From 8ca8b92f92a52a0eb773a904c69b7638da6b85e7 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Tue, 4 Jul 2023 12:21:22 +0300 Subject: [PATCH 1/3] ci: run backport under fluxcdbot account Signed-off-by: Stefan Prodan --- .github/workflows/backport.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml index 55c1fd1d5d..b8ddc9b476 100644 --- a/.github/workflows/backport.yaml +++ b/.github/workflows/backport.yaml @@ -23,6 +23,8 @@ jobs: uses: korthout/backport-action@bf5fdd624b35f95d5b85991a728bd5744e8c6cf2 # v1.3.1 # xref: https://github.com/korthout/backport-action#inputs with: + token: ${{ secrets.BOT_GITHUB_TOKEN }} + github_workspace: ${{ github.workspace }} # Match labels with a pattern `backport:` label_pattern: '^backport:([^ ]+)$' # A bit shorter pull-request title than the default From 5356436c945571a844c2c06a311eb5d9303a8940 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Tue, 4 Jul 2023 12:26:08 +0300 Subject: [PATCH 2/3] ci: enable workflows for `release/**` branches Signed-off-by: Stefan Prodan --- .github/workflows/backport.yaml | 10 +++------- .github/workflows/e2e-arm64.yaml | 2 +- .github/workflows/e2e-bootstrap.yaml | 4 ++-- .github/workflows/e2e.yaml | 4 ++-- .github/workflows/scan.yaml | 4 ++-- .github/workflows/update.yaml | 2 +- 6 files changed, 11 insertions(+), 15 deletions(-) diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml index b8ddc9b476..86c795d11d 100644 --- a/.github/workflows/backport.yaml +++ b/.github/workflows/backport.yaml @@ -4,15 +4,11 @@ on: pull_request_target: types: [closed, labeled] -permissions: - contents: read - jobs: pull-request: runs-on: ubuntu-latest permissions: - contents: write - pull-requests: write + contents: read if: github.event.pull_request.state == 'closed' && github.event.pull_request.merged && (github.event_name != 'labeled' || startsWith('backport:', github.event.label.name)) steps: - name: Checkout @@ -23,8 +19,8 @@ jobs: uses: korthout/backport-action@bf5fdd624b35f95d5b85991a728bd5744e8c6cf2 # v1.3.1 # xref: https://github.com/korthout/backport-action#inputs with: - token: ${{ secrets.BOT_GITHUB_TOKEN }} - github_workspace: ${{ github.workspace }} + # Use token to allow workflows to be triggered for the created PR + github_token: ${{ secrets.BOT_GITHUB_TOKEN }} # Match labels with a pattern `backport:` label_pattern: '^backport:([^ ]+)$' # A bit shorter pull-request title than the default diff --git a/.github/workflows/e2e-arm64.yaml b/.github/workflows/e2e-arm64.yaml index f33dfd2e00..1deac0ccff 100644 --- a/.github/workflows/e2e-arm64.yaml +++ b/.github/workflows/e2e-arm64.yaml @@ -3,7 +3,7 @@ name: e2e-arm64 on: workflow_dispatch: push: - branches: [ main, update-components, e2e-*, release-* ] + branches: [ 'main', 'update-components', 'e2e-*', 'release/**' ] permissions: contents: read diff --git a/.github/workflows/e2e-bootstrap.yaml b/.github/workflows/e2e-bootstrap.yaml index 631f1069f3..c61b9944d0 100644 --- a/.github/workflows/e2e-bootstrap.yaml +++ b/.github/workflows/e2e-bootstrap.yaml @@ -3,9 +3,9 @@ name: e2e-bootstrap on: workflow_dispatch: push: - branches: [ main, release-* ] + branches: [ 'main', 'release/**' ] pull_request: - branches: [ main, release-* ] + branches: [ 'main', 'release/**' ] permissions: contents: read diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index d7655d6e6d..d5b7b6fe8a 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -3,9 +3,9 @@ name: e2e on: workflow_dispatch: push: - branches: [ main, release-* ] + branches: [ 'main', 'release/**' ] pull_request: - branches: [ main, release-* ] + branches: [ 'main', 'release/**' ] permissions: contents: read diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index f412388cc5..ca68607f84 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -3,9 +3,9 @@ name: scan on: workflow_dispatch: push: - branches: [ main ] + branches: [ 'main', 'release/**' ] pull_request: - branches: [ main ] + branches: [ 'main', 'release/**' ] schedule: - cron: '18 10 * * 3' diff --git a/.github/workflows/update.yaml b/.github/workflows/update.yaml index ff869a5a20..67996a8aa0 100644 --- a/.github/workflows/update.yaml +++ b/.github/workflows/update.yaml @@ -99,7 +99,7 @@ jobs: body: | ${{ steps.update.outputs.pr_body }} labels: | - area/build + dependencies reviewers: ${{ secrets.ASSIGNEES }} - name: Check output From 8e61fe805cf18610a9fe363123749e44112f5a5e Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Tue, 4 Jul 2023 13:32:24 +0300 Subject: [PATCH 3/3] ci: group all GH action updates under the same PR Signed-off-by: Stefan Prodan --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9e16176ac3..e07776c56c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,6 +4,13 @@ updates: - package-ecosystem: "github-actions" directory: "/" labels: ["area/ci", "dependencies"] + groups: + # Group all updates together, so that they are all applied in a single PR. + # Grouped updates are currently in beta and is subject to change. + # xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups + ci: + patterns: + - "*" schedule: # By default, this will be on a monday. interval: "weekly"