From 75612fb8919274f201be27afcd81e3729675f764 Mon Sep 17 00:00:00 2001 From: borislavr Date: Thu, 26 Mar 2026 09:08:36 +0000 Subject: [PATCH 1/2] chore: update of common workflows --- .github/workflows/automatic-pr-labeler.yaml | 23 ++++++--- .github/workflows/link-checker.yaml | 18 +++---- .github/workflows/pr-assigner.yml | 14 ++++-- .github/workflows/pr-lint-title.yaml | 3 +- .github/workflows/profanity-filter.yaml | 3 +- .github/workflows/super-linter.yaml | 52 ++++++++------------- 6 files changed, 60 insertions(+), 53 deletions(-) diff --git a/.github/workflows/automatic-pr-labeler.yaml b/.github/workflows/automatic-pr-labeler.yaml index 03ef489..c4c5b89 100644 --- a/.github/workflows/automatic-pr-labeler.yaml +++ b/.github/workflows/automatic-pr-labeler.yaml @@ -7,7 +7,7 @@ # https://github.com/Netcracker/.github/blob/main/config/examples/auto-labeler-config.yaml name: Automatic PR Labeler - +run-name: PR #${{ github.event.pull_request.number }} - Automatic Labeler on: pull_request: branches: [main] @@ -15,33 +15,44 @@ on: [opened, reopened, synchronize] permissions: - pull-requests: write contents: read - issues: write jobs: assign-labels: + name: "Assign Labels to PR #${{ github.event.pull_request.number }}" if: (github.event.pull_request.merged == false) && (github.event.pull_request.user.login != 'dependabot[bot]') && (github.event.pull_request.user.login != 'github-actions[bot]') + permissions: + pull-requests: write + contents: read + issues: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: "Checkout Repository" + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: "Execute assign labels" id: action-assign-labels - uses: mauroalderete/action-assign-labels@v1 + uses: mauroalderete/action-assign-labels@671a4ca2da0f900464c58b8b5540a1e07133e915 # v1.5.1 with: pull-request-number: ${{ github.event.pull_request.number }} github-token: ${{ github.token }} conventional-commits: "./.github/auto-labeler-config.yaml" maintain-labels-not-matched: true apply-changes: ${{ github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }} + + - name: "Set labels-next safely for PR from fork" + if: ${{ github.event.pull_request.base.repo.id != github.event.pull_request.head.repo.id }} + run: | + echo "LABELS_NEXT=$(echo ${STEPS_ACTION_ASSIGN_LABELS_OUTPUTS_LABELS_NEXT} | tr -dc 'a-zA-Z0-9-,')" >> $GITHUB_ENV + env: + STEPS_ACTION_ASSIGN_LABELS_OUTPUTS_LABELS_NEXT: ${{ steps.action-assign-labels.outputs.labels-next }} - name: "Drop warning if PR from fork" if: ${{ github.event.pull_request.base.repo.id != github.event.pull_request.head.repo.id }} run: | { echo "⚠️ Pull request from fork! ⚠️"; echo "Labels will not be applied to PR. Assign them manually please."; - echo "Labels to assign: ${{ steps.action-assign-labels.outputs.labels-next }}"; + echo "Labels to assign: '${LABELS_NEXT}'"; } >> "$GITHUB_STEP_SUMMARY" diff --git a/.github/workflows/link-checker.yaml b/.github/workflows/link-checker.yaml index c41cfda..478675a 100644 --- a/.github/workflows/link-checker.yaml +++ b/.github/workflows/link-checker.yaml @@ -1,5 +1,5 @@ --- -name: Link Checker +name: "Link Checker" on: push: null @@ -7,27 +7,29 @@ on: workflow_dispatch: null pull_request: branches: [main] - types: - [opened, reopened, synchronize] permissions: contents: read jobs: linkChecker: + name: "Run Link Checker" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: "Checkout code" + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false - - name: Restore lychee cache - uses: actions/cache@v4 + - name: "Restore lychee cache" + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 id: restore-cache with: path: .lycheecache key: cache-lychee-${{ github.sha }} restore-keys: cache-lychee- - - name: Link Checker + - name: "Link Checker" id: lychee - uses: lycheeverse/lychee-action@v2 + uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 #v2.8.0 with: args: >- './**/*.md' diff --git a/.github/workflows/pr-assigner.yml b/.github/workflows/pr-assigner.yml index 66965ff..3b382ce 100644 --- a/.github/workflows/pr-assigner.yml +++ b/.github/workflows/pr-assigner.yml @@ -7,25 +7,29 @@ on: - main permissions: - pull-requests: write contents: read jobs: pr-auto-assign: + name: "Auto-assign Reviewers to PR #${{ github.event.pull_request.number }}" runs-on: ubuntu-latest - + permissions: + pull-requests: write + contents: read steps: - - name: Check if PR is from a fork + - name: "Check if PR is from a fork" run: | if [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.event.pull_request.base.repo.full_name }}" ]; then echo "⚠️ Pull request is from a fork — skipping assignee assignment (no write permissions)." exit 0 fi - - uses: actions/checkout@v5 + - name: "Checkout Repository" + uses: actions/checkout@v6.0.1 with: persist-credentials: false - - uses: netcracker/qubership-workflow-hub/actions/pr-assigner@b575bad3a0959c4e883bc34f9d055ff07fde2dbd #2.0.1 + - name: "Assign Reviewers" + uses: netcracker/qubership-workflow-hub/actions/pr-assigner@5a557213e92e3d22d0292330c4817c82af6704d2 #2.1.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr-lint-title.yaml b/.github/workflows/pr-lint-title.yaml index 64a5865..f3aeb74 100644 --- a/.github/workflows/pr-lint-title.yaml +++ b/.github/workflows/pr-lint-title.yaml @@ -18,6 +18,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v6 + - name: "Semantic PR Title Lint" + uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1 env: GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/profanity-filter.yaml b/.github/workflows/profanity-filter.yaml index 74926d3..cf76843 100644 --- a/.github/workflows/profanity-filter.yaml +++ b/.github/workflows/profanity-filter.yaml @@ -15,12 +15,13 @@ permissions: jobs: apply-filter: + name: "Apply Profanity Filter" runs-on: ubuntu-latest steps: - name: Scan issue or pull request for profanity # Conditionally run the step if the actor isn't a bot if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'github-actions[bot]' }} - uses: IEvangelist/profanity-filter@9.07 + uses: IEvangelist/profanity-filter@10.0 id: profanity-filter with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index 45c179b..8d3278c 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -29,49 +29,38 @@ permissions: contents: read jobs: - prepare-configs: + super-linter: + name: "Lint Code Base" runs-on: ubuntu-latest + permissions: + contents: read + packages: read + statuses: write steps: - name: "Get the common linters configuration" - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: ref: main # fix/superlinter-config repository: netcracker/.github persist-credentials: false + path: common-configs sparse-checkout: | config/linters - - name: "Upload the common linters configuration" - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: linter-config - path: "${{ github.workspace }}/config" - include-hidden-files: true - run-lint: - needs: [prepare-configs] - runs-on: ubuntu-latest - permissions: - contents: read - packages: read + - name: "Move configs" + run: | + cp --update=none -vRT ./common-configs/config/linters /tmp/linters + rm -rf ./common-configs # To report GitHub Actions status checks - statuses: write - steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: "Checkout code" + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: # Full git history is needed to get a proper list of changed files within `super-linter` fetch-depth: 0 persist-credentials: false - - name: "Get the common linters configuration" - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 - id: download - with: - name: linter-config - path: /tmp/linter-config - name: "Apply the common linters configuration" - if: ${{ steps.download.outputs.download-path != '' }} run: | mkdir -p ./.github/linters - cp --update=none -vRT /tmp/linter-config/linters ./.github/linters + cp --update=none -vRT /tmp/linters ./.github/linters - name: "Load super-linter environment file" shell: bash @@ -81,18 +70,17 @@ jobs: echo "Applying local linter environment:" grep "\S" ${GITHUB_WORKSPACE}/.github/super-linter.env | grep -v "^#" grep "\S" ${GITHUB_WORKSPACE}/.github/super-linter.env | grep -v "^#" >> $GITHUB_ENV - elif [ -f "/tmp/linter-config/linters/super-linter.env" ]; then + elif [ -f "/tmp/linters/super-linter.env" ]; then echo "::warning:: Local linter environment file .github/super-linter.env is not found" echo "Applying common linter environment:" - grep "\S" /tmp/linter-config/linters/super-linter.env | grep -v "^#" - grep "\S" /tmp/linter-config/linters/super-linter.env | grep -v "^#" >> $GITHUB_ENV + grep "\S" /tmp/linters/super-linter.env | grep -v "^#" + grep "\S" /tmp/linters/super-linter.env | grep -v "^#" >> $GITHUB_ENV fi - - name: Lint Code Base - uses: super-linter/super-linter/slim@ffde3b2b33b745cb612d787f669ef9442b1339a6 # v8.1.0 + - name: "Lint Code Base" + uses: super-linter/super-linter/slim@61abc07d755095a68f4987d1c2c3d1d64408f1f9 # v8.5.0 env: VALIDATE_ALL_CODEBASE: ${{ inputs.full_scan || false }} # To report GitHub Actions status checks GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} DEFAULT_BRANCH: ${{ github.event.pull_request.base.ref || github.event.push.ref }} - From 563143b86ee1e922549c26f356e0c0885086b38f Mon Sep 17 00:00:00 2001 From: borislavr Date: Thu, 26 Mar 2026 09:24:52 +0000 Subject: [PATCH 2/2] chore: update of common workflows --- .github/workflows/pr-assigner.yml | 2 +- .github/workflows/profanity-filter.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-assigner.yml b/.github/workflows/pr-assigner.yml index 3b382ce..b89f271 100644 --- a/.github/workflows/pr-assigner.yml +++ b/.github/workflows/pr-assigner.yml @@ -25,7 +25,7 @@ jobs: fi - name: "Checkout Repository" - uses: actions/checkout@v6.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/profanity-filter.yaml b/.github/workflows/profanity-filter.yaml index cf76843..194f846 100644 --- a/.github/workflows/profanity-filter.yaml +++ b/.github/workflows/profanity-filter.yaml @@ -21,7 +21,7 @@ jobs: - name: Scan issue or pull request for profanity # Conditionally run the step if the actor isn't a bot if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'github-actions[bot]' }} - uses: IEvangelist/profanity-filter@10.0 + uses: IEvangelist/profanity-filter@7d6e0c79ee3d33ae09b5ed0c6e2fa04b9c512e08 #10.0 id: profanity-filter with: token: ${{ secrets.GITHUB_TOKEN }}