From ef8ae1964b3ef340167d8cbfd7fa4738f91ca79e Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Mon, 12 Jan 2026 16:09:06 +0100 Subject: [PATCH 01/22] add pr title check action --- .github/workflows/pr-title-check.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/pr-title-check.yml diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml new file mode 100644 index 0000000..a0ee965 --- /dev/null +++ b/.github/workflows/pr-title-check.yml @@ -0,0 +1,19 @@ +name: "PR Title Check" +on: + pull_request: + types: [opened, edited, reopened, ready_for_review, synchronize] +jobs: + validate-pr-title: + runs-on: ubuntu-latest + steps: + - name: Generate a token + id: generate-token + if: github.event.pull_request.head.repo.full_name == github.repository + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} + private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} + - name: Validate PR title and create check + uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@main + with: + github_token: ${{ steps.generate-token.outputs.token }} From a3991d36a9f95994ea121a97fe0d1276dabd950f Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Mon, 12 Jan 2026 17:18:29 +0100 Subject: [PATCH 02/22] test --- .github/workflows/pr-title-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml index a0ee965..0c7da7e 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check.yml @@ -14,6 +14,6 @@ jobs: app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} - name: Validate PR title and create check - uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@main + uses: guillaumejparis/ci-tools/actions/pr-title-check@main with: github_token: ${{ steps.generate-token.outputs.token }} From 17f60db06d9d2a03b92c6ba3c7879a76d1d11b21 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Mon, 12 Jan 2026 17:23:31 +0100 Subject: [PATCH 03/22] test --- .../{pr-title-check.yml => pr-title-check-worker.yml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{pr-title-check.yml => pr-title-check-worker.yml} (86%) diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check-worker.yml similarity index 86% rename from .github/workflows/pr-title-check.yml rename to .github/workflows/pr-title-check-worker.yml index 0c7da7e..cf30c4a 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check-worker.yml @@ -1,4 +1,4 @@ -name: "PR Title Check" +name: "PR Title Check Worker" on: pull_request: types: [opened, edited, reopened, ready_for_review, synchronize] @@ -14,6 +14,6 @@ jobs: app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} - name: Validate PR title and create check - uses: guillaumejparis/ci-tools/actions/pr-title-check@main + uses: guillaumejparis/ci-tools/actions/pr-title-check@v1.0.0 with: github_token: ${{ steps.generate-token.outputs.token }} From 776531a166d7716047632a07c5b353a6c1f0703b Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Mon, 12 Jan 2026 17:24:25 +0100 Subject: [PATCH 04/22] test --- .github/workflows/pr-title-check-worker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title-check-worker.yml b/.github/workflows/pr-title-check-worker.yml index cf30c4a..8cc3af5 100644 --- a/.github/workflows/pr-title-check-worker.yml +++ b/.github/workflows/pr-title-check-worker.yml @@ -14,6 +14,6 @@ jobs: app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} - name: Validate PR title and create check - uses: guillaumejparis/ci-tools/actions/pr-title-check@v1.0.0 + uses: guillaumejparis/ci-tools/actions/pr-title-check@1.0.0 with: github_token: ${{ steps.generate-token.outputs.token }} From 06edc4a02fe5c818e4cfcb93e53bb3ff032247fa Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Mon, 12 Jan 2026 17:38:21 +0100 Subject: [PATCH 05/22] test --- .github/workflows/auto-set-label.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/auto-set-label.yml b/.github/workflows/auto-set-label.yml index f2108cf..51880af 100644 --- a/.github/workflows/auto-set-label.yml +++ b/.github/workflows/auto-set-label.yml @@ -3,12 +3,13 @@ on: pull_request: branches: - master + - release/current jobs: - build: + auto-label: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Setting labels - uses: FiligranHQ/auto-label@1.0.0 + - name: Auto Label + uses: guillaumejparis/ci-tools/actions/auto-label@v1 with: - labels_by_organization: "{\"FiligranHQ\":[\"filigran team\"]}" \ No newline at end of file + github_token: ${{ secrets.GITHUB_TOKEN }} + labels_by_organization: '{"FiligranHQ":["filigran team"]}' From aece7053447d48ca0cbe31653f46a02d9daeaeea Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Mon, 12 Jan 2026 17:41:20 +0100 Subject: [PATCH 06/22] test --- .github/workflows/auto-set-label.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-set-label.yml b/.github/workflows/auto-set-label.yml index 51880af..6fc7915 100644 --- a/.github/workflows/auto-set-label.yml +++ b/.github/workflows/auto-set-label.yml @@ -2,7 +2,7 @@ name: Assign PR team labels on: pull_request: branches: - - master + - main - release/current jobs: auto-label: From d3cca8bb6b9842d4421e8a473ece85b848fe1483 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Mon, 12 Jan 2026 17:41:59 +0100 Subject: [PATCH 07/22] fix --- .github/workflows/auto-set-label.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-set-label.yml b/.github/workflows/auto-set-label.yml index 6fc7915..149d2c8 100644 --- a/.github/workflows/auto-set-label.yml +++ b/.github/workflows/auto-set-label.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Auto Label - uses: guillaumejparis/ci-tools/actions/auto-label@v1 + uses: guillaumejparis/ci-tools/actions/auto-label@1.0.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} labels_by_organization: '{"FiligranHQ":["filigran team"]}' From a3df42611fa36b6d62f536e09959febcfb09ad1e Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Mon, 12 Jan 2026 17:42:47 +0100 Subject: [PATCH 08/22] fix --- .github/workflows/auto-set-label.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-set-label.yml b/.github/workflows/auto-set-label.yml index 149d2c8..45de7cb 100644 --- a/.github/workflows/auto-set-label.yml +++ b/.github/workflows/auto-set-label.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Auto Label - uses: guillaumejparis/ci-tools/actions/auto-label@1.0.0 + uses: guillaumejparis/ci-tools/actions/auto-label@main with: github_token: ${{ secrets.GITHUB_TOKEN }} labels_by_organization: '{"FiligranHQ":["filigran team"]}' From 5a2063d8c2e50a74a90a49ab72114094cf27bed0 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Mon, 12 Jan 2026 17:45:00 +0100 Subject: [PATCH 09/22] fix --- .github/workflows/auto-set-label.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/auto-set-label.yml b/.github/workflows/auto-set-label.yml index 45de7cb..ea531da 100644 --- a/.github/workflows/auto-set-label.yml +++ b/.github/workflows/auto-set-label.yml @@ -4,6 +4,9 @@ on: branches: - main - release/current +permissions: + contents: read + pull-requests: write jobs: auto-label: runs-on: ubuntu-latest From cabf6efa74c7d5ccf4ecfe992c34e8ba3a682371 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Tue, 13 Jan 2026 14:48:21 +0100 Subject: [PATCH 10/22] improve --- .github/workflows/auto-set-label.yml | 3 +- .github/workflows/check-verified-commit.yml | 22 +++++++++ .github/workflows/pr-title-check-worker.yml | 4 +- renovate.json | 52 +++++++-------------- 4 files changed, 41 insertions(+), 40 deletions(-) create mode 100644 .github/workflows/check-verified-commit.yml diff --git a/.github/workflows/auto-set-label.yml b/.github/workflows/auto-set-label.yml index ea531da..df03bf1 100644 --- a/.github/workflows/auto-set-label.yml +++ b/.github/workflows/auto-set-label.yml @@ -12,7 +12,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Auto Label - uses: guillaumejparis/ci-tools/actions/auto-label@main + uses: FiligranHQ/filigran-ci-tools/actions/auto-label@1.0.0 with: - github_token: ${{ secrets.GITHUB_TOKEN }} labels_by_organization: '{"FiligranHQ":["filigran team"]}' diff --git a/.github/workflows/check-verified-commit.yml b/.github/workflows/check-verified-commit.yml new file mode 100644 index 0000000..a583578 --- /dev/null +++ b/.github/workflows/check-verified-commit.yml @@ -0,0 +1,22 @@ +name: Check signed commits in PR +on: [pull_request,pull_request_target] +permissions: + contents: read + pull-requests: write +jobs: + check-signed-commits: + name: Check signed commits in PR + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - name: Information about how to sign commits see https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits + # "with comment" below does not work for forks. + run: | + echo "If you need to sign commits, Please see https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits" + - name: Check signed commits in PR on fail see above information. + uses: 1Password/check-signed-commits-action@v1 + with: + comment: | + Thank you for your contribution. This PR is but one step away from being ready for merging: all commits must be PGP-signed. To get started, please see docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits diff --git a/.github/workflows/pr-title-check-worker.yml b/.github/workflows/pr-title-check-worker.yml index 8cc3af5..fc8ce84 100644 --- a/.github/workflows/pr-title-check-worker.yml +++ b/.github/workflows/pr-title-check-worker.yml @@ -14,6 +14,6 @@ jobs: app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} - name: Validate PR title and create check - uses: guillaumejparis/ci-tools/actions/pr-title-check@1.0.0 + uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@1.0.0 with: - github_token: ${{ steps.generate-token.outputs.token }} + token: ${{ steps.generate-token.outputs.token }} diff --git a/renovate.json b/renovate.json index 33d6955..2d55bec 100644 --- a/renovate.json +++ b/renovate.json @@ -3,40 +3,20 @@ "extends": [ "config:recommended" ], - "baseBranchPatterns": [ - "release/current", - "main" + "labels": [ + "dependencies", + "filigran team" ], - "packageRules": [ - { - "matchBaseBranches": [ - "release/current" - ], - "commitMessageSuffix": null - }, - { - "matchJsonata": [ - "$exists(isVulnerabilityAlert)" - ], - "matchBaseBranches": [ - "release/current" - ], - "enabled": false - }, - { - "matchJsonata": [ - "$not($exists(isVulnerabilityAlert))" - ], - "matchBaseBranches": [ - "main" - ], - "enabled": false - }, - { - "matchPackageNames": [ - "mid" - ], - "enabled": false - } - ] -} + "minimumReleaseAge": "3 days", + "prHourlyLimit": 2, + "prConcurrentLimit": 20, + "timezone": "Europe/Paris", + "schedule": [ + "* 0-4,22-23 * * 1-5", + "* * * * 0,6" + ], + "updateNotScheduled": false, + "rebaseWhen": "conflicted", + "commitMessageAction": "update", + "commitMessagePrefix": "[agent] chore(deps):" +} \ No newline at end of file From 8033714e2d0ace7b8d398dc1f38293e845be4222 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Tue, 13 Jan 2026 14:59:09 +0100 Subject: [PATCH 11/22] test --- .github/workflows/auto-set-label.yml | 2 +- .github/workflows/pr-title-check-worker.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/auto-set-label.yml b/.github/workflows/auto-set-label.yml index df03bf1..243ac28 100644 --- a/.github/workflows/auto-set-label.yml +++ b/.github/workflows/auto-set-label.yml @@ -12,6 +12,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Auto Label - uses: FiligranHQ/filigran-ci-tools/actions/auto-label@1.0.0 + uses: FiligranHQ/filigran-ci-tools/actions/auto-label@main with: labels_by_organization: '{"FiligranHQ":["filigran team"]}' diff --git a/.github/workflows/pr-title-check-worker.yml b/.github/workflows/pr-title-check-worker.yml index fc8ce84..25fc2b8 100644 --- a/.github/workflows/pr-title-check-worker.yml +++ b/.github/workflows/pr-title-check-worker.yml @@ -14,6 +14,6 @@ jobs: app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} - name: Validate PR title and create check - uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@1.0.0 + uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@main with: token: ${{ steps.generate-token.outputs.token }} From efbf7456878a67439f532934b8db002b642cd9d4 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 09:09:05 +0100 Subject: [PATCH 12/22] fix --- .github/workflows/auto-set-label.yml | 6 ++---- .github/workflows/check-verified-commit.yml | 19 ++++--------------- .github/workflows/pr-title-check-worker.yml | 4 ++-- 3 files changed, 8 insertions(+), 21 deletions(-) diff --git a/.github/workflows/auto-set-label.yml b/.github/workflows/auto-set-label.yml index 243ac28..b9284b9 100644 --- a/.github/workflows/auto-set-label.yml +++ b/.github/workflows/auto-set-label.yml @@ -1,4 +1,4 @@ -name: Assign PR team labels +name: "Assign PR Team Labels" on: pull_request: branches: @@ -11,7 +11,5 @@ jobs: auto-label: runs-on: ubuntu-latest steps: - - name: Auto Label + - name: "Auto Label" uses: FiligranHQ/filigran-ci-tools/actions/auto-label@main - with: - labels_by_organization: '{"FiligranHQ":["filigran team"]}' diff --git a/.github/workflows/check-verified-commit.yml b/.github/workflows/check-verified-commit.yml index a583578..22cc115 100644 --- a/.github/workflows/check-verified-commit.yml +++ b/.github/workflows/check-verified-commit.yml @@ -1,22 +1,11 @@ -name: Check signed commits in PR -on: [pull_request,pull_request_target] +name: "Check Signed Commits in PR" +on: pull_request_target permissions: contents: read pull-requests: write jobs: check-signed-commits: - name: Check signed commits in PR runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write steps: - - name: Information about how to sign commits see https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits - # "with comment" below does not work for forks. - run: | - echo "If you need to sign commits, Please see https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits" - - name: Check signed commits in PR on fail see above information. - uses: 1Password/check-signed-commits-action@v1 - with: - comment: | - Thank you for your contribution. This PR is but one step away from being ready for merging: all commits must be PGP-signed. To get started, please see docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits + - name: Check signed commits in PR + uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@main diff --git a/.github/workflows/pr-title-check-worker.yml b/.github/workflows/pr-title-check-worker.yml index 25fc2b8..6c47c19 100644 --- a/.github/workflows/pr-title-check-worker.yml +++ b/.github/workflows/pr-title-check-worker.yml @@ -6,14 +6,14 @@ jobs: validate-pr-title: runs-on: ubuntu-latest steps: - - name: Generate a token + - name: "Generate a token" id: generate-token if: github.event.pull_request.head.repo.full_name == github.repository uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} - - name: Validate PR title and create check + - name: "Validate PR title and create check" uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@main with: token: ${{ steps.generate-token.outputs.token }} From f0a91d7920778179c6410da99a51cfb5a05642e5 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 09:39:47 +0100 Subject: [PATCH 13/22] fix --- .github/workflows/auto-set-label.yml | 15 --------- .github/workflows/basic_ci_checks.yml | 37 +++++++++++++++++++++ .github/workflows/check-verified-commit.yml | 11 ------ .github/workflows/pr-title-check-worker.yml | 19 ----------- 4 files changed, 37 insertions(+), 45 deletions(-) delete mode 100644 .github/workflows/auto-set-label.yml create mode 100644 .github/workflows/basic_ci_checks.yml delete mode 100644 .github/workflows/check-verified-commit.yml delete mode 100644 .github/workflows/pr-title-check-worker.yml diff --git a/.github/workflows/auto-set-label.yml b/.github/workflows/auto-set-label.yml deleted file mode 100644 index b9284b9..0000000 --- a/.github/workflows/auto-set-label.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: "Assign PR Team Labels" -on: - pull_request: - branches: - - main - - release/current -permissions: - contents: read - pull-requests: write -jobs: - auto-label: - runs-on: ubuntu-latest - steps: - - name: "Auto Label" - uses: FiligranHQ/filigran-ci-tools/actions/auto-label@main diff --git a/.github/workflows/basic_ci_checks.yml b/.github/workflows/basic_ci_checks.yml new file mode 100644 index 0000000..c6bdd20 --- /dev/null +++ b/.github/workflows/basic_ci_checks.yml @@ -0,0 +1,37 @@ +name: "Basic CI checks" +on: + pull_request: + branches: [main, release/current] + types: [opened, edited, reopened, ready_for_review, synchronize] + pull_request_target: {} +permissions: + contents: read + pull-requests: write +jobs: + check-signed-commits: + runs-on: ubuntu-latest + if: github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' + steps: + - name: Check signed commits in PR + uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@main + auto-label: + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened') + steps: + - name: "Auto Label" + uses: FiligranHQ/filigran-ci-tools/actions/auto-label@main + validate-pr-title: + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' + steps: + - name: "Generate a token" + id: generate-token + if: github.event.pull_request.head.repo.full_name == github.repository + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} + private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} + - name: "Validate PR title and create check" + uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@main + with: + token: ${{ steps.generate-token.outputs.token }} diff --git a/.github/workflows/check-verified-commit.yml b/.github/workflows/check-verified-commit.yml deleted file mode 100644 index 22cc115..0000000 --- a/.github/workflows/check-verified-commit.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: "Check Signed Commits in PR" -on: pull_request_target -permissions: - contents: read - pull-requests: write -jobs: - check-signed-commits: - runs-on: ubuntu-latest - steps: - - name: Check signed commits in PR - uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@main diff --git a/.github/workflows/pr-title-check-worker.yml b/.github/workflows/pr-title-check-worker.yml deleted file mode 100644 index 6c47c19..0000000 --- a/.github/workflows/pr-title-check-worker.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: "PR Title Check Worker" -on: - pull_request: - types: [opened, edited, reopened, ready_for_review, synchronize] -jobs: - validate-pr-title: - runs-on: ubuntu-latest - steps: - - name: "Generate a token" - id: generate-token - if: github.event.pull_request.head.repo.full_name == github.repository - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ secrets.OPENAEV_PR_CHECKS_APP_ID }} - private-key: ${{ secrets.OPENAEV_PR_CHECKS_PRIVATE_KEY }} - - name: "Validate PR title and create check" - uses: FiligranHQ/filigran-ci-tools/actions/pr-title-check@main - with: - token: ${{ steps.generate-token.outputs.token }} From 5cd831609f6b8ee6e11ab7d3e37bccddc6900f23 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 09:47:26 +0100 Subject: [PATCH 14/22] fix --- .../{basic_ci_checks.yml => oaev_common_ci_checks.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{basic_ci_checks.yml => oaev_common_ci_checks.yml} (97%) diff --git a/.github/workflows/basic_ci_checks.yml b/.github/workflows/oaev_common_ci_checks.yml similarity index 97% rename from .github/workflows/basic_ci_checks.yml rename to .github/workflows/oaev_common_ci_checks.yml index c6bdd20..f22e29c 100644 --- a/.github/workflows/basic_ci_checks.yml +++ b/.github/workflows/oaev_common_ci_checks.yml @@ -1,4 +1,4 @@ -name: "Basic CI checks" +name: "[OAEV] Common CI checks" on: pull_request: branches: [main, release/current] From 02cf5fd160ada68e74ba959d3440a8d5d1cacbb3 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 09:57:45 +0100 Subject: [PATCH 15/22] fix --- .github/workflows/oaev_common_ci_checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/oaev_common_ci_checks.yml b/.github/workflows/oaev_common_ci_checks.yml index f22e29c..56abad7 100644 --- a/.github/workflows/oaev_common_ci_checks.yml +++ b/.github/workflows/oaev_common_ci_checks.yml @@ -10,7 +10,7 @@ permissions: jobs: check-signed-commits: runs-on: ubuntu-latest - if: github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' + if: github.event_name == 'pull_request_target' steps: - name: Check signed commits in PR uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@main From 56eca1f1359080ecfa96f7adb8a653fae2ee1bd4 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 10:48:56 +0100 Subject: [PATCH 16/22] test --- .github/workflows/oaev_common_ci_checks.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/oaev_common_ci_checks.yml b/.github/workflows/oaev_common_ci_checks.yml index 56abad7..a31bcf3 100644 --- a/.github/workflows/oaev_common_ci_checks.yml +++ b/.github/workflows/oaev_common_ci_checks.yml @@ -3,14 +3,12 @@ on: pull_request: branches: [main, release/current] types: [opened, edited, reopened, ready_for_review, synchronize] - pull_request_target: {} permissions: contents: read pull-requests: write jobs: check-signed-commits: runs-on: ubuntu-latest - if: github.event_name == 'pull_request_target' steps: - name: Check signed commits in PR uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@main From ffccd37773fef5a938b940112ccbd6de63781ebf Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 11:05:33 +0100 Subject: [PATCH 17/22] test --- .github/workflows/oaev_common_ci_checks.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/oaev_common_ci_checks.yml b/.github/workflows/oaev_common_ci_checks.yml index a31bcf3..fe08ef1 100644 --- a/.github/workflows/oaev_common_ci_checks.yml +++ b/.github/workflows/oaev_common_ci_checks.yml @@ -3,12 +3,15 @@ on: pull_request: branches: [main, release/current] types: [opened, edited, reopened, ready_for_review, synchronize] + pull_request_target: + types: [opened, reopened, synchronize] permissions: contents: read pull-requests: write jobs: check-signed-commits: runs-on: ubuntu-latest + if: github.event_name == 'pull_request_target' steps: - name: Check signed commits in PR uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@main From 55bc4f9252a063e801c345bb0522dc0564a73127 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 11:39:12 +0100 Subject: [PATCH 18/22] test --- .github/workflows/oaev_common_ci_checks.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/oaev_common_ci_checks.yml b/.github/workflows/oaev_common_ci_checks.yml index fe08ef1..2e648c4 100644 --- a/.github/workflows/oaev_common_ci_checks.yml +++ b/.github/workflows/oaev_common_ci_checks.yml @@ -1,10 +1,8 @@ name: "[OAEV] Common CI checks" on: - pull_request: + pull_request_target: branches: [main, release/current] types: [opened, edited, reopened, ready_for_review, synchronize] - pull_request_target: - types: [opened, reopened, synchronize] permissions: contents: read pull-requests: write From 7e2d0553ebd8222793465261320c57ea5e47de40 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 11:52:19 +0100 Subject: [PATCH 19/22] test --- .github/workflows/oaev_common_ci_checks.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/oaev_common_ci_checks.yml b/.github/workflows/oaev_common_ci_checks.yml index 2e648c4..ad96165 100644 --- a/.github/workflows/oaev_common_ci_checks.yml +++ b/.github/workflows/oaev_common_ci_checks.yml @@ -1,6 +1,6 @@ name: "[OAEV] Common CI checks" on: - pull_request_target: + pull_request: branches: [main, release/current] types: [opened, edited, reopened, ready_for_review, synchronize] permissions: @@ -9,19 +9,18 @@ permissions: jobs: check-signed-commits: runs-on: ubuntu-latest - if: github.event_name == 'pull_request_target' + if: github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' steps: - name: Check signed commits in PR uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@main auto-label: runs-on: ubuntu-latest - if: github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened') + if: github.event.action == 'opened' || github.event.action == 'reopened' steps: - name: "Auto Label" uses: FiligranHQ/filigran-ci-tools/actions/auto-label@main validate-pr-title: runs-on: ubuntu-latest - if: github.event_name == 'pull_request' steps: - name: "Generate a token" id: generate-token From 6cb11c8cdb456c3eb34e954450c699393a3b7233 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 12:04:42 +0100 Subject: [PATCH 20/22] fix --- .github/workflows/oaev_auto_label | 14 ++++++++++++++ .github/workflows/oaev_check_signed_commit | 13 +++++++++++++ ...common_ci_checks.yml => oaev_validate_pr_title} | 14 +------------- 3 files changed, 28 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/oaev_auto_label create mode 100644 .github/workflows/oaev_check_signed_commit rename .github/workflows/{oaev_common_ci_checks.yml => oaev_validate_pr_title} (58%) diff --git a/.github/workflows/oaev_auto_label b/.github/workflows/oaev_auto_label new file mode 100644 index 0000000..47b3c8f --- /dev/null +++ b/.github/workflows/oaev_auto_label @@ -0,0 +1,14 @@ +name: "[OAEV] Auto Label" +on: + pull_request: + branches: [main, release/current] + types: [opened, reopened] +permissions: + contents: read + pull-requests: write +jobs: + auto-label: + runs-on: ubuntu-latest + steps: + - name: "Auto Label" + uses: FiligranHQ/filigran-ci-tools/actions/auto-label@main diff --git a/.github/workflows/oaev_check_signed_commit b/.github/workflows/oaev_check_signed_commit new file mode 100644 index 0000000..8defe38 --- /dev/null +++ b/.github/workflows/oaev_check_signed_commit @@ -0,0 +1,13 @@ +name: "[OAEV] Check Signed Commits in PR" +on: + pull_request_target: + branches: [main, release/current] +permissions: + contents: read + pull-requests: write +jobs: + check-signed-commits: + runs-on: ubuntu-latest + steps: + - name: Check signed commits in PR + uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@main diff --git a/.github/workflows/oaev_common_ci_checks.yml b/.github/workflows/oaev_validate_pr_title similarity index 58% rename from .github/workflows/oaev_common_ci_checks.yml rename to .github/workflows/oaev_validate_pr_title index ad96165..fe16d4c 100644 --- a/.github/workflows/oaev_common_ci_checks.yml +++ b/.github/workflows/oaev_validate_pr_title @@ -1,4 +1,4 @@ -name: "[OAEV] Common CI checks" +name: "[OAEV] Validate PR title" on: pull_request: branches: [main, release/current] @@ -7,18 +7,6 @@ permissions: contents: read pull-requests: write jobs: - check-signed-commits: - runs-on: ubuntu-latest - if: github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' - steps: - - name: Check signed commits in PR - uses: FiligranHQ/filigran-ci-tools/actions/check-signed-commit@main - auto-label: - runs-on: ubuntu-latest - if: github.event.action == 'opened' || github.event.action == 'reopened' - steps: - - name: "Auto Label" - uses: FiligranHQ/filigran-ci-tools/actions/auto-label@main validate-pr-title: runs-on: ubuntu-latest steps: From ff06d850d8aea53edcb41225c35bed530c70724c Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 13:27:01 +0100 Subject: [PATCH 21/22] test --- .github/workflows/oaev_validate_pr_title | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/oaev_validate_pr_title b/.github/workflows/oaev_validate_pr_title index fe16d4c..258052c 100644 --- a/.github/workflows/oaev_validate_pr_title +++ b/.github/workflows/oaev_validate_pr_title @@ -3,9 +3,6 @@ on: pull_request: branches: [main, release/current] types: [opened, edited, reopened, ready_for_review, synchronize] -permissions: - contents: read - pull-requests: write jobs: validate-pr-title: runs-on: ubuntu-latest From 95c531ba4119541c4f279e682b3164f9d659b1c9 Mon Sep 17 00:00:00 2001 From: Guillaume Paris Date: Wed, 14 Jan 2026 13:32:02 +0100 Subject: [PATCH 22/22] test --- .github/workflows/{oaev_auto_label => oaev_auto_label.yml} | 0 .../{oaev_check_signed_commit => oaev_check_signed_commit.yml} | 0 .../{oaev_validate_pr_title => oaev_validate_pr_title.yml} | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{oaev_auto_label => oaev_auto_label.yml} (100%) rename .github/workflows/{oaev_check_signed_commit => oaev_check_signed_commit.yml} (100%) rename .github/workflows/{oaev_validate_pr_title => oaev_validate_pr_title.yml} (94%) diff --git a/.github/workflows/oaev_auto_label b/.github/workflows/oaev_auto_label.yml similarity index 100% rename from .github/workflows/oaev_auto_label rename to .github/workflows/oaev_auto_label.yml diff --git a/.github/workflows/oaev_check_signed_commit b/.github/workflows/oaev_check_signed_commit.yml similarity index 100% rename from .github/workflows/oaev_check_signed_commit rename to .github/workflows/oaev_check_signed_commit.yml diff --git a/.github/workflows/oaev_validate_pr_title b/.github/workflows/oaev_validate_pr_title.yml similarity index 94% rename from .github/workflows/oaev_validate_pr_title rename to .github/workflows/oaev_validate_pr_title.yml index 258052c..8bc0329 100644 --- a/.github/workflows/oaev_validate_pr_title +++ b/.github/workflows/oaev_validate_pr_title.yml @@ -1,4 +1,4 @@ -name: "[OAEV] Validate PR title" +name: "[OAEV] Validate PR title Worker" on: pull_request: branches: [main, release/current]