From fa8bd952d1f123a4f06adb3517f8c2b29f5d8213 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 17 Feb 2026 08:25:53 +0000 Subject: [PATCH 1/2] Initial plan From 60a83154d36edd73020832065c20f316e36d77a7 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 17 Feb 2026 08:28:49 +0000 Subject: [PATCH 2/2] Restore config files to main state while keeping axios update Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com> --- .github/dependabot.yml | 2 + .github/workflows/dependabot-secure-flow.yaml | 129 ++++++++++++++---- .github/workflows/release-notification.yaml | 2 +- CHANGELOG.md | 18 +++ 4 files changed, 125 insertions(+), 26 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c175e68..98d8384 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,6 +8,7 @@ updates: # NPM dependencies (Node.js packages) - package-ecosystem: "npm" directory: "/" + target-branch: "dependencies" schedule: # Run twice daily at 06:00 and 18:00 UTC interval: "daily" @@ -35,6 +36,7 @@ updates: # GitHub Actions workflows - package-ecosystem: "github-actions" directory: "/" + target-branch: "dependencies" schedule: interval: "daily" time: "18:00" diff --git a/.github/workflows/dependabot-secure-flow.yaml b/.github/workflows/dependabot-secure-flow.yaml index 58602fc..2439155 100644 --- a/.github/workflows/dependabot-secure-flow.yaml +++ b/.github/workflows/dependabot-secure-flow.yaml @@ -25,10 +25,11 @@ permissions: issues: write jobs: - auto-merge-to-securite: + auto-merge-to-dependencies: runs-on: ubuntu-latest env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Force serial execution to prevent conflicts concurrency: group: secure-flow-merge @@ -42,12 +43,12 @@ jobs: with: fetch-depth: 0 - - name: Ensure securite branch exists + - name: Ensure dependencies branch exists run: | - git fetch origin securite 2>/dev/null || git switch --create securite - git push origin securite || true + git fetch origin dependencies 2>/dev/null || git switch --create dependencies + git push origin dependencies || true - - name: Merge dependabot changes to securite branch + - name: Merge dependabot changes to dependencies branch run: | git config --global user.name 'github-actions[bot]' git config --global user.email 'github-actions[bot]@users.noreply.github.com' @@ -55,30 +56,44 @@ jobs: # Fetch the PR branch git fetch origin ${{ github.head_ref }}:${{ github.head_ref }} || true - # Switch to securite and merge - git switch securite + # Switch to dependencies and merge + git switch dependencies git merge origin/${{ github.head_ref }} --no-edit || true - # Push to securite - git push origin securite + # Push to dependencies + git push origin dependencies - name: Close and Delete Dependabot Branch if: ${{ github.actor == 'dependabot[bot]' || startsWith(github.head_ref, 'dependabot/') }} run: | + gh_retry() { + local tries=0 + local max=5 + local delay=2 + while ! "$@"; do + tries=$((tries + 1)) + if [ "$tries" -ge "$max" ]; then + return 1 + fi + sleep "$delay" + delay=$((delay * 2)) + done + } echo "Closing PR #${{ github.event.pull_request.number }} and deleting branch..." - gh pr close ${{ github.event.pull_request.number }} --delete-branch --comment "✅ Merged into **securite** branch for batch processing." + gh_retry gh pr close ${{ github.event.pull_request.number }} --delete-branch --comment "Merged into **dependencies** branch for batch processing." || true create-pr-to-main: - needs: auto-merge-to-securite + needs: auto-merge-to-dependencies runs-on: ubuntu-latest env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - name: Checkout repository uses: actions/checkout@v4 with: - ref: securite + ref: dependencies fetch-depth: 0 - name: Update Documentation Timestamp @@ -102,31 +117,81 @@ jobs: echo "No documentation changes needed." else git commit -m "docs: update release timestamp and changelog" - git push origin securite + git push origin dependencies fi - name: Check if PR already exists id: check-pr run: | + gh_retry() { + local tries=0 + local max=5 + local delay=2 + while ! "$@"; do + tries=$((tries + 1)) + if [ "$tries" -ge "$max" ]; then + return 1 + fi + sleep "$delay" + delay=$((delay * 2)) + done + } # Target MAIN instead of master - PR_COUNT=$(gh pr list --base main --head securite --state open --json number | jq 'length') + PR_COUNT=$(gh_retry gh pr list --base main --head dependencies --state open --json number | jq 'length') echo "pr_count=$PR_COUNT" >> $GITHUB_OUTPUT - - name: Create PR from securite to main + - name: Create PR from dependencies to main if: steps.check-pr.outputs.pr_count == '0' run: | + gh_retry() { + local tries=0 + local max=5 + local delay=2 + while ! "$@"; do + tries=$((tries + 1)) + if [ "$tries" -ge "$max" ]; then + return 1 + fi + sleep "$delay" + delay=$((delay * 2)) + done + } git config --global user.name 'github-actions[bot]' - # Check commits between main and securite - NEW_COMMITS=$(git log main..securite --oneline | wc -l) + # Check commits between main and dependencies + NEW_COMMITS=$(git log main..dependencies --oneline | wc -l) if [ "$NEW_COMMITS" -gt 0 ]; then - gh pr create \ + gh_retry gh pr create \ --base main \ - --head securite \ + --head dependencies \ --title "chore: dependency updates batch" \ - --body "Automated dependency updates validated in the securite branch." \ - --label "dependencies" \ - --label "automated" || echo "PR already exists" + --body "Automated dependency updates validated in the dependencies branch." \ + --label "dependencies" || echo "PR already exists" + fi + + - name: Enable auto-merge for dependencies PR + run: | + gh_retry() { + local tries=0 + local max=5 + local delay=2 + while ! "$@"; do + tries=$((tries + 1)) + if [ "$tries" -ge "$max" ]; then + return 1 + fi + sleep "$delay" + delay=$((delay * 2)) + done + } + PR_NUMBER=$(gh_retry gh pr list --base main --head dependencies --state open --json number --jq '.[0].number // empty') + if [ -n "$PR_NUMBER" ]; then + MERGEABLE=$(gh_retry gh pr view "$PR_NUMBER" --json mergeable --jq '.mergeable') + if [ "$MERGEABLE" = "MERGEABLE" ]; then + gh_retry gh pr merge "$PR_NUMBER" --auto --squash || true + else + echo "PR #$PR_NUMBER not mergeable yet ($MERGEABLE). Waiting for conflict resolution/checks." + fi fi check-interdependencies: @@ -158,13 +223,27 @@ jobs: if: always() env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + gh_retry() { + local tries=0 + local max=5 + local delay=2 + while ! "$@"; do + tries=$((tries + 1)) + if [ "$tries" -ge "$max" ]; then + return 1 + fi + sleep "$delay" + delay=$((delay * 2)) + done + } if [ "${{ steps.validate.outcome }}" == "failure" ]; then if [ "${{ github.event.pull_request.number }}" != "" ]; then - gh pr edit ${{ github.event.pull_request.number }} --add-label "skipped-vulnerability" - gh pr close ${{ github.event.pull_request.number }} --comment "🚫 **Auto-Correction**: Build validation failed. Closing PR." --delete-branch || true + gh_retry gh pr edit ${{ github.event.pull_request.number }} --add-label "skipped-vulnerability" || true + gh_retry gh pr close ${{ github.event.pull_request.number }} --comment "Auto-Correction: Build validation failed. Closing PR." --delete-branch || true fi echo "result=false" >> $GITHUB_OUTPUT else echo "result=true" >> $GITHUB_OUTPUT - fi \ No newline at end of file + fi diff --git a/.github/workflows/release-notification.yaml b/.github/workflows/release-notification.yaml index 1c0f264..66574a9 100644 --- a/.github/workflows/release-notification.yaml +++ b/.github/workflows/release-notification.yaml @@ -41,7 +41,7 @@ jobs: \`\`\`yaml jobs: - auto-merge-to-securite: + auto-merge-to-dependencies: uses: EthanThePhoenix38/dependabot-secure-flow/.github/workflows/dependabot-secure-flow.yml@${release.tag_name} secrets: inherit \`\`\` diff --git a/CHANGELOG.md b/CHANGELOG.md index bed494a..cd6b531 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,24 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +## [v1.0.5] - 2026-02-16 +### Changed +- Automated sync from AI-Pulse repository +- Updated workflow files and configurations + + +## [v1.0.4] - 2026-02-16 +### Changed +- Automated sync from AI-Pulse repository +- Updated workflow files and configurations + + +## [v1.0.3] - 2026-02-16 +### Changed +- Automated sync from AI-Pulse repository +- Updated workflow files and configurations + + ## [v1.0.2] - 2026-02-06 ### Changed - Automated sync from AI-Pulse repository