From a2d03719ccc16d72b30355424bc1ea11c62d3210 Mon Sep 17 00:00:00 2001 From: mmeest Date: Tue, 9 Sep 2025 21:27:04 +0300 Subject: [PATCH 1/7] initial --- .github/workflows/auto-merge.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/auto-merge.yml diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml new file mode 100644 index 0000000..f4ee371 --- /dev/null +++ b/.github/workflows/auto-merge.yml @@ -0,0 +1,31 @@ +name: Dependabot auto-merge + +on: + pull_request: + types: [opened, edited, synchronize, reopened, labeled] + +permissions: + contents: write + pull-requests: write + +jobs: + auto-merge-patch: + runs-on: ubuntu-latest + if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'internetee/e-invoice' + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Fetch Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Enable auto-merge for patch updates + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' + run: | + gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From e89cfa720275a8c72bd55b61e6fe32ffdb12ae20 Mon Sep 17 00:00:00 2001 From: mmeest Date: Tue, 9 Sep 2025 21:30:53 +0300 Subject: [PATCH 2/7] added extra line --- .github/workflows/auto-merge.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index f4ee371..18533ad 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -28,4 +28,5 @@ jobs: gh pr merge --auto --merge "$PR_URL" env: PR_URL: ${{ github.event.pull_request.html_url }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + \ No newline at end of file From d2fde073d8239136b5d70333ddc0c664b7686a57 Mon Sep 17 00:00:00 2001 From: mmeest Date: Tue, 9 Sep 2025 21:36:18 +0300 Subject: [PATCH 3/7] updated test runner to ubuntu latest --- .github/workflows/ruby.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index fa6a47f..b8e17c0 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -7,7 +7,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-20.04] + os: [ubuntu-latest] ruby: [ 2.7 ] runs-on: ${{ matrix.os }} continue-on-error: ${{ endsWith(matrix.ruby, 'head') || matrix.ruby == 'debug' }} @@ -73,9 +73,9 @@ jobs: upload_coverage: strategy: matrix: - os: [ ubuntu-20.04 ] + os: [ ubuntu-latest ] ruby: [ '2.7' ] - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest env: CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} CC_TEST_REPORTER_URL: https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 From eee59cf6eaba3856e3253ec125b5a54db19ef000 Mon Sep 17 00:00:00 2001 From: mmeest Date: Tue, 9 Sep 2025 21:38:42 +0300 Subject: [PATCH 4/7] updated github actions artifact --- .github/workflows/ruby.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index b8e17c0..295748f 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -65,7 +65,7 @@ jobs: - name: Save coverage run: ./cc-test-reporter format-coverage --output coverage/codeclimate.${{ matrix.ruby }}.json - - uses: actions/upload-artifact@v3.1.3 + - uses: actions/upload-artifact@v4 with: name: coverage-${{ matrix.ruby }} path: coverage/codeclimate.${{ matrix.ruby }}.json @@ -89,7 +89,7 @@ jobs: - name: Give test coverage reporter executable permissions run: chmod +x cc-test-reporter - - uses: actions/download-artifact@v3.0.2 + - uses: actions/download-artifact@v4 with: name: coverage-${{ matrix.ruby }} path: coverage From f0c37e1adbb84d98fa766fe5ce5c77ce27737d95 Mon Sep 17 00:00:00 2001 From: mmeest Date: Fri, 19 Sep 2025 14:53:16 +0300 Subject: [PATCH 5/7] update --- .github/workflows/auto-merge.yml | 87 ++++++++++++++++++++++++++++---- .github/workflows/ruby.yml | 2 +- 2 files changed, 77 insertions(+), 12 deletions(-) diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index 18533ad..538b7ca 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -1,32 +1,97 @@ -name: Dependabot auto-merge +name: Auto approve & merge Dependabot PRs on: - pull_request: - types: [opened, edited, synchronize, reopened, labeled] + workflow_run: + workflows: ["Github Testing"] + types: [completed] permissions: contents: write pull-requests: write jobs: - auto-merge-patch: + auto-approve-merge: runs-on: ubuntu-latest - if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'internetee/e-invoice' + if: github.event.workflow_run.conclusion == 'success' && github.repository == 'internetee/e_invoice' steps: - - name: Checkout + - name: Checkout repository uses: actions/checkout@v5 + - name: Install GitHub CLI + run: | + curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null + sudo apt update + sudo apt install gh + + - name: Check if PR exists and is from Dependabot + id: check_pr + run: | + if [ -z "${{ github.event.workflow_run.pull_requests[0].number }}" ]; then + echo "No PR found for this workflow run – skipping job" + echo "auto_merge=false" >> $GITHUB_OUTPUT + exit 0 + fi + + PR_NUMBER=${{ github.event.workflow_run.pull_requests[0].number }} + PR_AUTHOR=$(gh pr view $PR_NUMBER --json author --jq '.author.login') + BASE_BRANCH=$(gh pr view $PR_NUMBER --json baseRefName --jq '.baseRefName') + + echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT + echo "base_branch=$BASE_BRANCH" >> $GITHUB_OUTPUT + echo "pr_author=$PR_AUTHOR" >> $GITHUB_OUTPUT + + if [[ "$PR_AUTHOR" != "dependabot[bot]" ]]; then + echo "PR is not from Dependabot – skipping merge" + echo "auto_merge=false" >> $GITHUB_OUTPUT + exit 0 + fi + + if [[ "$BASE_BRANCH" != "master" ]]; then + echo "PR is not targeting master – skipping merge" + echo "auto_merge=false" >> $GITHUB_OUTPUT + exit 0 + fi + + echo "auto_merge=true" >> $GITHUB_OUTPUT + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Fetch Dependabot metadata + if: steps.check_pr.outputs.auto_merge == 'true' id: metadata - uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 + uses: dependabot/fetch-metadata@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + pull-request-number: ${{ steps.check_pr.outputs.pr_number }} + + - name: Check if PR should be auto-merged (patch only) + id: check_patch + if: steps.check_pr.outputs.auto_merge == 'true' + run: | + if [[ "${{ steps.metadata.outputs.update-type }}" == "version-update:semver-patch" ]]; then + echo "auto_merge=true" >> $GITHUB_OUTPUT + echo "Dependabot patch update detected – will merge" + else + echo "auto_merge=false" >> $GITHUB_OUTPUT + echo "Dependabot non-patch update – skipping merge" + fi + shell: bash + + - name: Auto approve PR + if: steps.check_patch.outputs.auto_merge == 'true' + uses: hmarr/auto-approve-action@v3 with: github-token: ${{ secrets.GITHUB_TOKEN }} - - name: Enable auto-merge for patch updates - if: steps.metadata.outputs.update-type == 'version-update:semver-patch' + - name: Auto-merge PR + if: steps.check_patch.outputs.auto_merge == 'true' run: | - gh pr merge --auto --merge "$PR_URL" + echo "Attempting to auto-merge PR #${{ steps.check_pr.outputs.pr_number }}" + gh pr merge --auto --merge ${{ steps.check_pr.outputs.pr_number }} || { + echo "Auto-merge failed, but continuing..." + exit 0 + } env: - PR_URL: ${{ github.event.pull_request.html_url }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index 295748f..b0834aa 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -1,5 +1,5 @@ name: Github Testing -on: [push] +on: [push, pull_request] jobs: From 6f277258c40aaab55889dd5ae956521f8d22b3bb Mon Sep 17 00:00:00 2001 From: mmeest Date: Tue, 23 Sep 2025 14:06:46 +0300 Subject: [PATCH 6/7] added mattermost notification --- .github/workflows/auto-merge.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index 538b7ca..3dc0365 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -94,4 +94,13 @@ jobs: } env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Send Mattermost notification + if: steps.check_patch.outputs.auto_merge == 'true' + run: | + TIMESTAMP=$(date -u +"%Y-%m-%d %H:%M UTC") + curl -X POST -H "Authorization: Bearer ${{ secrets.MATTERMOST_BOT_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d "{\"channel_id\":\"${{ secrets.MATTERMOST_CHANNEL_ID }}\",\"message\":\"[${{ github.repository }}] PR #${{ steps.check_pr.outputs.pr_number }}: \\\"${{ github.event.workflow_run.pull_requests[0].title }}\\\" was auto-merged by ${{ steps.check_pr.outputs.pr_author }}.\nUpdate type: ${{ steps.metadata.outputs.update-type || 'patch' }}\nMerged at: $TIMESTAMP\nLink: https://github.com/${{ github.repository }}/pull/${{ steps.check_pr.outputs.pr_number }}\"}" \ + https://mattermost.example.com/api/v4/posts \ No newline at end of file From ecfdaafc37afa0cb8f0e4dcf605188935a8e88cb Mon Sep 17 00:00:00 2001 From: mmeest Date: Wed, 1 Oct 2025 15:45:40 +0300 Subject: [PATCH 7/7] update ruby yml --- .github/workflows/ruby.yml | 148 +++++++++++++++++-------------------- 1 file changed, 69 insertions(+), 79 deletions(-) diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index b0834aa..0962b3f 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -1,101 +1,91 @@ name: Github Testing -on: [push, pull_request] +on: [push] +permissions: + contents: read + id-token: write jobs: + bundle_audit: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v5 + - uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.2.2 + - name: config bundler + run: | + bundle config set deployment 'false' + bundle env + head -n1 $(which bundle) + - name: Install dependencies + run: | + bundle install --jobs 4 --retry 3 + - name: Install bundle-audit + run: gem install bundle-audit + - name: Bundle Audit Check + run: gem exec bundle-audit check --update + test: strategy: fail-fast: false matrix: - os: [ubuntu-latest] - ruby: [ 2.7 ] + os: [ubuntu-24.04] + ruby: ['3.2.2'] runs-on: ${{ matrix.os }} - continue-on-error: ${{ endsWith(matrix.ruby, 'head') || matrix.ruby == 'debug' }} - steps: + env: + RAILS_ENV: test + COVERAGE: true + DISABLE_SPRING: 1 - - uses: actions/checkout@v4 - - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby }} - bundler-cache: true # runs 'bundle install' and caches installed gems automatically - - name: config bundler - run: | - bundle config set without 'development staging production' - bundle config set deployment '[secure]' - bundle env - head -n1 $(which bundle) + steps: + - uses: actions/checkout@v5 - - name: Set ENV for codeclimate (pull_request) - run: | - git fetch --no-tags --prune --depth=1 origin +refs/heads/$GITHUB_HEAD_REF:refs/remotes/origin/$GITHUB_HEAD_REF - echo "GIT_BRANCH=$GITHUB_HEAD_REF" >> $GITHUB_ENV - echo "GIT_COMMIT_SHA=$(git rev-parse origin/$GITHUB_HEAD_REF)" >> $GITHUB_ENV - if: github.event_name == 'pull_request' + - uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} - - name: Set ENV for codeclimate (push) - run: | - echo "GIT_BRANCH=$GITHUB_REF" >> $GITHUB_ENV - echo "GIT_COMMIT_SHA=$GITHUB_SHA" >> $GITHUB_ENV - if: github.event_name == 'push' + - name: config bundler + run: | + bundle config set deployment 'false' + bundle env + head -n1 $(which bundle) - - name: Prepare CodeClimate - env: - CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} - run: | - curl -LSs 'https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64' >./cc-test-reporter; - chmod +x ./cc-test-reporter - ./cc-test-reporter before-build + - name: Install dependencies + run: | + bundle install --jobs 4 --retry 3 - - name: Run Tests - env: - RAILS_ENV: test - COVERAGE: true - DISABLE_SPRING: 1 - run: | - gem install bundler -v '>= 2.2.10' - gem install simplecov -v '<= 0.17.1' - gem install builder - gem install nokogiri -v '~> 1.11.3' - gem install savon - gem install webmock - gem install mocha - gem install minitest -v '~> 5.14' - bundle install - rake - - name: Save coverage - run: ./cc-test-reporter format-coverage --output coverage/codeclimate.${{ matrix.ruby }}.json + - name: Run Tests + run: rake - - uses: actions/upload-artifact@v4 - with: - name: coverage-${{ matrix.ruby }} - path: coverage/codeclimate.${{ matrix.ruby }}.json + - name: Setup qlty.sh + run: | + curl -sSL https://qlty.sh/install.sh | bash + export PATH="$HOME/.qlty/bin:$PATH" + qlty --version - upload_coverage: - strategy: - matrix: - os: [ ubuntu-latest ] - ruby: [ '2.7' ] - runs-on: ubuntu-latest - env: - CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} - CC_TEST_REPORTER_URL: https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 + - name: Initialize qlty.sh + run: | + export PATH="$HOME/.qlty/bin:$PATH" + qlty init --no - needs: test + - name: Run qlty.sh analysis + run: | + export PATH="$HOME/.qlty/bin:$PATH" + qlty check - steps: - - name: Download test coverage reporter - run: curl -L $CC_TEST_REPORTER_URL > cc-test-reporter + - name: Upload coverage to qlty.sh + uses: qltysh/qlty-action/coverage@v2 + with: + oidc: true + files: coverage/.resultset.json - - name: Give test coverage reporter executable permissions - run: chmod +x cc-test-reporter + - uses: actions/upload-artifact@v4 + with: + name: qlty-report-${{ matrix.ruby }} + path: qlty-report.json - - uses: actions/download-artifact@v4 + - uses: actions/upload-artifact@v4 with: name: coverage-${{ matrix.ruby }} - path: coverage - - - name: Aggregate & upload results to Code Climate - run: | - ./cc-test-reporter sum-coverage coverage/codeclimate.*.json - ./cc-test-reporter upload-coverage - + path: coverage/