From fb202c2e847ed562fe016e95965a5657b7dce88f Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 08:05:16 +0100 Subject: [PATCH 01/18] approve-and-merge: fix rebase --- .github/workflows/approve-and-merge.yaml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index a433df38..e0acb02f 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -48,19 +48,25 @@ jobs: else echo "Label auto-approved already exists. Skipping creation." fi + echo "Fetching open Dependabot PRs older than 3 days..." - # Get PRs by dependabot, filter by age - gh pr list --repo "$GITHUB_REPOSITORY" --author app/dependabot --state open --json number,createdAt,title --jq '.[] | select((.createdAt | fromdateiso8601) < (now - 259200))' | jq -c '.' | while IFS= read -r pr; do + gh pr list --repo "$GITHUB_REPOSITORY" --author app/dependabot --state open --json number,createdAt,title,labels --jq '.[] | select((.createdAt | fromdateiso8601) < (now - 259200))' | jq -c '.' | while IFS= read -r pr; do number=$(echo "$pr" | jq -r '.number') title=$(echo "$pr" | jq -r '.title') + labels=$(echo "$pr" | jq -r '[.labels[].name] | join(",")') echo "👉 Processing PR #$number: $title" - #gh pr comment "$number" --repo "$GITHUB_REPOSITORY" --body "@dependabot rebase" + if echo "$labels" | grep -q "auto-approved"; then + gh pr comment "$number" --repo "$GITHUB_REPOSITORY" --body "@dependabot rebase" + echo "✅ Rebase PR #$number" + continue + fi + + echo "🚀 Approving and merging PR #$number" gh pr review "$number" --repo "$GITHUB_REPOSITORY" --approve gh pr merge "$number" --repo "$GITHUB_REPOSITORY" --squash --auto gh pr edit "$number" --repo "$GITHUB_REPOSITORY" --add-label auto-approved - echo "✅ Done with PR #$number" done From e0c3a8cfed774a827f6ccff75571e42d6773566d Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 08:25:28 +0100 Subject: [PATCH 02/18] auto approve only if check pass --- .github/workflows/approve-and-merge.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index e0acb02f..e365518b 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -64,6 +64,16 @@ jobs: continue fi + echo "🔍 Checking CI status for PR #$number..." + commit_sha=$(gh pr view "$number" --repo "$GITHUB_REPOSITORY" --json headRefOid --jq '.headRefOid') + + checks_state=$(gh api repos/$GITHUB_REPOSITORY/commits/$commit_sha/check-runs --jq '[.check_runs[].conclusion] | unique | join(",")') + + if echo "$checks_state" | grep -Eiq 'failure|timed_out|cancelled|action_required'; then + echo "❌ Skipping PR #$number: one or more checks failed ($checks_state)" + continue + fi + echo "🚀 Approving and merging PR #$number" gh pr review "$number" --repo "$GITHUB_REPOSITORY" --approve gh pr merge "$number" --repo "$GITHUB_REPOSITORY" --squash --auto From 43933c1792bbdff4f9c98a4b1be2fb2f81e6bbe5 Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 08:32:40 +0100 Subject: [PATCH 03/18] revise docs --- README.MD | 48 +++++++++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/README.MD b/README.MD index a30f908d..1db01eb0 100644 --- a/README.MD +++ b/README.MD @@ -4,40 +4,46 @@ This repository hosts [Reusable GitHub Workflows][re-usable-github-workflows]. The repository includes: -- [`add-to-project`](.github/workflows/add-to-project.yaml) workflow: when a new +- [`add-to-project`](.github/workflows/add-to-project.yaml): when a new issue or PR is added to a repository, it is also added - by default - to the [SynchroGuard platform project](https://github.com/orgs/zaphiro-technologies/projects/2) or to the project defined by `project-url` input parameter with status `new`. When a new PR is added, the PR is assigned to its creator. When a PR is set to ready, reviewers from `reviewers-team` input parameter (default value `backend-devs`) or `reviewers-individuals` (comma separated) are added. -- [`check-pr`](.github/workflows/check-pr.yaml) workflow: when a new PR is added +- [`approve-and-merge`](.github/workflows/approve-and-merge.yaml): periodically + check for dependabot PRs, if their checks pass, approve and merge the PR. +- [`check-pr`](.github/workflows/check-pr.yaml): when a new PR is added to a repository or any change occurs to the PR, the PR is validated to be sure that labels are valid. -- [`clean-up-storage`](.github/workflows/clean-up-storage.yaml) workflow: when a +- [`clean-up-docker`](.github/workflows/clean-up-docker.yaml): when a + PR is closed, related docker images and untagged ones are deleted +- [`clean-up-storage`](.github/workflows/clean-up-storage.yaml): when a new PR is closed, related cache and artifact are deleted. -- [`deployment`](.github/workflows/deployment.yaml) workflow: commit a container - image tag in the k8s-deployments repository -- [`markdown`](.github/workflows/markdown.yaml) workflow: lint all Markdown - documents and checks that the links referenced in the documents are valid. If - `skip-spell-check: false`, also, a spell checker is executed. -- [`release-notes`](.github/workflows/release-notes.yaml) workflow: - automatically updates release notes using PR titles and labels. -- [`golang`](.github/workflows/golang.yaml) workflow: lint, test and benchmark +- [`deployment`](.github/workflows/deployment.yaml): commit a container + image tag in the k8s-deployments repository. +- [`docker`](.github/workflows/docker.yaml): build and push Docker + images and scans for vulnerabilities. +- [`golang`](.github/workflows/golang.yaml): lint, test and benchmark Go Applications. The workflow includes authentication to GitHub Container - Registry in case tests rely on private images. To retrieve the images, you - need also to set - [`read permission`](https://docs.github.com/en/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-workflow-access-to-your-package) - for the repository on the package. The workflow also scans for + Registry in case tests rely on private images. The workflow also scans for vulnerabilities. -- [`docker`](.github/workflows/docker.yaml) workflow: build and push Docker - images and scans for vulnerabilities. -- [`clean-up-docker`](.github/workflows/clean-up-docker.yaml) workflow: when a - PR is closed, related docker images and untagged ones are deleted -- [`licensing`](.github/workflows/license.yaml) workflow: add licensing +- [`license`](.github/workflows/license.yaml): add licensing information in file headers and check dependencies licensing compatibility. -- [`new-release`](.github/workflows/new-release.yaml) workflow: create a new +- [`lint`](.github/workflows/markdown.yaml): lint all Markdown and Yaml files. + In case of markdown documents, checks that the links referenced in the + documents are valid. If `skip-spell-check: false`, also, a spell checker + is executed. +- [`new-release`](.github/workflows/new-release.yaml): create a new release (leveraging makefile to update packaging file version). +- [`python`](.github/workflows/python.yaml): lint, test python applications. + The workflow includes authentication to GitHub Container Registry in case + tests rely on private images. The workflow also scans for + vulnerabilities. +- [`release-notes`](.github/workflows/release-notes.yaml): + automatically updates release notes using PR titles and labels. +- [`trivy-cache-update`](.github/workflows/trivy-cache-update.yaml): update + trivy cache image. Some of these workflows are configured as [starter workflows][starter-workflows] in the [`.github`][.github] repository, so that you can add them at any time From e53148f2a924e9fcdce8e8aadbddc2bced1458f2 Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 08:41:11 +0100 Subject: [PATCH 04/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index e365518b..52850c60 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -49,9 +49,9 @@ jobs: echo "Label auto-approved already exists. Skipping creation." fi - echo "Fetching open Dependabot PRs older than 3 days..." + echo "Fetching open Dependabot PRs older than 3 days and newer than 30 days ..." - gh pr list --repo "$GITHUB_REPOSITORY" --author app/dependabot --state open --json number,createdAt,title,labels --jq '.[] | select((.createdAt | fromdateiso8601) < (now - 259200))' | jq -c '.' | while IFS= read -r pr; do + gh pr list --repo "$GITHUB_REPOSITORY" --author app/dependabot --state open --json number,createdAt,title,labels --jq '.[] | select((.createdAt | fromdateiso8601) < (now - 259200) and (.createdAt | fromdateiso8601) > (now - 2592000))' | jq -c '.' | while IFS= read -r pr; do number=$(echo "$pr" | jq -r '.number') title=$(echo "$pr" | jq -r '.title') labels=$(echo "$pr" | jq -r '[.labels[].name] | join(",")') From 77a9ad97d418490cfe1518317d2bc505c943fc8d Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 08:46:19 +0100 Subject: [PATCH 05/18] restore 3 days to run tests --- .github/workflows/approve-and-merge.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index 52850c60..ab7c175d 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -51,7 +51,7 @@ jobs: echo "Fetching open Dependabot PRs older than 3 days and newer than 30 days ..." - gh pr list --repo "$GITHUB_REPOSITORY" --author app/dependabot --state open --json number,createdAt,title,labels --jq '.[] | select((.createdAt | fromdateiso8601) < (now - 259200) and (.createdAt | fromdateiso8601) > (now - 2592000))' | jq -c '.' | while IFS= read -r pr; do + gh pr list --repo "$GITHUB_REPOSITORY" --author app/dependabot --state open --json number,createdAt,title,labels --jq '.[] | select((.createdAt | fromdateiso8601) < (now - 259200))' | jq -c '.' | while IFS= read -r pr; do number=$(echo "$pr" | jq -r '.number') title=$(echo "$pr" | jq -r '.title') labels=$(echo "$pr" | jq -r '[.labels[].name] | join(",")') From f31728aed403e26fb172f640442a1447d0c5375e Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 08:57:00 +0100 Subject: [PATCH 06/18] manual rebase --- .github/workflows/approve-and-merge.yaml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index ab7c175d..d1253420 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -59,8 +59,22 @@ jobs: echo "👉 Processing PR #$number: $title" if echo "$labels" | grep -q "auto-approved"; then - gh pr comment "$number" --repo "$GITHUB_REPOSITORY" --body "@dependabot rebase" - echo "✅ Rebase PR #$number" + mergeable_state=$(gh pr view "$number" --repo "$GITHUB_REPOSITORY" --json mergeStateStatus --jq '.mergeStateStatus') + if [ "$mergeable_state" = "BEHIND" ]; then + echo "🔄 Rebasing PR #$number branch ($branch)..." + git config --global user.name 'Bot' + git config --global user.email 'bot@zaphiro.ch' + git clone "https://x-access-token:${GH_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" repo + cd repo + git fetch origin + git checkout "$branch" + git rebase origin/$(gh pr view "$number" --json baseRefName --jq '.baseRefName') || git rebase --abort + git push --force-with-lease origin "$branch" + cd .. + rm -rf repo + else + echo "✅ PR #$number is up to date." + fi continue fi From b979513f5d18277db41b32cb382e392f6633eb27 Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:04:18 +0100 Subject: [PATCH 07/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index d1253420..f297cc2f 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -60,6 +60,7 @@ jobs: if echo "$labels" | grep -q "auto-approved"; then mergeable_state=$(gh pr view "$number" --repo "$GITHUB_REPOSITORY" --json mergeStateStatus --jq '.mergeStateStatus') + echo "PR state: $mergeable_state" if [ "$mergeable_state" = "BEHIND" ]; then echo "🔄 Rebasing PR #$number branch ($branch)..." git config --global user.name 'Bot' From 3d6640d58b702b54fbc2a468564c5cc44848ce52 Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:05:59 +0100 Subject: [PATCH 08/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index f297cc2f..f927fef0 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -60,8 +60,7 @@ jobs: if echo "$labels" | grep -q "auto-approved"; then mergeable_state=$(gh pr view "$number" --repo "$GITHUB_REPOSITORY" --json mergeStateStatus --jq '.mergeStateStatus') - echo "PR state: $mergeable_state" - if [ "$mergeable_state" = "BEHIND" ]; then + if [ "$mergeable_state" = "DIRTY" ]; then echo "🔄 Rebasing PR #$number branch ($branch)..." git config --global user.name 'Bot' git config --global user.email 'bot@zaphiro.ch' From ef07133f3fc43a4ef950b2ff1b4b8890b20975be Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:08:24 +0100 Subject: [PATCH 09/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index f927fef0..8c7c4e9f 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -51,10 +51,11 @@ jobs: echo "Fetching open Dependabot PRs older than 3 days and newer than 30 days ..." - gh pr list --repo "$GITHUB_REPOSITORY" --author app/dependabot --state open --json number,createdAt,title,labels --jq '.[] | select((.createdAt | fromdateiso8601) < (now - 259200))' | jq -c '.' | while IFS= read -r pr; do + gh pr list --repo "$GITHUB_REPOSITORY" --author app/dependabot --state open --json number,createdAt,title,labels,headRefName --jq '.[] | select((.createdAt | fromdateiso8601) < (now - 259200))' | jq -c '.' | while IFS= read -r pr; do number=$(echo "$pr" | jq -r '.number') title=$(echo "$pr" | jq -r '.title') labels=$(echo "$pr" | jq -r '[.labels[].name] | join(",")') + branch=$(echo "$pr" | jq -r '.headRefName') echo "👉 Processing PR #$number: $title" From f3f979818cefc1f4692cb3e1553b16c067f2a777 Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:15:45 +0100 Subject: [PATCH 10/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 28 +++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index 8c7c4e9f..f3a1e2b5 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -69,8 +69,34 @@ jobs: cd repo git fetch origin git checkout "$branch" - git rebase origin/$(gh pr view "$number" --json baseRefName --jq '.baseRefName') || git rebase --abort + base_branch=$(gh pr view "$number" --json baseRefName --jq '.baseRefName') + + if ! git rebase "origin/$base_branch"; then + echo "⚠️ Rebase conflict detected for PR #$number — attempting automatic conflict resolution..." + # Auto-resolve RELEASE_NOTES.md in favor of base, if it exists + if [ -f RELEASE_NOTES.md ]; then + echo "🧩 Auto-resolving RELEASE_NOTES.md in favor of base branch" + git checkout --ours RELEASE_NOTES.md + git add RELEASE_NOTES.md + git rebase --continue || true + fi + + # If still conflicted, skip the commit + if git rebase --continue 2>/dev/null; then + echo "✅ Conflict resolved and rebase continued." + elif git rebase --skip 2>/dev/null; then + echo "✅ Conflicted commit skipped." + else + echo "❌ Rebase failed for PR #$number. Aborting and skipping this PR." + git rebase --abort || true + cd .. + rm -rf repo + continue + fi + fi + git push --force-with-lease origin "$branch" + echo "✅ Rebase complete and branch updated for PR #$number" cd .. rm -rf repo else From 79f00bbd2403c703806a71821fb54e58f39ddcdb Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:20:14 +0100 Subject: [PATCH 11/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 36 +++++++----------------- 1 file changed, 10 insertions(+), 26 deletions(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index f3a1e2b5..9b28d96d 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -65,35 +65,21 @@ jobs: echo "🔄 Rebasing PR #$number branch ($branch)..." git config --global user.name 'Bot' git config --global user.email 'bot@zaphiro.ch' + git clone "https://x-access-token:${GH_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" repo cd repo git fetch origin git checkout "$branch" base_branch=$(gh pr view "$number" --json baseRefName --jq '.baseRefName') - - if ! git rebase "origin/$base_branch"; then - echo "⚠️ Rebase conflict detected for PR #$number — attempting automatic conflict resolution..." - # Auto-resolve RELEASE_NOTES.md in favor of base, if it exists - if [ -f RELEASE_NOTES.md ]; then - echo "🧩 Auto-resolving RELEASE_NOTES.md in favor of base branch" - git checkout --ours RELEASE_NOTES.md - git add RELEASE_NOTES.md - git rebase --continue || true - fi - - # If still conflicted, skip the commit - if git rebase --continue 2>/dev/null; then - echo "✅ Conflict resolved and rebase continued." - elif git rebase --skip 2>/dev/null; then - echo "✅ Conflicted commit skipped." - else - echo "❌ Rebase failed for PR #$number. Aborting and skipping this PR." - git rebase --abort || true - cd .. - rm -rf repo - continue - fi - fi + + # Start rebase and automatically skip RELEASE_NOTES.md conflicts + git rebase "origin/$base_branch" || { + echo "⚠️ Rebase conflict detected. Ignoring RELEASE_NOTES.md..." + # Mark RELEASE_NOTES.md as resolved without changing it + git checkout --ours RELEASE_NOTES.md || true + git add RELEASE_NOTES.md + git rebase --continue || git rebase --skip + } git push --force-with-lease origin "$branch" echo "✅ Rebase complete and branch updated for PR #$number" @@ -102,8 +88,6 @@ jobs: else echo "✅ PR #$number is up to date." fi - continue - fi echo "🔍 Checking CI status for PR #$number..." commit_sha=$(gh pr view "$number" --repo "$GITHUB_REPOSITORY" --json headRefOid --jq '.headRefOid') From 4df442eed356db9d0edfc56ad78bea71f3363e2a Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:22:30 +0100 Subject: [PATCH 12/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index 9b28d96d..0b150f60 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -88,6 +88,7 @@ jobs: else echo "✅ PR #$number is up to date." fi + fi echo "🔍 Checking CI status for PR #$number..." commit_sha=$(gh pr view "$number" --repo "$GITHUB_REPOSITORY" --json headRefOid --jq '.headRefOid') From 721cfd39a2a9ba6b8512de944ef4adcfd92f86bc Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:26:18 +0100 Subject: [PATCH 13/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 58 ++++++++++++++---------- 1 file changed, 35 insertions(+), 23 deletions(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index 0b150f60..0153a8c8 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -62,29 +62,41 @@ jobs: if echo "$labels" | grep -q "auto-approved"; then mergeable_state=$(gh pr view "$number" --repo "$GITHUB_REPOSITORY" --json mergeStateStatus --jq '.mergeStateStatus') if [ "$mergeable_state" = "DIRTY" ]; then - echo "🔄 Rebasing PR #$number branch ($branch)..." - git config --global user.name 'Bot' - git config --global user.email 'bot@zaphiro.ch' - - git clone "https://x-access-token:${GH_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" repo - cd repo - git fetch origin - git checkout "$branch" - base_branch=$(gh pr view "$number" --json baseRefName --jq '.baseRefName') - - # Start rebase and automatically skip RELEASE_NOTES.md conflicts - git rebase "origin/$base_branch" || { - echo "⚠️ Rebase conflict detected. Ignoring RELEASE_NOTES.md..." - # Mark RELEASE_NOTES.md as resolved without changing it - git checkout --ours RELEASE_NOTES.md || true - git add RELEASE_NOTES.md - git rebase --continue || git rebase --skip - } - - git push --force-with-lease origin "$branch" - echo "✅ Rebase complete and branch updated for PR #$number" - cd .. - rm -rf repo + echo "🔄 Rebasing PR #$number branch ($branch)..." + git config --global user.name 'Bot' + git config --global user.email 'bot@zaphiro.ch' + + git clone "https://x-access-token:${GH_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" repo + cd repo + git fetch origin + git checkout "$branch" + base_branch=$(gh pr view "$number" --json baseRefName --jq '.baseRefName') + + # Start rebase + git rebase "origin/$base_branch" || true + + # Loop until rebase is done + while [ -d .git/rebase-apply ] || [ -d .git/rebase-merge ]; do + conflicts=$(git diff --name-only --diff-filter=U || true) + + if echo "$conflicts" | grep -q "^RELEASE_NOTES.md$"; then + echo "🧩 Skipping RELEASE_NOTES.md conflict..." + git checkout --ours RELEASE_NOTES.md + git add RELEASE_NOTES.md + git rebase --continue || git rebase --skip + else + echo "❌ Unresolvable conflict(s) in other files: $conflicts" + git rebase --abort || true + cd .. + rm -rf repo + continue 2 # skip this PR + fi + done + + git push --force-with-lease origin "$branch" + echo "✅ Rebase complete and branch updated for PR #$number" + cd .. + rm -rf repo else echo "✅ PR #$number is up to date." fi From ba14f1447b5c6fc14291a766da996c68288ace5b Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:30:50 +0100 Subject: [PATCH 14/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 26 ++++++++++++++---------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index 0153a8c8..5254202b 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -75,21 +75,25 @@ jobs: # Start rebase git rebase "origin/$base_branch" || true - # Loop until rebase is done + # Loop until rebase finishes while [ -d .git/rebase-apply ] || [ -d .git/rebase-merge ]; do - conflicts=$(git diff --name-only --diff-filter=U || true) - - if echo "$conflicts" | grep -q "^RELEASE_NOTES.md$"; then - echo "🧩 Skipping RELEASE_NOTES.md conflict..." - git checkout --ours RELEASE_NOTES.md - git add RELEASE_NOTES.md - git rebase --continue || git rebase --skip - else - echo "❌ Unresolvable conflict(s) in other files: $conflicts" + # Get the current commit message + commit_msg=$(git log -1 --pretty=%B) + + # Auto-skip if commit includes [dependabot skip] + if echo "$commit_msg" | grep -q "\[dependabot skip\]"; then + echo "⚡ Skipping commit with '[dependabot skip]': $commit_msg" + git rebase --skip + continue + fi + + # If other files conflict, abort + if [ -n "$conflicts" ]; then + echo "❌ Unresolvable conflict(s): $conflicts. Aborting PR." git rebase --abort || true cd .. rm -rf repo - continue 2 # skip this PR + continue 2 fi done From 152297058a8ac6382cf7ea9c2f53080267f7192d Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:43:48 +0100 Subject: [PATCH 15/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index 5254202b..ef5c3a7b 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -75,21 +75,23 @@ jobs: # Start rebase git rebase "origin/$base_branch" || true - # Loop until rebase finishes + # Loop while a rebase is in progress while [ -d .git/rebase-apply ] || [ -d .git/rebase-merge ]; do - # Get the current commit message + # Get current commit message commit_msg=$(git log -1 --pretty=%B) # Auto-skip if commit includes [dependabot skip] if echo "$commit_msg" | grep -q "\[dependabot skip\]"; then - echo "⚡ Skipping commit with '[dependabot skip]': $commit_msg" + echo "Skipping commit with '[dependabot skip]': $commit_msg" git rebase --skip continue fi - # If other files conflict, abort + # Detect conflicts + conflicts=$(git diff --name-only --diff-filter=U || true) + if [ -n "$conflicts" ]; then - echo "❌ Unresolvable conflict(s): $conflicts. Aborting PR." + echo "❌ Unresolvable conflict(s): $conflicts. Aborting rebase." git rebase --abort || true cd .. rm -rf repo From 6132f6167351c1927e636370c141178e21b4c732 Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:49:01 +0100 Subject: [PATCH 16/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index ef5c3a7b..75d84bb8 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -97,6 +97,7 @@ jobs: rm -rf repo continue 2 fi + git rebase --continue || true done git push --force-with-lease origin "$branch" From 786a2ca899f877606a76534ff0ec2167764e3625 Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:54:39 +0100 Subject: [PATCH 17/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index 75d84bb8..436027f0 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -78,10 +78,12 @@ jobs: # Loop while a rebase is in progress while [ -d .git/rebase-apply ] || [ -d .git/rebase-merge ]; do # Get current commit message - commit_msg=$(git log -1 --pretty=%B) + commit_msg=$(git show -s --format=%B HEAD) + + echo "$commit_msg" # Auto-skip if commit includes [dependabot skip] - if echo "$commit_msg" | grep -q "\[dependabot skip\]"; then + if echo "$commit_msg" | tr -d '\r' | grep -iq "\[dependabot skip\]"; then echo "Skipping commit with '[dependabot skip]': $commit_msg" git rebase --skip continue From 89a01a705fc3d2a2d9cc9430686920cf26167ec4 Mon Sep 17 00:00:00 2001 From: "Federico M. Facca" Date: Wed, 29 Oct 2025 09:58:52 +0100 Subject: [PATCH 18/18] Update approve-and-merge.yaml --- .github/workflows/approve-and-merge.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/approve-and-merge.yaml b/.github/workflows/approve-and-merge.yaml index 436027f0..b25ff985 100644 --- a/.github/workflows/approve-and-merge.yaml +++ b/.github/workflows/approve-and-merge.yaml @@ -78,15 +78,15 @@ jobs: # Loop while a rebase is in progress while [ -d .git/rebase-apply ] || [ -d .git/rebase-merge ]; do # Get current commit message - commit_msg=$(git show -s --format=%B HEAD) - - echo "$commit_msg" - - # Auto-skip if commit includes [dependabot skip] - if echo "$commit_msg" | tr -d '\r' | grep -iq "\[dependabot skip\]"; then - echo "Skipping commit with '[dependabot skip]': $commit_msg" - git rebase --skip - continue + current_commit=$(git rev-parse REBASE_HEAD 2>/dev/null || echo "") + + if [ -n "$current_commit" ]; then + commit_msg=$(git log -1 --pretty=%B "$current_commit") + if echo "$commit_msg" | grep -iq "\[dependabot skip\]"; then + echo "Skipping commit with '[dependabot skip]': $commit_msg" + git rebase --skip + continue + fi fi # Detect conflicts