diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml new file mode 100644 index 00000000..60218729 --- /dev/null +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -0,0 +1,38 @@ +# This script seperate major and minor but we do merge them into the same branch. +# Having two steps allows us to easily turn off major changes in future and then script them to their own branch and pipeline. +name: Auto-merge Dependabot PRs into collected branch +on: + pull_request: + types: [opened, synchronize] + branches: [Automatic_version_update_dependabot] # Make sure this matches your actual branch name + +permissions: + contents: write + pull-requests: write + +jobs: + auto-merge: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Extract update type + id: extract + run: | + PR_TITLE="${{ github.event.pull_request.title }}" + if [[ $PR_TITLE == *"(major)"* ]]; then + echo "update_type=major" >> $GITHUB_OUTPUT + else + echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT + fi + + - name: Auto-merge minor and patch updates + if: steps.extract.outputs.update_type == 'minor_or_patch' + run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Auto-merge major updates + if: steps.extract.outputs.update_type == 'major' + run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/automerge-passing-minor-patch-dependabot-prs.yml b/.github/workflows/automerge-passing-minor-patch-dependabot-prs.yml deleted file mode 100644 index f07615dd..00000000 --- a/.github/workflows/automerge-passing-minor-patch-dependabot-prs.yml +++ /dev/null @@ -1,59 +0,0 @@ -# The intention is minor and patch should be merged into the dependabot branch automatically - -name: Dependabot Auto-Merge - -on: - pull_request: - branches: [ Automatic_version_update_dependabot ] - -permissions: - contents: write - pull-requests: write - -jobs: - # works alongside branch protection rules - auto-merge-minor-and-patch: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: extract update type - id: extract - run: | - pr_title="${{ github.event.pull_request.title }}" - if [[ $pr_title == *"(major)"* ]]; then - echo "update_type=major" >> $github_output - else - echo "update_type=minor_or_patch" >> $github_output - fi - - - name: set up github cli - uses: cli/cli-action@v2 - - - name: auto-merge non-major updates - if: ${{ steps.extract.outputs.update_type == 'minor_or_patch' }} - run: gh pr merge --auto --merge "$pr_url" - env: - pr_url: ${{ github.event.pull_request.html_url }} - github_token: ${{ secrets.github_token }} - - auto-merge-major: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Extract update type - id: extract - run: | - PR_TITLE="${{ github.event.pull_request.title }}" - if [[ $PR_TITLE == *"(major)"* ]]; then - echo "update_type=major" >> $GITHUB_OUTPUT - else - echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT - - name: Set up GitHub CLI - uses: cli/cli-action@v2 - - - name: Auto-merge major updates - if: ${{ steps.extract.outputs.update_type == 'major' }} - run: gh pr merge --auto --merge "$PR_URL" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/collected-dependabot-staging-to-master.yml b/.github/workflows/collected-dependabot-staging-to-master.yml new file mode 100644 index 00000000..822ba311 --- /dev/null +++ b/.github/workflows/collected-dependabot-staging-to-master.yml @@ -0,0 +1,48 @@ +name: Collected Dependabot Promotion From Staging To Master +on: + schedule: + # we want the opposite weeks to staging so we get a week where it occurs in manual testing + - cron: '0 9 8-14 * 1' # Second Monday of month + - cron: '0 9 22-28 * 1' # Fourth Monday of month + workflow_dispatch: + +jobs: + promote-to-master: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check for changes + id: changes + run: | + git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging + git fetch origin master:master # or main/master - whatever your prod branch is + + if git diff --quiet master Automatic_collected_dependabot_staging; then + echo "has_changes=false" >> $GITHUB_OUTPUT + else + echo "has_changes=true" >> $GITHUB_OUTPUT + fi + + - name: Create PR to master + if: steps.changes.outputs.has_changes == 'true' + run: | + if gh pr list --head Automatic_collected_dependabot_staging --base master --json number --jq '.[0].number' | grep -q .; then + echo "PR already exists, skipping creation" + else + gh pr create \ + --base master \ + --head Automatic_collected_dependabot_staging \ + --title "Fortnightly dependabot collected master promotion - $(date +%Y-%m-%d)" \ + --body "Automated weekly promotion from staging to master after testing period" \ + --auto-merge \ + --merge + fi + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/collected-dependabot-to-staging.yml b/.github/workflows/collected-dependabot-to-staging.yml new file mode 100644 index 00000000..4306f22d --- /dev/null +++ b/.github/workflows/collected-dependabot-to-staging.yml @@ -0,0 +1,45 @@ +name: Dependabot Collected Promotion To Staging +# this logic will require branch ruleset checks of running the dev pipeline +on: + schedule: + # Promotion from staging to release should be a week apart so alternating weeks (also live updates dangerous) + - cron: '0 9 1-7 * 1' # First Monday of month + - cron: '0 9 15-21 * 1' # Third Monday of month + workflow_dispatch: # Allow manual trigger + +jobs: + promote-to-automatic-collected-dependabot-staging: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check for changes + id: changes + run: | + git fetch origin Automatic_version_update_dependabot:Automatic_version_update_dependabot + git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging + + if git diff --quiet Automatic_collected_dependabot_staging Automatic_version_update_dependabot; then + echo "has_changes=false" >> $GITHUB_OUTPUT + else + echo "has_changes=true" >> $GITHUB_OUTPUT + fi + + - name: Create PR to Automatic_collected_dependabot_staging + if: steps.changes.outputs.has_changes == 'true' + run: | + gh pr create \ + --base Automatic_collected_dependabot_staging \ + --head Automatic_version_update_dependabot \ + --title "Fortnightly dependabot collected to staging - $(date +%Y-%m-%d)" \ + --body "Automated Fortnightly promotion of dependency updates from dependabot" \ + --auto-merge \ + --merge + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index ab4a1d9f..630ea527 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -4,6 +4,10 @@ on: branches-ignore: - 'main' - 'master' + # We currently dont intend to test the showcase per package bump so wont run for package bumps + # we will run on the collected bumps merging though + - 'dependabot/**' + workflow_dispatch: permissions: @@ -83,15 +87,40 @@ jobs: echo "Semantic Release packages installed." npm ls --depth=0 # Debug: List installed packages - #configured with .releaseserc + # Configured with .releaseserc # Dry run we are not versioning the repo - name: Run dev semantic version (None Blocking) id: detect_semantic_version run: | + echo "error catch run of semver first to get any error detail on config issues" + set +e + SEMVER_OUTPUT_RAW_ERROR_CHECK=$(npx semantic-release --dry-run 2> /tmp/semantic-release-errors.log) + STATUS_ERROR_CHECK=$? + + # Now you can check the status and log the error messages if an error occurred + if [ $STATUS_ERROR_CHECK -ne 0 ]; then + echo "❌ Semantic release failed with exit code $STATUS_ERROR_CHECK." + echo "❌ Error output:" + cat /tmp/semantic-release-errors.log + else + echo "✅ Semantic Ouput success : $SEMVER_OUTPUT_RAW_ERROR_CHECK " + echo "✅ Error on success : $STATUS_ERROR_CHECK" + fi + + set -e + echo "running semantic-release" - SEMVER_OUTPUT_RAW=$(npx semantic-release --dry-run 2>&1) - STATUS=$? + semver_output_raw=$(npx semantic-release --dry-run 2>&1) + status=$? + + # Now you can check the status and log the error messages if an error occurred + if [ $STATUS -ne 0 ]; then + echo "Semantic release failed with exit code $STATUS." + echo "Error output:" + cat /tmp/semantic-release-errors.log + fi + echo "status = $STATUS" echo "$SEMVER_OUTPUT_RAW" @@ -357,5 +386,4 @@ jobs: -H "Authorization: Bearer $TEL_GIT_PACKAGES_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/$repo_owner/$repo_name/dispatches \ - -d "{\"event_type\": \"$event_type\", \"client_payload\": {\"artifact_url\": \"$artifact_url\"}}" - + -d "{\"event_type\": \"$event_type\", \"client_payload\": {\"artifact_url\": \"$artifact_url\"}}" \ No newline at end of file diff --git a/.github/workflows/reuseable-ci-checks.yml b/.github/workflows/reuseable-ci-checks.yml index a875f2c7..172443c2 100644 --- a/.github/workflows/reuseable-ci-checks.yml +++ b/.github/workflows/reuseable-ci-checks.yml @@ -202,7 +202,7 @@ jobs: run: | BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}" echo "Branch name: $BRANCH_NAME" - if [[ "$BRANCH_NAME" =~ ^dependabot/ ]]; then + if [[ "$BRANCH_NAME" =~ ^dependabot/ ]] || [[ "$AUTHOR_NAME" == "dependabot[bot]" ]] || [[ "$COMMIT_MSG" =~ ^Bump ]]; then echo "✅ Branch is a dependabot branch - skipping commitlint ✅" echo "skip=true" >> $GITHUB_OUTPUT else diff --git a/.github/workflows/workflow-readme.md b/.github/workflows/workflow-readme.md index fe8b3c33..e0082239 100644 --- a/.github/workflows/workflow-readme.md +++ b/.github/workflows/workflow-readme.md @@ -81,7 +81,10 @@ The individual steps also automatically pass so can see if any error at the end # Notes - doesnt run easily with nektos act due to git ref checks and calling other workflows - for tests use the run-tests-and-report-with-env-values.ps1 file - +- dependabot duplicates tokens using dependabot secrets including write so can run checks +- autoverging is being tried for major and minor +- branch checks must pass for merge on automated_version +- checks required but overrideable for all workflows ## Versioning Via semantic release and recorded as a generate c# file used by a blazor component diff --git a/.gitignore b/.gitignore index b8fe7c84..fad9453a 100644 --- a/.gitignore +++ b/.gitignore @@ -236,3 +236,4 @@ TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/Logs/* # Generated version info files TELBlazor.Components/TELBlazorPackageVersion/VersionInfo*.cs +/.github/workflows/test.yml diff --git a/.releaserc.json b/.releaserc.json index d7dbe063..2296f12b 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -6,6 +6,10 @@ { "name": "Automatic_version_update_dependabot" }, + { + "name": "Automatic_collected_dependabot_staging", + "prerelease": "dependabot-staging" + }, { "name": "feat-*", "prerelease": true diff --git a/README.md b/README.md index 220db0af..404d9b3d 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,7 @@ the ability to produce static prerendered html. The prerendered html is written - enter the variable names and variable values as follows: - GITHUB_USERNAME / [Your GitHub username] - TEL_GIT_PACKAGES_TOKEN / [The copied token] + - LOCAL_PACKAGES_PATH / [Path to your local packages folder] - then select **OK** - select **OK** again to close all dialogs. - **Restore Nuget, Npm, Tooling, playwright and build:**