From 89a3ea50d7c8329a704dc8e7115c53cadaa2756d Mon Sep 17 00:00:00 2001 From: Charalampos Mainas Date: Wed, 29 Apr 2026 17:38:53 +0200 Subject: [PATCH] refactor: Cleanup workflows for adding git trailers Clean up the workflows that add git trailers after an approval of a review. In particular: - remove duplicate step for adding git trailers, - remove step for setting up git, - use a branch from the git-trailers main which accounts for external contributors too PR: https://github.com/urunc-dev/urunc/pull/646 Signed-off-by: Charalampos Mainas Reviewed-by: Anastassios Nanos Approved-by: Anastassios Nanos --- .github/workflows/add-git-trailers.yml | 43 +++++++++----------------- .github/workflows/pr-merge.yml | 21 +++++++------ .github/workflows/pr-trailers.yml | 16 ---------- 3 files changed, 26 insertions(+), 54 deletions(-) delete mode 100644 .github/workflows/pr-trailers.yml diff --git a/.github/workflows/add-git-trailers.yml b/.github/workflows/add-git-trailers.yml index 73d5f5ff..59d8b51b 100644 --- a/.github/workflows/add-git-trailers.yml +++ b/.github/workflows/add-git-trailers.yml @@ -1,12 +1,12 @@ name: Add Git Trailers to PR commits on: - workflow_call: - secrets: - GIT_CLONE_PAT: - required: false - URUNC_BOT_PRIVATE_KEY: - required: true + pull_request_review: + types: [submitted] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true permissions: contents: read @@ -14,16 +14,12 @@ permissions: jobs: git-trailers: name: Add Git Trailers - runs-on: ${{ matrix.runner }} - strategy: - matrix: - include: - - arch: amd64 - runner: ubuntu-22.04 - continue-on-error: true + if: >- + github.event.pull_request.base.ref == 'main' && + github.event.review.state == 'approved' + runs-on: ubuntu-22.04 permissions: contents: write - pull-requests: write steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 @@ -40,11 +36,6 @@ jobs: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - - name: Append git trailers - uses: nubificus/git-trailers@8e08c91bb4c1fd9cb1ccbd9cc8029c31acf8da66 # feat_use_rebase - with: - user_info: .github/contributors.yaml - - name: Generate urunc-bot token id: generate-token uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 @@ -52,20 +43,16 @@ jobs: app-id: ${{ vars.URUNC_BOT_APP_ID }} private-key: ${{ secrets.URUNC_BOT_PRIVATE_KEY }} - - name: Set up Git - run: | - git config --global user.name "urunc-bot[bot]" - git config --global user.email "urunc-bot[bot]@users.noreply.github.com" - - name: Append git trailers - uses: nubificus/git-trailers@18fd322f3fbfd505b4de728974a4ac1f32f758a7 # feat_auto_merge + uses: nubificus/git-trailers@1d1595aacfd9239ae69d773cb895606daa17e538 with: - user_info: .github/contributors.yaml + token: ${{ steps.generate-token.outputs.token }} + user-info: .github/contributors.yaml - name: Merge PR env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} + PR_URL: ${{ github.event.pull_request.html_url }} run: | - PR_URL=${{ github.event.pull_request.html_url }} - + sleep 5 # Wait for github to get updated with the push. Otherwise merge will fail gh pr merge "$PR_URL" --rebase --admin diff --git a/.github/workflows/pr-merge.yml b/.github/workflows/pr-merge.yml index 1b57dfd4..fa66f2f9 100644 --- a/.github/workflows/pr-merge.yml +++ b/.github/workflows/pr-merge.yml @@ -4,6 +4,8 @@ on: pull_request_target: types: - closed + branches: + - 'main-pr*' permissions: contents: read @@ -11,22 +13,19 @@ permissions: jobs: add-trailers-and-merge: if: | - github.event.pull_request.merged == true && - startsWith(github.event.pull_request.base.ref, 'main-pr') + github.event.pull_request.merged == true runs-on: ubuntu-latest permissions: contents: write - steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - - name: Set up Git - run: | - git config --global user.name "urunc-bot[bot]" - git config --global user.email "urunc-bot[bot]@users.noreply.github.com" + - name: Exit if PR is not rebaseable + if: ${{ github.event.pull_request.rebaseable != null && github.event.pull_request.rebaseable == false }} + run: exit 1 - name: Check out repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -42,16 +41,18 @@ jobs: private-key: ${{ secrets.URUNC_BOT_PRIVATE_KEY }} - name: Append git trailers - uses: nubificus/git-trailers@18fd322f3fbfd505b4de728974a4ac1f32f758a7 # feat_auto_merge + uses: nubificus/git-trailers@1d1595aacfd9239ae69d773cb895606daa17e538 with: - user_info: .github/contributors.yaml + token: ${{ steps.generate-token.outputs.token }} + user-info: .github/contributors.yaml - name: Create a Pull Request from PR_BRANCH to main and merge it env: GH_TOKEN: ${{ steps.generate-token.outputs.token }} + PR_BRANCH: ${{ github.event.pull_request.base.ref }} run: | PR_BRANCH=${{ github.event.pull_request.base.ref }} - + # Create the pull request PR_URL=$(gh pr create \ --head "$PR_BRANCH" \ diff --git a/.github/workflows/pr-trailers.yml b/.github/workflows/pr-trailers.yml deleted file mode 100644 index 82fbcde7..00000000 --- a/.github/workflows/pr-trailers.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Add Git Trailers to PR commits - -on: - pull_request_review: - types: [submitted] - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - git-trailers: - name: Add Git Trailers to PR commits - if: ${{ github.event.pull_request.base.ref == 'main' && github.event.review.state == 'approved' }} - uses: ./.github/workflows/add-git-trailers.yml - secrets: inherit