From ef8ae1964b3ef340167d8cbfd7fa4738f91ca79e Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Mon, 12 Jan 2026 16:09:06 +0100 Subject: [PATCH 1/4] add pr title check action --- .github/workflows/pr-title-check.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/pr-title-check.yml diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml new file mode 100644 index 0000000..a0ee965 --- /dev/null +++ b/.github/workflows/pr-title-check.yml @@ -0,0 +1,19 @@ +name: "PR Title Check" +on: + pull_request: + types: [opened, edited, reopened, ready_for_review, synchronize] +jobs: + validate-pr-title: + runs-on: ubuntu-latest + steps: + - name: Generate a token + id: generate-token + if: github.event.pull_request.head.repo.full_name == github.repository + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} + private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} + - name: Validate PR title and create check + uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@main + with: + github_token: ${{ steps.generate-token.outputs.token }} From 9dcb8c3a3f512ec714cf30bf256b5b0355feaebf Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 13:38:04 +0100 Subject: [PATCH 2/4] improve --- .github/workflows/auto-set-label.yml | 14 ----- .github/workflows/oaev_auto_label.yml | 14 +++++ .../workflows/oaev_check_signed_commit.yml | 13 +++++ ...e-check.yml => oaev_validate_pr_title.yml} | 9 ++-- renovate.json | 52 ++++++------------- 5 files changed, 48 insertions(+), 54 deletions(-) delete mode 100644 .github/workflows/auto-set-label.yml create mode 100644 .github/workflows/oaev_auto_label.yml create mode 100644 .github/workflows/oaev_check_signed_commit.yml rename .github/workflows/{pr-title-check.yml => oaev_validate_pr_title.yml} (70%) diff --git a/.github/workflows/auto-set-label.yml b/.github/workflows/auto-set-label.yml deleted file mode 100644 index f2108cf..0000000 --- a/.github/workflows/auto-set-label.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Assign PR team labels -on: - pull_request: - branches: - - master -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Setting labels - uses: FiligranHQ/auto-label@1.0.0 - with: - labels_by_organization: "{\"FiligranHQ\":[\"filigran team\"]}" \ No newline at end of file diff --git a/.github/workflows/oaev_auto_label.yml b/.github/workflows/oaev_auto_label.yml new file mode 100644 index 0000000..47b3c8f --- /dev/null +++ b/.github/workflows/oaev_auto_label.yml @@ -0,0 +1,14 @@ +name: "[OAEV] Auto Label" +on: + pull_request: + branches: [main, release/current] + types: [opened, reopened] +permissions: + contents: read + pull-requests: write +jobs: + auto-label: + runs-on: ubuntu-latest + steps: + - name: "Auto Label" + uses: FiligranHQ/filigran-ci-tools/actions/auto-label@main diff --git a/.github/workflows/oaev_check_signed_commit.yml b/.github/workflows/oaev_check_signed_commit.yml new file mode 100644 index 0000000..8defe38 --- /dev/null +++ b/.github/workflows/oaev_check_signed_commit.yml @@ -0,0 +1,13 @@ +name: "[OAEV] Check Signed Commits in PR" +on: + pull_request_target: + branches: [main, release/current] +permissions: + contents: read + pull-requests: write +jobs: + check-signed-commits: + runs-on: ubuntu-latest + steps: + - name: Check signed commits in PR + uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@main diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/oaev_validate_pr_title.yml similarity index 70% rename from .github/workflows/pr-title-check.yml rename to .github/workflows/oaev_validate_pr_title.yml index a0ee965..8bc0329 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/oaev_validate_pr_title.yml @@ -1,19 +1,20 @@ -name: "PR Title Check" +name: "[OAEV] Validate PR title Worker" on: pull_request: + branches: [main, release/current] types: [opened, edited, reopened, ready_for_review, synchronize] jobs: validate-pr-title: runs-on: ubuntu-latest steps: - - name: Generate a token + - name: "Generate a token" id: generate-token if: github.event.pull_request.head.repo.full_name == github.repository uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} - - name: Validate PR title and create check + - name: "Validate PR title and create check" uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@main with: - github_token: ${{ steps.generate-token.outputs.token }} + token: ${{ steps.generate-token.outputs.token }} diff --git a/renovate.json b/renovate.json index 33d6955..2d55bec 100644 --- a/renovate.json +++ b/renovate.json @@ -3,40 +3,20 @@ "extends": [ "config:recommended" ], - "baseBranchPatterns": [ - "release/current", - "main" + "labels": [ + "dependencies", + "filigran team" ], - "packageRules": [ - { - "matchBaseBranches": [ - "release/current" - ], - "commitMessageSuffix": null - }, - { - "matchJsonata": [ - "$exists(isVulnerabilityAlert)" - ], - "matchBaseBranches": [ - "release/current" - ], - "enabled": false - }, - { - "matchJsonata": [ - "$not($exists(isVulnerabilityAlert))" - ], - "matchBaseBranches": [ - "main" - ], - "enabled": false - }, - { - "matchPackageNames": [ - "mid" - ], - "enabled": false - } - ] -} + "minimumReleaseAge": "3 days", + "prHourlyLimit": 2, + "prConcurrentLimit": 20, + "timezone": "Europe/Paris", + "schedule": [ + "* 0-4,22-23 * * 1-5", + "* * * * 0,6" + ], + "updateNotScheduled": false, + "rebaseWhen": "conflicted", + "commitMessageAction": "update", + "commitMessagePrefix": "[agent] chore(deps):" +} \ No newline at end of file From 5a5d173ca3fa80f376f187f61aeff95421b985fe Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 13:42:34 +0100 Subject: [PATCH 3/4] naming --- .../{oaev_auto_label.yml => oaev_shared_auto_label.yml} | 2 +- ...ck_signed_commit.yml => oaev_shared_check_signed_commit.yml} | 2 +- ..._validate_pr_title.yml => oaev_shared_validate_pr_title.yml} | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) rename .github/workflows/{oaev_auto_label.yml => oaev_shared_auto_label.yml} (89%) rename .github/workflows/{oaev_check_signed_commit.yml => oaev_shared_check_signed_commit.yml} (86%) rename .github/workflows/{oaev_validate_pr_title.yml => oaev_shared_validate_pr_title.yml} (93%) diff --git a/.github/workflows/oaev_auto_label.yml b/.github/workflows/oaev_shared_auto_label.yml similarity index 89% rename from .github/workflows/oaev_auto_label.yml rename to .github/workflows/oaev_shared_auto_label.yml index 47b3c8f..4ad9d8a 100644 --- a/.github/workflows/oaev_auto_label.yml +++ b/.github/workflows/oaev_shared_auto_label.yml @@ -1,4 +1,4 @@ -name: "[OAEV] Auto Label" +name: "[OAEV Shared] Auto Label" on: pull_request: branches: [main, release/current] diff --git a/.github/workflows/oaev_check_signed_commit.yml b/.github/workflows/oaev_shared_check_signed_commit.yml similarity index 86% rename from .github/workflows/oaev_check_signed_commit.yml rename to .github/workflows/oaev_shared_check_signed_commit.yml index 8defe38..73da07f 100644 --- a/.github/workflows/oaev_check_signed_commit.yml +++ b/.github/workflows/oaev_shared_check_signed_commit.yml @@ -1,4 +1,4 @@ -name: "[OAEV] Check Signed Commits in PR" +name: "[OAEV Shared] Check Signed Commits in PR" on: pull_request_target: branches: [main, release/current] diff --git a/.github/workflows/oaev_validate_pr_title.yml b/.github/workflows/oaev_shared_validate_pr_title.yml similarity index 93% rename from .github/workflows/oaev_validate_pr_title.yml rename to .github/workflows/oaev_shared_validate_pr_title.yml index 8bc0329..7e2c5a7 100644 --- a/.github/workflows/oaev_validate_pr_title.yml +++ b/.github/workflows/oaev_shared_validate_pr_title.yml @@ -1,4 +1,4 @@ -name: "[OAEV] Validate PR title Worker" +name: "[OAEV Shared] Validate PR title Worker" on: pull_request: branches: [main, release/current] From a32378e21edbd1baa119d3545785f9e34ae1e36f Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 13:58:42 +0100 Subject: [PATCH 4/4] v1 --- .github/workflows/oaev_shared_auto_label.yml | 2 +- .github/workflows/oaev_shared_check_signed_commit.yml | 2 +- .github/workflows/oaev_shared_validate_pr_title.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/oaev_shared_auto_label.yml b/.github/workflows/oaev_shared_auto_label.yml index 4ad9d8a..8307675 100644 --- a/.github/workflows/oaev_shared_auto_label.yml +++ b/.github/workflows/oaev_shared_auto_label.yml @@ -11,4 +11,4 @@ jobs: runs-on: ubuntu-latest steps: - name: "Auto Label" - uses: FiligranHQ/filigran-ci-tools/actions/auto-label@main + uses: FiligranHQ/filigran-ci-tools/actions/auto-label@v1 diff --git a/.github/workflows/oaev_shared_check_signed_commit.yml b/.github/workflows/oaev_shared_check_signed_commit.yml index 73da07f..f75b963 100644 --- a/.github/workflows/oaev_shared_check_signed_commit.yml +++ b/.github/workflows/oaev_shared_check_signed_commit.yml @@ -10,4 +10,4 @@ jobs: runs-on: ubuntu-latest steps: - name: Check signed commits in PR - uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@main + uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@v1 diff --git a/.github/workflows/oaev_shared_validate_pr_title.yml b/.github/workflows/oaev_shared_validate_pr_title.yml index 7e2c5a7..0f976f8 100644 --- a/.github/workflows/oaev_shared_validate_pr_title.yml +++ b/.github/workflows/oaev_shared_validate_pr_title.yml @@ -15,6 +15,6 @@ jobs: app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} - name: "Validate PR title and create check" - uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@main + uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@v1 with: token: ${{ steps.generate-token.outputs.token }}