From ab04a012704c044ff59d10c103c2928e98a977a0 Mon Sep 17 00:00:00 2001 From: Olivier Vernin Date: Wed, 7 Jan 2026 17:01:35 +0100 Subject: [PATCH 1/5] fix: remove obsolete updatecli pipeline Signed-off-by: Olivier Vernin --- updatecli/updatecli.d/updatecli.yaml | 46 ---------------------------- 1 file changed, 46 deletions(-) delete mode 100644 updatecli/updatecli.d/updatecli.yaml diff --git a/updatecli/updatecli.d/updatecli.yaml b/updatecli/updatecli.d/updatecli.yaml deleted file mode 100644 index 102b5e7..0000000 --- a/updatecli/updatecli.d/updatecli.yaml +++ /dev/null @@ -1,46 +0,0 @@ -title: Bump udpatecli version - -scms: - default: - kind: github - spec: - user: updatecli - email: me@olblak.com - owner: updatecli - repository: updatecli - token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}' - username: '{{ requiredEnv "UPDATECLI_GITHUB_ACTOR" }}' - branch: main - -sources: - latestVersion: - name: Get latest updatecli release - kind: githubRelease - spec: - owner: updatecli - repository: updatecli - token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}' - username: '{{ requiredEnv "UPDATECLI_GITHUB_ACTOR" }}' - -targets: - bugReport: - name: '[bug-report] Update updatecli version to {{ source "latestVersion" }}' - kind: file - spec: - file: .github/ISSUE_TEMPLATE/1-bug-report.yml - matchPattern: '\*\*updatecli\*\*: .*' - content: '**updatecli**: {{ source `latestVersion` }}' - scmID: default - -pullrequests: - default: - title: '[updatecli] Bump updatecli version to {{ source "latestVersion" }}' - kind: github - scmID: default - targets: - - bugReport - spec: - automerge: true - labels: - - chore - - skip-changelog From 43602d2ffed820613a405069abc759d044b2275f Mon Sep 17 00:00:00 2001 From: Olivier Vernin Date: Wed, 7 Jan 2026 17:03:32 +0100 Subject: [PATCH 2/5] feat: run Updatecli Signed-off-by: Olivier Vernin --- .github/workflows/updatecli.yaml | 55 ++++++++++------------ .github/workflows/updatecli_test.yaml | 32 +++++++++++++ .github/workflows/updatecli_update.yaml | 34 +++++++++++++ updatecli-compose.yaml | 28 +++++++++++ updatecli/updatecli.d/license.yaml | 38 +++++++++++++++ updatecli/values.d/scm.yaml | 8 ++++ updatecli/values.d/scm_githubsearch.yaml | 10 ++++ updatecli/values.d/sync_gha_updatecli.yaml | 14 ++++++ 8 files changed, 188 insertions(+), 31 deletions(-) create mode 100644 .github/workflows/updatecli_test.yaml create mode 100644 .github/workflows/updatecli_update.yaml create mode 100644 updatecli-compose.yaml create mode 100644 updatecli/updatecli.d/license.yaml create mode 100644 updatecli/values.d/scm.yaml create mode 100644 updatecli/values.d/scm_githubsearch.yaml create mode 100644 updatecli/values.d/sync_gha_updatecli.yaml diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml index eeced5e..a3f2c35 100644 --- a/.github/workflows/updatecli.yaml +++ b/.github/workflows/updatecli.yaml @@ -1,42 +1,35 @@ ---- -name: updatecli - +name: Updatecli on: + release: workflow_dispatch: - push: - pull_request: schedule: - # * is a special character in YAML so you have to quote this string - # Run every hour - - cron: '0 * * * *' + # Run at 12:00 every Saterday every 14 days + - cron: '0 12 */14 * 6' jobs: - updatecli: + prepare: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v2 + - name: "Checkout" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 - - name: Diff - uses: updatecli/updatecli-action@v1.19.0 - with: - command: diff - flags: "--config ./updatecli/updatecli.d" - env: - UPDATECLI_GITHUB_ACTOR: ${{ github.actor }} - UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: tibdex/github-app-token@v1.5 - id: generate_token - if: github.ref == 'refs/heads/main' + - name: "Setup updatecli" + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 with: - app_id: ${{ secrets.UPDATECLIBOT_APP_ID }} - private_key: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} - - name: Apply - uses: updatecli/updatecli-action@v1.19.0 - if: github.ref == 'refs/heads/main' + version: "v0.113.0-rc.1" + + - name: "Set up Go" + uses: "actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c" # v6.1.0 with: - command: apply - flags: "--config ./updatecli/updatecli.d" + go-version-file: "go.mod" + id: go + + - name: "Run updatecli" + run: updatecli compose apply --clean-git-branches=true --experimental env: - UPDATECLI_GITHUB_ACTOR: ${{ secrets.UPDATECLI_BOT_GITHUB_ACTOR }} - UPDATECLI_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} + UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml new file mode 100644 index 0000000..7ec50cb --- /dev/null +++ b/.github/workflows/updatecli_test.yaml @@ -0,0 +1,32 @@ +name: Updatecli Test + +on: + pull_request: + +permissions: + contents: read + +jobs: + prepare: + runs-on: ubuntu-latest + steps: + - name: "Checkout" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + + - name: "Setup updatecli" + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 + with: + version: "v0.113.0-rc.1" + + - name: "Set up Go" + uses: "actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c" # v6.1.0 + with: + go-version-file: "go.mod" + id: go + + - name: "Test updatecli in dry-run mode" + run: "updatecli compose diff" + env: + # This step is executed in untrusted context. We use a GitHub token with minimal permissions. + GITHUB_ACTOR: ${{ github.actor }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/updatecli_update.yaml b/.github/workflows/updatecli_update.yaml new file mode 100644 index 0000000..7603537 --- /dev/null +++ b/.github/workflows/updatecli_update.yaml @@ -0,0 +1,34 @@ +name: Updatecli - Update +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + prepare: + runs-on: ubuntu-latest + steps: + - name: "Checkout" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + + - name: "Setup updatecli" + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 + with: + version: "v0.113.0-rc.1" + + - name: "Set up Go" + uses: "actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c" # v6.1.0 + with: + go-version-file: "go.mod" + id: go + + - name: "Run updatecli only on existing pipelines" + run: updatecli compose apply --clean-git-branches=true --existing-only=true --experimental + env: + UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} + UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} diff --git a/updatecli-compose.yaml b/updatecli-compose.yaml new file mode 100644 index 0000000..c950c27 --- /dev/null +++ b/updatecli-compose.yaml @@ -0,0 +1,28 @@ +--- +policies: + - name: Local Updatecli Website Policies + config: + - updatecli/updatecli.d/ + values: + - updatecli/values.d/scm_githubsearch.yaml + + - name: Sync Updatecli values files from github.com/updatecli/updatecli + policy: ghcr.io/updatecli/policies/file:0.3.2 + values: + - updatecli/values.d/scm_githubsearch.yaml + - updatecli/values.d/sync_gha_updatecli.yaml + + - name: Update Updatecli policies + policy: ghcr.io/updatecli/policies/updatecli/autodiscovery:0.7.0@sha256:6890c4b4093a80063f518101881098fab8211c986481641faaf797a9ad5a31c3 + values: + - updatecli/values.d/scm.yaml + + - name: Update githubactions + policy: ghcr.io/updatecli/policies/autodiscovery/githubaction:0.3.0@sha256:3b5425da2a2a2b89bb69463f1294704c33730358c66140efb93cab14b2868b06 + values: + - updatecli/values.d/scm.yaml + + - name: Handle Updatecli version in GitHub action + policy: ghcr.io/updatecli/policies/updatecli/githubaction:0.7.0@sha256:a97518f118b03d2f63f45378e1961028b07c23d53db91db892893ff240fa5f4e + values: + - updatecli/values.d/scm.yaml diff --git a/updatecli/updatecli.d/license.yaml b/updatecli/updatecli.d/license.yaml new file mode 100644 index 0000000..d40c0cd --- /dev/null +++ b/updatecli/updatecli.d/license.yaml @@ -0,0 +1,38 @@ +name: Bump udpatecli version +version: v0.109.0 + +sources: + default: + name: Get License + kind: file + spec: + file: "https://raw.githubusercontent.com/updatecli/updatecli/refs/heads/main/LICENSE" + +targets: + license: + name: "chore: update LICENSE" + kind: file + spec: + file: LICENSE + forcecreate: true + scmid: default + +actions: + default: + title: "chore: update LICENSE" + kind: "github/pullrequest" + scmid: default + spec: + automerge: true + labels: + - chore + +scms: + default: + kind: githubsearch + spec: + search: "{{ .scm.search }}" + limit: {{ .scm.limit }} + branch: "{{ .scm.branch }}" + user: "{{ .scm.user }}" + email: "{{ .scm.email }}" diff --git a/updatecli/values.d/scm.yaml b/updatecli/values.d/scm.yaml new file mode 100644 index 0000000..fb21bad --- /dev/null +++ b/updatecli/values.d/scm.yaml @@ -0,0 +1,8 @@ +scm: + enabled: true + user: updatecli + email: bot@updatecli.io + owner: updatecli + repository: .github + username: "updateclibot" + branch: main diff --git a/updatecli/values.d/scm_githubsearch.yaml b/updatecli/values.d/scm_githubsearch.yaml new file mode 100644 index 0000000..959edfe --- /dev/null +++ b/updatecli/values.d/scm_githubsearch.yaml @@ -0,0 +1,10 @@ +scm: + enabled: true + kind: githubsearch + search: "org:updatecli archived:false" + branch: "^main$|^master$" + commitusingapi: true + user: updateclibot + limit: 0 + +automerge: false diff --git a/updatecli/values.d/sync_gha_updatecli.yaml b/updatecli/values.d/sync_gha_updatecli.yaml new file mode 100644 index 0000000..0b29fe9 --- /dev/null +++ b/updatecli/values.d/sync_gha_updatecli.yaml @@ -0,0 +1,14 @@ +src: + url: "https://github.com/updatecli/udash.git" + branch: "main" + +files: + - src: .github/workflows/updatecli.yaml + dst: .github/workflows/updatecli.yaml + - src: .github/workflows/updatecli_test.yaml + dst: .github/workflows/updatecli_test.yaml + - src: .github/workflows/updatecli_update.yaml + dst: .github/workflows/updatecli_update.yaml + +pr: + automerge: true From 873e0f9b1594e2ac1f050cfce492a60652ae0974 Mon Sep 17 00:00:00 2001 From: Olivier Vernin Date: Wed, 7 Jan 2026 17:19:58 +0100 Subject: [PATCH 3/5] fix: remove golang configuration from Updatecli gha Signed-off-by: Olivier Vernin --- .github/workflows/updatecli.yaml | 8 +------- .github/workflows/updatecli_test.yaml | 6 ------ .github/workflows/updatecli_update.yaml | 6 ------ 3 files changed, 1 insertion(+), 19 deletions(-) diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml index a3f2c35..32b8571 100644 --- a/.github/workflows/updatecli.yaml +++ b/.github/workflows/updatecli.yaml @@ -4,7 +4,7 @@ on: workflow_dispatch: schedule: # Run at 12:00 every Saterday every 14 days - - cron: '0 12 */14 * 6' + - cron: "0 12 */14 * 6" jobs: prepare: @@ -18,12 +18,6 @@ jobs: with: version: "v0.113.0-rc.1" - - name: "Set up Go" - uses: "actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c" # v6.1.0 - with: - go-version-file: "go.mod" - id: go - - name: "Run updatecli" run: updatecli compose apply --clean-git-branches=true --experimental env: diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml index 7ec50cb..ad4e2f7 100644 --- a/.github/workflows/updatecli_test.yaml +++ b/.github/workflows/updatecli_test.yaml @@ -18,12 +18,6 @@ jobs: with: version: "v0.113.0-rc.1" - - name: "Set up Go" - uses: "actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c" # v6.1.0 - with: - go-version-file: "go.mod" - id: go - - name: "Test updatecli in dry-run mode" run: "updatecli compose diff" env: diff --git a/.github/workflows/updatecli_update.yaml b/.github/workflows/updatecli_update.yaml index 7603537..bb4cff3 100644 --- a/.github/workflows/updatecli_update.yaml +++ b/.github/workflows/updatecli_update.yaml @@ -17,12 +17,6 @@ jobs: with: version: "v0.113.0-rc.1" - - name: "Set up Go" - uses: "actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c" # v6.1.0 - with: - go-version-file: "go.mod" - id: go - - name: "Run updatecli only on existing pipelines" run: updatecli compose apply --clean-git-branches=true --existing-only=true --experimental env: From 1927645ea8408528043d8a4e0f085618ab4a53e0 Mon Sep 17 00:00:00 2001 From: Olivier Vernin Date: Wed, 7 Jan 2026 17:25:31 +0100 Subject: [PATCH 4/5] fix: restrict gha files sync to golang repository Signed-off-by: Olivier Vernin --- updatecli-compose.yaml | 6 +++--- updatecli/values.d/golang/scm_githubsearch.yaml | 10 ++++++++++ .../values.d/{ => golang}/sync_gha_updatecli.yaml | 0 3 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 updatecli/values.d/golang/scm_githubsearch.yaml rename updatecli/values.d/{ => golang}/sync_gha_updatecli.yaml (100%) diff --git a/updatecli-compose.yaml b/updatecli-compose.yaml index c950c27..4d395c8 100644 --- a/updatecli-compose.yaml +++ b/updatecli-compose.yaml @@ -6,11 +6,11 @@ policies: values: - updatecli/values.d/scm_githubsearch.yaml - - name: Sync Updatecli values files from github.com/updatecli/updatecli + - name: Golang - Sync Updatecli values files from github.com/updatecli/updatecli policy: ghcr.io/updatecli/policies/file:0.3.2 values: - - updatecli/values.d/scm_githubsearch.yaml - - updatecli/values.d/sync_gha_updatecli.yaml + - updatecli/values.d/golang/scm_githubsearch.yaml + - updatecli/values.d/golang/sync_gha_updatecli.yaml - name: Update Updatecli policies policy: ghcr.io/updatecli/policies/updatecli/autodiscovery:0.7.0@sha256:6890c4b4093a80063f518101881098fab8211c986481641faaf797a9ad5a31c3 diff --git a/updatecli/values.d/golang/scm_githubsearch.yaml b/updatecli/values.d/golang/scm_githubsearch.yaml new file mode 100644 index 0000000..cd9b955 --- /dev/null +++ b/updatecli/values.d/golang/scm_githubsearch.yaml @@ -0,0 +1,10 @@ +scm: + enabled: true + kind: githubsearch + search: "org:updatecli language:Go archived:false" + branch: "^main$|^master$" + commitusingapi: true + user: updateclibot + limit: 0 + +automerge: false diff --git a/updatecli/values.d/sync_gha_updatecli.yaml b/updatecli/values.d/golang/sync_gha_updatecli.yaml similarity index 100% rename from updatecli/values.d/sync_gha_updatecli.yaml rename to updatecli/values.d/golang/sync_gha_updatecli.yaml From 3dd3b473742c78225262b039e22f0b2c6735e86e Mon Sep 17 00:00:00 2001 From: Olivier Vernin Date: Wed, 7 Jan 2026 17:35:45 +0100 Subject: [PATCH 5/5] feat: add default sync workflow Signed-off-by: Olivier Vernin --- updatecli-compose.yaml | 6 +++ updatecli/updatecli.d/license.yaml | 38 ------------------- .../values.d/golang/sync_gha_updatecli.yaml | 2 +- updatecli/values.d/sync_gha_updatecli.yaml | 14 +++++++ 4 files changed, 21 insertions(+), 39 deletions(-) delete mode 100644 updatecli/updatecli.d/license.yaml create mode 100644 updatecli/values.d/sync_gha_updatecli.yaml diff --git a/updatecli-compose.yaml b/updatecli-compose.yaml index 4d395c8..d2f2182 100644 --- a/updatecli-compose.yaml +++ b/updatecli-compose.yaml @@ -6,6 +6,12 @@ policies: values: - updatecli/values.d/scm_githubsearch.yaml + - name: Default - Sync Updatecli values files from github.com/updatecli/updatecli + policy: ghcr.io/updatecli/policies/file:0.3.2 + values: + - updatecli/values.d/scm_githubsearch.yaml + - updatecli/values.d/sync_gha_updatecli.yaml + - name: Golang - Sync Updatecli values files from github.com/updatecli/updatecli policy: ghcr.io/updatecli/policies/file:0.3.2 values: diff --git a/updatecli/updatecli.d/license.yaml b/updatecli/updatecli.d/license.yaml deleted file mode 100644 index d40c0cd..0000000 --- a/updatecli/updatecli.d/license.yaml +++ /dev/null @@ -1,38 +0,0 @@ -name: Bump udpatecli version -version: v0.109.0 - -sources: - default: - name: Get License - kind: file - spec: - file: "https://raw.githubusercontent.com/updatecli/updatecli/refs/heads/main/LICENSE" - -targets: - license: - name: "chore: update LICENSE" - kind: file - spec: - file: LICENSE - forcecreate: true - scmid: default - -actions: - default: - title: "chore: update LICENSE" - kind: "github/pullrequest" - scmid: default - spec: - automerge: true - labels: - - chore - -scms: - default: - kind: githubsearch - spec: - search: "{{ .scm.search }}" - limit: {{ .scm.limit }} - branch: "{{ .scm.branch }}" - user: "{{ .scm.user }}" - email: "{{ .scm.email }}" diff --git a/updatecli/values.d/golang/sync_gha_updatecli.yaml b/updatecli/values.d/golang/sync_gha_updatecli.yaml index 0b29fe9..ea5b9e7 100644 --- a/updatecli/values.d/golang/sync_gha_updatecli.yaml +++ b/updatecli/values.d/golang/sync_gha_updatecli.yaml @@ -11,4 +11,4 @@ files: dst: .github/workflows/updatecli_update.yaml pr: - automerge: true + automerge: false diff --git a/updatecli/values.d/sync_gha_updatecli.yaml b/updatecli/values.d/sync_gha_updatecli.yaml new file mode 100644 index 0000000..edea2e2 --- /dev/null +++ b/updatecli/values.d/sync_gha_updatecli.yaml @@ -0,0 +1,14 @@ +src: + url: "https://github.com/updatecli/updatecli.git" + branch: "main" + +files: + - src: CODE_OF_CONDCUCT.md + dst: CODE_OF_CONDCUCT.md + - src: LICENSE + dst: LICENSE + - src: .github/workflows/typos.yaml + dst: .github/workflows/typos.yaml + +pr: + automerge: false