Commit Graph

1648 Commits

Author SHA1 Message Date
Patrik Oldsberg d10af0be6d Merge pull request #33657 from backstage/rugvip/replace-discord-action
workflows: replace Ilshidur/action-discord with inline github-script
2026-03-30 20:28:04 +02:00
Fredrik Adelöw 6cc48113fc remove some cli deprecation warnings
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
2026-03-30 09:44:30 +02:00
Patrik Oldsberg 0cb1189130 workflows: add Discord notification for ready PRs (#33655)
* workflows: add Discord notification for ready PRs

Adds a new workflow that posts to Discord whenever a pull request is
opened as non-draft or marked as ready for review. Uses jq to safely
construct the JSON payload and sends it via curl to a webhook URL
stored in repository secrets.

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor

* workflows: harden Discord webhook notification

Add early guard for missing webhook secret, disable Discord mention
parsing to prevent abuse via PR titles/bodies, and check the HTTP
response to surface webhook failures.

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor

* workflows: upgrade github-script to v8 and truncate embed title

Align actions/github-script pin with the rest of the repo (v8.0.0)
and truncate the Discord embed title to the 256-character limit to
prevent webhook failures on long PR titles.

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor

---------

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2026-03-28 15:44:47 +01:00
Patrik Oldsberg 18c928175d workflows: replace Ilshidur/action-discord with inline github-script
Replace the third-party Discord notification action with inline
`actions/github-script@v8` steps that post to the Discord webhook
directly using fetch. This removes a third-party action dependency
and adds explicit error handling for missing secrets and failed
webhook requests.

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
2026-03-28 13:07:38 +01:00
Fredrik Adelöw 76769c8be7 Merge pull request #33496 from backstage/renovate/github-codeql-action-4.x
chore(deps): update github/codeql-action action to v4.34.1
2026-03-27 11:43:25 +01:00
Fredrik Adelöw 7ca5846bff Merge pull request #33502 from backstage/renovate/microsoft-setup-msbuild-3.x
chore(deps): update microsoft/setup-msbuild action to v3
2026-03-27 11:43:07 +01:00
renovate[bot] 4975a14a38 chore(deps): pin dependencies
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-27 00:58:06 +00:00
renovate[bot] 3207f9d1c4 chore(deps): update microsoft/setup-msbuild action to v3
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-26 16:11:54 +00:00
renovate[bot] 5e1f181f74 chore(deps): update github/codeql-action action to v4.34.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-26 16:11:24 +00:00
Fredrik Adelöw 10e7e657b3 Merge pull request #33456 from backstage/renovate/actions-cache-digest
chore(deps): update actions/cache digest to 6682284
2026-03-20 11:14:32 +01:00
renovate[bot] b445d25735 chore(deps): update actions/cache action to v5.0.4
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-20 09:30:54 +00:00
renovate[bot] 0e3942620b chore(deps): update actions/cache digest to 6682284
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-20 09:30:46 +00:00
Fredrik Adelöw e7cfb0cc8e Merge pull request #33306 from backstage/renovate/windows-2025.x
chore(deps): update dependency windows to v2025
2026-03-20 10:24:20 +01:00
Fredrik Adelöw dd5cc5be52 Merge pull request #33307 from backstage/renovate/docker-build-push-action-7.x
chore(deps): update docker/build-push-action action to v7
2026-03-20 10:24:00 +01:00
Fredrik Adelöw c7abbf0373 Merge pull request #33311 from backstage/renovate/docker-login-action-4.x
chore(deps): update docker/login-action action to v4
2026-03-20 10:23:45 +01:00
Fredrik Adelöw f62aff93e8 Merge pull request #33314 from backstage/renovate/docker-setup-buildx-action-4.x
chore(deps): update docker/setup-buildx-action action to v4
2026-03-20 10:23:11 +01:00
Fredrik Adelöw ed3f0f9f0d Merge pull request #33315 from backstage/renovate/major-github-artifact-actions
chore(deps): update github artifact actions (major)
2026-03-20 10:22:06 +01:00
renovate[bot] 0dd6794ff7 chore(deps): update github/codeql-action action to v4
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-16 10:22:34 +00:00
Aramis Sennyey 269b85ef0d feat: use branch name instead of tag for stable docs (#32614)
* feat: use branch name instead of tag for stable docs

Signed-off-by: aramissennyeydd <aramis.sennyey@doordash.com>

* test

Signed-off-by: aramissennyeydd <aramis.sennyey@doordash.com>

* paginate everything

Signed-off-by: aramissennyeydd <aramis.sennyey@doordash.com>

* different return value

Signed-off-by: aramissennyeydd <aramis.sennyey@doordash.com>

* update both flows

Signed-off-by: aramissennyeydd <aramis.sennyey@doordash.com>

* add docs

Signed-off-by: aramissennyeydd <aramis.sennyey@doordash.com>

* Change checkout ref from tags to heads

Signed-off-by: Aramis Sennyey <159921952+aramissennyeydd@users.noreply.github.com>

---------

Signed-off-by: aramissennyeydd <aramis.sennyey@doordash.com>
Signed-off-by: Aramis Sennyey <159921952+aramissennyeydd@users.noreply.github.com>
2026-03-12 11:03:13 -04:00
renovate[bot] b3b081909a chore(deps): update github artifact actions
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-12 12:09:03 +00:00
renovate[bot] 8976bd58fd chore(deps): update docker/setup-buildx-action action to v4
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-12 12:08:55 +00:00
renovate[bot] 3de804a11b chore(deps): update docker/login-action action to v4
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-12 11:07:50 +00:00
renovate[bot] 293dfe00f1 chore(deps): update docker/build-push-action action to v7
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-12 10:05:34 +00:00
renovate[bot] f55c567da3 chore(deps): update dependency windows to v2025
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-12 10:05:25 +00:00
Fredrik Adelöw 2195a2955a Merge pull request #33238 from backstage/renovate/step-security-harden-runner-2.x
chore(deps): update step-security/harden-runner action to v2.15.1
2026-03-12 10:32:44 +01:00
Fredrik Adelöw 040551d99b chore(ci): auto-approve yarn.lock-only dependabot PRs
Add the same auto-approval step that the renovate workflow already has,
so that dependabot PRs that only touch yarn.lock files get approved
automatically.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
2026-03-11 11:20:17 +01:00
renovate[bot] 132047b4c0 chore(deps): update step-security/harden-runner action to v2.15.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-09 20:10:06 +00:00
renovate[bot] 2763fa197b chore(deps): update actions/setup-node action to v6.3.0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-09 10:31:08 +00:00
renovate[bot] c850cc77f4 chore(deps): update github/codeql-action action to v3.32.6
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-07 20:17:50 +00:00
Patrik Oldsberg daa22ce66e Merge pull request #33186 from backstage/rugvip/workflows-renovate-lockfile-auto-approve
workflows: auto-approve renovate yarn.lock-only PRs
2026-03-07 10:43:21 +01:00
Patrik Oldsberg 0a4cdafe23 workflows: auto-approve renovate yarn.lock PRs
Use the service account workflow to auto-approve Renovate PRs that only change yarn.lock files.

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
2026-03-07 05:54:37 +01:00
Vincenzo Scamporlino 02153e57a7 Remove inputs from upgrade-helper workflow dispatch by removing inputs
Inputs aren't needed anymore after https://github.com/backstage/upgrade-helper-diff/pull/11

Signed-off-by: Vincenzo Scamporlino <vincenzos@spotify.com>
2026-03-06 11:12:23 +01:00
Fredrik Adelöw 27233a0a2e Merge pull request #32958 from backstage/renovate/github-codeql-action-3.x
chore(deps): update github/codeql-action action to v3.32.5
2026-03-05 22:54:03 +01:00
Fredrik Adelöw 03bcb6e8e8 skip verify on the dependabot pr fixup
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
2026-03-05 20:09:46 +01:00
Fredrik Adelöw cc6c579945 ci: add upfront dependabot branch check
Move the branch verification to a separate step right after checkout,
and gate all subsequent steps on its output. Removes the redundant
branch check from inside the changeset generation script.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
2026-03-05 19:08:22 +01:00
Fredrik Adelöw dda57bdf3d ci: update actions/setup-node to v6.2.0
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
2026-03-05 17:47:48 +01:00
Fredrik Adelöw 5e9e97af08 ci: use node-version 22.x
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
2026-03-05 17:47:07 +01:00
Fredrik Adelöw 51a36847ae ci: use yarn dedupe for all lockfiles
All lockfiles in the repo use Yarn 4, so use `yarn --cwd <dir> dedupe`
uniformly instead of npx yarn-deduplicate for subdirectories.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
2026-03-05 17:45:45 +01:00
Fredrik Adelöw 619f6d37cb ci: split dedupe/changeset/commit into separate steps
Each step sets an output only if it actually modified files. The
dedupe step checks git diff after running to avoid staging unchanged
lockfiles. A final step commits and pushes only if either step
made changes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
2026-03-05 17:14:54 +01:00
Fredrik Adelöw b3076be06b ci: use node 22 for consistency with other workflows
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
2026-03-05 17:10:23 +01:00
Fredrik Adelöw 85fcc10e80 ci: dedupe all lockfiles conditionally
Only dedupe each lockfile if it was actually changed by Dependabot.
Covers root (Yarn 4) and docs-ui/microsite (Yarn Classic) lockfiles.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
2026-03-05 17:06:29 +01:00
Fredrik Adelöw 11d7150b5a ci: dedupe yarn.lock in Dependabot PR workflow
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
2026-03-05 17:03:45 +01:00
renovate[bot] 14fb1e1b62 chore(deps): update github/codeql-action action to v3.32.5
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-05 10:33:45 +00:00
renovate[bot] 42ba1a02bb chore(deps): update backstage/actions action to v0.7.8 (#32993)
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-04 07:42:51 +01:00
Fredrik Adelöw a22c0a368e use a distinct hash instead
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2026-02-26 14:45:34 +01:00
Fredrik Adelöw 4e85e7b0b3 Update .github/workflows/verify_docs-quality.yml
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2026-02-26 14:37:07 +01:00
Fredrik Adelöw 356d1662d8 Update .github/workflows/verify_docs-quality.yml
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2026-02-26 14:37:07 +01:00
Fredrik Adelöw 0c0f46de09 Update .github/workflows/verify_docs-quality.yml
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2026-02-26 14:37:07 +01:00
Fredrik Adelöw b35f3595aa run vale directly instead of through the action
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2026-02-26 14:37:07 +01:00
Patrik Oldsberg c482b2c385 ci: run CI for changes to microsite/data/
The paths-ignore for microsite/** was also skipping CI for changes to
microsite/data/plugins/, which is where the plugin directory YAML files
live. This meant the verify plugin directory step never ran for the
files it was supposed to validate.

Switch from paths-ignore to paths with negation so that microsite/data/
changes still trigger CI while other microsite changes remain excluded.

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
2026-02-25 23:35:46 +01:00