From 7973dc5ae967cd0e8eec8a6f1c2ba85b96d93795 Mon Sep 17 00:00:00 2001 From: rchxx <=> Date: Fri, 11 Oct 2024 15:24:52 +0300 Subject: [PATCH 1/2] add back-merge workflow --- .github/workflows/back-merge-handler.yml | 84 ++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 .github/workflows/back-merge-handler.yml diff --git a/.github/workflows/back-merge-handler.yml b/.github/workflows/back-merge-handler.yml new file mode 100644 index 0000000..0346f03 --- /dev/null +++ b/.github/workflows/back-merge-handler.yml @@ -0,0 +1,84 @@ +name: Back Merge handler + +on: + push: + branches: + - master + - stable + +jobs: + pr_master_to_stable: + runs-on: ubuntu-latest + if: github.ref_name == 'master' + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check if PR exists + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + prs=$(gh pr list \ + --repo "$GITHUB_REPOSITORY" \ + --json baseRefName,headRefName \ + --jq ' + map(select(.baseRefName == "stable" and .headRefName == "master")) + | length + ') + if ((prs > 0)); then + echo "Pull Request already exists" + echo "SKIP=true" >> $GITHUB_ENV + fi + + - name: Check if stable is ahead + run: | + commits=$(git rev-list origin/stable..origin/master --count) + if ((commits == 0)); then + echo "No diffs was found between branches" + echo "SKIP=true" >> $GITHUB_ENV + fi + + - name: Create Pull Request + if: env.SKIP != 'true' + run: gh pr create -B stable -H master --title '[GitHub Actions] Merge master -> stable' --label back-merge --body 'Autogenerated Pull Request for `back-merge` triggered by Github Actions' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + pr_stable_to_develop: + runs-on: ubuntu-latest + if: github.ref_name == 'stable' + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check if PR exists + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + prs=$(gh pr list \ + --repo "$GITHUB_REPOSITORY" \ + --json baseRefName,headRefName \ + --jq ' + map(select(.baseRefName == "develop" and .headRefName == "stable")) + | length + ') + if ((prs > 0)); then + echo "Pull Request already exists" + echo "SKIP=true" >> $GITHUB_ENV + fi + + - name: Check if stable is ahead + run: | + commits=$(git rev-list origin/develop..origin/stable --count) + if ((commits == 0)); then + echo "No diffs was found between branches" + echo "SKIP=true" >> $GITHUB_ENV + fi + + - name: Create Pull Request + if: env.SKIP != 'true' + run: gh pr create -B develop -H stable --title '[GitHub Actions] Merge stable -> develop' --label back-merge --body 'Autogenerated Pull Request for `back-merge` triggered by Github Actions' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 3c6a3d143985f6449dc6c3a2c4db9b9c0ce09579 Mon Sep 17 00:00:00 2001 From: Kiryl Kovaliov Date: Fri, 11 Oct 2024 14:43:21 +0200 Subject: [PATCH 2/2] Update sast.yaml --- .github/workflows/sast.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sast.yaml b/.github/workflows/sast.yaml index 1e29f13..a121710 100644 --- a/.github/workflows/sast.yaml +++ b/.github/workflows/sast.yaml @@ -16,7 +16,7 @@ env: # List of paths (space separated) to ignore # Supports PATTERNS # EXCLUDE_PATHS: 'foo bar/baz file.txt dir/*.yml' - EXCLUDE_PATHS: '' + EXCLUDE_PATHS: '**' # List of rules (space separated) to ignore # EXCLUDE_RULES: 'generic.secrets.security.detected-aws-account-id.detected-aws-account-id' # See https://github.com/semgrep/semgrep-rules for rules registry