diff --git a/.github/workflows/reuseable-ci-checks.yml b/.github/workflows/reuseable-ci-checks.yml index ad7c1af..bc48db5 100644 --- a/.github/workflows/reuseable-ci-checks.yml +++ b/.github/workflows/reuseable-ci-checks.yml @@ -203,12 +203,14 @@ jobs: echo "Branch name: $BRANCH_NAME" if [[ "$BRANCH_NAME" =~ ^dependabot/ ]]; then echo "✅ Branch is a dependabot branch - skipping commitlint" - exit 0 + echo "skip=true" >> $GITHUB_OUTPUT else echo "Regular branch - will run commitlint in next step" + echo "skip=false" >> $GITHUB_OUTPUT fi - - name: Run commitlint action + - name: Run commitlint actio + if: steps.check-branch.outputs.skip != 'true' uses: wagoid/commitlint-github-action@v5 with: configFile: .commitlintrc.json diff --git a/.github/workflows/workflow-readme.md b/.github/workflows/workflow-readme.md index 185fd4e..fe8b3c3 100644 --- a/.github/workflows/workflow-readme.md +++ b/.github/workflows/workflow-readme.md @@ -84,3 +84,62 @@ The individual steps also automatically pass so can see if any error at the end ## Versioning Via semantic release and recorded as a generate c# file used by a blazor component + +## Alternative Approaches + +``` +name: Pull Request Checks + +# ⚠️ pull_request_target is dangerous it allows secrets to be used by forks and bots, ⚠️ +# ⚠️ we want dependabot only to be using these secrets so addition logic requires an "if" for every job ⚠️ +# We will restrict it by making pull_request_target only for the Automatic_version_update_dependabot and then use +# an if to ensure its only by dependabot + +on: + pull_request: + branches: ['**'] # Run on all branches + branches-ignore: ['dependabot/**'] # Skip Dependabot PRs + pull_request_target: + branches: ['Automatic_version_update_dependabot'] # Base branch for Dependabot PRs + workflow_dispatch: + +jobs: + dummy: + if: | + (github.actor == 'dependabot[bot]' && + startsWith(github.head_ref, 'dependabot/') && + github.event_name == 'pull_request_target') + || + (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request') + runs-on: ubuntu-latest + steps: + - name: Dummy Step + run: echo "This is a dummy job to allow workflow_dispatch" + + pull-request-call-reusable-ci-checks-workflow: + if: | + (github.actor == 'dependabot[bot]' && + startsWith(github.head_ref, 'dependabot/') && + github.event_name == 'pull_request_target') + || + (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request') + name: Pull Request run CI Checks + uses: ./.github/workflows/reuseable-ci-checks.yml + needs: dummy + with: + runall: true + + # could try secrets:inherit QQQQ + secrets: + UNITTESTS_APPSETTINGS_DEVELOPMENT: ${{ secrets.UNITTESTS_APPSETTINGS_DEVELOPMENT }} + WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT }} + WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT }} + WASMSERVERHOST_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOST_APPSETTINGS_DEVELOPMENT }} + TEL_GIT_PACKAGES_TOKEN: ${{secrets.NUGETKEY }} + + UNITTESTS_APPSETTINGS_PRODUCTION: ${{ secrets.UNITTESTS_APPSETTINGS_PRODUCTION }} + WASMSTATICCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_PRODUCTION }} + WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION }} + WASMSERVERHOST_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOST_APPSETTINGS_PRODUCTION }} + +```