diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index fa4081e..b50aad2 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -9,7 +9,7 @@ # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # -name: "CodeQL" +name: "codeql" on: workflow_run: @@ -17,16 +17,16 @@ on: types: - completed push: - branches: [ master ] + branches: [ master, v3 ] pull_request: # The branches below must be a subset of the branches above - branches: [ master ] + branches: [ master, v3 ] schedule: - cron: '34 1 * * 0' jobs: analyze: - name: Analyze + name: analyze runs-on: ubuntu-latest permissions: actions: read @@ -42,11 +42,14 @@ jobs: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed steps: - - name: Checkout repository + - name: checkout uses: actions/checkout@v2 - + - name: setup + uses: actions/setup-go@v2 + with: + go-version: 1.16 # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL + - name: init uses: github/codeql-action/init@v1 with: languages: ${{ matrix.language }} @@ -57,7 +60,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild + - name: autobuild uses: github/codeql-action/autobuild@v1 # ℹ️ Command-line programs to run using the OS shell. @@ -71,5 +74,5 @@ jobs: # make bootstrap # make release - - name: Perform CodeQL Analysis + - name: analyze uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml index 9715c32..69e4c39 100644 --- a/.github/workflows/dependabot-automerge.yml +++ b/.github/workflows/dependabot-automerge.yml @@ -1,66 +1,31 @@ name: "prautomerge" on: - workflow_run: - workflows: ["prbuild"] - types: - - completed + pull_request_target: + types: [assigned, opened, synchronize, reopened] permissions: - contents: write pull-requests: write + contents: write jobs: - Dependabot-Automerge: + dependabot: runs-on: ubuntu-latest - # Contains workaround to execute if dependabot updates the PR by checking for the base branch in the linked PR - # The the github.event.workflow_run.event value is 'push' and not 'pull_request' - # dont work with multiple workflows when last returns success - if: >- - github.event.workflow_run.conclusion == 'success' - && github.actor == 'dependabot[bot]' - && github.event.sender.login == 'dependabot[bot]' - && github.event.sender.type == 'Bot' - && (github.event.workflow_run.event == 'pull_request' - || (github.event.workflow_run.event == 'push' && github.event.workflow_run.pull_requests[0].base.ref == github.event.repository.default_branch )) + if: ${{ github.actor == 'dependabot[bot]' }} steps: - - name: Approve Changes and Merge changes if label 'dependencies' is set - uses: actions/github-script@v4 + - name: metadata + id: metadata + uses: dependabot/fetch-metadata@v1.1.1 with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - console.log(context.payload.workflow_run); - - var labelNames = await github.paginate( - github.issues.listLabelsOnIssue, - { - repo: context.repo.repo, - owner: context.repo.owner, - issue_number: context.payload.workflow_run.pull_requests[0].number, - }, - (response) => response.data.map( - (label) => label.name - ) - ); - - console.log(labelNames); - - if (labelNames.includes('dependencies')) { - console.log('Found label'); - - await github.pulls.createReview({ - repo: context.repo.repo, - owner: context.repo.owner, - pull_number: context.payload.workflow_run.pull_requests[0].number, - event: 'APPROVE' - }); - console.log('Approved PR'); - - await github.pulls.merge({ - repo: context.repo.repo, - owner: context.repo.owner, - pull_number: context.payload.workflow_run.pull_requests[0].number, - }); - - console.log('Merged PR'); - } + github-token: "${{ secrets.TOKEN }}" + - name: approve + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.TOKEN}} + - name: merge + if: ${{contains(steps.metadata.outputs.dependency-names, 'go.unistack.org')}} + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.TOKEN}}