Merge remote-tracking branch 'origin/update-from-template' into develop

Author: AB-xdev

.github/workflows/checkBuild.yml renamed to .github/workflows/check-build.yml

@@ -12,7 +12,7 @@ permissions:
   pull-requests: write
 
 jobs:
-  check_code: # Validates the code
+  check-code:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
@@ -45,9 +45,9 @@ jobs:
           exit 1
         fi
 
-  prepare_release:
+  prepare-release:
     runs-on: ubuntu-latest
-    needs: [check_code]
+    needs: [check-code]
     outputs:
       upload_url: ${{ steps.create_release.outputs.upload_url }}
     steps:
@@ -93,8 +93,8 @@ jobs:
         release_name: v${{ steps.version.outputs.release }}
         commitish: master
         body: |
-          ## [Changelog](https://github.com/xdev-software/${{ env.PRIMARY_MAVEN_MODULE }}/blob/develop/CHANGELOG.md#${{ steps.version.outputs.releasenumber }})
-          See [Changelog#v${{ steps.version.outputs.release }}](https://github.com/xdev-software/${{ env.PRIMARY_MAVEN_MODULE }}/blob/develop/CHANGELOG.md#${{ steps.version.outputs.releasenumber }}) for more information.
+          ## [Changelog](https://github.com/${{ github.repository }}/blob/develop/CHANGELOG.md#${{ steps.version.outputs.releasenumber }})
+          See [Changelog#v${{ steps.version.outputs.release }}](https://github.com/${{ github.repository }}/blob/develop/CHANGELOG.md#${{ steps.version.outputs.releasenumber }}) for more information.
 
           ## Installation
           Add the following lines to your pom:
@@ -106,9 +106,9 @@ jobs:
           </dependency>
           ```
 
-  publish_central: # Publish the code to central
+  publish-maven:
     runs-on: ubuntu-latest
-    needs: [prepare_release]
+    needs: [prepare-release]
     steps:
     - uses: actions/checkout@v4
 
@@ -139,7 +139,7 @@ jobs:
 
   publish-pages:
     runs-on: ubuntu-latest
-    needs: [prepare_release]
+    needs: [prepare-release]
     steps:
     - uses: actions/checkout@v4
 
@@ -166,9 +166,9 @@ jobs:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         publish_dir: ./${{ env.PRIMARY_MAVEN_MODULE }}/target/site
 
-  after_release:
+  after-release:
     runs-on: ubuntu-latest
-    needs: [publish_central]
+    needs: [publish-maven]
     steps:
     - uses: actions/checkout@v4
 

.github/workflows/release.yml

@@ -26,6 +26,7 @@ env:
 jobs:
   token-check:
     runs-on: ubuntu-latest
+    if: ${{ !(github.event_name == 'pull_request' && startsWith(github.head_ref, 'renovate/')) }}
     outputs:
       hasToken: ${{ steps.check-token.outputs.has }}
     steps:
@@ -35,11 +36,10 @@ jobs:
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
-  sonar:
-    name: SonarCloud Scan
+  sonar-scan:
     runs-on: ubuntu-latest
     needs: token-check
-    if: ${{ !(github.event_name == 'pull_request' && startsWith(github.head_ref, 'renovate/')) && needs.token-check.outputs.hasToken }}
+    if: ${{ needs.token-check.outputs.hasToken }}
     steps:
       - uses: actions/checkout@v4
         with:

.github/workflows/sonar.yml

@@ -7,7 +7,7 @@ env:
   PRIMARY_MAVEN_MODULE: ${{ github.event.repository.name }}
 
 jobs:
-  publish_central: # Publish the code to central
+  publish-maven:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4

.github/workflows/test-deploy.yml

@@ -1,19 +1,26 @@
 name: Update from Template
 
 # This workflow keeps the repo up to date with changes from the template repo (REMOTE_URL)
-# It duplicates the REMOTE_BRANCH (into UPDATE_BRANCH) and tries to merge it into the 
+# It duplicates the REMOTE_BRANCH (into UPDATE_BRANCH) and tries to merge it into 
 # this repos default branch (which is checked out here)
 # Note that this requires a PAT (Personal Access Token) - at best from a servicing account
+# PAT permissions: read:discussion, read:org, repo, workflow
 # Also note that you should have at least once merged the template repo into the current repo manually
 # otherwise a "refusing to merge unrelated histories" error might occur.
 
 on:
   schedule:
     - cron: '55 2 * * 1'
   workflow_dispatch:
+    inputs:
+      no_automatic_merge:
+        type: boolean
+        description: 'No automatic merge'
+        default: false
 
 env:
   UPDATE_BRANCH: update-from-template
+  UPDATE_BRANCH_MERGED: update-from-template-merged
   REMOTE_URL: https://github.com/xdev-software/standard-maven-template.git
   REMOTE_BRANCH: master
 
@@ -36,31 +43,34 @@ jobs:
 
       - name: Init Git
         run: |
-          git config --global user.email "actions@github.com"
-          git config --global user.name "GitHub Actions"
+          git config --global user.email "111048771+xdev-gh-bot@users.noreply.github.com"
+          git config --global user.name "XDEV Bot"
 
-      - name: Main workflow
-        id: main
+      - name: Manage branches
+        id: manage-branches
         run: |
           echo "Adding remote template-repo"
           git remote add template ${{ env.REMOTE_URL }}
           
           echo "Fetching remote template repo"
           git fetch template
           
-          echo "Deleting local branch that will contain the updates - if present"
+          echo "Deleting local branches that will contain the updates - if present"
           git branch -D ${{ env.UPDATE_BRANCH }} || true
+          git branch -D ${{ env.UPDATE_BRANCH_MERGED }} || true
           
           echo "Checking if the remote template repo has new commits"
           git rev-list ..template/${{ env.REMOTE_BRANCH }}
 
           if [ $(git rev-list --count ..template/${{ env.REMOTE_BRANCH }}) -eq 0 ]; then
             echo "There are no commits new commits on the template repo"
             
-            echo "Deleting origin branch that contains the updates - if present"
+            echo "Deleting origin branch(es) that contain the updates - if present"
             git push -f origin --delete ${{ env.UPDATE_BRANCH }} || true
+            git push -f origin --delete ${{ env.UPDATE_BRANCH_MERGED }} || true
             
-            echo "abort=1" >> $GITHUB_OUTPUT
+            echo "create_update_branch_pr=0" >> $GITHUB_OUTPUT
+            echo "create_update_branch_merged_pr=0" >> $GITHUB_OUTPUT
             exit 0
           fi
           
@@ -73,21 +83,198 @@ jobs:
           echo "Pushing update branch"
           git push -f -u origin ${{ env.UPDATE_BRANCH }}
           
-          echo "Getting current branch"
-          current_branch=$(git branch --show-current)
-          echo "Current branch is $current_branch"
-          echo "current_branch=$current_branch" >> $GITHUB_OUTPUT
+          echo "Getting base branch"
+          base_branch=$(git branch --show-current)
+          echo "Base branch is $base_branch"
+          echo "base_branch=$base_branch" >> $GITHUB_OUTPUT
 
-          echo "abort=0" >> $GITHUB_OUTPUT
+          echo "Trying to create auto-merged branch ${{ env.UPDATE_BRANCH_MERGED }}"
+          git branch ${{ env.UPDATE_BRANCH_MERGED }} ${{ env.UPDATE_BRANCH }}
+          git checkout ${{ env.UPDATE_BRANCH_MERGED }}
           
-      - name: pull-request
-        if: steps.main.outputs.abort == 0
+          echo "Merging branch $base_branch into ${{ env.UPDATE_BRANCH_MERGED }}"
+          git merge $base_branch && merge_exit_code=$? || merge_exit_code=$?
+          if [ $merge_exit_code -ne 0 ]; then
+              echo "Auto merge failed! Manual merge required"
+              echo "::notice ::Auto merge failed - Manual merge required"
+
+              echo "Cleaning up failed merge"
+              git merge --abort
+              git checkout $base_branch
+              git branch -D ${{ env.UPDATE_BRANCH_MERGED }} || true
+
+              echo "Deleting auto-merge branch - if present"
+              git push -f origin --delete ${{ env.UPDATE_BRANCH_MERGED }} || true
+
+              echo "create_update_branch_pr=1" >> $GITHUB_OUTPUT
+              echo "create_update_branch_merged_pr=0" >> $GITHUB_OUTPUT
+              exit 0
+          fi
+
+          echo "Post processing: Trying to automatically fill in template variables"
+          find . -type f \
+            -not -path "./.git/**" \
+            -not -path "./.github/workflows/update-from-template.yml" -print0 \
+            | xargs -0 sed -i "s/template-placeholder/${GITHUB_REPOSITORY#*/}/g"
+
+          git status
+          git add --all
+
+          if [[ "$(git status --porcelain)" != "" ]]; then
+            echo "Filled in template; Committing"
+
+            git commit -m "Fill in template"
+          fi
+
+          echo "Pushing auto-merged branch"
+          git push -f -u origin ${{ env.UPDATE_BRANCH_MERGED }}
+
+          echo "update_branch_merged_commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+
+          echo "Restoring base branch $base_branch"
+          git checkout $base_branch
+
+          echo "create_update_branch_pr=0" >> $GITHUB_OUTPUT
+          echo "create_update_branch_merged_pr=1" >> $GITHUB_OUTPUT
+          echo "try_close_update_branch_pr=1" >> $GITHUB_OUTPUT
+          
+      - name: Create/Update PR update_branch
+        if: steps.manage-branches.outputs.create_update_branch_pr == 1
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }}
         run: |
           gh_pr_up() { 
             gh pr create -H "${{ env.UPDATE_BRANCH }}" "$@" || (git checkout "${{ env.UPDATE_BRANCH }}" && gh pr edit "$@")
           }
-          gh_pr_up -B "${{ steps.main.outputs.current_branch }}" \
+          gh_pr_up -B "${{ steps.manage-branches.outputs.base_branch }}" \
             --title "Update from template" \
             --body "An automated PR to sync changes from the template into this repo"
+      
+      # Ensure that only a single PR is open (otherwise confusion and spam)
+      - name: Close PR update_branch
+        if: steps.manage-branches.outputs.try_close_update_branch_pr == 1
+        env:
+          GH_TOKEN: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }}
+        run: |
+          gh pr close "${{ env.UPDATE_BRANCH }}" || true
+
+      - name: Create/Update PR update_branch_merged
+        if: steps.manage-branches.outputs.create_update_branch_merged_pr == 1
+        env:
+          GH_TOKEN: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }}
+        run: |
+          gh_pr_up() { 
+            gh pr create -H "${{ env.UPDATE_BRANCH_MERGED }}" "$@" || (git checkout "${{ env.UPDATE_BRANCH_MERGED }}" && gh pr edit "$@")
+          }
+          gh_pr_up -B "${{ steps.manage-branches.outputs.base_branch }}" \
+            --title "Update from template (auto-merged)" \
+            --body "An automated PR to sync changes from the template into this repo"
+
+      - name: Checking if auto-merge for PR update_branch_merged can be done
+        id: auto-merge-check
+        if: steps.manage-branches.outputs.create_update_branch_merged_pr == 1
+        env:
+          GH_TOKEN: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }}
+        run: |
+          not_failed_conclusion="skipped|neutral|success"
+          not_relevant_app_slug="dependabot|github-pages"
+
+          echo "Waiting for workflows to start..."
+          sleep 60s
+
+          for i in {1..15}; do
+            echo "Checking if PR can be auto-merged. Try: $i"
+
+            echo "Fetching checks"
+            cs_response=$(curl -sL \
+              --fail-with-body \
+              --connect-timeout 60 \
+              --max-time 120 \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer $GH_TOKEN" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              https://api.github.com/repos/${{ github.repository }}/commits/${{ steps.manage-branches.outputs.update_branch_merged_commit }}/check-suites)
+            
+            cs_data=$(echo $cs_response | jq '.check_suites[] | { conclusion: .conclusion, slug: .app.slug, check_runs_url: .check_runs_url }')
+            echo $cs_data
+
+            if [[ -z "$cs_data" ]]; then
+              echo "No check suite data - Assuming that there are no checks to run"
+
+              echo "perform=1" >> $GITHUB_OUTPUT
+              exit 0
+            fi
+
+            cs_failed=$(echo $cs_data | jq --arg x "$not_failed_conclusion" 'select ((.conclusion == null or (.conclusion | test($x))) | not)')
+            if [[ -z "$cs_failed" ]]; then
+              echo "No check failed so far; Checking if relevant checks are still running"
+
+              cs_relevant_still_running=$(echo $cs_data | jq --arg x "$not_relevant_app_slug" 'select (.conclusion == null and (.slug | test($x) | not))')
+              if [[ -z $cs_relevant_still_running ]]; then
+                echo "All relevant checks finished - PR can be merged"
+
+                echo "perform=1" >> $GITHUB_OUTPUT
+                exit 0
+              else
+                echo "Relevant checks are still running"
+                echo $cs_relevant_still_running
+              fi
+            else
+              echo "Detected failed check"
+              echo $cs_failed
+
+              echo "perform=0" >> $GITHUB_OUTPUT
+              exit 0
+            fi
+
+            echo "Waiting before next run..."
+            sleep 60s
+          done
+
+          echo "Timed out"
+          echo "perform=0" >> $GITHUB_OUTPUT
+      
+      - name: Auto-merge update_branch_merged
+        if: steps.auto-merge-check.outputs.perform == 1
+        run: |
+          base_branch="${{ steps.manage-branches.outputs.base_branch }}"
+          echo "Restoring base branch $base_branch"
+          git checkout $base_branch
+
+          echo "Fetching..."
+          git fetch
+
+          expected_commit="${{ steps.manage-branches.outputs.update_branch_merged_commit }}"
+          actual_commit=$(git rev-parse origin/${{ env.UPDATE_BRANCH_MERGED }})
+          if [[ "$expected_commit" != "$actual_commit" ]]; then
+            echo "Branch ${{ env.UPDATE_BRANCH_MERGED }} contains unexpected commit $actual_commit"
+            echo "Expected: $expected_commit"
+
+            exit 0
+          fi
+
+          echo "Ensuring that current branch $base_branch is up-to-date"
+          git pull
+
+          echo "Merging ${{ env.UPDATE_BRANCH_MERGED }} into $base_branch"
+          git merge ${{ env.UPDATE_BRANCH_MERGED }} && merge_exit_code=$? || merge_exit_code=$?
+          if [ $merge_exit_code -ne 0 ]; then
+            echo "Unexpected merge failure $merge_exit_code - Requires manual resolution"
+
+            exit 0
+          fi
+
+          if [[ "${{ inputs.no_automatic_merge }}" == "true" ]]; then
+            echo "Exiting due no_automatic_merge"
+
+            exit 0
+          fi
+
+          echo "Pushing"
+          git push
+
+          echo "Cleaning up"
+          git branch -D ${{ env.UPDATE_BRANCH }} || true
+          git branch -D ${{ env.UPDATE_BRANCH_MERGED }} || true
+          git push -f origin --delete ${{ env.UPDATE_BRANCH }} || true
+          git push -f origin --delete ${{ env.UPDATE_BRANCH_MERGED }} || true

.github/workflows/update-from-template.yml

@@ -1,5 +1,5 @@
 [![Latest version](https://img.shields.io/maven-central/v/software.xdev/chartjs-java-model?logo=apache%20maven)](https://mvnrepository.com/artifact/software.xdev/chartjs-java-model)
-[![Build](https://img.shields.io/github/actions/workflow/status/xdev-software/chartjs-java-model/checkBuild.yml?branch=develop)](https://github.com/xdev-software/chartjs-java-model/actions/workflows/checkBuild.yml?query=branch%3Adevelop)
+[![Build](https://img.shields.io/github/actions/workflow/status/xdev-software/chartjs-java-model/check-build.yml?branch=develop)](https://github.com/xdev-software/chartjs-java-model/actions/workflows/check-build.yml?query=branch%3Adevelop)
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=xdev-software_chartjs-java-model&metric=alert_status)](https://sonarcloud.io/dashboard?id=xdev-software_chartjs-java-model)
 [![ChartJS Documentation](https://img.shields.io/badge/Chart.js-documentation-ff6384?logo=Chart.js)](https://www.chartjs.org/docs/latest/)