 1 + run: gh pr merge --auto ${{ github.event.check_suite.pull_requests[0].number }} env: - github_token: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: auto-merge major updates if: steps.extract.outputs.update_type == 'major' # auto should set the the request to merge once checks complete # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" - run: gh pr merge --auto 1 + # run: gh pr merge --auto 1 + run: gh pr merge --auto ${{ github.event.check_suite.pull_requests[0].number }} env: - github_token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From acb65e516611ef35bbd8c05fbd8a1d7f57c10a9a Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 14:55:11 +0100 Subject: [PATCH 11/17] chore(dep): merge check --- .../automerge-dependabot-prs-into-collected-branch.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index b6f25f3..782fd1c 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -70,7 +70,7 @@ jobs: # auto should set the the request to merge once checks complete # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" # run: gh pr merge --auto 1 - run: gh pr merge --auto ${{ github.event.check_suite.pull_requests[0].number }} + run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -79,6 +79,6 @@ jobs: # auto should set the the request to merge once checks complete # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" # run: gh pr merge --auto 1 - run: gh pr merge --auto ${{ github.event.check_suite.pull_requests[0].number }} + run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From a0b408711e4ea8a8c038d561a1eb7ca1bdd0633a Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 15:22:16 +0100 Subject: [PATCH 12/17] chore(cicd): title catching --- ...omerge-dependabot-prs-into-collected-branch.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 782fd1c..d84eaa6 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -33,6 +33,15 @@ jobs: echo "Conclusion: ${{ github.event.check_suite.conclusion }}" echo "Target Branch: ${{ github.event.check_suite.pull_requests[0].base.ref }}" echo "PR Number: ${{ github.event.check_suite.pull_requests[0].number }}" + + - name: Dump event payload + run: | + echo "==== EVENT NAME ====" + echo "${{ github.event_name }}" + echo "==== RAW CHECK_SUITE PAYLOAD ====" + echo '${{ toJson(github.event.check_suite) }}' + echo "==== PRs in this check suite ====" + echo '${{ toJson(github.event.check_suite.pull_requests) }}' auto-merge: @@ -58,7 +67,10 @@ jobs: - name: extract update type id: extract run: | - pr_title="${{ github.event.pull_request.title }}" + pr_number=${{ github.event.check_suite.pull_requests[0].number }} + # pr_title="${{ github.event.pull_request.title }}" + pr_title=$(gh pr view "$pr_number" --json title --jq .title) + echo "PR title: $pr_title" if [[ $pr_title == *"(major)"* ]]; then echo "update_type=major" >> $GITHUB_OUTPUT else From 940430de3031e498a617f73c11728ca404969d94 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 15:45:13 +0100 Subject: [PATCH 13/17] chore(depend): title getting --- .../automerge-dependabot-prs-into-collected-branch.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index d84eaa6..8386653 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -66,8 +66,12 @@ jobs: - name: extract update type id: extract + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + echo "get pr number" pr_number=${{ github.event.check_suite.pull_requests[0].number }} + echo "PR title: $pr_number" # pr_title="${{ github.event.pull_request.title }}" pr_title=$(gh pr view "$pr_number" --json title --jq .title) echo "PR title: $pr_title" From 02114f0ccd5b1213176080409162b0d2968cfcb1 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 16:31:07 +0100 Subject: [PATCH 14/17] chore(deps): refactor --- ...e-dependabot-prs-into-collected-branch.yml | 69 +++++-------- ...rs-into-collected-branch.yml-works-defunct | 99 +++++++++++++++++++ 2 files changed, 123 insertions(+), 45 deletions(-) create mode 100644 .github/workflows/automerge-dependabot-prs-into-collected-branch.yml-works-defunct diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 8386653..7e01694 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -1,16 +1,12 @@ # qqqq in development -# qqqq not getting the events # this script seperate major and minor but we do merge them into the same branch. # having two steps allows us to easily turn off major changes in future and then script them to their own branch and pipeline. name: auto-merge dependabot prs into collected branch on: - # pull_request: - # synchronize - # types: [opened, synchronize] - # branches: [Automatic_version_update_dependabot] # make sure this matches your actual branch name - check_suite: - types: [completed] - workflow_dispatch: + pull_request: + types: [opened, synchronize] + branches: [Automatic_version_update_dependabot] # make sure this matches your actual branch name + permissions: contents: write @@ -26,43 +22,33 @@ jobs: echo "actor: ${{ github.actor }}" echo "pr title: ${{ github.event.pull_request.title }}" echo "github event_name: ${{ github.event_name }}" - echo "github event_suite conlusion: ${{ github.event.check_suite.conclusion }}" echo "target branch: ${{ github.event.pull_request.base.ref }}" echo "source branch: ${{ github.event.pull_request.head.ref }}" - echo "Check Suite ID: ${{ github.event.check_suite.id }}" - echo "Conclusion: ${{ github.event.check_suite.conclusion }}" - echo "Target Branch: ${{ github.event.check_suite.pull_requests[0].base.ref }}" - echo "PR Number: ${{ github.event.check_suite.pull_requests[0].number }}" + echo "PR Number: ${{ github.event.pull_request.number }}" - name: Dump event payload run: | echo "==== EVENT NAME ====" echo "${{ github.event_name }}" - echo "==== RAW CHECK_SUITE PAYLOAD ====" - echo '${{ toJson(github.event.check_suite) }}' - echo "==== PRs in this check suite ====" - echo '${{ toJson(github.event.check_suite.pull_requests) }}' + echo "==== RAW PULL_REQUEST PAYLOAD ====" + echo '${{ toJson(github.event.pull_request) }}' - + # Branch rules ensure doesnt auto merge if shouldnt auto-merge: runs-on: ubuntu-latest - # if: github.event.check_suite.pull_requests[0].base.ref == 'main' - # if dependabot and checks ran - # if: (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') - # qqqq put back in later if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') - - - # qqqq add in after testing && github.actor == 'dependabot[bot]' - if: github.event.check_suite.conclusion == 'success' && github.event.check_suite.pull_requests[0].base.ref == 'Automatic_version_update_dependabot' + # qqqq add in after testing if: github.actor == 'dependabot[bot]' steps: - name: Checkout the repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 + + # - name: Set up GitHub CLI + # run: | + # # Install GitHub CLI (gh) + # sudo apt-get update + # sudo apt-get install gh - name: Set up GitHub CLI - run: | - # Install GitHub CLI (gh) - sudo apt-get update - sudo apt-get install gh + uses: github/gh-cli@v2 - name: extract update type id: extract @@ -70,10 +56,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | echo "get pr number" - pr_number=${{ github.event.check_suite.pull_requests[0].number }} - echo "PR title: $pr_number" - # pr_title="${{ github.event.pull_request.title }}" - pr_title=$(gh pr view "$pr_number" --json title --jq .title) + pr_title=${{ github.event.pull_request.title }} echo "PR title: $pr_title" if [[ $pr_title == *"(major)"* ]]; then echo "update_type=major" >> $GITHUB_OUTPUT @@ -83,18 +66,14 @@ jobs: - name: auto-merge minor and patch updates if: steps.extract.outputs.update_type == 'minor_or_patch' - # auto should set the the request to merge once checks complete - # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" - # run: gh pr merge --auto 1 - run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} + run: | + gh pr merge --auto --merge "${{ github.event.pull_request.number }}" env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: auto-merge major updates if: steps.extract.outputs.update_type == 'major' - # auto should set the the request to merge once checks complete - # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" - # run: gh pr merge --auto 1 - run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} + run: | + gh pr merge --auto --merge "${{ github.event.pull_request.number }}" env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml-works-defunct b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml-works-defunct new file mode 100644 index 0000000..4f20747 --- /dev/null +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml-works-defunct @@ -0,0 +1,99 @@ +# qqqq this does add auto merge but seems to trigger on the first set of checks git guardian (it seems), +# also it calls for checks not specifically for out branch +# so an approach based one the branch is likely better +name: auto-merge dependabot prs into collected branch +on: + # pull_request: + # synchronize + # types: [opened, synchronize] + # branches: [Automatic_version_update_dependabot] # make sure this matches your actual branch name + check_suite: + types: [completed] + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + checks: read + +jobs: + debug: + runs-on: ubuntu-latest + steps: + - name: debug info + run: | + echo "actor: ${{ github.actor }}" + echo "pr title: ${{ github.event.pull_request.title }}" + echo "github event_name: ${{ github.event_name }}" + echo "github event_suite conlusion: ${{ github.event.check_suite.conclusion }}" + echo "target branch: ${{ github.event.pull_request.base.ref }}" + echo "source branch: ${{ github.event.pull_request.head.ref }}" + echo "Check Suite ID: ${{ github.event.check_suite.id }}" + echo "Conclusion: ${{ github.event.check_suite.conclusion }}" + echo "Target Branch: ${{ github.event.check_suite.pull_requests[0].base.ref }}" + echo "PR Number: ${{ github.event.check_suite.pull_requests[0].number }}" + + - name: Dump event payload + run: | + echo "==== EVENT NAME ====" + echo "${{ github.event_name }}" + echo "==== RAW CHECK_SUITE PAYLOAD ====" + echo '${{ toJson(github.event.check_suite) }}' + echo "==== PRs in this check suite ====" + echo '${{ toJson(github.event.check_suite.pull_requests) }}' + + + auto-merge: + runs-on: ubuntu-latest + # if: github.event.check_suite.pull_requests[0].base.ref == 'main' + # if dependabot and checks ran + # if: (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') + # qqqq put back in later if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') + + + # qqqq add in after testing && github.actor == 'dependabot[bot]' + if: github.event.check_suite.conclusion == 'success' && github.event.check_suite.pull_requests[0].base.ref == 'Automatic_version_update_dependabot' + steps: + - name: Checkout the repository + uses: actions/checkout@v3 + + - name: Set up GitHub CLI + run: | + # Install GitHub CLI (gh) + sudo apt-get update + sudo apt-get install gh + + - name: extract update type + id: extract + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "get pr number" + pr_number=${{ github.event.check_suite.pull_requests[0].number }} + echo "PR title: $pr_number" + # pr_title="${{ github.event.pull_request.title }}" + pr_title=$(gh pr view "$pr_number" --json title --jq .title) + echo "PR title: $pr_title" + if [[ $pr_title == *"(major)"* ]]; then + echo "update_type=major" >> $GITHUB_OUTPUT + else + echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT + fi + + - name: auto-merge minor and patch updates + if: steps.extract.outputs.update_type == 'minor_or_patch' + # auto should set the the request to merge once checks complete + # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" + # run: gh pr merge --auto 1 + run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: auto-merge major updates + if: steps.extract.outputs.update_type == 'major' + # auto should set the the request to merge once checks complete + # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" + # run: gh pr merge --auto 1 + run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From 098a925a830a751c5c149fa577244551860b9b64 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 16:53:23 +0100 Subject: [PATCH 15/17] chore(dependabot): automerge --- ...e-dependabot-prs-into-collected-branch.yml | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 7e01694..b3c9f4a 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -5,7 +5,7 @@ name: auto-merge dependabot prs into collected branch on: pull_request: types: [opened, synchronize] - branches: [Automatic_version_update_dependabot] # make sure this matches your actual branch name + branches: [Automatic_version_update_dependabot] permissions: @@ -41,27 +41,26 @@ jobs: - name: Checkout the repository uses: actions/checkout@v4 - # - name: Set up GitHub CLI - # run: | - # # Install GitHub CLI (gh) - # sudo apt-get update - # sudo apt-get install gh - - name: Set up GitHub CLI - uses: github/gh-cli@v2 + run: | + # Install GitHub CLI (gh) + sudo apt-get update + sudo apt-get install gh - name: extract update type id: extract env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - echo "get pr number" - pr_title=${{ github.event.pull_request.title }} + echo "get pr title" + pr_title="${{ github.event.pull_request.title }}" echo "PR title: $pr_title" - if [[ $pr_title == *"(major)"* ]]; then + if [[ "$pr_title" == *"(major)"* ]]; then echo "update_type=major" >> $GITHUB_OUTPUT + echo "Detected major update" else echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT + echo "Detected minor or patch update" fi - name: auto-merge minor and patch updates From f97d61bb9c182ab00a81fb2ad6f4cab4f9a9e193 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 17:06:16 +0100 Subject: [PATCH 16/17] chore(deps): drop debug --- .../automerge-dependabot-prs-into-collected-branch.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index b3c9f4a..72b997e 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -25,13 +25,6 @@ jobs: echo "target branch: ${{ github.event.pull_request.base.ref }}" echo "source branch: ${{ github.event.pull_request.head.ref }}" echo "PR Number: ${{ github.event.pull_request.number }}" - - - name: Dump event payload - run: | - echo "==== EVENT NAME ====" - echo "${{ github.event_name }}" - echo "==== RAW PULL_REQUEST PAYLOAD ====" - echo '${{ toJson(github.event.pull_request) }}' # Branch rules ensure doesnt auto merge if shouldnt auto-merge: From 7972622e9d983b544cbf4658797483ecba999905 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 8 Sep 2025 11:12:08 +0100 Subject: [PATCH 17/17] chore(workflow): readme --- .github/workflows/workflow-readme.md | 58 +--------------------------- 1 file changed, 2 insertions(+), 56 deletions(-) diff --git a/.github/workflows/workflow-readme.md b/.github/workflows/workflow-readme.md index cef6cb3..f26f5c6 100644 --- a/.github/workflows/workflow-readme.md +++ b/.github/workflows/workflow-readme.md @@ -121,59 +121,5 @@ Via semantic release and recorded as a generate c# file used by a blazor compone ## Alternative Approaches - -name: Pull Request Checks - -# ⚠️ pull_request_target is dangerous it allows secrets to be used by forks and bots, ⚠️ -# ⚠️ we want dependabot only to be using these secrets so addition logic requires an "if" for every job ⚠️ -# We will restrict it by making pull_request_target only for the Automatic_version_update_dependabot and then use -# an if to ensure its only by dependabot - -on: - pull_request: - branches: ['**'] # Run on all branches - branches-ignore: ['dependabot/**'] # Skip Dependabot PRs - pull_request_target: - branches: ['Automatic_version_update_dependabot'] # Base branch for Dependabot PRs - workflow_dispatch: - -jobs: - dummy: - if: | - (github.actor == 'dependabot[bot]' && - startsWith(github.head_ref, 'dependabot/') && - github.event_name == 'pull_request_target') - || - (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request') - runs-on: ubuntu-latest - steps: - - name: Dummy Step - run: echo "This is a dummy job to allow workflow_dispatch" - - pull-request-call-reusable-ci-checks-workflow: - if: | - (github.actor == 'dependabot[bot]' && - startsWith(github.head_ref, 'dependabot/') && - github.event_name == 'pull_request_target') - || - (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request') - name: Pull Request run CI Checks - uses: ./.github/workflows/reuseable-ci-checks.yml - needs: dummy - with: - runall: true - - # could try secrets:inherit QQQQ - secrets: - UNITTESTS_APPSETTINGS_DEVELOPMENT: ${{ secrets.UNITTESTS_APPSETTINGS_DEVELOPMENT }} - WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT }} - WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT }} - WASMSERVERHOST_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOST_APPSETTINGS_DEVELOPMENT }} - TEL_GIT_PACKAGES_TOKEN: ${{secrets.NUGETKEY }} - - UNITTESTS_APPSETTINGS_PRODUCTION: ${{ secrets.UNITTESTS_APPSETTINGS_PRODUCTION }} - WASMSTATICCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_PRODUCTION }} - WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION }} - WASMSERVERHOST_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOST_APPSETTINGS_PRODUCTION }} - -``` +- dont use pull-request-target for security reasons if can avoid it and if do use ifs to control it based on what branch and who is calling the workflow +- can use secrets inherits might have been better for reuseable checks which because triggered by other workflows can directly access repo secrets instead need them passing