Skip to content

Merge template repository changes: remal-github-actions/template-typescript #2995

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mergify merged 1 commit into from
Jan 28, 2026
Merged

Merge template repository changes: remal-github-actions/template-typescript #2995

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 8 additions & 26 deletions .github/workflows/bump-repository-activity.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ on:
type: number

permissions:
contents: write
id-token: write

concurrency:
group: bump-repository-activity-${{github.ref}}
Expand All @@ -35,42 +35,24 @@ defaults:
run:
shell: bash

env:
PUSH_BACK_TOKEN: ${{secrets.PUSH_BACK_TOKEN || github.token}}

jobs:
bump-repository-activity:
name: Bump repository activity
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Get rate limits
uses: remal-github-actions/get-rate-limits@v1
id: rate-limits
- name: Get GitHub Token
id: get-token
uses: remal/github-repository-token-issuer@v1
with:
githubToken: ${{env.PUSH_BACK_TOKEN}}
- name: Make rate limits decision
id: decision
run: |
echo "Core rate limit usage: ${{steps.rate-limits.outputs.coreUsage}}"
if [ "${{steps.rate-limits.outputs.coreUsage < 75}}" == "true" ]; then
echo "Enough rate limits"
echo 'enough=true' >> $GITHUB_OUTPUT
else
echo "::warning::Not enough rate limits!"
if [ "${{github.event_name != 'schedule'}}" == "true" ]; then
echo "::warning::Executing anyway, as event is '${{github.event_name}}'"
echo 'enough=true' >> $GITHUB_OUTPUT
else
echo 'enough=false' >> $GITHUB_OUTPUT
fi
fi
scopes: |
contents: write

- name: Bump repository activity
if: ${{fromJSON(steps.decision.outputs.enough) == true}}
uses: remal-github-actions/bump-repository-activity@v1
with:
dryRun: ${{inputs.dryRun || 'false'}}
githubToken: ${{env.PUSH_BACK_TOKEN}}
githubToken: ${{steps.get-token.outputs.token}}
maxInactivityDays: ${{inputs.maxInactivityDays || 14}}
bumperFile: 'repository-activity.bumper'
commitMessage: '[push-back] Bump repository activity'
6 changes: 3 additions & 3 deletions .github/workflows/cancel-pr-actions.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ on:
- closed

permissions:
pull-requests: 'read'
checks: 'read'
actions: 'write'
pull-requests: read
checks: read
actions: write

jobs:
cancel-pr-actions:
Expand Down
40 changes: 18 additions & 22 deletions .github/workflows/check-action-secrets.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ on:
- cron: '1 3 * * *' # sync-with-template: adjust
workflow_dispatch: { }

permissions:
id-token: write

concurrency:
group: check-action-secrets-${{github.ref}}
cancel-in-progress: true
Expand All @@ -25,30 +28,23 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Get rate limits
uses: remal-github-actions/get-rate-limits@v1
id: rate-limits
with:
githubToken: ${{secrets.LIST_SECRETS || github.token}}
- name: Make rate limits decision
id: decision
- name: Get repository owner type
id: owner-type
run: |
echo "Core rate limit usage: ${{steps.rate-limits.outputs.coreUsage}}"
if [ "${{steps.rate-limits.outputs.coreUsage < 75}}" == "true" ]; then
echo "Enough rate limits"
echo 'enough=true' >> $GITHUB_OUTPUT
else
echo "::warning::Not enough rate limits!"
if [ "${{github.event_name != 'schedule'}}" == "true" ]; then
echo "::warning::Executing anyway, as event is '${{github.event_name}}'"
echo 'enough=true' >> $GITHUB_OUTPUT
else
echo 'enough=false' >> $GITHUB_OUTPUT
fi
fi
REPO_JSON=$(curl -s "${{github.api_url}}/repos/${{github.repository}}" -H "Authorization: token ${{github.token}}")
OWNER_TYPE=$(echo $REPO_JSON | jq -r '.owner.type')
OWNER_TYPE=$(echo "$OWNER_TYPE" | tr '[:upper:]' '[:lower:]')
echo "owner-type=$OWNER_TYPE" | tee -a $GITHUB_OUTPUT

- name: Get GitHub Token
id: get-token
uses: remal/github-repository-token-issuer@v1
with:
scopes: |
secrets: read
${{steps.owner-type.outputs.owner-type == 'organization' && 'organization_secrets:read' || ''}}

- name: Check action secrets
if: ${{fromJSON(steps.decision.outputs.enough) == true}}
uses: remal-github-actions/check-action-secrets@v1
with:
githubToken: ${{secrets.LIST_SECRETS || github.token}}
githubToken: ${{steps.get-token.outputs.token}}
57 changes: 12 additions & 45 deletions .github/workflows/codeowners-validator.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,49 +14,14 @@ on:
workflow_dispatch: { }

permissions:
contents: read
id-token: write

concurrency:
group: codeowners-validation-${{github.ref}}
cancel-in-progress: true

env:
VALIDATION_TOKEN: ${{secrets.CODEOWNERS_VALIDATOR_TOKEN && secrets.CODEOWNERS_VALIDATOR_TOKEN || github.token}}

jobs:
rate-limits:
name: Check rate limits
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Get rate limits
uses: remal-github-actions/get-rate-limits@v1
id: rate-limits
with:
githubToken: ${{env.VALIDATION_TOKEN || github.token}}
- name: Make decision
id: decision
run: |
echo "Core rate limit usage: ${{steps.rate-limits.outputs.coreUsage}}"
if [ "${{steps.rate-limits.outputs.coreUsage < 75}}" == "true" ]; then
echo "Enough rate limits"
echo 'enough=true' >> $GITHUB_OUTPUT
else
echo "::warning::Not enough rate limits!"
if [ "${{github.event_name != 'schedule'}}" == "true" ]; then
echo "::warning::Executing anyway, as event is '${{github.event_name}}'"
echo 'enough=true' >> $GITHUB_OUTPUT
else
echo 'enough=false' >> $GITHUB_OUTPUT
fi
fi
outputs:
enough: ${{steps.decision.outputs.enough}}

codeowners-validation:
needs:
- rate-limits
if: ${{fromJSON(needs.rate-limits.outputs.enough) == true}}
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
Expand All @@ -68,20 +33,22 @@ jobs:
- name: Get repository owner type
id: owner-type
run: |
REPO_JSON=$(curl -s "${{github.api_url}}/repos/${{github.repository}}" -H "Authorization: token ${{env.VALIDATION_TOKEN}}")
REPO_JSON=$(curl -s "${{github.api_url}}/repos/${{github.repository}}" -H "Authorization: token ${{github.token}}")
OWNER_TYPE=$(echo $REPO_JSON | jq -r '.owner.type')
OWNER_TYPE=$(echo "$OWNER_TYPE" | tr '[:upper:]' '[:lower:]')
echo "owner-type=$OWNER_TYPE" | tee -a $GITHUB_OUTPUT

- name: Basic CODEOWNERS validation
if: ${{steps.owner-type.outputs.owner-type != 'organization'}}
uses: mszostok/codeowners-validator@v0.7.4
- name: Get GitHub Token
id: get-token
uses: remal/github-repository-token-issuer@v1
with:
github_access_token: '${{env.VALIDATION_TOKEN}}'
checks: 'syntax,duppatterns,files'
scopes: |
contents: read
${{steps.owner-type.outputs.owner-type == 'organization' && 'members:read' || ''}}

- name: Full CODEOWNERS validation
if: ${{steps.owner-type.outputs.owner-type == 'organization'}}
- name: CODEOWNERS validation
if: ${{steps.owner-type.outputs.owner-type != 'organization'}}
uses: mszostok/codeowners-validator@v0.7.4
with:
github_access_token: '${{env.VALIDATION_TOKEN}}'
github_access_token: '${{steps.get-token.outputs.token}}'
checks: ${{steps.owner-type.outputs.owner-type == 'organization' && '' || 'duppatterns,files,syntax'}}
4 changes: 2 additions & 2 deletions .github/workflows/rebase-dependabot-pull-requests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ on:
workflow_dispatch: { }

permissions:
contents: read
issues: write
pull-requests: write
issues: write
contents: read

concurrency:
group: rebase-dependabot-pull-requests-${{github.ref}}
Expand Down
42 changes: 16 additions & 26 deletions .github/workflows/sync-with-template.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,49 +22,39 @@ on:
- 'true'
- 'false'

permissions:
id-token: write

concurrency:
group: sync-with-template-${{github.ref}}
cancel-in-progress: true

env:
TEMPLATE_REPOSITORY: ${{secrets.TEMPLATE_REPOSITORY || vars.TEMPLATE_REPOSITORY || ''}}

defaults:
run:
shell: bash

env:
PUSH_BACK_TOKEN: ${{secrets.PUSH_BACK_TOKEN}}

jobs:
sync-with-template:
name: Sync with template repository
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Get rate limits
uses: remal-github-actions/get-rate-limits@v1
id: rate-limits
- name: Get GitHub Token
id: get-token
uses: remal/github-repository-token-issuer@v1
with:
githubToken: ${{env.PUSH_BACK_TOKEN || github.token}}
- name: Make rate limits decision
id: decision
run: |
echo "Core rate limit usage: ${{steps.rate-limits.outputs.coreUsage}}"
if [ "${{steps.rate-limits.outputs.coreUsage < 75}}" == "true" ]; then
echo "Enough rate limits"
echo 'enough=true' >> $GITHUB_OUTPUT
else
echo "::warning::Not enough rate limits!"
if [ "${{github.event_name != 'schedule'}}" == "true" ]; then
echo "::warning::Executing anyway, as event is '${{github.event_name}}'"
echo 'enough=true' >> $GITHUB_OUTPUT
else
echo 'enough=false' >> $GITHUB_OUTPUT
fi
fi
scopes: |
contents: write
workflows: write
pull_requests: write
issues: write

- name: Sync with template repository
if: ${{env.PUSH_BACK_TOKEN && fromJSON(steps.decision.outputs.enough) == true}}
uses: remal-github-actions/sync-with-template@v3
with:
dryRun: ${{inputs.dryRun}}
githubToken: ${{env.PUSH_BACK_TOKEN}}
templateRepository: ${{secrets.TEMPLATE_REPOSITORY || vars.TEMPLATE_REPOSITORY || ''}}
githubToken: ${{steps.get-token.outputs.token}}
templateRepository: ${{env.TEMPLATE_REPOSITORY}}