From 9f1af7923984ddd843fe526da6cd459f5f16d492 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Aug 2025 16:05:03 +0000 Subject: [PATCH 01/10] Bump Serilog from 4.2.0 to 4.3.0 --- updated-dependencies: - dependency-name: Serilog dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Directory.Packages.props | 2 +- .../packages.lock.json | 41 ++++++++++--------- .../packages.lock.json | 31 +++++++------- .../packages.lock.json | 25 +++++------ .../packages.lock.json | 41 ++++++++++--------- .../packages.lock.json | 34 ++++++--------- TELBlazor.Components/packages.lock.json | 6 +-- 7 files changed, 88 insertions(+), 92 deletions(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index e75535d..338f39d 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -28,7 +28,7 @@ - + diff --git a/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost.Client/packages.lock.json b/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost.Client/packages.lock.json index c05ad3b..85abc80 100644 --- a/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost.Client/packages.lock.json +++ b/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost.Client/packages.lock.json @@ -40,21 +40,21 @@ }, "Microsoft.NET.ILLink.Tasks": { "type": "Direct", - "requested": "[8.0.19, )", - "resolved": "8.0.19", - "contentHash": "IhHf+zeZiaE5EXRyxILd4qM+Hj9cxV3sa8MpzZgeEhpvaG3a1VEGF6UCaPFLO44Kua3JkLKluE0SWVamS50PlA==" + "requested": "[8.0.18, )", + "resolved": "8.0.18", + "contentHash": "OiXqr2YIBEV9dsAWEtasK470ALyJ0VxJ9k4MotOxlWV6HeEgrJKYMW4HHj1OCCXvqE0/A25wEKPkpfiBARgDZA==" }, "Microsoft.NET.Sdk.WebAssembly.Pack": { "type": "Direct", - "requested": "[8.0.19, )", - "resolved": "8.0.19", - "contentHash": "Cm/sq4ET7XGU7jBSfSh+s+eV0faJ1RnErpImRYN7+d5loWISBwl22qsM6sn9StUWKJao+xGvF0IxgyPVnY20Vw==" + "requested": "[8.0.18, )", + "resolved": "8.0.18", + "contentHash": "SoVkRwFwnaX39J1uaI72PTilSJ6OoonIG+2VMpazEaAA9t+aJt2Caf49q76SYv3x9iU8hu1axlMWSkR9rt8nIg==" }, "Serilog": { "type": "Direct", - "requested": "[4.2.0, )", - "resolved": "4.2.0", - "contentHash": "gmoWVOvKgbME8TYR+gwMf7osROiWAURterc6Rt2dQyX7wtjZYpqFiA/pY6ztjGQKKV62GGCyOcmtP1UKMHgSmA==" + "requested": "[4.3.0, )", + "resolved": "4.3.0", + "contentHash": "+cDryFR0GRhsGOnZSKwaDzRRl4MupvJ42FhCE4zhQRVanX0Jpg6WuCBk59OVhVDPmab1bB+nRykAnykYELA9qQ==" }, "Serilog.Extensions.Logging": { "type": "Direct", @@ -305,23 +305,14 @@ "System.Text.Encodings.Web": "8.0.0" } }, - "telblazor.components": { - "type": "Project", - "dependencies": { - "Blazored.LocalStorage": "[4.5.0, )", - "Microsoft.AspNetCore.Components.Web": "[8.0.14, )", - "Microsoft.Extensions.Http": "[8.0.1, )", - "Serilog": "[4.2.0, )" - } - }, "telblazor.components.showcase.shared": { "type": "Project", "dependencies": { "Blazored.LocalStorage": "[4.5.0, )", "Markdig": "[0.41.3, )", "Microsoft.AspNetCore.Components.Web": "[8.0.14, )", - "Serilog": "[4.2.0, )", - "TELBlazor.Components": "[1.2.6-local, )" + "Serilog": "[4.3.0, )", + "TELBlazor.Components": "(, )" } }, "Markdig": { @@ -380,6 +371,16 @@ "dependencies": { "Serilog": "4.0.0" } + }, + "TELBlazor.Components": { + "type": "CentralTransitive", + "requested": "(, )", + "resolved": "1.0.0", + "contentHash": "mkjzSgfupUrrAp57hk/4MOkFZwJRgw8a5oYhjotD0/NyPBhUPZ51z0G2Zd9owZ+CruScSmRngAvBiBAMJS7HCw==", + "dependencies": { + "Microsoft.AspNetCore.Components.Web": "8.0.14", + "Microsoft.Extensions.Http": "8.0.0" + } } }, "net8.0/browser-wasm": { diff --git a/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/packages.lock.json b/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/packages.lock.json index c01e0ce..a1a34af 100644 --- a/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/packages.lock.json +++ b/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/packages.lock.json @@ -25,9 +25,9 @@ }, "Serilog": { "type": "Direct", - "requested": "[4.2.0, )", - "resolved": "4.2.0", - "contentHash": "gmoWVOvKgbME8TYR+gwMf7osROiWAURterc6Rt2dQyX7wtjZYpqFiA/pY6ztjGQKKV62GGCyOcmtP1UKMHgSmA==" + "requested": "[4.3.0, )", + "resolved": "4.3.0", + "contentHash": "+cDryFR0GRhsGOnZSKwaDzRRl4MupvJ42FhCE4zhQRVanX0Jpg6WuCBk59OVhVDPmab1bB+nRykAnykYELA9qQ==" }, "Serilog.AspNetCore": { "type": "Direct", @@ -327,22 +327,13 @@ "System.Text.Encodings.Web": "8.0.0" } }, - "telblazor.components": { - "type": "Project", - "dependencies": { - "Blazored.LocalStorage": "[4.5.0, )", - "Microsoft.AspNetCore.Components.Web": "[8.0.14, )", - "Microsoft.Extensions.Http": "[8.0.1, )", - "Serilog": "[4.2.0, )" - } - }, "telblazor.components.showcase.e2etests.wasmserverhost.client": { "type": "Project", "dependencies": { "Blazored.LocalStorage": "[4.5.0, )", "Microsoft.AspNetCore.Components.WebAssembly": "[8.0.14, )", "Microsoft.Extensions.Http": "[8.0.1, )", - "Serilog": "[4.2.0, )", + "Serilog": "[4.3.0, )", "Serilog.Extensions.Logging": "[8.0.0, )", "Serilog.Formatting.Compact": "[3.0.0, )", "Serilog.Settings.Configuration": "[8.0.0, )", @@ -357,8 +348,8 @@ "Blazored.LocalStorage": "[4.5.0, )", "Markdig": "[0.41.3, )", "Microsoft.AspNetCore.Components.Web": "[8.0.14, )", - "Serilog": "[4.2.0, )", - "TELBlazor.Components": "[1.2.6-local, )" + "Serilog": "[4.3.0, )", + "TELBlazor.Components": "(, )" } }, "Markdig": { @@ -455,6 +446,16 @@ "Microsoft.Extensions.Configuration.Abstractions": "2.0.0", "Serilog.Sinks.File": "5.0.0" } + }, + "TELBlazor.Components": { + "type": "CentralTransitive", + "requested": "(, )", + "resolved": "1.0.0", + "contentHash": "mkjzSgfupUrrAp57hk/4MOkFZwJRgw8a5oYhjotD0/NyPBhUPZ51z0G2Zd9owZ+CruScSmRngAvBiBAMJS7HCw==", + "dependencies": { + "Microsoft.AspNetCore.Components.Web": "8.0.14", + "Microsoft.Extensions.Http": "8.0.0" + } } } } diff --git a/TELBlazor.Components.ShowCase.Shared/packages.lock.json b/TELBlazor.Components.ShowCase.Shared/packages.lock.json index 354fe01..b1583c7 100644 --- a/TELBlazor.Components.ShowCase.Shared/packages.lock.json +++ b/TELBlazor.Components.ShowCase.Shared/packages.lock.json @@ -33,9 +33,19 @@ }, "Serilog": { "type": "Direct", - "requested": "[4.2.0, )", - "resolved": "4.2.0", - "contentHash": "gmoWVOvKgbME8TYR+gwMf7osROiWAURterc6Rt2dQyX7wtjZYpqFiA/pY6ztjGQKKV62GGCyOcmtP1UKMHgSmA==" + "requested": "[4.3.0, )", + "resolved": "4.3.0", + "contentHash": "+cDryFR0GRhsGOnZSKwaDzRRl4MupvJ42FhCE4zhQRVanX0Jpg6WuCBk59OVhVDPmab1bB+nRykAnykYELA9qQ==" + }, + "TELBlazor.Components": { + "type": "Direct", + "requested": "(, )", + "resolved": "1.0.0", + "contentHash": "mkjzSgfupUrrAp57hk/4MOkFZwJRgw8a5oYhjotD0/NyPBhUPZ51z0G2Zd9owZ+CruScSmRngAvBiBAMJS7HCw==", + "dependencies": { + "Microsoft.AspNetCore.Components.Web": "8.0.14", + "Microsoft.Extensions.Http": "8.0.0" + } }, "Microsoft.AspNetCore.Authorization": { "type": "Transitive", @@ -160,15 +170,6 @@ "resolved": "8.0.0", "contentHash": "FHNOatmUq0sqJOkTx+UF/9YK1f180cnW5FVqnQMvYUN0elp6wFzbtPSiqbo1/ru8ICp43JM1i7kKkk6GsNGHlA==" }, - "telblazor.components": { - "type": "Project", - "dependencies": { - "Blazored.LocalStorage": "[4.5.0, )", - "Microsoft.AspNetCore.Components.Web": "[8.0.14, )", - "Microsoft.Extensions.Http": "[8.0.1, )", - "Serilog": "[4.2.0, )" - } - }, "Microsoft.Extensions.DependencyInjection": { "type": "CentralTransitive", "requested": "[8.0.1, )", diff --git a/TELBlazor.Components.ShowCase.WasmStaticClient/packages.lock.json b/TELBlazor.Components.ShowCase.WasmStaticClient/packages.lock.json index 1194dc0..0dbb3c4 100644 --- a/TELBlazor.Components.ShowCase.WasmStaticClient/packages.lock.json +++ b/TELBlazor.Components.ShowCase.WasmStaticClient/packages.lock.json @@ -76,21 +76,21 @@ }, "Microsoft.NET.ILLink.Tasks": { "type": "Direct", - "requested": "[8.0.19, )", - "resolved": "8.0.19", - "contentHash": "IhHf+zeZiaE5EXRyxILd4qM+Hj9cxV3sa8MpzZgeEhpvaG3a1VEGF6UCaPFLO44Kua3JkLKluE0SWVamS50PlA==" + "requested": "[8.0.18, )", + "resolved": "8.0.18", + "contentHash": "OiXqr2YIBEV9dsAWEtasK470ALyJ0VxJ9k4MotOxlWV6HeEgrJKYMW4HHj1OCCXvqE0/A25wEKPkpfiBARgDZA==" }, "Microsoft.NET.Sdk.WebAssembly.Pack": { "type": "Direct", - "requested": "[8.0.19, )", - "resolved": "8.0.19", - "contentHash": "Cm/sq4ET7XGU7jBSfSh+s+eV0faJ1RnErpImRYN7+d5loWISBwl22qsM6sn9StUWKJao+xGvF0IxgyPVnY20Vw==" + "requested": "[8.0.18, )", + "resolved": "8.0.18", + "contentHash": "SoVkRwFwnaX39J1uaI72PTilSJ6OoonIG+2VMpazEaAA9t+aJt2Caf49q76SYv3x9iU8hu1axlMWSkR9rt8nIg==" }, "Serilog": { "type": "Direct", - "requested": "[4.2.0, )", - "resolved": "4.2.0", - "contentHash": "gmoWVOvKgbME8TYR+gwMf7osROiWAURterc6Rt2dQyX7wtjZYpqFiA/pY6ztjGQKKV62GGCyOcmtP1UKMHgSmA==" + "requested": "[4.3.0, )", + "resolved": "4.3.0", + "contentHash": "+cDryFR0GRhsGOnZSKwaDzRRl4MupvJ42FhCE4zhQRVanX0Jpg6WuCBk59OVhVDPmab1bB+nRykAnykYELA9qQ==" }, "Serilog.Extensions.Logging": { "type": "Direct", @@ -142,6 +142,16 @@ "Serilog.Sinks.File": "5.0.0" } }, + "TELBlazor.Components": { + "type": "Direct", + "requested": "(, )", + "resolved": "1.0.0", + "contentHash": "mkjzSgfupUrrAp57hk/4MOkFZwJRgw8a5oYhjotD0/NyPBhUPZ51z0G2Zd9owZ+CruScSmRngAvBiBAMJS7HCw==", + "dependencies": { + "Microsoft.AspNetCore.Components.Web": "8.0.14", + "Microsoft.Extensions.Http": "8.0.0" + } + }, "Microsoft.AspNetCore.Authorization": { "type": "Transitive", "resolved": "8.0.14", @@ -448,23 +458,14 @@ "System.Text.Encodings.Web": "8.0.0" } }, - "telblazor.components": { - "type": "Project", - "dependencies": { - "Blazored.LocalStorage": "[4.5.0, )", - "Microsoft.AspNetCore.Components.Web": "[8.0.14, )", - "Microsoft.Extensions.Http": "[8.0.1, )", - "Serilog": "[4.2.0, )" - } - }, "telblazor.components.showcase.shared": { "type": "Project", "dependencies": { "Blazored.LocalStorage": "[4.5.0, )", "Markdig": "[0.41.3, )", "Microsoft.AspNetCore.Components.Web": "[8.0.14, )", - "Serilog": "[4.2.0, )", - "TELBlazor.Components": "[1.2.6-local, )" + "Serilog": "[4.3.0, )", + "TELBlazor.Components": "(, )" } }, "Markdig": { diff --git a/TELBlazor.Components.UnitTests/packages.lock.json b/TELBlazor.Components.UnitTests/packages.lock.json index 2df466b..24155cb 100644 --- a/TELBlazor.Components.UnitTests/packages.lock.json +++ b/TELBlazor.Components.UnitTests/packages.lock.json @@ -56,9 +56,9 @@ }, "Serilog": { "type": "Direct", - "requested": "[4.2.0, )", - "resolved": "4.2.0", - "contentHash": "gmoWVOvKgbME8TYR+gwMf7osROiWAURterc6Rt2dQyX7wtjZYpqFiA/pY6ztjGQKKV62GGCyOcmtP1UKMHgSmA==" + "requested": "[4.3.0, )", + "resolved": "4.3.0", + "contentHash": "+cDryFR0GRhsGOnZSKwaDzRRl4MupvJ42FhCE4zhQRVanX0Jpg6WuCBk59OVhVDPmab1bB+nRykAnykYELA9qQ==" }, "Serilog.Expressions": { "type": "Direct", @@ -139,6 +139,16 @@ "xunit.core": "2.4.1" } }, + "TELBlazor.Components": { + "type": "Direct", + "requested": "(, )", + "resolved": "1.0.0", + "contentHash": "mkjzSgfupUrrAp57hk/4MOkFZwJRgw8a5oYhjotD0/NyPBhUPZ51z0G2Zd9owZ+CruScSmRngAvBiBAMJS7HCw==", + "dependencies": { + "Microsoft.AspNetCore.Components.Web": "8.0.14", + "Microsoft.Extensions.Http": "8.0.0" + } + }, "xunit": { "type": "Direct", "requested": "[2.9.0, )", @@ -1666,24 +1676,6 @@ "xunit.extensibility.core": "[2.9.0]" } }, - "telblazor.components": { - "type": "Project", - "dependencies": { - "Blazored.LocalStorage": "[4.5.0, )", - "Microsoft.AspNetCore.Components.Web": "[8.0.14, )", - "Microsoft.Extensions.Http": "[8.0.1, )", - "Serilog": "[4.2.0, )" - } - }, - "Blazored.LocalStorage": { - "type": "CentralTransitive", - "requested": "[4.5.0, )", - "resolved": "4.5.0", - "contentHash": "6nZuJwA7zNIKx83IsObiHXZb09ponJOpCClU3en+hI8ZFvrOKXeOw+H7TegQZQrvdR1n9fkrVkEBQZg8vx6ZTw==", - "dependencies": { - "Microsoft.AspNetCore.Components.Web": "8.0.0" - } - }, "Microsoft.AspNetCore.Components.Web": { "type": "CentralTransitive", "requested": "[8.0.14, )", diff --git a/TELBlazor.Components/packages.lock.json b/TELBlazor.Components/packages.lock.json index 51a3110..9247870 100644 --- a/TELBlazor.Components/packages.lock.json +++ b/TELBlazor.Components/packages.lock.json @@ -41,9 +41,9 @@ }, "Serilog": { "type": "Direct", - "requested": "[4.2.0, )", - "resolved": "4.2.0", - "contentHash": "gmoWVOvKgbME8TYR+gwMf7osROiWAURterc6Rt2dQyX7wtjZYpqFiA/pY6ztjGQKKV62GGCyOcmtP1UKMHgSmA==" + "requested": "[4.3.0, )", + "resolved": "4.3.0", + "contentHash": "+cDryFR0GRhsGOnZSKwaDzRRl4MupvJ42FhCE4zhQRVanX0Jpg6WuCBk59OVhVDPmab1bB+nRykAnykYELA9qQ==" }, "Microsoft.AspNetCore.Authorization": { "type": "Transitive", From 942f2ed1aa62d6cbd87bd0051da23166d979f0f0 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 14:34:50 +0100 Subject: [PATCH 02/10] chore(dep): remove check for now --- .../automerge-dependabot-prs-into-collected-branch.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 74c4e86..5ceface 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -41,7 +41,10 @@ jobs: # if dependabot and checks ran # if: (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') # qqqq put back in later if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') - if: github.event.check_suite.conclusion == 'success' && github.actor == 'dependabot[bot]' && github.event.check_suite.pull_requests[0].base.ref == 'Automatic_version_update_dependabot' + + + # qqqq add in after testing && github.actor == 'dependabot[bot]' + if: github.event.check_suite.conclusion == 'success' && github.event.check_suite.pull_requests[0].base.ref == 'Automatic_version_update_dependabot' steps: - name: Checkout the repository uses: actions/checkout@v3 @@ -57,9 +60,9 @@ jobs: run: | pr_title="${{ github.event.pull_request.title }}" if [[ $pr_title == *"(major)"* ]]; then - echo "update_type=major" >> $github_output + echo "update_type=major" >> $GITHUB_OUTPUT else - echo "update_type=minor_or_patch" >> $github_output + echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT fi - name: auto-merge minor and patch updates From 15aa4b365a725e756aaabf830b6801dd95ca6ca0 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 14:46:21 +0100 Subject: [PATCH 03/10] chore(deps): token definition --- .../automerge-dependabot-prs-into-collected-branch.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 5ceface..b6f25f3 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -69,14 +69,16 @@ jobs: if: steps.extract.outputs.update_type == 'minor_or_patch' # auto should set the the request to merge once checks complete # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" - run: gh pr merge --auto 1 + # run: gh pr merge --auto 1 + run: gh pr merge --auto ${{ github.event.check_suite.pull_requests[0].number }} env: - github_token: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: auto-merge major updates if: steps.extract.outputs.update_type == 'major' # auto should set the the request to merge once checks complete # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" - run: gh pr merge --auto 1 + # run: gh pr merge --auto 1 + run: gh pr merge --auto ${{ github.event.check_suite.pull_requests[0].number }} env: - github_token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From acb65e516611ef35bbd8c05fbd8a1d7f57c10a9a Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 14:55:11 +0100 Subject: [PATCH 04/10] chore(dep): merge check --- .../automerge-dependabot-prs-into-collected-branch.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index b6f25f3..782fd1c 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -70,7 +70,7 @@ jobs: # auto should set the the request to merge once checks complete # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" # run: gh pr merge --auto 1 - run: gh pr merge --auto ${{ github.event.check_suite.pull_requests[0].number }} + run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -79,6 +79,6 @@ jobs: # auto should set the the request to merge once checks complete # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" # run: gh pr merge --auto 1 - run: gh pr merge --auto ${{ github.event.check_suite.pull_requests[0].number }} + run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From a0b408711e4ea8a8c038d561a1eb7ca1bdd0633a Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 15:22:16 +0100 Subject: [PATCH 05/10] chore(cicd): title catching --- ...omerge-dependabot-prs-into-collected-branch.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 782fd1c..d84eaa6 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -33,6 +33,15 @@ jobs: echo "Conclusion: ${{ github.event.check_suite.conclusion }}" echo "Target Branch: ${{ github.event.check_suite.pull_requests[0].base.ref }}" echo "PR Number: ${{ github.event.check_suite.pull_requests[0].number }}" + + - name: Dump event payload + run: | + echo "==== EVENT NAME ====" + echo "${{ github.event_name }}" + echo "==== RAW CHECK_SUITE PAYLOAD ====" + echo '${{ toJson(github.event.check_suite) }}' + echo "==== PRs in this check suite ====" + echo '${{ toJson(github.event.check_suite.pull_requests) }}' auto-merge: @@ -58,7 +67,10 @@ jobs: - name: extract update type id: extract run: | - pr_title="${{ github.event.pull_request.title }}" + pr_number=${{ github.event.check_suite.pull_requests[0].number }} + # pr_title="${{ github.event.pull_request.title }}" + pr_title=$(gh pr view "$pr_number" --json title --jq .title) + echo "PR title: $pr_title" if [[ $pr_title == *"(major)"* ]]; then echo "update_type=major" >> $GITHUB_OUTPUT else From 940430de3031e498a617f73c11728ca404969d94 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 15:45:13 +0100 Subject: [PATCH 06/10] chore(depend): title getting --- .../automerge-dependabot-prs-into-collected-branch.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index d84eaa6..8386653 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -66,8 +66,12 @@ jobs: - name: extract update type id: extract + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + echo "get pr number" pr_number=${{ github.event.check_suite.pull_requests[0].number }} + echo "PR title: $pr_number" # pr_title="${{ github.event.pull_request.title }}" pr_title=$(gh pr view "$pr_number" --json title --jq .title) echo "PR title: $pr_title" From 02114f0ccd5b1213176080409162b0d2968cfcb1 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 16:31:07 +0100 Subject: [PATCH 07/10] chore(deps): refactor --- ...e-dependabot-prs-into-collected-branch.yml | 69 +++++-------- ...rs-into-collected-branch.yml-works-defunct | 99 +++++++++++++++++++ 2 files changed, 123 insertions(+), 45 deletions(-) create mode 100644 .github/workflows/automerge-dependabot-prs-into-collected-branch.yml-works-defunct diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 8386653..7e01694 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -1,16 +1,12 @@ # qqqq in development -# qqqq not getting the events # this script seperate major and minor but we do merge them into the same branch. # having two steps allows us to easily turn off major changes in future and then script them to their own branch and pipeline. name: auto-merge dependabot prs into collected branch on: - # pull_request: - # synchronize - # types: [opened, synchronize] - # branches: [Automatic_version_update_dependabot] # make sure this matches your actual branch name - check_suite: - types: [completed] - workflow_dispatch: + pull_request: + types: [opened, synchronize] + branches: [Automatic_version_update_dependabot] # make sure this matches your actual branch name + permissions: contents: write @@ -26,43 +22,33 @@ jobs: echo "actor: ${{ github.actor }}" echo "pr title: ${{ github.event.pull_request.title }}" echo "github event_name: ${{ github.event_name }}" - echo "github event_suite conlusion: ${{ github.event.check_suite.conclusion }}" echo "target branch: ${{ github.event.pull_request.base.ref }}" echo "source branch: ${{ github.event.pull_request.head.ref }}" - echo "Check Suite ID: ${{ github.event.check_suite.id }}" - echo "Conclusion: ${{ github.event.check_suite.conclusion }}" - echo "Target Branch: ${{ github.event.check_suite.pull_requests[0].base.ref }}" - echo "PR Number: ${{ github.event.check_suite.pull_requests[0].number }}" + echo "PR Number: ${{ github.event.pull_request.number }}" - name: Dump event payload run: | echo "==== EVENT NAME ====" echo "${{ github.event_name }}" - echo "==== RAW CHECK_SUITE PAYLOAD ====" - echo '${{ toJson(github.event.check_suite) }}' - echo "==== PRs in this check suite ====" - echo '${{ toJson(github.event.check_suite.pull_requests) }}' + echo "==== RAW PULL_REQUEST PAYLOAD ====" + echo '${{ toJson(github.event.pull_request) }}' - + # Branch rules ensure doesnt auto merge if shouldnt auto-merge: runs-on: ubuntu-latest - # if: github.event.check_suite.pull_requests[0].base.ref == 'main' - # if dependabot and checks ran - # if: (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') - # qqqq put back in later if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') - - - # qqqq add in after testing && github.actor == 'dependabot[bot]' - if: github.event.check_suite.conclusion == 'success' && github.event.check_suite.pull_requests[0].base.ref == 'Automatic_version_update_dependabot' + # qqqq add in after testing if: github.actor == 'dependabot[bot]' steps: - name: Checkout the repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 + + # - name: Set up GitHub CLI + # run: | + # # Install GitHub CLI (gh) + # sudo apt-get update + # sudo apt-get install gh - name: Set up GitHub CLI - run: | - # Install GitHub CLI (gh) - sudo apt-get update - sudo apt-get install gh + uses: github/gh-cli@v2 - name: extract update type id: extract @@ -70,10 +56,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | echo "get pr number" - pr_number=${{ github.event.check_suite.pull_requests[0].number }} - echo "PR title: $pr_number" - # pr_title="${{ github.event.pull_request.title }}" - pr_title=$(gh pr view "$pr_number" --json title --jq .title) + pr_title=${{ github.event.pull_request.title }} echo "PR title: $pr_title" if [[ $pr_title == *"(major)"* ]]; then echo "update_type=major" >> $GITHUB_OUTPUT @@ -83,18 +66,14 @@ jobs: - name: auto-merge minor and patch updates if: steps.extract.outputs.update_type == 'minor_or_patch' - # auto should set the the request to merge once checks complete - # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" - # run: gh pr merge --auto 1 - run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} + run: | + gh pr merge --auto --merge "${{ github.event.pull_request.number }}" env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: auto-merge major updates if: steps.extract.outputs.update_type == 'major' - # auto should set the the request to merge once checks complete - # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" - # run: gh pr merge --auto 1 - run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} + run: | + gh pr merge --auto --merge "${{ github.event.pull_request.number }}" env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml-works-defunct b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml-works-defunct new file mode 100644 index 0000000..4f20747 --- /dev/null +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml-works-defunct @@ -0,0 +1,99 @@ +# qqqq this does add auto merge but seems to trigger on the first set of checks git guardian (it seems), +# also it calls for checks not specifically for out branch +# so an approach based one the branch is likely better +name: auto-merge dependabot prs into collected branch +on: + # pull_request: + # synchronize + # types: [opened, synchronize] + # branches: [Automatic_version_update_dependabot] # make sure this matches your actual branch name + check_suite: + types: [completed] + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + checks: read + +jobs: + debug: + runs-on: ubuntu-latest + steps: + - name: debug info + run: | + echo "actor: ${{ github.actor }}" + echo "pr title: ${{ github.event.pull_request.title }}" + echo "github event_name: ${{ github.event_name }}" + echo "github event_suite conlusion: ${{ github.event.check_suite.conclusion }}" + echo "target branch: ${{ github.event.pull_request.base.ref }}" + echo "source branch: ${{ github.event.pull_request.head.ref }}" + echo "Check Suite ID: ${{ github.event.check_suite.id }}" + echo "Conclusion: ${{ github.event.check_suite.conclusion }}" + echo "Target Branch: ${{ github.event.check_suite.pull_requests[0].base.ref }}" + echo "PR Number: ${{ github.event.check_suite.pull_requests[0].number }}" + + - name: Dump event payload + run: | + echo "==== EVENT NAME ====" + echo "${{ github.event_name }}" + echo "==== RAW CHECK_SUITE PAYLOAD ====" + echo '${{ toJson(github.event.check_suite) }}' + echo "==== PRs in this check suite ====" + echo '${{ toJson(github.event.check_suite.pull_requests) }}' + + + auto-merge: + runs-on: ubuntu-latest + # if: github.event.check_suite.pull_requests[0].base.ref == 'main' + # if dependabot and checks ran + # if: (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') + # qqqq put back in later if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success') + + + # qqqq add in after testing && github.actor == 'dependabot[bot]' + if: github.event.check_suite.conclusion == 'success' && github.event.check_suite.pull_requests[0].base.ref == 'Automatic_version_update_dependabot' + steps: + - name: Checkout the repository + uses: actions/checkout@v3 + + - name: Set up GitHub CLI + run: | + # Install GitHub CLI (gh) + sudo apt-get update + sudo apt-get install gh + + - name: extract update type + id: extract + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "get pr number" + pr_number=${{ github.event.check_suite.pull_requests[0].number }} + echo "PR title: $pr_number" + # pr_title="${{ github.event.pull_request.title }}" + pr_title=$(gh pr view "$pr_number" --json title --jq .title) + echo "PR title: $pr_title" + if [[ $pr_title == *"(major)"* ]]; then + echo "update_type=major" >> $GITHUB_OUTPUT + else + echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT + fi + + - name: auto-merge minor and patch updates + if: steps.extract.outputs.update_type == 'minor_or_patch' + # auto should set the the request to merge once checks complete + # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" + # run: gh pr merge --auto 1 + run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: auto-merge major updates + if: steps.extract.outputs.update_type == 'major' + # auto should set the the request to merge once checks complete + # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}" + # run: gh pr merge --auto 1 + run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From 098a925a830a751c5c149fa577244551860b9b64 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 16:53:23 +0100 Subject: [PATCH 08/10] chore(dependabot): automerge --- ...e-dependabot-prs-into-collected-branch.yml | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 7e01694..b3c9f4a 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -5,7 +5,7 @@ name: auto-merge dependabot prs into collected branch on: pull_request: types: [opened, synchronize] - branches: [Automatic_version_update_dependabot] # make sure this matches your actual branch name + branches: [Automatic_version_update_dependabot] permissions: @@ -41,27 +41,26 @@ jobs: - name: Checkout the repository uses: actions/checkout@v4 - # - name: Set up GitHub CLI - # run: | - # # Install GitHub CLI (gh) - # sudo apt-get update - # sudo apt-get install gh - - name: Set up GitHub CLI - uses: github/gh-cli@v2 + run: | + # Install GitHub CLI (gh) + sudo apt-get update + sudo apt-get install gh - name: extract update type id: extract env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - echo "get pr number" - pr_title=${{ github.event.pull_request.title }} + echo "get pr title" + pr_title="${{ github.event.pull_request.title }}" echo "PR title: $pr_title" - if [[ $pr_title == *"(major)"* ]]; then + if [[ "$pr_title" == *"(major)"* ]]; then echo "update_type=major" >> $GITHUB_OUTPUT + echo "Detected major update" else echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT + echo "Detected minor or patch update" fi - name: auto-merge minor and patch updates From f97d61bb9c182ab00a81fb2ad6f4cab4f9a9e193 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 17:06:16 +0100 Subject: [PATCH 09/10] chore(deps): drop debug --- .../automerge-dependabot-prs-into-collected-branch.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index b3c9f4a..72b997e 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -25,13 +25,6 @@ jobs: echo "target branch: ${{ github.event.pull_request.base.ref }}" echo "source branch: ${{ github.event.pull_request.head.ref }}" echo "PR Number: ${{ github.event.pull_request.number }}" - - - name: Dump event payload - run: | - echo "==== EVENT NAME ====" - echo "${{ github.event_name }}" - echo "==== RAW PULL_REQUEST PAYLOAD ====" - echo '${{ toJson(github.event.pull_request) }}' # Branch rules ensure doesnt auto merge if shouldnt auto-merge: From 7972622e9d983b544cbf4658797483ecba999905 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 8 Sep 2025 11:12:08 +0100 Subject: [PATCH 10/10] chore(workflow): readme --- .github/workflows/workflow-readme.md | 58 +--------------------------- 1 file changed, 2 insertions(+), 56 deletions(-) diff --git a/.github/workflows/workflow-readme.md b/.github/workflows/workflow-readme.md index cef6cb3..f26f5c6 100644 --- a/.github/workflows/workflow-readme.md +++ b/.github/workflows/workflow-readme.md @@ -121,59 +121,5 @@ Via semantic release and recorded as a generate c# file used by a blazor compone ## Alternative Approaches - -name: Pull Request Checks - -# ⚠️ pull_request_target is dangerous it allows secrets to be used by forks and bots, ⚠️ -# ⚠️ we want dependabot only to be using these secrets so addition logic requires an "if" for every job ⚠️ -# We will restrict it by making pull_request_target only for the Automatic_version_update_dependabot and then use -# an if to ensure its only by dependabot - -on: - pull_request: - branches: ['**'] # Run on all branches - branches-ignore: ['dependabot/**'] # Skip Dependabot PRs - pull_request_target: - branches: ['Automatic_version_update_dependabot'] # Base branch for Dependabot PRs - workflow_dispatch: - -jobs: - dummy: - if: | - (github.actor == 'dependabot[bot]' && - startsWith(github.head_ref, 'dependabot/') && - github.event_name == 'pull_request_target') - || - (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request') - runs-on: ubuntu-latest - steps: - - name: Dummy Step - run: echo "This is a dummy job to allow workflow_dispatch" - - pull-request-call-reusable-ci-checks-workflow: - if: | - (github.actor == 'dependabot[bot]' && - startsWith(github.head_ref, 'dependabot/') && - github.event_name == 'pull_request_target') - || - (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request') - name: Pull Request run CI Checks - uses: ./.github/workflows/reuseable-ci-checks.yml - needs: dummy - with: - runall: true - - # could try secrets:inherit QQQQ - secrets: - UNITTESTS_APPSETTINGS_DEVELOPMENT: ${{ secrets.UNITTESTS_APPSETTINGS_DEVELOPMENT }} - WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT }} - WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT }} - WASMSERVERHOST_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOST_APPSETTINGS_DEVELOPMENT }} - TEL_GIT_PACKAGES_TOKEN: ${{secrets.NUGETKEY }} - - UNITTESTS_APPSETTINGS_PRODUCTION: ${{ secrets.UNITTESTS_APPSETTINGS_PRODUCTION }} - WASMSTATICCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_PRODUCTION }} - WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION }} - WASMSERVERHOST_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOST_APPSETTINGS_PRODUCTION }} - -``` +- dont use pull-request-target for security reasons if can avoid it and if do use ifs to control it based on what branch and who is calling the workflow +- can use secrets inherits might have been better for reuseable checks which because triggered by other workflows can directly access repo secrets instead need them passing