* workflows: add Discord notification for ready PRs
Adds a new workflow that posts to Discord whenever a pull request is
opened as non-draft or marked as ready for review. Uses jq to safely
construct the JSON payload and sends it via curl to a webhook URL
stored in repository secrets.
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
* workflows: harden Discord webhook notification
Add early guard for missing webhook secret, disable Discord mention
parsing to prevent abuse via PR titles/bodies, and check the HTTP
response to surface webhook failures.
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
* workflows: upgrade github-script to v8 and truncate embed title
Align actions/github-script pin with the rest of the repo (v8.0.0)
and truncate the Discord embed title to the 256-character limit to
prevent webhook failures on long PR titles.
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
---------
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Replace the third-party Discord notification action with inline
`actions/github-script@v8` steps that post to the Discord webhook
directly using fetch. This removes a third-party action dependency
and adds explicit error handling for missing secrets and failed
webhook requests.
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
Add the same auto-approval step that the renovate workflow already has,
so that dependabot PRs that only touch yarn.lock files get approved
automatically.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
Use the service account workflow to auto-approve Renovate PRs that only change yarn.lock files.
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Made-with: Cursor
Move the branch verification to a separate step right after checkout,
and gate all subsequent steps on its output. Removes the redundant
branch check from inside the changeset generation script.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
All lockfiles in the repo use Yarn 4, so use `yarn --cwd <dir> dedupe`
uniformly instead of npx yarn-deduplicate for subdirectories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
Each step sets an output only if it actually modified files. The
dedupe step checks git diff after running to avoid staging unchanged
lockfiles. A final step commits and pushes only if either step
made changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
Only dedupe each lockfile if it was actually changed by Dependabot.
Covers root (Yarn 4) and docs-ui/microsite (Yarn Classic) lockfiles.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@spotify.com>
The paths-ignore for microsite/** was also skipping CI for changes to
microsite/data/plugins/, which is where the plugin directory YAML files
live. This meant the verify plugin directory step never ran for the
files it was supposed to validate.
Switch from paths-ignore to paths with negation so that microsite/data/
changes still trigger CI while other microsite changes remain excluded.
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>