Merge branch 'main' into dependabot/npm_and_yarn/yaml-1.10.3

olblak · web-flow · commit 9fc428f7d6e6 · 2026-03-30T09:45:45.000+02:00
diff --git a/.github/workflows/typos.yaml b/.github/workflows/typos.yaml
@@ -11,4 +11,4 @@ jobs:
       - name: Checkout Actions Repository
         uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Check spelling of file.txt
-        uses: crate-ci/typos@v1.42.0
+        uses: crate-ci/typos@631208b7aac2daa8b707f55e7331f9112b0e062d # v1.44.0
diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml
@@ -1,37 +1,34 @@
-name: updatecli
+---
+name: Updatecli
+
 on:
   workflow_dispatch:
   schedule:
-    # * is a special character in YAML so you have to quote this string
-    # Run every hour
-    - cron: '0/5 * * * *'
+    # Run at 12:00 every 14 days
+    - cron: "0 12 */14 * *"
+
+permissions: {}
+
 jobs:
   updatecli:
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@v3"
+        uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: "Setup updatecli"
-        uses: "updatecli/updatecli-action@v2"
-
-      - uses: tibdex/github-app-token@v1.6
-        id: generate_token
-        if: github.ref == 'refs/heads/main'
+        uses: "updatecli/updatecli-action@2cc8e6d8e356d76b0280cdd03766c36596a0614e" # v3.0.0
         with:
-          app_id: ${{ secrets.UPDATECLIBOT_APP_ID }}
-          private_key: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
+          version: "v0.115.0"
 
-      - name: "Login Udash"
-        if: github.ref == 'refs/heads/main'
-        run: "updatecli udash login --experimental --api-url $UPDATECLI_UDASH_API_URL --oauth-access-token $UPDATECLI_UDASH_ACCESS_TOKEN $UPDATECLI_UDASH_URL"
+      - name: "Run updatecli"
+        run: updatecli compose apply --clean-git-branches=true --experimental
         env:
+          UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }}
+          UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
+          UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }}
           UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
           UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
           UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
-
-      - name: "Run updatecli"
-        run: "updatecli compose apply --experimental"
-        env:
-          GITHUB_ACTOR: ${{ secrets.UPDATECLI_BOT_GITHUB_ACTOR }}
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
diff --git a/.github/workflows/updatecli_release.yaml b/.github/workflows/updatecli_release.yaml
@@ -0,0 +1,32 @@
+---
+name: Updatecli - Release
+on:
+  workflow_dispatch:
+  schedule:
+    # Run daily at 03:00
+    - cron: "0 3 * * *"
+  repository_dispatch:
+    types:
+      - "updatecli-release"
+permissions: {}
+jobs:
+  updatecli:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2
+        with:
+          persist-credentials: false
+      - name: "Setup updatecli"
+        uses: "updatecli/updatecli-action@2cc8e6d8e356d76b0280cdd03766c36596a0614e" # v3.0.0
+        with:
+          version: "v0.115.0"
+      - name: "Run updatecli only on Updatecli release event"
+        run: updatecli compose apply --clean-git-branches=true --labels="release:updatecli" --experimental
+        env:
+          UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }}
+          UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
+          UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }}
+          UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
+          UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
+          UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml
@@ -0,0 +1,24 @@
+---
+name: Updatecli Test
+on:
+  pull_request:
+permissions:
+  contents: read
+jobs:
+  updatecli:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2
+        with:
+          persist-credentials: false
+      - name: "Setup updatecli"
+        uses: "updatecli/updatecli-action@2cc8e6d8e356d76b0280cdd03766c36596a0614e" # v3.0.0
+        with:
+          version: "v0.115.0"
+      - name: "Test updatecli in dry-run mode"
+        run: "updatecli compose diff"
+        env:
+          # This step is executed in untrusted context. We use a GitHub token with minimal permissions.
+          UPDATECLI_GITHUB_USERNAME: ${{ github.actor }}
+          UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/updatecli_update.yaml b/.github/workflows/updatecli_update.yaml
@@ -0,0 +1,42 @@
+---
+name: Updatecli - Update
+on:
+  workflow_dispatch:
+  schedule:
+    # Run daily at 03:00
+    - cron: "0 3 * * *"
+  push:
+    branches:
+      - main
+permissions: {}
+jobs:
+  updatecli:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2
+        with:
+          persist-credentials: false
+      - name: "Setup updatecli"
+        uses: "updatecli/updatecli-action@2cc8e6d8e356d76b0280cdd03766c36596a0614e" # v3.0.0
+        with:
+          version: "v0.115.0"
+      - name: "Run updatecli only on monitored pipelines"
+        run: updatecli compose apply --clean-git-branches=true --labels="monitor:active" --experimental
+        env:
+          UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }}
+          UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
+          UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }}
+          UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
+          UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
+          UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
+
+      - name: "Run updatecli only on existing pipelines"
+        run: updatecli compose apply --clean-git-branches=true --existing-only=true --experimental
+        env:
+          UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }}
+          UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }}
+          UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }}
+          UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }}
+          UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }}
+          UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }}
diff --git a/package-lock.json b/package-lock.json
diff --git a/updatecli-compose.yaml b/updatecli-compose.yaml
@@ -1,19 +1,45 @@
-policies:
-  - name: Local Updatecli Website Policies
-    config:
-      - updatecli/updatecli.d/
-    values:
-      - updatecli/values.d/scm.yaml
+name: Default policy
 
-  - name: NPM autodiscovery
-    policy: ghcr.io/updatecli/policies/npm/autodiscovery:0.9.0@sha256:bfb7aaa719c26db1e13095fec27c143cf2c99b64b577d200a0bb658b724d37ae
-    values:
-      - updatecli/values.d/scm.yaml
-      - updatecli/values.d/npm.yaml
+valuesinline:
+  scm:
+    enabled: true
+    user: updatecli-bot
+    email: updatecli-bot@updatecli.io
+    owner: updatecli
+    repository: udash-front
+    username: "updatecli-bot"
+    branch: main
+
+policies:
   - name: Update Updatecli policies
-    policy: ghcr.io/updatecli/policies/updatecli/autodiscovery:0.5.0@sha256:947817644fb89e27f7b7121b822328c2d47364c7a3a08241e4d2ac1a5897020c
-    values:
-      - updatecli/values.d/scm.yaml
+    policy: ghcr.io/updatecli/policies/updatecli/autodiscovery:0.8.1@sha256:f8edda1a6cbf0d7274e2b847ede29fc4dc70dd5302ccb8575ae21b069cc0d8a0
+    valuesinline:
+      pipeline:
+        labels:
+          ecosystem: "updatecli"
+          monitor: active
+
+  - name: Handle Updatecli version in GitHub action
+    policy: ghcr.io/updatecli/policies/updatecli/githubaction:0.8.1@sha256:48872bbf1a09cfff32ff5ffa07086c20b40d6888c19c36048b18f84bbdad37fe
+    valuesinline:
+      pipeline:
+        labels:
+          ecosystem: "updatecli"
+          monitor: active
 
+  - name: NPM autodiscovery
+    policy: ghcr.io/updatecli/policies/npm/autodiscovery:0.12.1@sha256:ab02848169d584d7510ab974ec4a27309d9737068b1d888df6a8388a3dad26fc
+    valuesinline:
+      automerge: true
+      groupby: individual
+      spec:
+        ignoreversionconstraints: true
 
+  - name: Handle GitHub action version update
+    policy: ghcr.io/updatecli/policies/autodiscovery/githubaction:0.4.1@sha256:869b676074f9fee7edd5d488140a12c3b09a5f8a175f12f26ea85a4f8bd0a9d1
 
+  - name: Handle Nodejs version in githubaction
+    policy: ghcr.io/updatecli/policies/nodejs/githubaction:0.11.1@sha256:812c245adc1f20767ca912baf3087022c78e8153a3f27d43729dd8931864f8e3
+    valuesinline:
+      versionpattern: "~24"
+      automerge: false
