TechnologyEnhancedLearning · Phil-NHS · Aug 28, 2025 · Aug 26, 2025 · Aug 26, 2025 · Aug 26, 2025
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,17 +1,33 @@
 version: 2
+registries:
+  nuget-org:
+    type: nuget-feed
+    url: https://api.nuget.org/v3/index.json
+  github-nuget-feed:
+    type: nuget-feed
+    # Dependabot needs access before it ignores, so still need to access TELBlazor despite ignoring it
+    url: https://nuget.pkg.github.com/TechnologyEnhancedLearning/index.json
+    token: ${{ secrets.DEPENDABOT_GIT_PACKAGES_TOKEN }}
+
 updates:
   - package-ecosystem: "nuget"
     directory: "/"
+    registries:
+      - nuget-org
+      - github-nuget-feed
     schedule:
       interval: "daily"
     open-pull-requests-limit: 100
     target-branch: "Automatic_version_update_dependabot"  
-
+    rebase-strategy: "auto"
+    ignore:
+      # The cicd for TELBlazor manages the version to consume for showcase consuming the package
+      - dependency-name: "TELBlazor.Components"
+        versions: ["*"]
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
     open-pull-requests-limit: 100
     target-branch: "Automatic_version_update_dependabot"
-
-
+    rebase-strategy: "auto"
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
@@ -29,6 +29,7 @@ jobs:
 
   dev-call-reusable-ci-checks-workflow:
     name: Dev Run CI checks
+    # Not using @master so it uses its own check rules
     uses: ./.github/workflows/reuseable-ci-checks.yml
     with:
       runall: true

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -14,7 +14,7 @@ jobs:
 
   pull-request-call-reusable-ci-checks-workflow:
     name: Pull Request run CI Checks
-    uses: ./.github/workflows/reuseable-ci-checks.yml
+    uses: ./.github/workflows/reuseable-ci-checks.yml@master
     needs: dummy
     with:
       runall: true

diff --git a/.github/workflows/reuseable-ci-checks.yml b/.github/workflows/reuseable-ci-checks.yml
@@ -43,6 +43,7 @@ env:
   # Nuget Set Up
   NUGET_PACKAGES_OUTPUT_PATH: ${{ github.workspace }}/CICDPackageLocation
   LOCAL_PACKAGES_PATH: ${{ github.workspace }}/CICDPackageLocation
+  GITHUB_USERNAME: "Phil-NHS"
 
   # Build Set Up
   # May need coverlet.collector xplat if using the packaged version to test
@@ -79,6 +80,8 @@ jobs:
         - name: Replace local environment variable in nuget config because cant provide it as a parameter
           run: |
             sed -i "s|%TEL_BLAZOR_PACKAGE_SOURCE%|$LOCAL_PACKAGES_PATH|g" nuget.config
+            sed -i "s|%GITHUB_USERNAME%|$GITHUB_USERNAME|g" nuget.config
+            sed -i "s|%TEL_GIT_PACKAGES_TOKEN%|$TEL_GIT_PACKAGES_TOKEN|g" nuget.config
 
         - name: Create appsettings development from secrets
           run: |
@@ -139,21 +142,59 @@ jobs:
       outputs:
         status: ${{ job.status }}
       runs-on: ubuntu-latest
+
       steps:
+        # Checkout so can get access to the file
+        - name: Checkout repository
+          uses: actions/checkout@v4
+
         - name: Validate Branch Name
           run: |
+
             #BRANCH_NAME="${GITHUB_HEAD_REF}"
             BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
             echo "Validating branch name: $BRANCH_NAME"
+
+            # Read allowed branch patterns from .releaserc.json
+            RELEASERC_PATH="${{ github.workspace }}/.releaserc.json"
+            echo "Using releaserc at: $RELEASERC_PATH"
+            ALLOWED_BRANCHES=$(jq -r '.branches[].name' $RELEASERC_PATH)
+
+            VALID=false
+            for pattern in $ALLOWED_BRANCHES; do
+              # Convert wildcard * into regex
+              REGEX="^${pattern//\*/.*}$"
+              if [[ "$BRANCH_NAME" =~ $REGEX ]]; then
+                VALID=true
+                break
+              fi
+            done
+
+            # Always allow dependabot branches for CI
+            # Semver will ignore the branch but will bump the collected dependabot changes branch
+            if [[ "$BRANCH_NAME" =~ ^dependabot/ ]]; then
+              echo "✅ Branch is a dependabot branch its not for release or versioning but for merging into the dependabot collection branch"
+              VALID=true
+            fi
 
-            if [[ "$BRANCH_NAME" =~ ^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test|sample|security|config|bugfix|hotfix)-[a-zA-Z0-9._/-]+$ ]] || [[ "$BRANCH_NAME" == "master" ]]; then
+            if [ "$VALID" = true ]; then
               echo "✅ Branch name is valid"
             else
               echo "❌ Invalid branch name: $BRANCH_NAME"
-              echo "Branch names must follow one of the allowed prefixes:"
-              echo "   build-*, feat-*, fix-*, bugfix-*, hotfix-*, build-*, chore-*, ci-*, docs-*, perf-*, refactor-*, revert-*, style-*, test-*, sample-*, security-*, config-*, bugfix-*, hotfix-*"
+              echo "Allowed branch patterns:"
+              echo "$ALLOWED_BRANCHES"
               exit 1
             fi
+
+            # qqqq drop
+            # if [[ "$BRANCH_NAME" =~ ^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test|sample|security|config|bugfix|hotfix)-[a-zA-Z0-9._/-]+$ ]] || [[ "$BRANCH_NAME" == "master" ]]; then
+              # echo "✅ Branch name is valid"
+            # else
+              # echo "❌ Invalid branch name: $BRANCH_NAME"
+              # echo "Branch names must follow one of the allowed prefixes:"
+              # echo "   build-*, feat-*, fix-*, bugfix-*, hotfix-*, build-*, chore-*, ci-*, docs-*, perf-*, refactor-*, revert-*, style-*, test-*, sample-*, security-*, config-*, bugfix-*, hotfix-*"
+              # exit 1
+            # fi
 
 
     reuseable-ci-checks-commitlint:
@@ -164,11 +205,24 @@ jobs:
       outputs:
         status: ${{ job.status }}
       steps:
-        - uses: actions/checkout@v4
+        - name: Checkout repository
+          uses: actions/checkout@v4
           with:
             fetch-depth: 0
-
-        - uses: wagoid/commitlint-github-action@v5
+
+        - name: Check branch and run commitlint
+          run: |
+            BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
+            echo "Branch name: $BRANCH_NAME"
+            if [[ "$BRANCH_NAME" =~ ^dependabot/ ]]; then
+              echo "✅ Branch is a dependabot branch - skipping commitlint"
+              exit 0
+            else
+              echo "Regular branch - will run commitlint in next step"
+            fi
+
+        - name: Run commitlint action
+          uses: wagoid/commitlint-github-action@v5
           with:
             configFile: .commitlintrc.json
             # Only set from/to if inputs are provided, otherwise let action use defaults
@@ -200,6 +254,8 @@ jobs:
           - name: Replace local environment variable in nuget config because cant provide it as a parameter
             run: |
               sed -i "s|%TEL_BLAZOR_PACKAGE_SOURCE%|$LOCAL_PACKAGES_PATH|g" nuget.config
+              sed -i "s|%GITHUB_USERNAME%|$GITHUB_USERNAME|g" nuget.config
+              sed -i "s|%TEL_GIT_PACKAGES_TOKEN%|$TEL_GIT_PACKAGES_TOKEN|g" nuget.config
 
           - name: Clean lock files because the newly generated package file will superseed the locks
             run: |

diff --git a/nuget.config.cicd b/nuget.config.cicd
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--
 
-This config is replaces nuget.config in cicd.
-It provides credentials incase the TEL git packages feed is used.
+	This config is replaces nuget.config in cicd.
+	It provides credentials incase the TEL git packages feed is used.
 
 -->
 <configuration>