From 4d2414cad3f55dc073d7f89c270238a0c7425a68 Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Tue, 4 Mar 2025 15:23:16 +0000 Subject: [PATCH 01/21] chore(commitlint): Remove unused types (#163) Signed-off-by: Chris Harrison <36608309+chris3ware@users.noreply.github.com> --- .commitlintrc.json | 14 +------------- .renovaterc.json => .renovaterc.json5 | 0 2 files changed, 1 insertion(+), 13 deletions(-) rename .renovaterc.json => .renovaterc.json5 (100%) diff --git a/.commitlintrc.json b/.commitlintrc.json index 311c351..9b352a8 100644 --- a/.commitlintrc.json +++ b/.commitlintrc.json @@ -34,19 +34,7 @@ "type-enum": [ 2, "always", - [ - "build", - "chore", - "ci", - "docs", - "feat", - "fix", - "perf", - "refactor", - "revert", - "style", - "test" - ] + ["chore", "ci", "docs", "feat", "fix", "refactor"] ] } } diff --git a/.renovaterc.json b/.renovaterc.json5 similarity index 100% rename from .renovaterc.json rename to .renovaterc.json5 From 016d847b4c400c7cfd923888824782912358bc31 Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Wed, 5 Mar 2025 15:54:49 +0000 Subject: [PATCH 02/21] fix(pr-title): Remove unecessary `if always` conditions (#169) --- .github/workflows/pr-title.yaml | 6 +++--- .github/workflows/wait-for-checks.yaml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml index a8caf2f..3313886 100644 --- a/.github/workflows/pr-title.yaml +++ b/.github/workflows/pr-title.yaml @@ -2,7 +2,7 @@ name: Validate PR title on: pull_request: - types: [opened, edited, reopened, synchronize] + types: [opened, edited, reopened] branches: [main] workflow_call: {} @@ -119,7 +119,7 @@ jobs: - name: Delete PR comment on resolution # Delete comment if the error message is null or the PR title is the correct length - if: ${{ always() && steps.validate-pr-title.outputs.error_message == null }} + if: ${{ steps.validate-pr-title.outputs.error_message == null }} uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 with: header: pr-title-error @@ -127,7 +127,7 @@ jobs: - name: Summary with valid title # A length check is not required here because the validate-pr-title step will only run if the title is less than or equal to the max length - if: ${{ always() && steps.validate-pr-title.outputs.error_message == null }} + if: ${{ steps.validate-pr-title.outputs.error_message == null }} run: | echo "### :white_check_mark: Pull Request title is valid" >> $GITHUB_STEP_SUMMARY echo "The pull request title conforms to the conventional commit specification." >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/wait-for-checks.yaml b/.github/workflows/wait-for-checks.yaml index aeaf205..ec32f12 100644 --- a/.github/workflows/wait-for-checks.yaml +++ b/.github/workflows/wait-for-checks.yaml @@ -2,7 +2,7 @@ name: Checks on: pull_request: - types: [opened, edited, reopened, synchronize] + types: [opened, reopened, synchronize] branches: [main] workflow_call: {} @@ -34,6 +34,7 @@ jobs: # Approve PR raised by 3ware-release[bot] to upgrade trunk on trunk branches # after all checks have passed. auto-approve-pr: + # TODO: Add terraform app to actor, maybe project/** to branch as well if: ${{ github.actor == '3ware-release[bot]' && github.head_ref == 'trunk-io/update-trunk' }} needs: [enforce-all-checks] runs-on: ubuntu-latest From 2a13e853e28d09ef3817b19eba0633957acef9a1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 5 Mar 2025 15:55:54 +0000 Subject: [PATCH 03/21] chore(release): version 4.11.1 [skip ci] ## [4.11.1](https://github.com/3ware/workflows/compare/v4.11.0...v4.11.1) (2025-03-05) ### Bug Fixes * **pr-title:** Remove unecessary `if always` conditions ([#169](https://github.com/3ware/workflows/issues/169)) ([016d847](https://github.com/3ware/workflows/commit/016d847b4c400c7cfd923888824782912358bc31)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6afbe95..b0fc25e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.11.1](https://github.com/3ware/workflows/compare/v4.11.0...v4.11.1) (2025-03-05) + + +### Bug Fixes + +* **pr-title:** Remove unecessary `if always` conditions ([#169](https://github.com/3ware/workflows/issues/169)) ([016d847](https://github.com/3ware/workflows/commit/016d847b4c400c7cfd923888824782912358bc31)) + ## [4.11.0](https://github.com/3ware/workflows/compare/v4.10.0...v4.11.0) (2025-02-26) From e39a749c3b5e05c64284ae24d889fde4eea88ed5 Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Wed, 5 Mar 2025 16:06:36 +0000 Subject: [PATCH 04/21] refactor(pr-title): Get commit types from commitlint configuration (#170) --- .github/workflows/pr-title.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml index 3313886..a91186a 100644 --- a/.github/workflows/pr-title.yaml +++ b/.github/workflows/pr-title.yaml @@ -70,14 +70,19 @@ jobs: - name: Checkout repository uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - - name: Get commitlint scopes from configuration file - id: commit_scope + - name: Get attributes from commitlint configuration file + id: commitlint run: | { echo 'COMMIT_SCOPES<> "$GITHUB_ENV" + { + echo 'COMMIT_TYPES<> "$GITHUB_ENV" - name: Validate PR title conforms to conventional spec id: validate-pr-title @@ -87,6 +92,8 @@ jobs: # https://github.com/amannn/action-semantic-pull-request/issues/248 uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 with: + types: | + ${{ env.COMMIT_TYPES }} requireScope: true scopes: | ${{ env.COMMIT_SCOPES }} From bc931d1da784e8e4147a83343db5720539e70dbc Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 5 Mar 2025 16:07:26 +0000 Subject: [PATCH 05/21] chore(release): version 4.12.0 [skip ci] ## [4.12.0](https://github.com/3ware/workflows/compare/v4.11.1...v4.12.0) (2025-03-05) ### Enhancement * **pr-title:** Get commit types from commitlint configuration ([#170](https://github.com/3ware/workflows/issues/170)) ([e39a749](https://github.com/3ware/workflows/commit/e39a749c3b5e05c64284ae24d889fde4eea88ed5)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b0fc25e..6bc329b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.12.0](https://github.com/3ware/workflows/compare/v4.11.1...v4.12.0) (2025-03-05) + + +### Enhancement + +* **pr-title:** Get commit types from commitlint configuration ([#170](https://github.com/3ware/workflows/issues/170)) ([e39a749](https://github.com/3ware/workflows/commit/e39a749c3b5e05c64284ae24d889fde4eea88ed5)) + ## [4.11.1](https://github.com/3ware/workflows/compare/v4.11.0...v4.11.1) (2025-03-05) From 9c6cac70a8d306d5d1bbef1dcb789fd7adc33b6c Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Thu, 6 Mar 2025 16:13:10 +0000 Subject: [PATCH 06/21] feat(pr-check): Create pr-check workflow (#172) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .commitlintrc.json | 1 + .github/workflows/pr-check.yaml | 23 +++++++++++++++++++++++ .github/workflows/pr-title.yaml | 6 ++---- .github/workflows/wait-for-checks.yaml | 6 +----- 4 files changed, 27 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/pr-check.yaml diff --git a/.commitlintrc.json b/.commitlintrc.json index 9b352a8..05a3caa 100644 --- a/.commitlintrc.json +++ b/.commitlintrc.json @@ -16,6 +16,7 @@ "delete-run", "dep-review", "get-token", + "pr-check", "pr-title", "ossf", "release", diff --git a/.github/workflows/pr-check.yaml b/.github/workflows/pr-check.yaml new file mode 100644 index 0000000..44c5c0b --- /dev/null +++ b/.github/workflows/pr-check.yaml @@ -0,0 +1,23 @@ +name: PR Check +on: + pull_request: + types: [opened, edited, reopened, synchronize] + +# Disable permissions for all available scopes +permissions: {} + +jobs: + validate-pr-title: + name: Validate PR title + permissions: + contents: read + pull-requests: write + uses: 3ware/workflows/.github/workflows/pr-title.yaml@feat-pr-title-recheck + + enforce-all-checks: + name: Checks + needs: [validate-pr-title] + permissions: + checks: read + uses: 3ware/workflows/.github/workflows/wait-for-checks.yaml@61d14ca4e861fc9c11acacc7d80a10a78775a4e3 # 4.11.0 + secrets: inherit diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml index a91186a..ff82e95 100644 --- a/.github/workflows/pr-title.yaml +++ b/.github/workflows/pr-title.yaml @@ -1,9 +1,6 @@ name: Validate PR title on: - pull_request: - types: [opened, edited, reopened] - branches: [main] workflow_call: {} # Disable permissions for all available scopes @@ -50,7 +47,7 @@ jobs: Please update the title to be ${{ env.MAX_PR_TITLE_LENGTH }} characters or less. If you need help, feel free to ask! 😊 - - name: Exit if PR title is too long + - name: Long title summary if: ${{ fromJson(env.PR_TITLE_LENGTH) > fromJson(env.MAX_PR_TITLE_LENGTH) }} run: | echo "### :x: Pull Request title is invalid" >> $GITHUB_STEP_SUMMARY @@ -127,6 +124,7 @@ jobs: - name: Delete PR comment on resolution # Delete comment if the error message is null or the PR title is the correct length if: ${{ steps.validate-pr-title.outputs.error_message == null }} + id: delete-comment uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 with: header: pr-title-error diff --git a/.github/workflows/wait-for-checks.yaml b/.github/workflows/wait-for-checks.yaml index ec32f12..16c70f0 100644 --- a/.github/workflows/wait-for-checks.yaml +++ b/.github/workflows/wait-for-checks.yaml @@ -1,9 +1,6 @@ name: Checks on: - pull_request: - types: [opened, reopened, synchronize] - branches: [main] workflow_call: {} # Disable permissions for all available scopes @@ -26,10 +23,9 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} # check run "auto-approve-pr" is completed with conclusion "cancelled" (unsuccessful) when skipped # auto-approve-pr should run on the conclusion of enforce-all-checks, so checks should not check for auto-approve-pr - ignore: auto-approve-pr # ignore any pattern before '/ enforce-all-checks' for calling workflows # For example if the calling workflow job name is 'Checks' the path to ignore is 'Checks / enforce-all-checks' - ignore_pattern: .*\/ enforce-all-checks + ignore_pattern: .*\/ (enforce-all-checks|auto-approve-pr) # Approve PR raised by 3ware-release[bot] to upgrade trunk on trunk branches # after all checks have passed. From 0bd5c5d052b31311b5f841f71f113260df047181 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 6 Mar 2025 16:13:53 +0000 Subject: [PATCH 07/21] chore(release): version 4.13.0 [skip ci] ## [4.13.0](https://github.com/3ware/workflows/compare/v4.12.0...v4.13.0) (2025-03-06) ### Features * **pr-check:** Create pr-check workflow ([#172](https://github.com/3ware/workflows/issues/172)) ([9c6cac7](https://github.com/3ware/workflows/commit/9c6cac70a8d306d5d1bbef1dcb789fd7adc33b6c)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6bc329b..5f28be5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.13.0](https://github.com/3ware/workflows/compare/v4.12.0...v4.13.0) (2025-03-06) + + +### Features + +* **pr-check:** Create pr-check workflow ([#172](https://github.com/3ware/workflows/issues/172)) ([9c6cac7](https://github.com/3ware/workflows/commit/9c6cac70a8d306d5d1bbef1dcb789fd7adc33b6c)) + ## [4.12.0](https://github.com/3ware/workflows/compare/v4.11.1...v4.12.0) (2025-03-05) From 2356929a8b79f60f6e30a5c34e95035de2f33903 Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Thu, 6 Mar 2025 16:25:43 +0000 Subject: [PATCH 08/21] refactor(checks): Add condition to auto-approve 3ware-terraform PRs (#173) --- .github/workflows/pr-check.yaml | 2 +- .github/workflows/wait-for-checks.yaml | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pr-check.yaml b/.github/workflows/pr-check.yaml index 44c5c0b..290ad39 100644 --- a/.github/workflows/pr-check.yaml +++ b/.github/workflows/pr-check.yaml @@ -12,7 +12,7 @@ jobs: permissions: contents: read pull-requests: write - uses: 3ware/workflows/.github/workflows/pr-title.yaml@feat-pr-title-recheck + uses: 3ware/workflows/.github/workflows/pr-title.yaml@0bd5c5d052b31311b5f841f71f113260df047181 # 4.13.0 enforce-all-checks: name: Checks diff --git a/.github/workflows/wait-for-checks.yaml b/.github/workflows/wait-for-checks.yaml index 16c70f0..08c8777 100644 --- a/.github/workflows/wait-for-checks.yaml +++ b/.github/workflows/wait-for-checks.yaml @@ -27,11 +27,12 @@ jobs: # For example if the calling workflow job name is 'Checks' the path to ignore is 'Checks / enforce-all-checks' ignore_pattern: .*\/ (enforce-all-checks|auto-approve-pr) - # Approve PR raised by 3ware-release[bot] to upgrade trunk on trunk branches - # after all checks have passed. + # Approve PR raised by 3ware-release[bot] to upgrade trunk on trunk branches or by 3ware-terraform[bot] on project branches + # This job will only run if enforce-all-checks job has passed successfully. auto-approve-pr: - # TODO: Add terraform app to actor, maybe project/** to branch as well - if: ${{ github.actor == '3ware-release[bot]' && github.head_ref == 'trunk-io/update-trunk' }} + if: | + ( github.actor == '3ware-release[bot]' && github.head_ref == 'trunk-io/update-trunk') || + ( github.actor == '3ware-terraform[bot]' && github.head_ref == 'project/**') needs: [enforce-all-checks] runs-on: ubuntu-latest timeout-minutes: 5 From fbeb3bb506c61e0d263c6b7dd4cb57c76923001b Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 6 Mar 2025 16:26:23 +0000 Subject: [PATCH 09/21] chore(release): version 4.14.0 [skip ci] ## [4.14.0](https://github.com/3ware/workflows/compare/v4.13.0...v4.14.0) (2025-03-06) ### Enhancement * **checks:** Add condition to auto-approve 3ware-terraform PRs ([#173](https://github.com/3ware/workflows/issues/173)) ([2356929](https://github.com/3ware/workflows/commit/2356929a8b79f60f6e30a5c34e95035de2f33903)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f28be5..1282f4a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.14.0](https://github.com/3ware/workflows/compare/v4.13.0...v4.14.0) (2025-03-06) + + +### Enhancement + +* **checks:** Add condition to auto-approve 3ware-terraform PRs ([#173](https://github.com/3ware/workflows/issues/173)) ([2356929](https://github.com/3ware/workflows/commit/2356929a8b79f60f6e30a5c34e95035de2f33903)) + ## [4.13.0](https://github.com/3ware/workflows/compare/v4.12.0...v4.13.0) (2025-03-06) From e939dec8ea5398b382dbd2d4d4a413d938c755f3 Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Fri, 7 Mar 2025 13:28:34 +0000 Subject: [PATCH 10/21] fix(checks): Add `startsWith` auto-approve-pr condition (#174) --- .github/workflows/wait-for-checks.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/wait-for-checks.yaml b/.github/workflows/wait-for-checks.yaml index 08c8777..068957d 100644 --- a/.github/workflows/wait-for-checks.yaml +++ b/.github/workflows/wait-for-checks.yaml @@ -28,11 +28,13 @@ jobs: ignore_pattern: .*\/ (enforce-all-checks|auto-approve-pr) # Approve PR raised by 3ware-release[bot] to upgrade trunk on trunk branches or by 3ware-terraform[bot] on project branches - # This job will only run if enforce-all-checks job has passed successfully. + # This job will only run if enforce-all-checks job has passed successfully on pull requests. This workflow could be called by + # a merge_group event: in this case it should not run auto-approve-pr: if: | + github.event_name == 'pull_request' && ( github.actor == '3ware-release[bot]' && github.head_ref == 'trunk-io/update-trunk') || - ( github.actor == '3ware-terraform[bot]' && github.head_ref == 'project/**') + ( github.actor == '3ware-terraform[bot]' && startsWith(github.head_ref, 'project/')) needs: [enforce-all-checks] runs-on: ubuntu-latest timeout-minutes: 5 From 2a21f74e677a0701b8ab17539810c9897e278b34 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 7 Mar 2025 13:29:12 +0000 Subject: [PATCH 11/21] chore(release): version 4.14.1 [skip ci] ## [4.14.1](https://github.com/3ware/workflows/compare/v4.14.0...v4.14.1) (2025-03-07) ### Bug Fixes * **checks:** Add `startsWith` auto-approve-pr condition ([#174](https://github.com/3ware/workflows/issues/174)) ([e939dec](https://github.com/3ware/workflows/commit/e939dec8ea5398b382dbd2d4d4a413d938c755f3)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1282f4a..d1339b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.14.1](https://github.com/3ware/workflows/compare/v4.14.0...v4.14.1) (2025-03-07) + + +### Bug Fixes + +* **checks:** Add `startsWith` auto-approve-pr condition ([#174](https://github.com/3ware/workflows/issues/174)) ([e939dec](https://github.com/3ware/workflows/commit/e939dec8ea5398b382dbd2d4d4a413d938c755f3)) + ## [4.14.0](https://github.com/3ware/workflows/compare/v4.13.0...v4.14.0) (2025-03-06) From 3ad7cb08256b65e043462ab1df038993123f092d Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Sun, 9 Mar 2025 06:18:16 +0000 Subject: [PATCH 12/21] ci(pr-check): Use `pull_request_target` event (#177) --- .github/workflows/pr-check.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-check.yaml b/.github/workflows/pr-check.yaml index 290ad39..b7fecf1 100644 --- a/.github/workflows/pr-check.yaml +++ b/.github/workflows/pr-check.yaml @@ -1,6 +1,6 @@ name: PR Check on: - pull_request: + pull_request_target: types: [opened, edited, reopened, synchronize] # Disable permissions for all available scopes From 37327f029989e2d8b94cb3a68bd78ca8ddf809ce Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Sun, 9 Mar 2025 06:35:59 +0000 Subject: [PATCH 13/21] fix(workflows): Add prefix to concurrency group names (#178) --- .github/workflows/pr-title.yaml | 2 +- .github/workflows/wait-for-checks.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml index ff82e95..4a30f7c 100644 --- a/.github/workflows/pr-title.yaml +++ b/.github/workflows/pr-title.yaml @@ -7,7 +7,7 @@ on: permissions: {} concurrency: - group: ${{ github.workflow }}-${{ github.head_ref }} + group: pr-title-${{ github.workflow }}-${{ github.head_ref }} cancel-in-progress: true defaults: diff --git a/.github/workflows/wait-for-checks.yaml b/.github/workflows/wait-for-checks.yaml index 068957d..9eb1e4a 100644 --- a/.github/workflows/wait-for-checks.yaml +++ b/.github/workflows/wait-for-checks.yaml @@ -7,7 +7,7 @@ on: permissions: {} concurrency: - group: ${{ github.workflow }}-${{ github.head_ref }} + group: checks-${{ github.workflow }}-${{ github.head_ref }} cancel-in-progress: true jobs: From f42bfaf0a55b63058bc8ea0fab1cfc5dad4cadc8 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 9 Mar 2025 06:36:39 +0000 Subject: [PATCH 14/21] chore(release): version 4.14.2 [skip ci] ## [4.14.2](https://github.com/3ware/workflows/compare/v4.14.1...v4.14.2) (2025-03-09) ### Bug Fixes * **workflows:** Add prefix to concurrency group names ([#178](https://github.com/3ware/workflows/issues/178)) ([37327f0](https://github.com/3ware/workflows/commit/37327f029989e2d8b94cb3a68bd78ca8ddf809ce)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d1339b7..750a7b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.14.2](https://github.com/3ware/workflows/compare/v4.14.1...v4.14.2) (2025-03-09) + + +### Bug Fixes + +* **workflows:** Add prefix to concurrency group names ([#178](https://github.com/3ware/workflows/issues/178)) ([37327f0](https://github.com/3ware/workflows/commit/37327f029989e2d8b94cb3a68bd78ca8ddf809ce)) + ## [4.14.1](https://github.com/3ware/workflows/compare/v4.14.0...v4.14.1) (2025-03-07) From 849449ff64602e1c00e67b456a01d53d11d41bcd Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Sun, 9 Mar 2025 06:50:28 +0000 Subject: [PATCH 15/21] refactor(dep-review): Enable pr comment summary (#179) --- .github/workflows/dependency-review.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index eede5c4..6414083 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -6,7 +6,7 @@ # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement name: Dependency Review on: - pull_request: + pull_request_target: types: [opened, reopened, synchronize] branches: [main] @@ -21,6 +21,7 @@ jobs: dependency-review: permissions: contents: read + pull-requests: write runs-on: ubuntu-latest timeout-minutes: 10 steps: @@ -28,3 +29,6 @@ jobs: uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Dependency Review uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 + with: + comment-summary-in-pr: always + fail-on-severity: high From 78b1254935cec5bba0f43b8788ad34c87387f72a Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 9 Mar 2025 06:51:08 +0000 Subject: [PATCH 16/21] chore(release): version 4.15.0 [skip ci] ## [4.15.0](https://github.com/3ware/workflows/compare/v4.14.2...v4.15.0) (2025-03-09) ### Enhancement * **dep-review:** Enable pr comment summary ([#179](https://github.com/3ware/workflows/issues/179)) ([849449f](https://github.com/3ware/workflows/commit/849449ff64602e1c00e67b456a01d53d11d41bcd)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 750a7b4..9a4ac33 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.15.0](https://github.com/3ware/workflows/compare/v4.14.2...v4.15.0) (2025-03-09) + + +### Enhancement + +* **dep-review:** Enable pr comment summary ([#179](https://github.com/3ware/workflows/issues/179)) ([849449f](https://github.com/3ware/workflows/commit/849449ff64602e1c00e67b456a01d53d11d41bcd)) + ## [4.14.2](https://github.com/3ware/workflows/compare/v4.14.1...v4.14.2) (2025-03-09) From 729744b34ff420150dc6855f3b2428e6bcde07fe Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Sun, 9 Mar 2025 14:35:57 +0000 Subject: [PATCH 17/21] fix(dep-review): Disable persist-credentials for checkout (#180) --- .github/workflows/dependency-review.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index 6414083..d00ef83 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -27,6 +27,9 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + with: + persist-credentials: false + - name: Dependency Review uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 with: From 00ec3367b300beacba7ec64b1e4cc784d496d983 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 9 Mar 2025 14:36:38 +0000 Subject: [PATCH 18/21] chore(release): version 4.15.1 [skip ci] ## [4.15.1](https://github.com/3ware/workflows/compare/v4.15.0...v4.15.1) (2025-03-09) ### Bug Fixes * **dep-review:** Disable persist-credentials for checkout ([#180](https://github.com/3ware/workflows/issues/180)) ([729744b](https://github.com/3ware/workflows/commit/729744b34ff420150dc6855f3b2428e6bcde07fe)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a4ac33..78fa138 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [4.15.1](https://github.com/3ware/workflows/compare/v4.15.0...v4.15.1) (2025-03-09) + + +### Bug Fixes + +* **dep-review:** Disable persist-credentials for checkout ([#180](https://github.com/3ware/workflows/issues/180)) ([729744b](https://github.com/3ware/workflows/commit/729744b34ff420150dc6855f3b2428e6bcde07fe)) + ## [4.15.0](https://github.com/3ware/workflows/compare/v4.14.2...v4.15.0) (2025-03-09) From f1840d4ce81208a790b1b48be27a69a018e0f1b6 Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Sun, 9 Mar 2025 18:45:50 +0000 Subject: [PATCH 19/21] ci(delete-run): Add workflow dispatch event trigger (#184) --- .github/workflows/delete-workflow-run.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/delete-workflow-run.yaml b/.github/workflows/delete-workflow-run.yaml index 1aca6fd..6ceca37 100644 --- a/.github/workflows/delete-workflow-run.yaml +++ b/.github/workflows/delete-workflow-run.yaml @@ -2,6 +2,7 @@ name: Delete old workflow runs on: schedule: - cron: 0 0 1 * * + workflow_dispatch: {} # Disable permissions for all available scopes permissions: {} @@ -24,4 +25,4 @@ jobs: token: ${{ github.token }} repository: ${{ github.repository }} retain_days: 90 - keep_minimum_runs: 14 + keep_minimum_runs: 6 From 48d83ea1c2248158f1b81f07532311f4417ae7e7 Mon Sep 17 00:00:00 2001 From: Chris Harrison <36608309+chris3ware@users.noreply.github.com> Date: Mon, 10 Mar 2025 16:16:18 +0000 Subject: [PATCH 20/21] ci(pr-check): Disable auto-approve job (#185) --- .github/workflows/wait-for-checks.yaml | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/.github/workflows/wait-for-checks.yaml b/.github/workflows/wait-for-checks.yaml index 9eb1e4a..4d3a4ec 100644 --- a/.github/workflows/wait-for-checks.yaml +++ b/.github/workflows/wait-for-checks.yaml @@ -30,17 +30,14 @@ jobs: # Approve PR raised by 3ware-release[bot] to upgrade trunk on trunk branches or by 3ware-terraform[bot] on project branches # This job will only run if enforce-all-checks job has passed successfully on pull requests. This workflow could be called by # a merge_group event: in this case it should not run - auto-approve-pr: - if: | - github.event_name == 'pull_request' && - ( github.actor == '3ware-release[bot]' && github.head_ref == 'trunk-io/update-trunk') || - ( github.actor == '3ware-terraform[bot]' && startsWith(github.head_ref, 'project/')) - needs: [enforce-all-checks] - runs-on: ubuntu-latest - timeout-minutes: 5 - steps: - - name: Auto Approve PR - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 - with: - github-token: ${{ secrets.PR_APPROVAL_PAT }} - review-message: All checks passed. Auto Approved. + # auto-approve-pr: + # if: ${{ github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'auto-approve') }} + # needs: [enforce-all-checks] + # runs-on: ubuntu-latest + # timeout-minutes: 5 + # steps: + # - name: Auto Approve PR + # uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 + # with: + # github-token: ${{ secrets.PR_APPROVAL_PAT }} + # review-message: All checks passed. Auto Approved. From 880f7c7129359771d27c1e3cc194af1a0e97b551 Mon Sep 17 00:00:00 2001 From: chris3ware <36608309+chris3ware@users.noreply.github.com> Date: Tue, 11 Mar 2025 01:33:47 +0000 Subject: [PATCH 21/21] ci(trunk): Upgrade trunk to 1.22.10 --- .trunk/trunk.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 4598c95..b932ba9 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -2,7 +2,7 @@ # To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml version: 0.1 cli: - version: 1.22.9 + version: 1.22.10 # Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins) plugins: sources: @@ -17,14 +17,14 @@ runtimes: # This is the section where you manage your linters. (https://docs.trunk.io/check/configuration) lint: enabled: - - renovate@39.169.3 + - renovate@39.192.0 - actionlint@1.7.7 - - checkov@3.2.358 + - checkov@3.2.382 - git-diff-check - markdownlint@0.44.0 - - prettier@3.4.2 - - trivy@0.59.0 - - trufflehog@3.88.3 + - prettier@3.5.3 + - trivy@0.60.0 + - trufflehog@3.88.15 - yamllint@1.35.1 ignore: #* Prevent checking CHANGELOG.md files generated by semantic-release