diff --git a/.github/workflows/README.md b/.github/workflows/README.md index c8adc8b..0c68c95 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -17,9 +17,9 @@ Reusable callers exist for four profiles: Each in-scope repository should expose these caller workflows in `.github/workflows/`: -1. `auto-create-pull-request.yml` -2. `cron-check-dependencies.yml` -3. `manual-update-version.yml` +1. `auto-pull-request-create.yml` +2. `cron-dependency-update.yml` +3. `manual-release-create.yml` Static profile repositories should also expose: @@ -36,12 +36,12 @@ Example: ```yaml jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-auto-create-pull-request.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-auto-pull-request-create.yml@v1 ``` ## Weekly health workflow behavior -`cron-check-dependencies` is the aggregated weekly check. It combines: +`cron-dependency-update` is the aggregated weekly check. It combines: - dependency checks - baseline validation @@ -50,9 +50,9 @@ jobs: The workflow creates or updates one repository issue with findings and auto-closes it when clean. -## Manual version update behavior +## Manual release behavior -`manual-update-version` supports two modes: +`manual-release-create` supports two modes: - bump or set version (and open release PR) - build/push only without version bump (`build_only: true`) diff --git a/.github/workflows/auto-create-pull-request.yml b/.github/workflows/auto-pull-request-create.yml similarity index 61% rename from .github/workflows/auto-create-pull-request.yml rename to .github/workflows/auto-pull-request-create.yml index f7ee789..361314c 100644 --- a/.github/workflows/auto-create-pull-request.yml +++ b/.github/workflows/auto-pull-request-create.yml @@ -1,4 +1,4 @@ -name: (Auto) Create Pull Request +name: (Auto) Pull Request Create on: push: @@ -13,10 +13,10 @@ permissions: pull-requests: write jobs: - call-auto-create-pull-request: - uses: ./.github/workflows/reusable-auto-create-pull-request.yml + call-auto-pull-request-create: + uses: ./.github/workflows/reusable-auto-pull-request-create.yml with: runs-on: ubuntu-24.04-arm - task-version: 3.49 + task-version: 3.x profile: other secrets: inherit diff --git a/.github/workflows/cron-check-dependencies.yml b/.github/workflows/cron-dependency-update.yml similarity index 74% rename from .github/workflows/cron-check-dependencies.yml rename to .github/workflows/cron-dependency-update.yml index 66f9e15..0ffd454 100644 --- a/.github/workflows/cron-check-dependencies.yml +++ b/.github/workflows/cron-dependency-update.yml @@ -1,4 +1,4 @@ -name: (Cron) Check dependencies +name: (Cron) Dependency Update on: schedule: @@ -13,7 +13,7 @@ permissions: jobs: call-weekly-health-check: - uses: ./.github/workflows/reusable-cron-check-dependencies.yml + uses: ./.github/workflows/reusable-cron-dependency-update.yml with: runs-on: ubuntu-24.04-arm task-version: 3.x diff --git a/.github/workflows/manual-update-version.yml b/.github/workflows/manual-release-create.yml similarity index 90% rename from .github/workflows/manual-update-version.yml rename to .github/workflows/manual-release-create.yml index 868258d..fc2a897 100644 --- a/.github/workflows/manual-update-version.yml +++ b/.github/workflows/manual-release-create.yml @@ -1,4 +1,4 @@ -name: (Manual) Update Version +name: (Manual) Release Create on: workflow_dispatch: @@ -30,7 +30,7 @@ permissions: jobs: call-version-update: - uses: ./.github/workflows/reusable-manual-update-version.yml + uses: ./.github/workflows/reusable-manual-release-create.yml with: runs-on: ubuntu-24.04-arm task-version: 3.x diff --git a/.github/workflows/reusable-auto-create-pull-request.yml b/.github/workflows/reusable-auto-pull-request-create.yml similarity index 98% rename from .github/workflows/reusable-auto-create-pull-request.yml rename to .github/workflows/reusable-auto-pull-request-create.yml index 56ab0d3..81b5caf 100644 --- a/.github/workflows/reusable-auto-create-pull-request.yml +++ b/.github/workflows/reusable-auto-pull-request-create.yml @@ -1,4 +1,4 @@ -name: (Reusable - Auto) Create Pull Request +name: (Reusable - Auto) Pull Request Create on: workflow_call: diff --git a/.github/workflows/reusable-cron-check-dependencies.yml b/.github/workflows/reusable-cron-dependency-update.yml similarity index 96% rename from .github/workflows/reusable-cron-check-dependencies.yml rename to .github/workflows/reusable-cron-dependency-update.yml index 02cdebf..22d6f96 100644 --- a/.github/workflows/reusable-cron-check-dependencies.yml +++ b/.github/workflows/reusable-cron-dependency-update.yml @@ -1,4 +1,4 @@ -name: (Reusable - Cron) Check dependencies +name: (Cron) Dependency Update on: workflow_call: @@ -38,7 +38,7 @@ permissions: issues: read jobs: - dependency-check: + dependency-update: name: Weekly health scan runs-on: ${{ inputs.runs-on }} steps: @@ -70,31 +70,16 @@ jobs: echo "REPORT_FILE=$REPORT_FILE" >> "$GITHUB_ENV" echo "HAS_FINDINGS=false" >> "$GITHUB_ENV" - - name: Run lint - id: lint - if: inputs.enable-lint - continue-on-error: true - run: task lint - - - name: Record lint findings - if: inputs.enable-lint && steps.lint.outcome != 'success' - run: | - echo "- lint failed: \`task lint\`" >> "$REPORT_FILE" - echo "HAS_FINDINGS=true" >> "$GITHUB_ENV" - - - name: Run dependency checks + - name: Run dependency update task id: deps continue-on-error: true run: | set +e - if task --list | grep -q "deps:check"; then - task deps:check - rc=$? - elif task --list | grep -q "update-versions"; then - task update-versions + if task --list | grep -q "dependency:update"; then + task dependency:update rc=$? else - echo "No dedicated dependency-check task found" + echo "No dedicated dependency update task found (missing task: dependency:update)" rc=3 fi set -e @@ -106,6 +91,18 @@ jobs: echo "- dependency checks reported updates or failed" >> "$REPORT_FILE" echo "HAS_FINDINGS=true" >> "$GITHUB_ENV" + - name: Run lint + id: lint + if: inputs.enable-lint + continue-on-error: true + run: task lint + + - name: Record lint findings + if: inputs.enable-lint && steps.lint.outcome != 'success' + run: | + echo "- lint failed: \`task lint\`" >> "$REPORT_FILE" + echo "HAS_FINDINGS=true" >> "$GITHUB_ENV" + - name: Install Docker Buildx if: inputs.profile == 'actions' || inputs.profile == 'dockerized' uses: docker/setup-buildx-action@v4 diff --git a/.github/workflows/reusable-manual-update-version.yml b/.github/workflows/reusable-manual-release-create.yml similarity index 99% rename from .github/workflows/reusable-manual-update-version.yml rename to .github/workflows/reusable-manual-release-create.yml index b542d40..83727fe 100644 --- a/.github/workflows/reusable-manual-update-version.yml +++ b/.github/workflows/reusable-manual-release-create.yml @@ -1,4 +1,4 @@ -name: (Reusable - Manual) Update Version +name: (Reusable - Manual) Release Create on: workflow_call: diff --git a/Taskfile.cicd.yml b/Taskfile.cicd.yml index 21057a6..26a6e1b 100644 --- a/Taskfile.cicd.yml +++ b/Taskfile.cicd.yml @@ -115,6 +115,14 @@ tasks: cmds: - echo "{{.VERSION}}" + dependency:update: + desc: Check main dependency not covered by dependabot + cmds: + - | + echo "ℹ️ No dedicated dependency updater configured for this repository." + echo "ℹ️ Dependabot handles GitHub Actions and package metadata updates." + echo "ℹ️ Keeping dependency checks as a safe no-op for now." + version:set: desc: Validate version cmds: diff --git a/templates/actions/taskfiles/Taskfile.cicd.yml b/templates/actions/taskfiles/Taskfile.cicd.yml index a35e139..17a702b 100644 --- a/templates/actions/taskfiles/Taskfile.cicd.yml +++ b/templates/actions/taskfiles/Taskfile.cicd.yml @@ -95,6 +95,14 @@ tasks: cmds: - echo "{{.VERSION}}" + dependency:update: + desc: Check main dependency not covered by dependabot + cmds: + - | + echo "ℹ️ No dedicated dependency updater configured for this repository profile." + echo "ℹ️ Dependabot handles GitHub Actions and package metadata updates." + echo "ℹ️ Docker builds still validate runtime dependencies during CI." + version:set: desc: Update version in README.md and action.yml cmds: diff --git a/templates/actions/taskfiles/Taskfile.scripts.yml b/templates/actions/taskfiles/Taskfile.scripts.yml new file mode 100644 index 0000000..3a24938 --- /dev/null +++ b/templates/actions/taskfiles/Taskfile.scripts.yml @@ -0,0 +1,150 @@ +version: '3' + +silent: true + +tasks: + help: + desc: Detailed help + cmds: + - | + echo "Tasks:" + task --list + + lint:actionlint: + desc: Lint GitHub Actions workflows with actionlint + cmds: + - | + echo "▶️ Running actionlint..." + set +e + docker run --rm -i -v "$PWD:/work" -w /work rhysd/actionlint:latest -color + rc=$? + set -e + if [ "$rc" -eq 0 ]; then + echo "✅ actionlint passed" + else + echo "❌ actionlint failed" + exit $rc + fi + + lint:hadolint: + desc: Lint Dockerfile with hadolint + cmds: + - | + echo "▶️ Running hadolint..." + set +e + docker run --rm -i -v "$PWD:/work" -w /work hadolint/hadolint:latest-debian < Dockerfile + rc=$? + set -e + if [ "$rc" -eq 0 ]; then + echo "✅ hadolint passed" + else + echo "❌ hadolint failed" + exit $rc + fi + + lint:shellcheck: + desc: Lint shell scripts with shellcheck + cmds: + - | + echo "▶️ Running shellcheck..." + set +e + docker run --rm -i -v "$PWD:/work" -w /work koalaman/shellcheck:stable -x -S style entrypoint.sh + rc=$? + set -e + if [ "$rc" -eq 0 ]; then + echo "✅ shellcheck passed" + else + echo "❌ shellcheck failed" + exit $rc + fi + + lint:yamllint: + desc: Lint YAML files with yamllint + cmds: + - | + echo "▶️ Running yamllint..." + set +e + docker run --rm -i -v "$PWD:/work" -w /work cytopia/yamllint -c .yamllint.yml . + rc=$? + set -e + if [ "$rc" -eq 0 ]; then + echo "✅ yamllint passed" + else + echo "❌ yamllint failed" + exit $rc + fi + + git:get-pr-template: + desc: Get pull request template + cmds: + - mkdir -p .tmp + - curl -LsS https://raw.githubusercontent.com/devops-infra/.github/refs/tags/v1/PULL_REQUEST_TEMPLATE.md -o .tmp/PULL_REQUEST_TEMPLATE.md + + git:set-config: + desc: Set git user config + cmds: + - git config user.name "github-actions[bot]" + - git config user.email "github-actions[bot]@users.noreply.github.com" + + scripts:dependency:update: + desc: Update Alpine apk package constraints in Dockerfile + cmds: + - | + set -eu + if [ ! -f Dockerfile ]; then + echo "ℹ️ Dockerfile not found; nothing to update" + exit 0 + fi + + base_image="$(sed -nE 's/^FROM[[:space:]]+([^[:space:]]+).*/\1/p' Dockerfile | head -1)" + if [ -z "$base_image" ]; then + echo "ℹ️ Could not resolve base image; nothing to update" + exit 0 + fi + + case "$base_image" in + alpine:*|alpine) + : + ;; + *) + echo "ℹ️ Base image is '$base_image', not Alpine; nothing to update" + exit 0 + ;; + esac + + normalize_minor() { + version="$1" + printf '%s' "$version" | awk -F. '{print $1 "." $2}' + } + + list_file=".tmp/dependency-update-apk-list.txt" + mkdir -p .tmp + + sed -nE 's/^\s*([a-zA-Z0-9+_.-]+)=~=?([0-9]+\.[0-9]+).*$/\1 \2/p' Dockerfile > "$list_file" + if [ ! -s "$list_file" ]; then + echo "ℹ️ No pinned apk constraints (~=) found in Dockerfile" + exit 0 + fi + + updated=0 + while read -r pkg current_minor; do + [ -n "$pkg" ] || continue + latest_full="$(docker run --rm "$base_image" sh -lc "apk update >/dev/null && apk list --all '$pkg' 2>/dev/null | head -1 | awk -F'[- ]' '{print \\$2}'")" + if [ -z "$latest_full" ]; then + echo "⚠️ Could not resolve latest version for $pkg; skipping" + continue + fi + latest_minor="$(normalize_minor "$latest_full")" + if [ "$latest_minor" = "$current_minor" ]; then + echo "✅ $pkg already up to date at $current_minor" + continue + fi + echo "⬆️ $pkg: $current_minor -> $latest_minor" + {{.SED}} -i "s#\<$pkg\>=~=$current_minor#$pkg~=$latest_minor#g" Dockerfile + {{.SED}} -i "s#\<$pkg\>~=$current_minor#$pkg~=$latest_minor#g" Dockerfile + updated=1 + done < "$list_file" + + if [ "$updated" -eq 0 ]; then + echo "ℹ️ No apk dependency updates were required" + fi diff --git a/templates/actions/taskfiles/Taskfile.yml b/templates/actions/taskfiles/Taskfile.yml index 45abad0..279ab9f 100644 --- a/templates/actions/taskfiles/Taskfile.yml +++ b/templates/actions/taskfiles/Taskfile.yml @@ -7,6 +7,7 @@ dotenv: includes: variables: ./Taskfile.variables.yml + scripts: ./Taskfile.scripts.yml cicd: taskfile: ./Taskfile.cicd.yml flatten: true @@ -24,12 +25,4 @@ tasks: help: desc: Detailed help cmds: - - | - echo "Tasks:" - task --list - echo "" - echo "Environment:" - echo " DOCKER_NAME={{.DOCKER_NAME}} DOCKER_USERNAME={{.DOCKER_USERNAME}}" - echo " GHRC_NAME={{.GHRC_NAME}} GITHUB_USERNAME={{.GITHUB_USERNAME}}" - echo " LAST_RELEASE={{.LAST_RELEASE}}" VERSION={{.VERSION}} VERSION_FULL={{.VERSION_FULL}} - echo " BRANCH={{.GIT_BRANCH}} GIT_SHORT_SHA={{.GIT_SHORT_SHA}}" GIT_SHA={{.GIT_SHA}} + - task: scripts:help diff --git a/templates/actions/workflows/auto-create-pull-request.yml b/templates/actions/workflows/auto-pull-request-create.yml similarity index 64% rename from templates/actions/workflows/auto-create-pull-request.yml rename to templates/actions/workflows/auto-pull-request-create.yml index 690ddc7..00baf22 100644 --- a/templates/actions/workflows/auto-create-pull-request.yml +++ b/templates/actions/workflows/auto-pull-request-create.yml @@ -1,4 +1,4 @@ -name: (Auto) Create Pull Request +name: (Auto) Pull Request Create on: push: @@ -14,7 +14,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-auto-create-pull-request.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-auto-pull-request-create.yml@v1 with: profile: actions secrets: inherit diff --git a/templates/actions/workflows/cron-check-dependencies.yml b/templates/actions/workflows/cron-dependency-update.yml similarity index 64% rename from templates/actions/workflows/cron-check-dependencies.yml rename to templates/actions/workflows/cron-dependency-update.yml index 2aca17b..ffb07f6 100644 --- a/templates/actions/workflows/cron-check-dependencies.yml +++ b/templates/actions/workflows/cron-dependency-update.yml @@ -1,4 +1,4 @@ -name: (Cron) Check dependencies +name: (Cron) Dependency Update on: schedule: @@ -13,7 +13,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-cron-check-dependencies.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-cron-dependency-update.yml@v1 with: profile: actions secrets: inherit diff --git a/templates/actions/workflows/manual-update-version.yml b/templates/actions/workflows/manual-release-create.yml similarity index 94% rename from templates/actions/workflows/manual-update-version.yml rename to templates/actions/workflows/manual-release-create.yml index 609e711..8810841 100644 --- a/templates/actions/workflows/manual-update-version.yml +++ b/templates/actions/workflows/manual-release-create.yml @@ -1,4 +1,4 @@ -name: (Manual) Update Version +name: (Manual) Release Create on: workflow_dispatch: @@ -30,7 +30,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-manual-update-version.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-manual-release-create.yml@v1 with: bump-type: ${{ inputs.type }} explicit-version: ${{ inputs.version }} diff --git a/templates/dockerized/taskfiles/Taskfile.cicd.yml b/templates/dockerized/taskfiles/Taskfile.cicd.yml index 9dd4008..af424b9 100644 --- a/templates/dockerized/taskfiles/Taskfile.cicd.yml +++ b/templates/dockerized/taskfiles/Taskfile.cicd.yml @@ -95,6 +95,14 @@ tasks: cmds: - echo "{{.VERSION}}" + dependency:update: + desc: Check main dependency not covered by dependabot + cmds: + - | + echo "ℹ️ No dedicated dependency updater configured for this repository profile." + echo "ℹ️ Dependabot handles GitHub Actions and package metadata updates." + echo "ℹ️ Docker builds still validate runtime dependencies during CI." + version:set: desc: Validate version cmds: diff --git a/templates/dockerized/taskfiles/Taskfile.scripts.yml b/templates/dockerized/taskfiles/Taskfile.scripts.yml index 6d9f83d..ea927c5 100644 --- a/templates/dockerized/taskfiles/Taskfile.scripts.yml +++ b/templates/dockerized/taskfiles/Taskfile.scripts.yml @@ -87,6 +87,69 @@ tasks: - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" + scripts:dependency:update: + desc: Update Alpine apk package constraints in Dockerfile + cmds: + - | + set -eu + if [ ! -f Dockerfile ]; then + echo "ℹ️ Dockerfile not found; nothing to update" + exit 0 + fi + + base_image="$(sed -nE 's/^FROM[[:space:]]+([^[:space:]]+).*/\1/p' Dockerfile | head -1)" + if [ -z "$base_image" ]; then + echo "ℹ️ Could not resolve base image; nothing to update" + exit 0 + fi + + case "$base_image" in + alpine:*|alpine) + : + ;; + *) + echo "ℹ️ Base image is '$base_image', not Alpine; nothing to update" + exit 0 + ;; + esac + + normalize_minor() { + version="$1" + printf '%s' "$version" | awk -F. '{print $1 "." $2}' + } + + list_file=".tmp/dependency-update-apk-list.txt" + mkdir -p .tmp + + sed -nE 's/^\s*([a-zA-Z0-9+_.-]+)=~=?([0-9]+\.[0-9]+).*$/\1 \2/p' Dockerfile > "$list_file" + if [ ! -s "$list_file" ]; then + echo "ℹ️ No pinned apk constraints (~=) found in Dockerfile" + exit 0 + fi + + updated=0 + while read -r pkg current_minor; do + [ -n "$pkg" ] || continue + latest_full="$(docker run --rm "$base_image" sh -lc "apk update >/dev/null && apk list --all '$pkg' 2>/dev/null | head -1 | awk -F'[- ]' '{print \\$2}'")" + if [ -z "$latest_full" ]; then + echo "⚠️ Could not resolve latest version for $pkg; skipping" + continue + fi + latest_minor="$(normalize_minor "$latest_full")" + if [ "$latest_minor" = "$current_minor" ]; then + echo "✅ $pkg already up to date at $current_minor" + continue + fi + echo "⬆️ $pkg: $current_minor -> $latest_minor" + {{.SED}} -i "s#\<$pkg\>=~=$current_minor#$pkg~=$latest_minor#g" Dockerfile + {{.SED}} -i "s#\<$pkg\>~=$current_minor#$pkg~=$latest_minor#g" Dockerfile + updated=1 + done < "$list_file" + + if [ "$updated" -eq 0 ]; then + echo "ℹ️ No apk dependency updates were required" + fi + version:get: desc: Get current version cmds: diff --git a/templates/dockerized/workflows/auto-create-pull-request.yml b/templates/dockerized/workflows/auto-pull-request-create.yml similarity index 64% rename from templates/dockerized/workflows/auto-create-pull-request.yml rename to templates/dockerized/workflows/auto-pull-request-create.yml index 8102c39..8bd37f8 100644 --- a/templates/dockerized/workflows/auto-create-pull-request.yml +++ b/templates/dockerized/workflows/auto-pull-request-create.yml @@ -1,4 +1,4 @@ -name: (Auto) Create Pull Request +name: (Auto) Pull Request Create on: push: @@ -14,7 +14,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-auto-create-pull-request.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-auto-pull-request-create.yml@v1 with: profile: dockerized secrets: inherit diff --git a/templates/dockerized/workflows/cron-check-dependencies.yml b/templates/dockerized/workflows/cron-dependency-update.yml similarity index 64% rename from templates/dockerized/workflows/cron-check-dependencies.yml rename to templates/dockerized/workflows/cron-dependency-update.yml index 62dd5c2..03c8ee8 100644 --- a/templates/dockerized/workflows/cron-check-dependencies.yml +++ b/templates/dockerized/workflows/cron-dependency-update.yml @@ -1,4 +1,4 @@ -name: (Cron) Check dependencies +name: (Cron) Dependency Update on: schedule: @@ -13,7 +13,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-cron-check-dependencies.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-cron-dependency-update.yml@v1 with: profile: dockerized secrets: inherit diff --git a/templates/dockerized/workflows/manual-update-version.yml b/templates/dockerized/workflows/manual-release-create.yml similarity index 94% rename from templates/dockerized/workflows/manual-update-version.yml rename to templates/dockerized/workflows/manual-release-create.yml index 8d43eea..627d2a9 100644 --- a/templates/dockerized/workflows/manual-update-version.yml +++ b/templates/dockerized/workflows/manual-release-create.yml @@ -1,4 +1,4 @@ -name: (Manual) Update Version +name: (Manual) Release Create on: workflow_dispatch: @@ -30,7 +30,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-manual-update-version.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-manual-release-create.yml@v1 with: bump-type: ${{ inputs.type }} explicit-version: ${{ inputs.version }} diff --git a/templates/other/taskfiles/Taskfile.cicd.yml b/templates/other/taskfiles/Taskfile.cicd.yml index 03319e0..08e3794 100644 --- a/templates/other/taskfiles/Taskfile.cicd.yml +++ b/templates/other/taskfiles/Taskfile.cicd.yml @@ -90,6 +90,14 @@ tasks: cmds: - echo "{{.VERSION}}" + dependency:update: + desc: Check main dependency not covered by dependabot + cmds: + - | + echo "ℹ️ No dedicated dependency updater configured for this repository profile." + echo "ℹ️ Dependabot handles GitHub Actions and package metadata updates." + echo "ℹ️ Keep this task as a safe no-op until a repo-specific dependency updater is defined." + version:set: desc: Validate version cmds: diff --git a/templates/other/workflows/auto-create-pull-request.yml b/templates/other/workflows/auto-pull-request-create.yml similarity index 64% rename from templates/other/workflows/auto-create-pull-request.yml rename to templates/other/workflows/auto-pull-request-create.yml index 812578a..a5fbedd 100644 --- a/templates/other/workflows/auto-create-pull-request.yml +++ b/templates/other/workflows/auto-pull-request-create.yml @@ -1,4 +1,4 @@ -name: (Auto) Create Pull Request +name: (Auto) Pull Request Create on: push: @@ -14,7 +14,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-auto-create-pull-request.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-auto-pull-request-create.yml@v1 with: profile: other secrets: inherit diff --git a/templates/other/workflows/cron-check-dependencies.yml b/templates/other/workflows/cron-dependency-update.yml similarity index 63% rename from templates/other/workflows/cron-check-dependencies.yml rename to templates/other/workflows/cron-dependency-update.yml index c4614d3..e87f53c 100644 --- a/templates/other/workflows/cron-check-dependencies.yml +++ b/templates/other/workflows/cron-dependency-update.yml @@ -1,4 +1,4 @@ -name: (Cron) Check dependencies +name: (Cron) Dependency Update on: schedule: @@ -13,7 +13,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-cron-check-dependencies.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-cron-dependency-update.yml@v1 with: profile: other secrets: inherit diff --git a/templates/other/workflows/manual-update-version.yml b/templates/other/workflows/manual-release-create.yml similarity index 94% rename from templates/other/workflows/manual-update-version.yml rename to templates/other/workflows/manual-release-create.yml index 7b89f00..fbb2fa5 100644 --- a/templates/other/workflows/manual-update-version.yml +++ b/templates/other/workflows/manual-release-create.yml @@ -1,4 +1,4 @@ -name: (Manual) Update Version +name: (Manual) Release Create on: workflow_dispatch: @@ -30,7 +30,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-manual-update-version.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-manual-release-create.yml@v1 with: bump-type: ${{ inputs.type }} explicit-version: ${{ inputs.version }} diff --git a/templates/static/taskfiles/Taskfile.cicd.yml b/templates/static/taskfiles/Taskfile.cicd.yml index b217034..577491c 100644 --- a/templates/static/taskfiles/Taskfile.cicd.yml +++ b/templates/static/taskfiles/Taskfile.cicd.yml @@ -45,6 +45,14 @@ tasks: cmds: - task scripts:version:get + dependency:update: + desc: Check main dependency not covered by dependabot + cmds: + - | + echo "ℹ️ No dedicated dependency updater configured for this repository profile." + echo "ℹ️ Dependabot handles GitHub Actions and package metadata updates." + echo "ℹ️ Keep this task as a safe no-op until a repo-specific dependency updater is defined." + version:set: desc: Validate version cmds: diff --git a/templates/static/workflows/auto-create-pull-request.yml b/templates/static/workflows/auto-pull-request-create.yml similarity index 64% rename from templates/static/workflows/auto-create-pull-request.yml rename to templates/static/workflows/auto-pull-request-create.yml index 0371481..32482d2 100644 --- a/templates/static/workflows/auto-create-pull-request.yml +++ b/templates/static/workflows/auto-pull-request-create.yml @@ -1,4 +1,4 @@ -name: (Auto) Create Pull Request +name: (Auto) Pull Request Create on: push: @@ -14,7 +14,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-auto-create-pull-request.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-auto-pull-request-create.yml@v1 with: profile: static secrets: inherit diff --git a/templates/static/workflows/cron-check-dependencies.yml b/templates/static/workflows/cron-dependency-update.yml similarity index 64% rename from templates/static/workflows/cron-check-dependencies.yml rename to templates/static/workflows/cron-dependency-update.yml index e3c5fff..07f1eaa 100644 --- a/templates/static/workflows/cron-check-dependencies.yml +++ b/templates/static/workflows/cron-dependency-update.yml @@ -1,4 +1,4 @@ -name: (Cron) Check dependencies +name: (Cron) Dependency Update on: schedule: @@ -13,7 +13,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-cron-check-dependencies.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-cron-dependency-update.yml@v1 with: profile: static secrets: inherit diff --git a/templates/static/workflows/manual-update-version.yml b/templates/static/workflows/manual-release-create.yml similarity index 94% rename from templates/static/workflows/manual-update-version.yml rename to templates/static/workflows/manual-release-create.yml index 42d2c97..774c669 100644 --- a/templates/static/workflows/manual-update-version.yml +++ b/templates/static/workflows/manual-release-create.yml @@ -1,4 +1,4 @@ -name: (Manual) Update Version +name: (Manual) Release Create on: workflow_dispatch: @@ -30,7 +30,7 @@ permissions: jobs: call: - uses: devops-infra/.github/.github/workflows/reusable-manual-update-version.yml@v1 + uses: devops-infra/.github/.github/workflows/reusable-manual-release-create.yml@v1 with: bump-type: ${{ inputs.type }} explicit-version: ${{ inputs.version }}