From 23679b4fa14d70169f333e32d0c661e177e99ec7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Brunner?= <stephane.brunner@camptocamp.com>
Date: Fri, 27 Sep 2024 14:45:20 +0200
Subject: [PATCH] CI updates

This is done by the automated script named upgrade-c2cciutils-to-1.7
---
 .github/renovate.json5                        |  5 ++
 .github/workflows/audit.yaml                  |  5 --
 .../workflows/pull-request-automation.yaml    | 74 +------------------
 .pre-commit-config.yaml                       | 12 +--
 ci/config.yaml                                |  1 +
 5 files changed, 14 insertions(+), 83 deletions(-)

diff --git a/.github/renovate.json5 b/.github/renovate.json5
index 306500f..cacccd0 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -106,5 +106,10 @@
       groupName: 'CI dependencies',
       automerge: true,
     },
+    /** For security reason don't takes the too early packages on stabilization branches */
+    {
+      matchBaseBranches: ['/^[0-9]+\\.[0-9]+\\.[0-9]+$/'],
+      minimumReleaseAge: '7 days',
+    },
   ],
 }
diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
index b4d3497..4212256 100644
--- a/.github/workflows/audit.yaml
+++ b/.github/workflows/audit.yaml
@@ -46,8 +46,3 @@ jobs:
         uses: andstor/file-existence-action@v3
         with:
           files: ci/dpkg-versions.yaml
-      - name: Update dpkg packages versions
-        run: ~/.venv/bin/c2cciutils-docker-versions-update --branch=${{ matrix.branch }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
-        if: steps.dpkg-versions.outputs.files_exists == 'true'
diff --git a/.github/workflows/pull-request-automation.yaml b/.github/workflows/pull-request-automation.yaml
index 31478d1..c47cd30 100644
--- a/.github/workflows/pull-request-automation.yaml
+++ b/.github/workflows/pull-request-automation.yaml
@@ -5,14 +5,10 @@ on:
     types:
       - opened
       - reopened
-      - closed
-  pull_request_target:
-    types:
-      - closed
 
 jobs:
   auto-merge:
-    name: Auto reviews, merge and close pull requests
+    name: Auto reviews pull requests from bots
     runs-on: ubuntu-22.04
     timeout-minutes: 5
 
@@ -38,11 +34,9 @@ jobs:
             })
         if: |-
           startsWith(github.head_ref, 'ghci/audit/')
-          && (github.event.pull_request.user.login == 'ghci-test[bot]'
-            || github.event.pull_request.user.login == 'ghci-int[bot]'
-            || github.event.pull_request.user.login == 'ghci[bot]')
-          && (github.event.action == 'opened'
-            || github.event.action == 'reopened')
+          && (github.event.pull_request.user.login == 'geo-ghci-test[bot]'
+            || github.event.pull_request.user.login == 'geo-ghci-int[bot]'
+            || github.event.pull_request.user.login == 'geo-ghci[bot]')
       - name: Auto reviews Renovate updates
         uses: actions/github-script@v7
         with:
@@ -55,63 +49,3 @@ jobs:
             })
         if: |-
           github.event.pull_request.user.login == 'renovate[bot]'
-          && (github.event.action == 'opened'
-            || github.event.action == 'reopened')
-      - name: Auto review and merge dpkg updates
-        uses: actions/github-script@v7
-        with:
-          script: |-
-            github.rest.pulls.createReview({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.payload.pull_request.number,
-              event: 'APPROVE',
-            });
-            github.graphql(`
-              mutation {
-                enablePullRequestAutoMerge(input: {
-                  pullRequestId: "${context.payload.pull_request.node_id}",
-                  mergeMethod: SQUASH,
-                }) {
-                  pullRequest {
-                    autoMergeRequest {
-                      enabledAt
-                    }
-                  }
-                }
-              }
-            `)
-        if: |-
-          github.event.pull_request.user.login == 'c2c-bot-gis-ci-2'
-          && startsWith(github.head_ref, 'dpkg-update/')
-          && (github.event.action == 'opened'
-            || github.event.action == 'reopened')
-      - name: Auto review and merge snyk auto fix
-        uses: actions/github-script@v7
-        with:
-          script: |-
-            github.rest.pulls.createReview({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.payload.pull_request.number,
-              event: 'APPROVE',
-            });
-            github.graphql(`
-              mutation {
-                enablePullRequestAutoMerge(input: {
-                  pullRequestId: "${context.payload.pull_request.node_id}",
-                  mergeMethod: SQUASH,
-                }) {
-                  pullRequest {
-                    autoMergeRequest {
-                      enabledAt
-                    }
-                  }
-                }
-              }
-            `)
-        if: |-
-          github.event.pull_request.user.login == 'c2c-bot-gis-ci-2'
-          && startsWith(github.head_ref, 'snyk-fix/')
-          && (github.event.action == 'opened'
-            || github.event.action == 'reopened')
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 24b6273..687ea9f 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -90,11 +90,7 @@ repos:
     hooks:
       - id: jsonschema-validator
         files: ^ci/config\.yaml$
-ci:
-  autoupdate_schedule: quarterly
-  skip:
-    - copyright
-    - poetry-check
-    - poetry-lock
-    - ripsecrets
-    - jsonschema-validator
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 37.428.1
+    hooks:
+      - id: renovate-config-validator
diff --git a/ci/config.yaml b/ci/config.yaml
index ef3ea6b..5a59345 100644
--- a/ci/config.yaml
+++ b/ci/config.yaml
@@ -1,4 +1,5 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/camptocamp/c2cciutils/1.6.22/c2cciutils/schema.json
+
 publish:
   pypi:
     packages: []