Skip to content

Commit

Permalink
build(ci): Bump super-linter/super-linter from 6 to 7 (#80)
Browse files Browse the repository at this point in the history
  • Loading branch information
@dependabot
dependabot[bot] authored Aug 26, 2024
1 parent 2ceabb3 commit 8747e1b
Show file tree
Hide file tree
Showing 7 changed files with 131 additions and 103 deletions.
8 changes: 4 additions & 4 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,15 @@ updates:
schedule:
interval: weekly
commit-message:
prefix: "build(ci)"
prefix: 'build(ci)'
labels:
- "dependency-actions"
- 'dependency-actions'

- package-ecosystem: npm
directory: /
schedule:
interval: daily
commit-message:
prefix: "build(deps)"
prefix: 'build(deps)'
labels:
- "dependency-npm"
- 'dependency-npm'
67 changes: 34 additions & 33 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ jobs:

- name: Lint Codebase
id: super-linter
uses: super-linter/super-linter/slim@v6
uses: super-linter/super-linter/slim@v7
env:
DEFAULT_BRANCH: main
FILTER_REGEX_EXCLUDE: dist/**/*
Expand All @@ -127,7 +127,8 @@ jobs:
VALIDATE_ALL_CODEBASE: true
VALIDATE_MARKDOWN: false
VALIDATE_JSCPD: false

VALIDATE_JAVASCRIPT_STANDARD: false

test-action:
name: GitHub Actions Test
runs-on: ubuntu-latest
Expand Down Expand Up @@ -157,39 +158,39 @@ jobs:
- check-dist
- lint
- test-javascript
if: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'push' && github.ref == 'refs/heads/main'}}
if:
${{ github.actor != 'dependabot[bot]' && github.event_name == 'push' &&
github.ref == 'refs/heads/main'}}
permissions: write-all

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive

- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.x
dotnet-quality: ga

- name: Install GitVersion
uses: gittools/actions/gitversion/setup@v3.0.0
with:
versionSpec: '5.x'

- name: Determine Version
id: gitversion
uses: gittools/actions/gitversion/execute@v3.0.0
with:
useConfigFile: true

- name: Create Release
uses: release-drafter/release-drafter@v6.0.0
with:
version: ${{ steps.gitversion.outputs.fullSemVer }}
publish: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive

- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.x
dotnet-quality: ga

- name: Install GitVersion
uses: gittools/actions/gitversion/setup@v3.0.0
with:
versionSpec: '5.x'

- name: Determine Version
id: gitversion
uses: gittools/actions/gitversion/execute@v3.0.0
with:
useConfigFile: true

- name: Create Release
uses: release-drafter/release-drafter@v6.0.0
with:
version: ${{ steps.gitversion.outputs.fullSemVer }}
publish: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
60 changes: 30 additions & 30 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
name: 'CodeQL'

on:
push:
branches: [ main ]
branches: [main]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
branches: [main]
schedule:
- cron: '24 5 * * 6'

Expand All @@ -34,40 +34,40 @@ jobs:
strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
language: ['javascript']
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support

steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Checkout repository
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

#- run: |
# make bootstrap
# make release
#- run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
6 changes: 4 additions & 2 deletions GitVersion.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
mode: MainLine # Only add this if you want every version to be created automatically on your main branch.
major-version-bump-message: "^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test)(\\([\\w\\s-]*\\))?(!:|:.*\\n\\n((.+\\n)+\\n)?BREAKING CHANGE:\\s.+)"
major-version-bump-message:
"^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test)(\\([\\w\\s-]*\\))?(!:|:.*\\n\\n((.+\\n)+\\n)?BREAKING
CHANGE:\\s.+)"
minor-version-bump-message: "^(feat)(\\([\\w\\s-]*\\))?:"
patch-version-bump-message: "^(build|chore|ci|docs|fix|perf|refactor|revert|style|test)(\\([\\w\\s-]*\\))?:"
patch-version-bump-message: "^(build|chore|ci|docs|fix|perf|refactor|revert|style|test)(\\([\\w\\s-]*\\))?:"
50 changes: 29 additions & 21 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
# DependaMerge - GitHub Action

GitHub Action that processes pull requests created and processed by [dependabot[bot]](https://github.com/dependabot). Depending on the settings, the pull request is approved and/or merged.
The action is triggered by the `pull_request` event and only processes pull requests created by [dependabot[bot]](https://github.com/dependabot).
GitHub Action that processes pull requests created and processed by
[dependabot[bot]](https://github.com/dependabot). Depending on the settings, the
pull request is approved and/or merged. The action is triggered by the
`pull_request` event and only processes pull requests created by
[dependabot[bot]](https://github.com/dependabot).

## Usage
The simplest variant of the pipeline configuration could look like this. However, it is recommended to link this job with a build and test process. This ensures that the code is tested before it is merged.

The simplest variant of the pipeline configuration could look like this.
However, it is recommended to link this job with a build and test process. This
ensures that the code is tested before it is merged.

```yaml
name: DependaMerge
Expand All @@ -27,28 +33,30 @@ jobs:
### Inputs
| Name | Description | Required | Default | Available Values |
| --- | --- |:---:| --- | --- |
| `token` | GitHub token | ✔ | `${{ secrets.GITHUB_TOKEN }}` | --- |
| `command` | Merge Method with which the pull request is to be merged. | ❌ | `squash` | `squash`, `merge` |
| `approve-only` | If `true`, then the pull request is only approved, but not merged. | ❌ | `false` | `true`, `false` |
| `handle-submodule` | If `true`, Git submodules are also merged. | ❌ | `false` | `true`, `false` |
| `handle-dependency-group` | If `true`, all pull requests of a dependency group are merged. | ❌ | `true` | `true`, `false` |
| `target` | The maximum target of the version comparison to be merged. | ❌ | `patch` | `major`, `minor`, `patch`, `any` |
| `skip-commit-verification` | If `true`, then the action will not expect the commits to have a verification signature. It is required to set this to true in GitHub Enterprise Server. | | `false` | `true`, `false` |
| `skip-verification` | If `true`, the action will not validate the user or the commit verification status. | ❌ | `false` | `true`, `false` |
| Name | Description | Required | Default | Available Values |
| -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: | ----------------------------- | -------------------------------- |
| `token` | GitHub token | ✔ | `${{ secrets.GITHUB_TOKEN }}` | --- |
| `command` | Merge Method with which the pull request is to be merged. | ❌ | `squash` | `squash`, `merge` |
| `approve-only` | If `true`, then the pull request is only approved, but not merged. | ❌ | `false` | `true`, `false` |
| `handle-submodule` | If `true`, Git submodules are also merged. | ❌ | `false` | `true`, `false` |
| `handle-dependency-group` | If `true`, all pull requests of a dependency group are merged. | ❌ | `true` | `true`, `false` |
| `target` | The maximum target of the version comparison to be merged. | ❌ | `patch` | `major`, `minor`, `patch`, `any` |
| `skip-commit-verification` | If `true`, then the action will not expect the commits to have a verification signature. It is required to set this to true in GitHub Enterprise Server. | | `false` | `true`, `false` |
| `skip-verification` | If `true`, the action will not validate the user or the commit verification status. | ❌ | `false` | `true`, `false` |

### Outputs

#### Output `state`
| Value | Description |
| --- | --- |
| `approved` | The pull request has been approved. |
| `merged` | The pull request has been merged. |
| `skipped` | The pull request is skipped and all processing steps are stopped. |
| `failed` | The pull request could not be processed. |
| `rebased` | The pull request was automatically rebased. |

| Value | Description |
| ---------- | ----------------------------------------------------------------- |
| `approved` | The pull request has been approved. |
| `merged` | The pull request has been merged. |
| `skipped` | The pull request is skipped and all processing steps are stopped. |
| `failed` | The pull request could not be processed. |
| `rebased` | The pull request was automatically rebased. |

#### Output `message`

The message contains further information about the processing state of the pull request. In some cases it contains error/debug information.
The message contains further information about the processing state of the pull
request. In some cases it contains error/debug information.
40 changes: 28 additions & 12 deletions action.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
name: 'DependaMerge'
description: 'Automatic validation, approval and merging of pull requests, created and processed by dependabot[bot]'
description:
'Automatic validation, approval and merging of pull requests, created and
processed by dependabot[bot]'
author: 'Daily DevOps & .NET'
branding:
icon: 'package'
Expand All @@ -12,27 +14,37 @@ inputs:
required: true

approve-only:
description: 'Only approve the pull-request. Valid values: true or false - Default: false'
description:
'Only approve the pull-request. Valid values: true or false - Default:
false'
required: false
default: false

command:
description: 'The command to pass to Dependabot. Valid values: merge or squash - Default: squash'
description:
'The command to pass to Dependabot. Valid values: merge or squash -
Default: squash'
required: false
default: squash

handle-submodule:
description: 'If true, the action will merge pull-requests with submodule updates. Valid values: true or false - Default: false'
description:
'If true, the action will merge pull-requests with submodule updates.
Valid values: true or false - Default: false'
required: false
default: false

handle-dependency-group:
description: 'If true, the action will merge dependency group pull-requests. Valid values: true or false - Default: false'
description:
'If true, the action will merge dependency group pull-requests. Valid
values: true or false - Default: false'
required: false
default: true

target:
description: 'The version comparision target. Valid values: major, minor, patch, any - Default: patch'
description:
'The version comparision target. Valid values: major, minor, patch, any -
Default: patch'

required: false
default: patch
Expand All @@ -43,9 +55,11 @@ inputs:
It is required to set this to true in GitHub Enterprise Server.
required: false
default: false

skip-verification:
description: 'If true, the action will not validate the user or the commit verification status.'
description:
'If true, the action will not validate the user or the commit verification
status.'
required: false
default: false

Expand All @@ -55,7 +69,9 @@ outputs:
description: 'The state of the pull-request after the action has completed.'
value: ${{ steps.dependamerge.outputs.state }}
message:
description: 'More information about the state of the pull-request after the action has completed.'
description:
'More information about the state of the pull-request after the action has
completed.'
value: ${{ steps.dependamerge.outputs.message }}

runs:
Expand All @@ -72,14 +88,14 @@ runs:
alert-lookup: true
compat-lookup: true
skip-commit-verification: ${{ inputs.skip-commit-verification }}
skip-verification : ${{ inputs.skip-verification }}
skip-verification: ${{ inputs.skip-verification }}

- name: DependaMerge
id: dependamerge
uses: actions/github-script@v7.0.1
if: |
github.event_name == 'pull_request' &&
(github.actor == 'dependabot[bot]' || github.triggering_actor == 'dependabot[bot]' || inputs.skip-verification)
(github.actor == 'dependabot[bot]' || github.triggering_actor == 'dependabot[bot]' || inputs.skip-verification)
with:
github-token: ${{ inputs.token }}
script: |
Expand Down
3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,14 @@
"scripts": {
"bundle": "npm run format:write && npm run package",
"ci-test": "jest",
"format:all": "prettier --write .",
"format:write": "prettier --write **/*.js",
"format:check": "prettier --check **/*.js",
"lint": "npx eslint . -c ./.github/linters/.eslintrc.yml",
"package": "ncc build src/index.js --license licenses.txt",
"package:watch": "npm run package -- --watch",
"test": "(jest && make-coverage-badge --output-path ./badges/coverage.svg) || make-coverage-badge --output-path ./badges/coverage.svg",
"all": "npm run format:write && npm run lint && npm run test && npm run package"
"all": "npm run format:all && npm run lint && npm run test && npm run package"
},
"license": "MIT",
"eslintConfig": {
Expand Down

0 comments on commit 8747e1b

Please sign in to comment.