From 03dc3956ad650d84458d2df8aa13ea097329f1ec Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Mon, 24 Jan 2022 21:57:04 +0100 Subject: [PATCH 01/22] ci(dependabot): Add default reviewer --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f1d26d80..06df8c06 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,5 @@ updates: directory: "/" # Location of package manifests schedule: interval: "daily" + reviewers: + - mark-stopka From 3715e55ba459d39ff4a2ea1511d7f18dc741420f Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Mon, 24 Jan 2022 22:06:04 +0100 Subject: [PATCH 02/22] ci(dependabot): Add Dependabot config validation --- .github/workflows/validate.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 399bc579..f3a88c61 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -80,4 +80,13 @@ jobs: uses: actions-rs/cargo@v1 with: command: clippy - args: --all-features -- -D warnings \ No newline at end of file + args: --all-features -- -D warnings + + - name: Validate Dependabot Config + - uses: marocchino/validate-dependabot@v1 + id: validate + - uses: marocchino/sticky-pull-request-comment@v2 + if: always() + with: + header: validate-dependabot + message: ${{ steps.validate.outputs.markdown }} From fcffe85ab0585016bccc81b00d7a456d0bb9103a Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Mon, 24 Jan 2022 22:14:48 +0100 Subject: [PATCH 03/22] fix(style): Fix GH Actions workflow syntax --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index f3a88c61..17135c93 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -83,7 +83,7 @@ jobs: args: --all-features -- -D warnings - name: Validate Dependabot Config - - uses: marocchino/validate-dependabot@v1 + uses: marocchino/validate-dependabot@v1 id: validate - uses: marocchino/sticky-pull-request-comment@v2 if: always() From e306525aff984911ff8c8038678eaafe3715706c Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 15:28:19 +0100 Subject: [PATCH 04/22] fix(ci): Dependabot config lint --- .github/workflows/dependabot-2.0.json | 360 ++++++++++++++++++++++++++ .github/workflows/validate.yml | 8 +- 2 files changed, 365 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/dependabot-2.0.json diff --git a/.github/workflows/dependabot-2.0.json b/.github/workflows/dependabot-2.0.json new file mode 100644 index 00000000..1e73ebd4 --- /dev/null +++ b/.github/workflows/dependabot-2.0.json @@ -0,0 +1,360 @@ +{ + "$id": "http://json-schema.org/draft-04/schema#", + "$schema": "http://json-schema.org/draft-07/schema", + "title": "GitHub Dependabot v2 config", + "definitions": { + "dependency-type": { + "type": "string", + "enum": [ + "direct", + "indirect", + "all", + "production", + "development" + ], + "x-intellij-enum-metadata": { + "direct": { + "description": "All explicitly defined dependencies." + }, + "indirect": { + "description": "Dependencies of direct dependencies (also known as sub-dependencies, or transient dependencies)." + }, + "all": { + "description": "All explicitly defined dependencies. For bundler, pip, composer, cargo, also the dependencies of direct dependencies." + }, + "production": { + "description": "Only dependencies in the 'Product dependency group'." + }, + "development": { + "description": "Only dependencies in the 'Development dependency group'." + } + } + }, + "versioning-strategy": { + "type": "string", + "enum": [ + "lockfile-only", + "auto", + "widen", + "increase", + "increase-if-necessary" + ], + "x-intellij-enum-metadata": { + "lockfile-only": { + "description": "Only create pull requests to update lockfiles updates. Ignore any new versions that would require package manifest changes." + }, + "auto": { + "description": "Follow the default strategy described above." + }, + "widen": { + "description": "Relax the version requirement to include both the new and old version, when possible." + }, + "increase": { + "description": "Always increase the version requirement to match the new version." + }, + "increase-if-necessary": { + "description": "Increase the version requirement only when required by the new version." + } + } + }, + "package-ecosystem": { + "type": "string", + "enum": [ + "bundler", + "cargo", + "composer", + "docker", + "elm", + "gitsubmodule", + "github-actions", + "gomod", + "gradle", + "maven", + "mix", + "npm", + "nuget", + "pip", + "terraform" + ] + }, + "schedule-day": { + "type": "string", + "enum": [ + "monday", + "tuesday", + "wednesday", + "thursday", + "friday", + "saturday", + "sunday" + ] + }, + "schedule-interval": { + "type": "string", + "enum": [ + "daily", + "weekly", + "monthly" + ] + }, + "update": { + "type": "object", + "properties": { + "allow": { + "description": "Customize which updates are allowed", + "type": "array", + "items": { + "type": "object", + "properties": { + "dependency-name": { + "type": "string" + }, + "dependency-type": { + "$ref": "#/definitions/dependency-type" + } + } + } + }, + "assignees": { + "description": "Assignees to set on pull requests", + "type": "array", + "items": { + "type": "string" + }, + "minimum": 1 + }, + "commit-message": { + "description": "Commit message preferences", + "type": "object", + "properties": { + "prefix": { + "type": "string" + }, + "prefix-development": { + "type": "string" + }, + "include": { + "type": "string", + "const": "scope", + "default": "scope" + } + } + }, + "directory": { + "description": "Location of package manifests", + "type": "string", + "default": "/" + }, + "ignore": { + "description": "Ignore certain dependencies or versions", + "type": "array", + "items": { + "type": "object", + "properties": { + "dependency-name": { + "type": "string" + }, + "dependency-type": { + "$ref": "#/definitions/dependency-type" + }, + "versions": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "labels": { + "description": "Labels to set on pull requests", + "type": "array", + "items": { + "type": "string" + }, + "default": [ + "dependencies" + ] + }, + "milestone": { + "description": "Milestone to set on pull requests", + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ] + }, + "open-pull-requests-limit": { + "description": "Limit number of open pull requests for version updates", + "type": "integer", + "default": 5 + }, + "package-ecosystem": { + "description": "Package manager to use", + "$ref": "#/definitions/package-ecosystem" + }, + "pull-request-branch-name": { + "description": "Pull request branch name preferences", + "type": "object", + "properties": { + "separator": { + "description": "Change separator for PR branch name", + "type": "string", + "default": "/" + } + }, + "required": [ + "separator" + ] + }, + "rebase-strategy": { + "description": "Disable automatic rebasing", + "type": "string", + "enum": [ + "auto", + "disabled" + ], + "default": "auto" + }, + "reviewers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Reviewers to set on pull requests", + "minimum": 1 + }, + "schedule": { + "description": "Schedule preferences", + "type": "object", + "properties": { + "interval": { + "$ref": "#/definitions/schedule-interval" + }, + "day": { + "$ref": "#/definitions/schedule-day", + "description": "Specify an alternative day to check for updates" + }, + "time": { + "type": "string", + "description": "Specify an alternative time of day to check for updates (format: hh:mm)" + }, + "timezone": { + "type": "string", + "description": "The time zone identifier must be from the Time Zone database maintained by IANA", + "default": "05:00 UTC" + } + } + }, + "target-branch": { + "type": "string", + "description": "Branch to create pull requests against" + }, + "versioning-strategy": { + "description": "How to update manifest version requirements", + "$ref": "#/definitions/versioning-strategy" + } + }, + "required": [ + "package-ecosystem", + "directory", + "schedule" + ] + }, + "registry": { + "type": "object", + "title": "registries", + "description": "The top-level registries key is optional. It allows you to specify authentication details that Dependabot can use to access private package registries.", + "additionalProperties": false, + "patternProperties": { + ".*": { + "type": "object", + "additionalProperties": false, + "properties": { + "type": { + "description": "Identifies the type of registry.", + "enum": [ + "composer-repository", + "docker-registry", + "git", + "hex-organization", + "maven-repository", + "npm-registry", + "nuget-feed", + "python-index", + "rubygems-server", + "terraform-registry" + ] + }, + "url": { + "description": "The URL to use to access the dependencies in this registry. The protocol is optional. If not specified, https:// is assumed. Dependabot adds or ignores trailing slashes as required.", + "type": "string" + }, + "username": { + "description": "The username that Dependabot uses to access the registry.", + "type": "string" + }, + "password": { + "description": "A reference to a Dependabot secret containing the password for the specified user.", + "type": "string" + }, + "key": { + "description": "A reference to a Dependabot secret containing an access key for this registry.", + "type": "string" + }, + "token": { + "description": "A reference to a Dependabot secret containing an access token for this registry.", + "type": "string" + }, + "replaces-base": { + "description": "For registries with type: python-index, if the boolean value is true, pip resolves dependencies by using the specified URL rather than the base URL of the Python Package Index (by default https://pypi.org/simple).", + "type": "boolean" + }, + "organization": { + "description": "", + "type": "string" + } + }, + "required": [ + "type" + ] + } + } + } + }, + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "anyOf": [ + { + "type": "string", + "default": "2" + }, + { + "type": "integer", + "default": 2 + } + ] + }, + "updates": { + "type": "array", + "items": { + "title": "Package Ecosystem", + "description": "Element for each one package manager that you want GitHub Dependabot to monitor for new versions", + "$ref": "#/definitions/update" + } + }, + "registries": { + "type": "object", + "$ref": "#/definitions/registry" + } + }, + "required": [ + "version", + "updates" + ] +} \ No newline at end of file diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 9bee9ed4..6e73c237 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -86,10 +86,12 @@ jobs: uses: editorconfig-checker/action-editorconfig-checker@v1 - name: Validate Dependabot Config - uses: marocchino/validate-dependabot@v1 - id: validate + uses: emagers/json-schema-validation@v1.0.0 + with: + schema: .github\workflows\dependabot-2.0.json + testFile: .github\dependabot.yml - uses: marocchino/sticky-pull-request-comment@v2 if: always() with: header: validate-dependabot - message: ${{ steps.validate.outputs.markdown }} \ No newline at end of file + message: ${{ steps.validate.outputs.markdown }} From fbaf7b291bff9a9d5a6af81c74ab7eb21a576ca5 Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 15:41:44 +0100 Subject: [PATCH 05/22] fix(ci): Typos --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 6e73c237..5d54fd39 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -88,8 +88,8 @@ jobs: - name: Validate Dependabot Config uses: emagers/json-schema-validation@v1.0.0 with: - schema: .github\workflows\dependabot-2.0.json - testFile: .github\dependabot.yml + schema: .github/workflows/dependabot-2.0.json + testFile: .github/dependabot.yml - uses: marocchino/sticky-pull-request-comment@v2 if: always() with: From 9565246bfa3258ccc28a8fb157c1e57c12cf2561 Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 16:25:17 +0100 Subject: [PATCH 06/22] fix(ci): Convert YAML to JSON for validation --- .github/workflows/validate.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 5d54fd39..1f3517a8 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -85,11 +85,17 @@ jobs: - name: Check EditorConfig Compliance uses: editorconfig-checker/action-editorconfig-checker@v1 + - uses: fabasoad/yaml-json-xml-converter-action@main + id: yaml2json + with: + path: '.github/dependabot.yml' + from: 'yaml' + to: 'json' - name: Validate Dependabot Config uses: emagers/json-schema-validation@v1.0.0 with: schema: .github/workflows/dependabot-2.0.json - testFile: .github/dependabot.yml + testFile: ${{ steps.yaml2json.outputs.data }} - uses: marocchino/sticky-pull-request-comment@v2 if: always() with: From bbb2491979fb7de8bf36d628d431a45acfaa5a1a Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 16:40:17 +0100 Subject: [PATCH 07/22] ci(fix): Fix conversion from YAML to JSON --- .github/workflows/validate.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 1f3517a8..a8bdbbda 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -85,17 +85,21 @@ jobs: - name: Check EditorConfig Compliance uses: editorconfig-checker/action-editorconfig-checker@v1 + - name: Convert YAML to JSON - uses: fabasoad/yaml-json-xml-converter-action@main id: yaml2json with: path: '.github/dependabot.yml' from: 'yaml' to: 'json' + - run: | + TMP_JSON_FILE=$(mktemp) + echo ${{ steps.yaml2json.outputs.data }} > ${TMP_JSON_FILE} - name: Validate Dependabot Config uses: emagers/json-schema-validation@v1.0.0 with: schema: .github/workflows/dependabot-2.0.json - testFile: ${{ steps.yaml2json.outputs.data }} + testFile: ${TMP_JSON_FILE} - uses: marocchino/sticky-pull-request-comment@v2 if: always() with: From 3dd667f283003d34704ec2d999d7a617ad8a0fca Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 16:42:57 +0100 Subject: [PATCH 08/22] ci(fix): Broken workflow spec --- .github/workflows/validate.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index a8bdbbda..fe2b9ec1 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -92,9 +92,10 @@ jobs: path: '.github/dependabot.yml' from: 'yaml' to: 'json' + - run: | - TMP_JSON_FILE=$(mktemp) - echo ${{ steps.yaml2json.outputs.data }} > ${TMP_JSON_FILE} + TMP_JSON_FILE=$(mktemp) + echo ${{ steps.yaml2json.outputs.data }} > ${TMP_JSON_FILE} - name: Validate Dependabot Config uses: emagers/json-schema-validation@v1.0.0 with: From ba885216dd9e953c55578cedf018eb376a192e9d Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 16:45:42 +0100 Subject: [PATCH 09/22] ci(fix): Fix workflow error --- .github/workflows/validate.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index fe2b9ec1..bbfcacb8 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -86,13 +86,12 @@ jobs: uses: editorconfig-checker/action-editorconfig-checker@v1 - name: Convert YAML to JSON - - uses: fabasoad/yaml-json-xml-converter-action@main + uses: fabasoad/yaml-json-xml-converter-action@main id: yaml2json with: path: '.github/dependabot.yml' from: 'yaml' to: 'json' - - run: | TMP_JSON_FILE=$(mktemp) echo ${{ steps.yaml2json.outputs.data }} > ${TMP_JSON_FILE} From 4f967b19a1baf64f8c247c4f294239973129a611 Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 17:30:21 +0100 Subject: [PATCH 10/22] ci(fix): Pass JSON Dependabot to validate --- .github/workflows/validate.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index bbfcacb8..41b38ef2 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -94,12 +94,13 @@ jobs: to: 'json' - run: | TMP_JSON_FILE=$(mktemp) - echo ${{ steps.yaml2json.outputs.data }} > ${TMP_JSON_FILE} + echo ${{ steps.yaml2json.outputs.data }} >> ${TMP_JSON_FILE} + echo "steps.yaml2json.outputs.file=${TMP_JSON_FILE}" >> $GITHUB_ENV - name: Validate Dependabot Config uses: emagers/json-schema-validation@v1.0.0 with: schema: .github/workflows/dependabot-2.0.json - testFile: ${TMP_JSON_FILE} + testFile: ${{ steps.yaml2json.outputs.data }} - uses: marocchino/sticky-pull-request-comment@v2 if: always() with: From b3281b55b670797d141cf1af0f01577ca66c217d Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 17:34:35 +0100 Subject: [PATCH 11/22] ci(fix): Fix typo --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 41b38ef2..82ec2124 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -100,7 +100,7 @@ jobs: uses: emagers/json-schema-validation@v1.0.0 with: schema: .github/workflows/dependabot-2.0.json - testFile: ${{ steps.yaml2json.outputs.data }} + testFile: ${{ steps.yaml2json.outputs.file }} - uses: marocchino/sticky-pull-request-comment@v2 if: always() with: From 76d01b179190f9d5b1f0c4d45e684353a7a651cd Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 17:44:54 +0100 Subject: [PATCH 12/22] ci(fix): Restructure env variabkes --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 82ec2124..54de7a6c 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -95,12 +95,12 @@ jobs: - run: | TMP_JSON_FILE=$(mktemp) echo ${{ steps.yaml2json.outputs.data }} >> ${TMP_JSON_FILE} - echo "steps.yaml2json.outputs.file=${TMP_JSON_FILE}" >> $GITHUB_ENV + echo "dependabotJsonFile=${TMP_JSON_FILE}" >> $GITHUB_ENV - name: Validate Dependabot Config uses: emagers/json-schema-validation@v1.0.0 with: schema: .github/workflows/dependabot-2.0.json - testFile: ${{ steps.yaml2json.outputs.file }} + testFile: ${{ env.dependabotJsonFile }} - uses: marocchino/sticky-pull-request-comment@v2 if: always() with: From b6a9106b1552f23654f172c7d228cbe49b7d9981 Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 18:56:23 +0100 Subject: [PATCH 13/22] ci(debug): Debug print --- .github/workflows/validate.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 54de7a6c..d9f79999 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -55,8 +55,8 @@ jobs: command: test args: --all-features - lints: - name: Lints + lints-rust: + name: Lint Rust runs-on: ubuntu-latest steps: - name: Checkout sources @@ -82,6 +82,10 @@ jobs: command: clippy args: --all-features -- -D warnings + lints-others: + name: Lint Support Files + runs-on: ubuntu-latest + steps: - name: Check EditorConfig Compliance uses: editorconfig-checker/action-editorconfig-checker@v1 @@ -96,6 +100,7 @@ jobs: TMP_JSON_FILE=$(mktemp) echo ${{ steps.yaml2json.outputs.data }} >> ${TMP_JSON_FILE} echo "dependabotJsonFile=${TMP_JSON_FILE}" >> $GITHUB_ENV + cat ${{ env.dependabotJsonFile }} - name: Validate Dependabot Config uses: emagers/json-schema-validation@v1.0.0 with: From c0bfeae4b698c1a6edd86a96dc28aa4dc6ee3bc9 Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 18:59:54 +0100 Subject: [PATCH 14/22] ci(fix): Add checkout to new pipeline --- .github/workflows/validate.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index d9f79999..23fc5d26 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -86,6 +86,9 @@ jobs: name: Lint Support Files runs-on: ubuntu-latest steps: + - name: Checkout sources + uses: actions/checkout@v2 + - name: Check EditorConfig Compliance uses: editorconfig-checker/action-editorconfig-checker@v1 From 64600064bf47882738387973c9f9bea63948f551 Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 19:25:52 +0100 Subject: [PATCH 15/22] ci(debug): Show JSON output --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 23fc5d26..9a8aed20 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -101,9 +101,9 @@ jobs: to: 'json' - run: | TMP_JSON_FILE=$(mktemp) - echo ${{ steps.yaml2json.outputs.data }} >> ${TMP_JSON_FILE} + echo ${{ steps.yaml2json.outputs.data }} | tee ${TMP_JSON_FILE} | jq echo "dependabotJsonFile=${TMP_JSON_FILE}" >> $GITHUB_ENV - cat ${{ env.dependabotJsonFile }} + - name: Validate Dependabot Config uses: emagers/json-schema-validation@v1.0.0 with: From 8e4426013c803be3935a55f4a13c644f1ca75089 Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 19:28:12 +0100 Subject: [PATCH 16/22] ci(fix): Style --- .github/workflows/validate.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 9a8aed20..a0255e0c 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -103,7 +103,6 @@ jobs: TMP_JSON_FILE=$(mktemp) echo ${{ steps.yaml2json.outputs.data }} | tee ${TMP_JSON_FILE} | jq echo "dependabotJsonFile=${TMP_JSON_FILE}" >> $GITHUB_ENV - - name: Validate Dependabot Config uses: emagers/json-schema-validation@v1.0.0 with: From 34ac12a052ae38f1316d0de3bf746b328584c459 Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 19:33:54 +0100 Subject: [PATCH 17/22] ci(debug): Change Dependabot version to string --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 06df8c06..bc0f410d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,7 +3,7 @@ # Please see the documentation for all configuration options: # https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates -version: 2 +version: "2" updates: - package-ecosystem: "cargo" # See documentation for possible values directory: "/" # Location of package manifests From 53fa6038b8faa50902095e7fc1b2d37d3b038d2b Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 20:15:35 +0100 Subject: [PATCH 18/22] ci(style): Validate EditorConfig file --- .github/workflows/validate.yml | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index a0255e0c..0b5e2ac8 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -92,24 +92,3 @@ jobs: - name: Check EditorConfig Compliance uses: editorconfig-checker/action-editorconfig-checker@v1 - - name: Convert YAML to JSON - uses: fabasoad/yaml-json-xml-converter-action@main - id: yaml2json - with: - path: '.github/dependabot.yml' - from: 'yaml' - to: 'json' - - run: | - TMP_JSON_FILE=$(mktemp) - echo ${{ steps.yaml2json.outputs.data }} | tee ${TMP_JSON_FILE} | jq - echo "dependabotJsonFile=${TMP_JSON_FILE}" >> $GITHUB_ENV - - name: Validate Dependabot Config - uses: emagers/json-schema-validation@v1.0.0 - with: - schema: .github/workflows/dependabot-2.0.json - testFile: ${{ env.dependabotJsonFile }} - - uses: marocchino/sticky-pull-request-comment@v2 - if: always() - with: - header: validate-dependabot - message: ${{ steps.validate.outputs.markdown }} From 18c25b7e362c866af2ad25cbb68ad3b01e138a95 Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 20:24:24 +0100 Subject: [PATCH 19/22] Update dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index bc0f410d..06df8c06 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,7 +3,7 @@ # Please see the documentation for all configuration options: # https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates -version: "2" +version: 2 updates: - package-ecosystem: "cargo" # See documentation for possible values directory: "/" # Location of package manifests From 143119b818a17b1f349f4920cee89b268490340e Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Tue, 25 Jan 2022 20:24:45 +0100 Subject: [PATCH 20/22] Delete dependabot-2.0.json --- .github/workflows/dependabot-2.0.json | 360 -------------------------- 1 file changed, 360 deletions(-) delete mode 100644 .github/workflows/dependabot-2.0.json diff --git a/.github/workflows/dependabot-2.0.json b/.github/workflows/dependabot-2.0.json deleted file mode 100644 index 1e73ebd4..00000000 --- a/.github/workflows/dependabot-2.0.json +++ /dev/null @@ -1,360 +0,0 @@ -{ - "$id": "http://json-schema.org/draft-04/schema#", - "$schema": "http://json-schema.org/draft-07/schema", - "title": "GitHub Dependabot v2 config", - "definitions": { - "dependency-type": { - "type": "string", - "enum": [ - "direct", - "indirect", - "all", - "production", - "development" - ], - "x-intellij-enum-metadata": { - "direct": { - "description": "All explicitly defined dependencies." - }, - "indirect": { - "description": "Dependencies of direct dependencies (also known as sub-dependencies, or transient dependencies)." - }, - "all": { - "description": "All explicitly defined dependencies. For bundler, pip, composer, cargo, also the dependencies of direct dependencies." - }, - "production": { - "description": "Only dependencies in the 'Product dependency group'." - }, - "development": { - "description": "Only dependencies in the 'Development dependency group'." - } - } - }, - "versioning-strategy": { - "type": "string", - "enum": [ - "lockfile-only", - "auto", - "widen", - "increase", - "increase-if-necessary" - ], - "x-intellij-enum-metadata": { - "lockfile-only": { - "description": "Only create pull requests to update lockfiles updates. Ignore any new versions that would require package manifest changes." - }, - "auto": { - "description": "Follow the default strategy described above." - }, - "widen": { - "description": "Relax the version requirement to include both the new and old version, when possible." - }, - "increase": { - "description": "Always increase the version requirement to match the new version." - }, - "increase-if-necessary": { - "description": "Increase the version requirement only when required by the new version." - } - } - }, - "package-ecosystem": { - "type": "string", - "enum": [ - "bundler", - "cargo", - "composer", - "docker", - "elm", - "gitsubmodule", - "github-actions", - "gomod", - "gradle", - "maven", - "mix", - "npm", - "nuget", - "pip", - "terraform" - ] - }, - "schedule-day": { - "type": "string", - "enum": [ - "monday", - "tuesday", - "wednesday", - "thursday", - "friday", - "saturday", - "sunday" - ] - }, - "schedule-interval": { - "type": "string", - "enum": [ - "daily", - "weekly", - "monthly" - ] - }, - "update": { - "type": "object", - "properties": { - "allow": { - "description": "Customize which updates are allowed", - "type": "array", - "items": { - "type": "object", - "properties": { - "dependency-name": { - "type": "string" - }, - "dependency-type": { - "$ref": "#/definitions/dependency-type" - } - } - } - }, - "assignees": { - "description": "Assignees to set on pull requests", - "type": "array", - "items": { - "type": "string" - }, - "minimum": 1 - }, - "commit-message": { - "description": "Commit message preferences", - "type": "object", - "properties": { - "prefix": { - "type": "string" - }, - "prefix-development": { - "type": "string" - }, - "include": { - "type": "string", - "const": "scope", - "default": "scope" - } - } - }, - "directory": { - "description": "Location of package manifests", - "type": "string", - "default": "/" - }, - "ignore": { - "description": "Ignore certain dependencies or versions", - "type": "array", - "items": { - "type": "object", - "properties": { - "dependency-name": { - "type": "string" - }, - "dependency-type": { - "$ref": "#/definitions/dependency-type" - }, - "versions": { - "type": "array", - "items": { - "type": "string" - } - } - } - } - }, - "labels": { - "description": "Labels to set on pull requests", - "type": "array", - "items": { - "type": "string" - }, - "default": [ - "dependencies" - ] - }, - "milestone": { - "description": "Milestone to set on pull requests", - "anyOf": [ - { - "type": "string" - }, - { - "type": "integer" - } - ] - }, - "open-pull-requests-limit": { - "description": "Limit number of open pull requests for version updates", - "type": "integer", - "default": 5 - }, - "package-ecosystem": { - "description": "Package manager to use", - "$ref": "#/definitions/package-ecosystem" - }, - "pull-request-branch-name": { - "description": "Pull request branch name preferences", - "type": "object", - "properties": { - "separator": { - "description": "Change separator for PR branch name", - "type": "string", - "default": "/" - } - }, - "required": [ - "separator" - ] - }, - "rebase-strategy": { - "description": "Disable automatic rebasing", - "type": "string", - "enum": [ - "auto", - "disabled" - ], - "default": "auto" - }, - "reviewers": { - "type": "array", - "items": { - "type": "string" - }, - "description": "Reviewers to set on pull requests", - "minimum": 1 - }, - "schedule": { - "description": "Schedule preferences", - "type": "object", - "properties": { - "interval": { - "$ref": "#/definitions/schedule-interval" - }, - "day": { - "$ref": "#/definitions/schedule-day", - "description": "Specify an alternative day to check for updates" - }, - "time": { - "type": "string", - "description": "Specify an alternative time of day to check for updates (format: hh:mm)" - }, - "timezone": { - "type": "string", - "description": "The time zone identifier must be from the Time Zone database maintained by IANA", - "default": "05:00 UTC" - } - } - }, - "target-branch": { - "type": "string", - "description": "Branch to create pull requests against" - }, - "versioning-strategy": { - "description": "How to update manifest version requirements", - "$ref": "#/definitions/versioning-strategy" - } - }, - "required": [ - "package-ecosystem", - "directory", - "schedule" - ] - }, - "registry": { - "type": "object", - "title": "registries", - "description": "The top-level registries key is optional. It allows you to specify authentication details that Dependabot can use to access private package registries.", - "additionalProperties": false, - "patternProperties": { - ".*": { - "type": "object", - "additionalProperties": false, - "properties": { - "type": { - "description": "Identifies the type of registry.", - "enum": [ - "composer-repository", - "docker-registry", - "git", - "hex-organization", - "maven-repository", - "npm-registry", - "nuget-feed", - "python-index", - "rubygems-server", - "terraform-registry" - ] - }, - "url": { - "description": "The URL to use to access the dependencies in this registry. The protocol is optional. If not specified, https:// is assumed. Dependabot adds or ignores trailing slashes as required.", - "type": "string" - }, - "username": { - "description": "The username that Dependabot uses to access the registry.", - "type": "string" - }, - "password": { - "description": "A reference to a Dependabot secret containing the password for the specified user.", - "type": "string" - }, - "key": { - "description": "A reference to a Dependabot secret containing an access key for this registry.", - "type": "string" - }, - "token": { - "description": "A reference to a Dependabot secret containing an access token for this registry.", - "type": "string" - }, - "replaces-base": { - "description": "For registries with type: python-index, if the boolean value is true, pip resolves dependencies by using the specified URL rather than the base URL of the Python Package Index (by default https://pypi.org/simple).", - "type": "boolean" - }, - "organization": { - "description": "", - "type": "string" - } - }, - "required": [ - "type" - ] - } - } - } - }, - "type": "object", - "additionalProperties": false, - "properties": { - "version": { - "anyOf": [ - { - "type": "string", - "default": "2" - }, - { - "type": "integer", - "default": 2 - } - ] - }, - "updates": { - "type": "array", - "items": { - "title": "Package Ecosystem", - "description": "Element for each one package manager that you want GitHub Dependabot to monitor for new versions", - "$ref": "#/definitions/update" - } - }, - "registries": { - "type": "object", - "$ref": "#/definitions/registry" - } - }, - "required": [ - "version", - "updates" - ] -} \ No newline at end of file From 86c140f22f1e34607a8a4d27137c17dd7c9ecdb8 Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Wed, 26 Jan 2022 18:12:10 +0100 Subject: [PATCH 21/22] Remove @mark-stopka as a reviewer --- .github/dependabot.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 06df8c06..f1d26d80 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,5 +9,3 @@ updates: directory: "/" # Location of package manifests schedule: interval: "daily" - reviewers: - - mark-stopka From 106f42e91482ae49f7873092ef57117848fe66db Mon Sep 17 00:00:00 2001 From: Mark Stopka Date: Wed, 26 Jan 2022 19:57:11 +0100 Subject: [PATCH 22/22] refactor(ci): Linting pipelining Pipeline linting of Rust code and Support files --- .github/workflows/validate.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 0b5e2ac8..14ea7324 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -92,3 +92,9 @@ jobs: - name: Check EditorConfig Compliance uses: editorconfig-checker/action-editorconfig-checker@v1 + lints: + name: Lint Rust & Support Files + runs-on: ubuntu-latest + needs: [lints-rust, lints-others] + steps: + - run: echo "All lints successful"