From eca66b279ee193c05bc13d7bd2d7fcacba981a0d Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Thu, 28 Aug 2025 15:43:01 +0100 Subject: [PATCH 01/15] chore(dependabot): commit lint logical error --- .github/workflows/reuseable-ci-checks.yml | 6 ++- .github/workflows/workflow-readme.md | 59 +++++++++++++++++++++++ 2 files changed, 63 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reuseable-ci-checks.yml b/.github/workflows/reuseable-ci-checks.yml index ad7c1af..c8d936c 100644 --- a/.github/workflows/reuseable-ci-checks.yml +++ b/.github/workflows/reuseable-ci-checks.yml @@ -203,12 +203,14 @@ jobs: echo "Branch name: $BRANCH_NAME" if [[ "$BRANCH_NAME" =~ ^dependabot/ ]]; then echo "✅ Branch is a dependabot branch - skipping commitlint" - exit 0 + echo "skip=true" >> $GITHUB_OUTPUT else echo "Regular branch - will run commitlint in next step" + echo "skip=false" >> $GITHUB_OUTPUT fi - - name: Run commitlint action + - name: Run commitlint actio + if: steps.check-branch.outputs.skip != 'true'n uses: wagoid/commitlint-github-action@v5 with: configFile: .commitlintrc.json diff --git a/.github/workflows/workflow-readme.md b/.github/workflows/workflow-readme.md index 185fd4e..fe8b3c3 100644 --- a/.github/workflows/workflow-readme.md +++ b/.github/workflows/workflow-readme.md @@ -84,3 +84,62 @@ The individual steps also automatically pass so can see if any error at the end ## Versioning Via semantic release and recorded as a generate c# file used by a blazor component + +## Alternative Approaches + +``` +name: Pull Request Checks + +# ⚠️ pull_request_target is dangerous it allows secrets to be used by forks and bots, ⚠️ +# ⚠️ we want dependabot only to be using these secrets so addition logic requires an "if" for every job ⚠️ +# We will restrict it by making pull_request_target only for the Automatic_version_update_dependabot and then use +# an if to ensure its only by dependabot + +on: + pull_request: + branches: ['**'] # Run on all branches + branches-ignore: ['dependabot/**'] # Skip Dependabot PRs + pull_request_target: + branches: ['Automatic_version_update_dependabot'] # Base branch for Dependabot PRs + workflow_dispatch: + +jobs: + dummy: + if: | + (github.actor == 'dependabot[bot]' && + startsWith(github.head_ref, 'dependabot/') && + github.event_name == 'pull_request_target') + || + (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request') + runs-on: ubuntu-latest + steps: + - name: Dummy Step + run: echo "This is a dummy job to allow workflow_dispatch" + + pull-request-call-reusable-ci-checks-workflow: + if: | + (github.actor == 'dependabot[bot]' && + startsWith(github.head_ref, 'dependabot/') && + github.event_name == 'pull_request_target') + || + (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request') + name: Pull Request run CI Checks + uses: ./.github/workflows/reuseable-ci-checks.yml + needs: dummy + with: + runall: true + + # could try secrets:inherit QQQQ + secrets: + UNITTESTS_APPSETTINGS_DEVELOPMENT: ${{ secrets.UNITTESTS_APPSETTINGS_DEVELOPMENT }} + WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT }} + WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT }} + WASMSERVERHOST_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOST_APPSETTINGS_DEVELOPMENT }} + TEL_GIT_PACKAGES_TOKEN: ${{secrets.NUGETKEY }} + + UNITTESTS_APPSETTINGS_PRODUCTION: ${{ secrets.UNITTESTS_APPSETTINGS_PRODUCTION }} + WASMSTATICCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_PRODUCTION }} + WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION }} + WASMSERVERHOST_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOST_APPSETTINGS_PRODUCTION }} + +``` From eff7705776ee9ccfcbe72829bd4675b635677424 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Thu, 28 Aug 2025 15:45:19 +0100 Subject: [PATCH 02/15] chore(dependabot): mistake --- .github/workflows/reuseable-ci-checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reuseable-ci-checks.yml b/.github/workflows/reuseable-ci-checks.yml index c8d936c..bc48db5 100644 --- a/.github/workflows/reuseable-ci-checks.yml +++ b/.github/workflows/reuseable-ci-checks.yml @@ -210,7 +210,7 @@ jobs: fi - name: Run commitlint actio - if: steps.check-branch.outputs.skip != 'true'n + if: steps.check-branch.outputs.skip != 'true' uses: wagoid/commitlint-github-action@v5 with: configFile: .commitlintrc.json From 88f995532eb6ce5ef71db4a6fb4ee79c9b04f708 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Thu, 28 Aug 2025 16:18:42 +0100 Subject: [PATCH 03/15] chore(dependabot): oops --- .github/workflows/reuseable-ci-checks.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reuseable-ci-checks.yml b/.github/workflows/reuseable-ci-checks.yml index bc48db5..a875f2c 100644 --- a/.github/workflows/reuseable-ci-checks.yml +++ b/.github/workflows/reuseable-ci-checks.yml @@ -198,19 +198,20 @@ jobs: fetch-depth: 0 - name: Check branch and run commitlint + id: check_branch_and_run_commitlint run: | BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}" echo "Branch name: $BRANCH_NAME" if [[ "$BRANCH_NAME" =~ ^dependabot/ ]]; then - echo "✅ Branch is a dependabot branch - skipping commitlint" + echo "✅ Branch is a dependabot branch - skipping commitlint ✅" echo "skip=true" >> $GITHUB_OUTPUT else echo "Regular branch - will run commitlint in next step" echo "skip=false" >> $GITHUB_OUTPUT fi - - name: Run commitlint actio - if: steps.check-branch.outputs.skip != 'true' + - name: Run commitlint action + if: steps.check_branch_and_run_commitlint.outputs.skip != 'true' uses: wagoid/commitlint-github-action@v5 with: configFile: .commitlintrc.json From 130d9b056a7634d342fa99249f31c3a4caf1489b Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Fri, 29 Aug 2025 10:44:53 +0100 Subject: [PATCH 04/15] chore(dependabot): automerge --- ...e-dependabot-prs-into-collected-branch.yml | 38 ++++++++++++ ...rge-passing-minor-patch-dependabot-prs.yml | 59 ------------------- .github/workflows/dev.yml | 6 +- .github/workflows/workflow-readme.md | 3 + 4 files changed, 46 insertions(+), 60 deletions(-) create mode 100644 .github/workflows/automerge-dependabot-prs-into-collected-branch.yml delete mode 100644 .github/workflows/automerge-passing-minor-patch-dependabot-prs.yml diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml new file mode 100644 index 0000000..f1ba083 --- /dev/null +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -0,0 +1,38 @@ +# This script seperate major and minor but we do merge them into the same branch. +# Having two steps allows us to easily turn off major changes in future and then script them to their own branch and pipeline. +name: Auto-merge Dependabot PRs +on: + pull_request: + types: [opened, synchronize] + branches: [Automatic_version_update_dependabot] # Make sure this matches your actual branch name + +permissions: + contents: write + pull-requests: write + +jobs: + auto-merge: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Extract update type + id: extract + run: | + PR_TITLE="${{ github.event.pull_request.title }}" + if [[ $PR_TITLE == *"(major)"* ]]; then + echo "update_type=major" >> $GITHUB_OUTPUT + else + echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT + fi + + - name: Auto-merge minor and patch updates + if: steps.extract.outputs.update_type == 'minor_or_patch' + run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Auto-merge major updates + if: steps.extract.outputs.update_type == 'major' + run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/automerge-passing-minor-patch-dependabot-prs.yml b/.github/workflows/automerge-passing-minor-patch-dependabot-prs.yml deleted file mode 100644 index f07615d..0000000 --- a/.github/workflows/automerge-passing-minor-patch-dependabot-prs.yml +++ /dev/null @@ -1,59 +0,0 @@ -# The intention is minor and patch should be merged into the dependabot branch automatically - -name: Dependabot Auto-Merge - -on: - pull_request: - branches: [ Automatic_version_update_dependabot ] - -permissions: - contents: write - pull-requests: write - -jobs: - # works alongside branch protection rules - auto-merge-minor-and-patch: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: extract update type - id: extract - run: | - pr_title="${{ github.event.pull_request.title }}" - if [[ $pr_title == *"(major)"* ]]; then - echo "update_type=major" >> $github_output - else - echo "update_type=minor_or_patch" >> $github_output - fi - - - name: set up github cli - uses: cli/cli-action@v2 - - - name: auto-merge non-major updates - if: ${{ steps.extract.outputs.update_type == 'minor_or_patch' }} - run: gh pr merge --auto --merge "$pr_url" - env: - pr_url: ${{ github.event.pull_request.html_url }} - github_token: ${{ secrets.github_token }} - - auto-merge-major: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Extract update type - id: extract - run: | - PR_TITLE="${{ github.event.pull_request.title }}" - if [[ $PR_TITLE == *"(major)"* ]]; then - echo "update_type=major" >> $GITHUB_OUTPUT - else - echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT - - name: Set up GitHub CLI - uses: cli/cli-action@v2 - - - name: Auto-merge major updates - if: ${{ steps.extract.outputs.update_type == 'major' }} - run: gh pr merge --auto --merge "$PR_URL" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index ab4a1d9..425af66 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -4,6 +4,10 @@ on: branches-ignore: - 'main' - 'master' + # We currently dont intend to test the showcase per package bump so wont run for package bumps + # we will run on the collected bumps merging though + - 'dependabot/**' + workflow_dispatch: permissions: @@ -83,7 +87,7 @@ jobs: echo "Semantic Release packages installed." npm ls --depth=0 # Debug: List installed packages - #configured with .releaseserc + # Configured with .releaseserc # Dry run we are not versioning the repo - name: Run dev semantic version (None Blocking) id: detect_semantic_version diff --git a/.github/workflows/workflow-readme.md b/.github/workflows/workflow-readme.md index fe8b3c3..170fdf9 100644 --- a/.github/workflows/workflow-readme.md +++ b/.github/workflows/workflow-readme.md @@ -81,6 +81,9 @@ The individual steps also automatically pass so can see if any error at the end # Notes - doesnt run easily with nektos act due to git ref checks and calling other workflows - for tests use the run-tests-and-report-with-env-values.ps1 file +- dependabot duplicates tokens using dependabot secrets including write so can run checks +- autoverging is being tried for major and minor +- branch checks must pass for merge on automated_version ## Versioning Via semantic release and recorded as a generate c# file used by a blazor component From f468d2ebde7378ff8a61030ed116e39db86ef1b9 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Fri, 29 Aug 2025 12:05:15 +0100 Subject: [PATCH 05/15] chore(cicd): cron jobs for dependabot promotion --- ...e-dependabot-prs-into-collected-branch.yml | 2 +- ...collected-dependabot-staging-to-master.yml | 48 +++++++++++++++++++ .../collected-dependabot-to-staging.yml | 45 +++++++++++++++++ .github/workflows/workflow-readme.md | 2 +- .releaserc.json | 10 +++- 5 files changed, 103 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/collected-dependabot-staging-to-master.yml create mode 100644 .github/workflows/collected-dependabot-to-staging.yml diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index f1ba083..6021872 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -1,6 +1,6 @@ # This script seperate major and minor but we do merge them into the same branch. # Having two steps allows us to easily turn off major changes in future and then script them to their own branch and pipeline. -name: Auto-merge Dependabot PRs +name: Auto-merge Dependabot PRs into collected branch on: pull_request: types: [opened, synchronize] diff --git a/.github/workflows/collected-dependabot-staging-to-master.yml b/.github/workflows/collected-dependabot-staging-to-master.yml new file mode 100644 index 0000000..822ba31 --- /dev/null +++ b/.github/workflows/collected-dependabot-staging-to-master.yml @@ -0,0 +1,48 @@ +name: Collected Dependabot Promotion From Staging To Master +on: + schedule: + # we want the opposite weeks to staging so we get a week where it occurs in manual testing + - cron: '0 9 8-14 * 1' # Second Monday of month + - cron: '0 9 22-28 * 1' # Fourth Monday of month + workflow_dispatch: + +jobs: + promote-to-master: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check for changes + id: changes + run: | + git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging + git fetch origin master:master # or main/master - whatever your prod branch is + + if git diff --quiet master Automatic_collected_dependabot_staging; then + echo "has_changes=false" >> $GITHUB_OUTPUT + else + echo "has_changes=true" >> $GITHUB_OUTPUT + fi + + - name: Create PR to master + if: steps.changes.outputs.has_changes == 'true' + run: | + if gh pr list --head Automatic_collected_dependabot_staging --base master --json number --jq '.[0].number' | grep -q .; then + echo "PR already exists, skipping creation" + else + gh pr create \ + --base master \ + --head Automatic_collected_dependabot_staging \ + --title "Fortnightly dependabot collected master promotion - $(date +%Y-%m-%d)" \ + --body "Automated weekly promotion from staging to master after testing period" \ + --auto-merge \ + --merge + fi + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/collected-dependabot-to-staging.yml b/.github/workflows/collected-dependabot-to-staging.yml new file mode 100644 index 0000000..4306f22 --- /dev/null +++ b/.github/workflows/collected-dependabot-to-staging.yml @@ -0,0 +1,45 @@ +name: Dependabot Collected Promotion To Staging +# this logic will require branch ruleset checks of running the dev pipeline +on: + schedule: + # Promotion from staging to release should be a week apart so alternating weeks (also live updates dangerous) + - cron: '0 9 1-7 * 1' # First Monday of month + - cron: '0 9 15-21 * 1' # Third Monday of month + workflow_dispatch: # Allow manual trigger + +jobs: + promote-to-automatic-collected-dependabot-staging: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check for changes + id: changes + run: | + git fetch origin Automatic_version_update_dependabot:Automatic_version_update_dependabot + git fetch origin Automatic_collected_dependabot_staging:Automatic_collected_dependabot_staging + + if git diff --quiet Automatic_collected_dependabot_staging Automatic_version_update_dependabot; then + echo "has_changes=false" >> $GITHUB_OUTPUT + else + echo "has_changes=true" >> $GITHUB_OUTPUT + fi + + - name: Create PR to Automatic_collected_dependabot_staging + if: steps.changes.outputs.has_changes == 'true' + run: | + gh pr create \ + --base Automatic_collected_dependabot_staging \ + --head Automatic_version_update_dependabot \ + --title "Fortnightly dependabot collected to staging - $(date +%Y-%m-%d)" \ + --body "Automated Fortnightly promotion of dependency updates from dependabot" \ + --auto-merge \ + --merge + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/workflow-readme.md b/.github/workflows/workflow-readme.md index 170fdf9..e008223 100644 --- a/.github/workflows/workflow-readme.md +++ b/.github/workflows/workflow-readme.md @@ -84,7 +84,7 @@ The individual steps also automatically pass so can see if any error at the end - dependabot duplicates tokens using dependabot secrets including write so can run checks - autoverging is being tried for major and minor - branch checks must pass for merge on automated_version - +- checks required but overrideable for all workflows ## Versioning Via semantic release and recorded as a generate c# file used by a blazor component diff --git a/.releaserc.json b/.releaserc.json index d7dbe06..d3ba112 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -1,10 +1,16 @@ { "branches": [ { - "name": "master" + "name": "master", + "prerelease": false }, { - "name": "Automatic_version_update_dependabot" + "name": "Automatic_version_update_dependabot", + "prerelease": false + }, + { + "name": "Automatic_collected_dependabot_staging", + "prerelease": true }, { "name": "feat-*", From b9f31a4cb3945b86d3b3ec4afdd3fa271014b1c1 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Fri, 29 Aug 2025 12:37:06 +0100 Subject: [PATCH 06/15] chore(dependabot): is relesearc breaking --- .releaserc.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.releaserc.json b/.releaserc.json index d3ba112..58f0d4f 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -2,15 +2,9 @@ "branches": [ { "name": "master", - "prerelease": false }, { "name": "Automatic_version_update_dependabot", - "prerelease": false - }, - { - "name": "Automatic_collected_dependabot_staging", - "prerelease": true }, { "name": "feat-*", From ef8aaf870b1c087c17cdd50eefe863b54ced6d2f Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Fri, 29 Aug 2025 12:41:01 +0100 Subject: [PATCH 07/15] chore(releaserc): config file fix --- .releaserc.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.releaserc.json b/.releaserc.json index 58f0d4f..d7dbe06 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -1,10 +1,10 @@ { "branches": [ { - "name": "master", + "name": "master" }, { - "name": "Automatic_version_update_dependabot", + "name": "Automatic_version_update_dependabot" }, { "name": "feat-*", From e4a100ea91c812168bd01c9898c6d98b98cee2f5 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Fri, 29 Aug 2025 12:47:03 +0100 Subject: [PATCH 08/15] chore(dependabot): add back in branch staging --- .releaserc.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.releaserc.json b/.releaserc.json index d7dbe06..0953117 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -6,6 +6,9 @@ { "name": "Automatic_version_update_dependabot" }, + { + "name": "Automatic_collected_dependabot_staging" + }, { "name": "feat-*", "prerelease": true From f086dd4d1a9e0eafb56ec2ba358d6ce3609af30a Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Fri, 29 Aug 2025 12:53:12 +0100 Subject: [PATCH 09/15] chore(releaserc): reapply prerelease --- .releaserc.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.releaserc.json b/.releaserc.json index 0953117..43d58fc 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -7,7 +7,8 @@ "name": "Automatic_version_update_dependabot" }, { - "name": "Automatic_collected_dependabot_staging" + "name": "Automatic_collected_dependabot_staging", + "prerelease": true }, { "name": "feat-*", From 832349496ad6cdf80edc9e81f458669f2e954ea1 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Fri, 29 Aug 2025 13:11:20 +0100 Subject: [PATCH 10/15] chore(releaserc): prerelease is causing the issues but will need it --- .releaserc.json | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.releaserc.json b/.releaserc.json index 43d58fc..204c5aa 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -1,14 +1,16 @@ { "branches": [ { - "name": "master" + "name": "master", + "prerelease": false }, { - "name": "Automatic_version_update_dependabot" + "name": "Automatic_version_update_dependabot", + "prerelease": false }, { "name": "Automatic_collected_dependabot_staging", - "prerelease": true + "prerelease": false }, { "name": "feat-*", From ac5d8f4622002f21bb99aed659e62f3132e0743b Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Fri, 29 Aug 2025 13:29:49 +0100 Subject: [PATCH 11/15] chore(semver): better logging cause prerelease error try to view it --- .github/workflows/dev.yml | 13 ++++++++++++- .releaserc.json | 2 +- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 425af66..7a4d46f 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -94,8 +94,19 @@ jobs: run: | echo "running semantic-release" - SEMVER_OUTPUT_RAW=$(npx semantic-release --dry-run 2>&1) + # SEMVER_OUTPUT_RAW=$(npx semantic-release --dry-run 2>&1) + # STATUS=$? + + SEMVER_OUTPUT_RAW=$(npx semantic-release --dry-run 2> /tmp/semantic-release-errors.log) STATUS=$? + + # Now you can check the status and log the error messages if an error occurred + if [ $STATUS -ne 0 ]; then + echo "Semantic release failed with exit code $STATUS." + echo "Error output:" + cat /tmp/semantic-release-errors.log + fi + echo "status = $STATUS" echo "$SEMVER_OUTPUT_RAW" diff --git a/.releaserc.json b/.releaserc.json index 204c5aa..d3ba112 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -10,7 +10,7 @@ }, { "name": "Automatic_collected_dependabot_staging", - "prerelease": false + "prerelease": true }, { "name": "feat-*", From b417400bcc6d9275e6e5dd46bc02930c71769b05 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Fri, 29 Aug 2025 15:04:42 +0100 Subject: [PATCH 12/15] chore(releaserc): semver --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index b8fe7c8..fad9453 100644 --- a/.gitignore +++ b/.gitignore @@ -236,3 +236,4 @@ TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/Logs/* # Generated version info files TELBlazor.Components/TELBlazorPackageVersion/VersionInfo*.cs +/.github/workflows/test.yml From c9ede7bede944f356f4bbf757eebca85e2355b42 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Fri, 29 Aug 2025 15:14:08 +0100 Subject: [PATCH 13/15] chore(semver): dependabot --- .github/workflows/dev.yml | 27 ++++++++++++++++++++------- .releaserc.json | 8 +++----- 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 7a4d46f..630ea52 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -92,13 +92,27 @@ jobs: - name: Run dev semantic version (None Blocking) id: detect_semantic_version run: | + echo "error catch run of semver first to get any error detail on config issues" + set +e + SEMVER_OUTPUT_RAW_ERROR_CHECK=$(npx semantic-release --dry-run 2> /tmp/semantic-release-errors.log) + STATUS_ERROR_CHECK=$? - echo "running semantic-release" - # SEMVER_OUTPUT_RAW=$(npx semantic-release --dry-run 2>&1) - # STATUS=$? + # Now you can check the status and log the error messages if an error occurred + if [ $STATUS_ERROR_CHECK -ne 0 ]; then + echo "❌ Semantic release failed with exit code $STATUS_ERROR_CHECK." + echo "❌ Error output:" + cat /tmp/semantic-release-errors.log + else + echo "✅ Semantic Ouput success : $SEMVER_OUTPUT_RAW_ERROR_CHECK " + echo "✅ Error on success : $STATUS_ERROR_CHECK" + fi - SEMVER_OUTPUT_RAW=$(npx semantic-release --dry-run 2> /tmp/semantic-release-errors.log) - STATUS=$? + set -e + + + echo "running semantic-release" + semver_output_raw=$(npx semantic-release --dry-run 2>&1) + status=$? # Now you can check the status and log the error messages if an error occurred if [ $STATUS -ne 0 ]; then @@ -372,5 +386,4 @@ jobs: -H "Authorization: Bearer $TEL_GIT_PACKAGES_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/$repo_owner/$repo_name/dispatches \ - -d "{\"event_type\": \"$event_type\", \"client_payload\": {\"artifact_url\": \"$artifact_url\"}}" - + -d "{\"event_type\": \"$event_type\", \"client_payload\": {\"artifact_url\": \"$artifact_url\"}}" \ No newline at end of file diff --git a/.releaserc.json b/.releaserc.json index d3ba112..2296f12 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -1,16 +1,14 @@ { "branches": [ { - "name": "master", - "prerelease": false + "name": "master" }, { - "name": "Automatic_version_update_dependabot", - "prerelease": false + "name": "Automatic_version_update_dependabot" }, { "name": "Automatic_collected_dependabot_staging", - "prerelease": true + "prerelease": "dependabot-staging" }, { "name": "feat-*", From f1d0467cea6e158044f8665639ca0274cd8ffa93 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Fri, 29 Aug 2025 16:55:46 +0100 Subject: [PATCH 14/15] chore(dependabot): broader lint check --- .github/workflows/reuseable-ci-checks.yml | 2 +- README.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/reuseable-ci-checks.yml b/.github/workflows/reuseable-ci-checks.yml index a875f2c..172443c 100644 --- a/.github/workflows/reuseable-ci-checks.yml +++ b/.github/workflows/reuseable-ci-checks.yml @@ -202,7 +202,7 @@ jobs: run: | BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}" echo "Branch name: $BRANCH_NAME" - if [[ "$BRANCH_NAME" =~ ^dependabot/ ]]; then + if [[ "$BRANCH_NAME" =~ ^dependabot/ ]] || [[ "$AUTHOR_NAME" == "dependabot[bot]" ]] || [[ "$COMMIT_MSG" =~ ^Bump ]]; then echo "✅ Branch is a dependabot branch - skipping commitlint ✅" echo "skip=true" >> $GITHUB_OUTPUT else diff --git a/README.md b/README.md index 220db0a..404d9b3 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,7 @@ the ability to produce static prerendered html. The prerendered html is written - enter the variable names and variable values as follows: - GITHUB_USERNAME / [Your GitHub username] - TEL_GIT_PACKAGES_TOKEN / [The copied token] + - LOCAL_PACKAGES_PATH / [Path to your local packages folder] - then select **OK** - select **OK** again to close all dialogs. - **Restore Nuget, Npm, Tooling, playwright and build:** From 4d69e43c72fa52101c417c306efb19ccb04682e7 Mon Sep 17 00:00:00 2001 From: Phil-NHS Date: Mon, 1 Sep 2025 09:41:26 +0100 Subject: [PATCH 15/15] chore(cicd): automating pipeline progression of dependabot bumps --- ...e-dependabot-prs-into-collected-branch.yml | 26 ++++++++++++++++--- ...collected-dependabot-staging-to-master.yml | 1 + .../collected-dependabot-to-staging.yml | 1 + 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml index 6021872..9e3d50b 100644 --- a/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml +++ b/.github/workflows/automerge-dependabot-prs-into-collected-branch.yml @@ -1,19 +1,38 @@ +# qqqq in development # This script seperate major and minor but we do merge them into the same branch. # Having two steps allows us to easily turn off major changes in future and then script them to their own branch and pipeline. name: Auto-merge Dependabot PRs into collected branch on: pull_request: - types: [opened, synchronize] + # synchronize + types: [opened] branches: [Automatic_version_update_dependabot] # Make sure this matches your actual branch name - + check_suite: + types: [completed] + workflow_dispatch: permissions: contents: write pull-requests: write jobs: + debug: + runs-on: ubuntu-latest + steps: + - name: Debug info + run: | + echo "Actor: ${{ github.actor }}" + echo "PR Title: ${{ github.event.pull_request.title }}" + echo "Target Branch: ${{ github.event.pull_request.base.ref }}" + echo "Source Branch: ${{ github.event.pull_request.head.ref }}" + - name: Wait for other checks to start + - name: Delay for check + run: | + # drop later qqqq shouldnt need but its running before auto + echo "Waiting 4 minutes for other checks to start running..." + sleep 240 auto-merge: runs-on: ubuntu-latest - if: github.actor == 'dependabot[bot]' + if: github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch' steps: - name: Extract update type id: extract @@ -27,6 +46,7 @@ jobs: - name: Auto-merge minor and patch updates if: steps.extract.outputs.update_type == 'minor_or_patch' + # Auto should set the the request to merge once checks complete run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/collected-dependabot-staging-to-master.yml b/.github/workflows/collected-dependabot-staging-to-master.yml index 822ba31..fbb0e0f 100644 --- a/.github/workflows/collected-dependabot-staging-to-master.yml +++ b/.github/workflows/collected-dependabot-staging-to-master.yml @@ -1,3 +1,4 @@ +# qqqq in development name: Collected Dependabot Promotion From Staging To Master on: schedule: diff --git a/.github/workflows/collected-dependabot-to-staging.yml b/.github/workflows/collected-dependabot-to-staging.yml index 4306f22..c0a0376 100644 --- a/.github/workflows/collected-dependabot-to-staging.yml +++ b/.github/workflows/collected-dependabot-to-staging.yml @@ -1,3 +1,4 @@ +# qqqq in development name: Dependabot Collected Promotion To Staging # this logic will require branch ruleset checks of running the dev pipeline on: