diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5e17fd4..2019942 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,37 +1,56 @@ version: 2 updates: - - package-ecosystem: "bun" - directory: "/" - schedule: - interval: "weekly" - day: "sunday" - time: "05:30" - timezone: "Europe/Athens" - open-pull-requests-limit: 3 - versioning-strategy: increase - groups: - all-non-major: - patterns: ["*"] - update-types: ["patch", "minor"] - ignore: - - dependency-name: "vite" - update-types: ["version-update:semver-major"] - - dependency-name: "knip" - update-types: ["version-update:semver-major"] - labels: - - "dependencies" - - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" - day: "sunday" - time: "05:45" - timezone: "Europe/Athens" - open-pull-requests-limit: 2 - groups: - github-actions: - patterns: ["*"] - labels: - - "dependencies" - +- package-ecosystem: bun + directory: / + schedule: + interval: weekly + day: sunday + time: 05:30 + timezone: Europe/Athens + open-pull-requests-limit: 3 + versioning-strategy: increase + groups: + all-non-major: + patterns: + - '*' + update-types: + - patch + - minor + ignore: + - dependency-name: vite + update-types: + - version-update:semver-major + - dependency-name: knip + update-types: + - version-update:semver-major + labels: + - dependencies + rebase-strategy: auto + commit-message: + prefix: chore + include: scope + cooldown: + default-days: 3 + semver-minor-days: 7 + semver-major-days: 14 +- package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + day: sunday + time: 05:45 + timezone: Europe/Athens + open-pull-requests-limit: 2 + groups: + github-actions: + patterns: + - '*' + labels: + - dependencies + rebase-strategy: auto + commit-message: + prefix: chore + include: scope + cooldown: + default-days: 3 + semver-minor-days: 7 diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml deleted file mode 100644 index 9516392..0000000 --- a/.github/workflows/auto-merge-dependabot.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Auto-merge Dependabot PRs - -on: - workflow_run: - workflows: ["CI"] - types: [completed] - -concurrency: - group: dependabot-auto-merge - cancel-in-progress: false - -permissions: - contents: write - pull-requests: write - -jobs: - auto-merge: - runs-on: ubuntu-latest - if: | - github.event.workflow_run.conclusion == 'success' && - github.event.workflow_run.event == 'pull_request' - steps: - - name: Merge Dependabot PR if CI passed - uses: actions/github-script@v9 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const headSha = context.payload.workflow_run.head_sha; - - const { data: prs } = await github.rest.pulls.list({ - owner: context.repo.owner, - repo: context.repo.repo, - state: 'open', - }); - - const pr = prs.find(p => p.head.sha === headSha); - if (!pr) return core.info(`No open PR found for SHA ${headSha}`); - if (pr.user.login !== 'dependabot[bot]') - return core.info(`PR #${pr.number} is not from Dependabot, skipping`); - - const isMajor = pr.labels.some(l => - l.name.includes('major') || l.name === 'version-update:semver-major' - ); - if (isMajor) - return core.info(`PR #${pr.number} is a major update, skipping auto-merge`); - - core.info(`Merging Dependabot PR #${pr.number}: ${pr.title}`); - await github.rest.pulls.merge({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: pr.number, - merge_method: 'squash', - }); - core.info(`✓ PR #${pr.number} merged successfully`); diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 861085a..aaa0765 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,8 +4,6 @@ on: push: branches: [main] pull_request: - branches: [main] - workflow_dispatch: concurrency: group: >- @@ -14,39 +12,21 @@ concurrency: permissions: contents: read - pages: write - id-token: write jobs: ci: - runs-on: ubuntu-latest - timeout-minutes: 15 - steps: - - uses: actions/checkout@v6 - - uses: ./.github/actions/setup-bun - - run: bun run ci - - uses: actions/upload-artifact@v7 - if: github.ref == 'refs/heads/main' && github.event_name == 'push' - with: - name: dist - path: dist - retention-days: 1 + uses: dacrab/.github-workflows/.github/workflows/bun-ci.yml@v1 + with: + node-version: '22' + check-cmd: 'bun run ci' + test-cmd: '' + build-cmd: 'bun run build' - deploy: + auto-merge: needs: ci - if: github.ref == 'refs/heads/main' && github.event_name == 'push' - runs-on: ubuntu-latest - timeout-minutes: 5 - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - steps: - - uses: actions/download-artifact@v8 - with: - name: dist - path: dist - - uses: actions/upload-pages-artifact@v5 - with: - path: dist - - uses: actions/deploy-pages@v5 - id: deployment + permissions: + pull-requests: write + contents: write + uses: dacrab/.github-workflows/.github/workflows/dependabot-auto-merge.yml@v1 + with: + target: minor diff --git a/.github/workflows/sync-lockfile.yml b/.github/workflows/sync-lockfile.yml index 74d95e2..a54a65a 100644 --- a/.github/workflows/sync-lockfile.yml +++ b/.github/workflows/sync-lockfile.yml @@ -2,30 +2,17 @@ name: Sync Lockfile on: pull_request: - paths: ["package.json"] + paths: [package.json] permissions: - contents: write + contents: read jobs: sync: - if: github.event.pull_request.user.login == 'dependabot[bot]' && github.event.pull_request.state == 'open' - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - uses: actions/checkout@v6 - with: - ref: ${{ github.head_ref }} - token: ${{ secrets.GITHUB_TOKEN }} - fetch-depth: 0 - - - uses: oven-sh/setup-bun@v2 - - - run: bun install - - - uses: stefanzweifel/git-auto-commit-action@v7 - with: - commit_message: "chore: sync bun.lock" - file_pattern: bun.lock - commit_user_name: github-actions[bot] - commit_user_email: github-actions[bot]@users.noreply.github.com + permissions: + contents: write + uses: dacrab/.github-workflows/.github/workflows/bun-sync-lockfile.yml@v1 + with: + app-client-id: ${{ vars.BOT_APP_CLIENT_ID }} + secrets: + app_private_key: ${{ secrets.BOT_APP_PRIVATE_KEY }}