diff --git a/.github/renovate.json5 b/.github/renovate.json5 deleted file mode 100644 index 8e225fca..00000000 --- a/.github/renovate.json5 +++ /dev/null @@ -1,105 +0,0 @@ -{ - extends: [ - ':dependencyDashboard', - 'group:monorepos', - 'group:recommended', - 'replacements:all', - 'workarounds:all', - ], - timezone: 'Europe/Zurich', - schedule: 'after 5pm on the first day of the month', - labels: ['dependencies'], - separateMajorMinor: true, - separateMinorPatch: true, - prHourlyLimit: 0, - prConcurrentLimit: 0, - lockFileMaintenance: { - enabled: true, - automerge: true, - schedule: 'after 5pm on the first day of the month', - }, - baseBranches: ['2.1', '2.2', 'master'], - regexManagers: [ - /** Do updates on pre-commit additional dependencies */ - { - fileMatch: ['^\\.pre\\-commit\\-config\\.yaml$'], - matchStrings: [" +- '?(?[^' @=]+)(@|==)(?[^' @=]+)'? # (?.+)"], - }, - /** Do update on the schema present in the ci/config.yaml */ - { - fileMatch: ['^ci/config\\.yaml$'], - matchStrings: [ - '.*https://raw\\.githubusercontent\\.com/(?[^\\s]+)/(?[0-9\\.]+)/.*', - ], - datasourceTemplate: 'github-tags', - }, - ], - packageRules: [ - /** Support the 4 parts of shellcheck-py version with a v prefix */ - { - matchPackageNames: ['shellcheck-py/shellcheck-py'], - versioning: 'regex:^v(?\\d+)\\.(?\\d+)\\.(?\\d+)\\.(?\\d+)$', - }, - /** Auto merge the dev dependency update */ - { - matchDepTypes: ['devDependencies'], - automerge: true, - }, - /** Group and auto merge the patch updates */ - { - matchUpdateTypes: ['patch'], - groupName: 'all patch versions', - automerge: true, - }, - /** Group and auto merge the minor updates */ - { - matchUpdateTypes: ['minor'], - groupName: 'all minor versions', - automerge: true, - }, - /** Group the Webpack dependencies */ - { - matchPackagePatterns: [ - '^webpack$', - '^html-webpack-plugin$', - '^mini-css-extract-plugin$', - '^node-sass$', - '^webpack-.*', - '.*-loader$', - ], - matchUpdateTypes: ['major'], - groupName: 'webpack', - }, - /** Don't upgrade Bootstrap major versions */ - { - matchPackagePatterns: ['^bootstrap$'], - matchUpdateTypes: ['major'], - enabled: false, - }, - /** Accept only the patch on stabilization branches */ - { - matchBaseBranches: ['/^[0-9]+\\.[0-9]+$/'], - matchUpdateTypes: ['major', 'minor', 'pin', 'digest', 'lockFileMaintenance', 'rollback', 'bump'], - enabled: false, - }, - /** Group Poetry packages */ - { - matchPackageNames: ['poetry', 'pip'], - matchPackagePrefixes: ['poetry-'], - groupName: 'Poetry', - automerge: true, - }, - /** Disable upgrading the supported Python version */ - { - matchFileNames: ['pyproject.toml'], - matchPackageNames: ['python'], - enabled: false, - }, - /** Group and auto merge the CI dependencies */ - { - matchFileNames: ['.github/**', '.pre-commit-config.yaml', 'ci/**'], - groupName: 'CI dependencies', - automerge: true, - }, - ], -} diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml deleted file mode 100644 index e1a451c0..00000000 --- a/.github/workflows/audit.yaml +++ /dev/null @@ -1,64 +0,0 @@ -name: Audit - -on: - schedule: - - cron: '30 2 * * *' - -jobs: - audit: - name: Audit - runs-on: ubuntu-22.04 - timeout-minutes: 10 - - strategy: - fail-fast: false - matrix: - branch: - - '2.1' - - '2.2' - - steps: - # Remove Python packages with wrong version - - run: sudo apt-get remove python3-debian python3-distro-info - - name: Install packages - run: sudo apt-get install --yes gettext libgeos-dev - - uses: actions/checkout@v4 - with: - ref: ${{ matrix.branch }} - - token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} - - uses: camptocamp/initialise-gopass-summon-action@v2 - with: - ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} - github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} - - - run: python3 -m venv ~/.venv - - run: ~/.venv/bin/pip install --pre c2cciutils[audit] - - - name: Check .tool-versions file existence - id: tool-versions - uses: andstor/file-existence-action@v3 - with: - files: .tool-versions - - uses: asdf-vm/actions/install@v3 - if: steps.tool-versions.outputs.files_exists == 'true' - - run: cat /tmp/python-build.*.log - if: failure() - - run: python --version - - - name: Snyk audit - run: ~/.venv/bin/c2cciutils-audit --branch=${{ matrix.branch }} - env: - GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} - - name: Debug Snyk audit - run: ~/.venv/bin/c2cciutils-audit --branch=${{ matrix.branch }} || true - env: - DEBUG: '*snyk*' - - GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} - if: failure() - - name: Update dpkg packages versions - run: ~/.venv/bin/c2cciutils-docker-versions-update --branch=${{ matrix.branch }} - env: - GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} - if: steps.dpkg-versions.outputs.files_exists == 'true' diff --git a/.github/workflows/delete-old-workflows-run.yaml b/.github/workflows/delete-old-workflows-run.yaml deleted file mode 100644 index c43ef486..00000000 --- a/.github/workflows/delete-old-workflows-run.yaml +++ /dev/null @@ -1,23 +0,0 @@ -name: Delete old workflow runs - -on: - schedule: - - cron: '0 0 * * *' - -env: - HAS_SECRETS: ${{ secrets.HAS_SECRETS }} - -jobs: - build: - name: Delete old workflow runs - runs-on: ubuntu-22.04 - timeout-minutes: 25 - - steps: - - name: Delete old workflow runs - uses: MajorScruffy/delete-old-workflow-runs@v0.3.0 - with: - repository: ${{ github.repository }} - older-than-seconds: 43200000 # 500 days - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index f0918b34..0a8171a0 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -72,3 +72,11 @@ jobs: - name: Publish run: c2cciutils-publish if: env.HAS_SECRETS == 'HAS_SECRETS' + - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true + if: failure() + - uses: actions/upload-artifact@v4 + with: + name: Update dpkg versions list.patch + path: /tmp/dpkg-versions.patch + retention-days: 1 + if: failure() diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml deleted file mode 100644 index b3e991a2..00000000 --- a/.github/workflows/pr-checks.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Pull request check - -on: - pull_request: - types: - - opened - - reopened - - edited - - synchronize - -jobs: - build: - name: Pull request check - runs-on: ubuntu-22.04 - timeout-minutes: 5 - if: github.event.pull_request.user.login != 'renovate[bot]' - - steps: - - run: pip install --upgrade attrs - - uses: actions/checkout@v4 - - - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} - - run: python3 -m pip install --user --pre c2cciutils[pr_checks] - - - name: Check pull request - run: c2cciutils-pull-request-checks - env: - GITHUB_EVENT: ${{ toJson(github) }} - GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} diff --git a/.github/workflows/pull-request-automation.yaml b/.github/workflows/pull-request-automation.yaml index 4e48f09a..0fab6027 100644 --- a/.github/workflows/pull-request-automation.yaml +++ b/.github/workflows/pull-request-automation.yaml @@ -57,32 +57,3 @@ jobs: github.event.pull_request.user.login == 'renovate[bot]' && (github.event.action == 'opened' || github.event.action == 'reopened') - - name: Auto review and merge snyk auto fix - uses: actions/github-script@v7 - with: - script: |- - github.rest.pulls.createReview({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.payload.pull_request.number, - event: 'APPROVE', - }); - github.graphql(` - mutation { - enablePullRequestAutoMerge(input: { - pullRequestId: "${context.payload.pull_request.node_id}", - mergeMethod: SQUASH, - }) { - pullRequest { - autoMergeRequest { - enabledAt - } - } - } - } - `) - if: |- - github.event.pull_request.user.login == 'c2c-bot-gis-ci-2' - && startsWith(github.head_ref, 'snyk-fix/') - && (github.event.action == 'opened' - || github.event.action == 'reopened')