Skip to content

fix(ci): Update workflows to use release pipeline #807

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 15, 2025
Merged

fix(ci): Update workflows to use release pipeline #807

merged 1 commit into from
Oct 15, 2025

Conversation

@damacus
Copy link
Member

@damacus damacus commented Oct 15, 2025

Updates workflows to @5.0.3.

Changes

  • Updated ci.yml to @5.0.3 with secrets: inherit
  • Created release.yml with permissions block
  • Created conventional-commits.yml, prevent-file-change.yml, copilot-setup-steps.yml
  • Created/updated .markdownlint-cli2.yaml
  • Created/updated release-please config files (version: 12.3.4)
  • Cleaned up CHANGELOG.md

Webhooks

  • Webhooks disabled prior to merge

@damacus damacus requested a review from a team as a code owner October 15, 2025 21:00
@damacus damacus merged commit 39d5b91 into main Oct 15, 2025
10 checks passed
@damacus damacus deleted the release-pipeline branch October 15, 2025 21:02
@github-actions
Copy link

github-actions bot commented Oct 15, 2025

Slowest examples

Top 10 slowest examples (0.01 seconds, 48.59% of total time)
Example Description Time in seconds
spec/libraries/helpers_spec.rb:19 PostgreSQL::Cookbook::Helpers#data_dir(version) with rhel family and Postgres 11 from repo returns the correct path 0.01256
spec/libraries/helpers_spec.rb:27 PostgreSQL::Cookbook::Helpers#data_dir(version) with rhel family and Postgres 11 from os returns the correct path 0.00041
spec/libraries/helpers_spec.rb:35 PostgreSQL::Cookbook::Helpers#data_dir(version) with debian family and Postgres 15 from repo returns the correct path 0.00041
spec/libraries/helpers_spec.rb:65 PostgreSQL::Cookbook::Helpers#conf_dir(version) with rhel family and Postgres 12 from os returns the correct path 0.00039
spec/libraries/helpers_spec.rb:103 PostgreSQL::Cookbook::Helpers#default_platform_service_name(version) with rhel family and Postgres 14 from os returns the correct service name 0.00039
spec/libraries/helpers_spec.rb:119 PostgreSQL::Cookbook::Helpers#default_platform_service_name(version) with debian family and Postgres 12 from os returns the correct service name 0.00038
spec/libraries/helpers_spec.rb:95 PostgreSQL::Cookbook::Helpers#default_platform_service_name(version) with rhel family and Postgres 15 from repo returns the correct service name 0.00038
spec/libraries/helpers_spec.rb:19 PostgreSQL::Cookbook::Helpers#data_dir(version) with rhel family and Postgres 13 from repo returns the correct path 0.00037
spec/libraries/helpers_spec.rb:73 PostgreSQL::Cookbook::Helpers#conf_dir(version) with debian family and Postgres 15 from repo returns the correct path 0.00037
spec/libraries/helpers_spec.rb:57 PostgreSQL::Cookbook::Helpers#conf_dir(version) with rhel family and Postgres 14 from repo returns the correct path 0.00037

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 15, 2025
View reviewed changes
.github/workflows/conventional-commits.yml

jobs:
conventional-commits:
uses: sous-chefs/.github/.github/workflows/[email protected]

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI about 1 month ago

To fix the problem, you should add a permissions: block to your workflow file, either at the root level or for each relevant job. In general, the root-level permissions: block applies the restrictions to all jobs unless they have their own. Since your workflow only shows one job and is calling a reusable workflow, the best approach is to set the minimal permissions required at the root of .github/workflows/conventional-commits.yml. Unless you know that the sous-chefs/.github/.github/workflows/[email protected] workflow requires write access for certain scopes (such as creating or updating pull requests), you should start with the most restrictive setup, usually contents: read. If the workflow does update pull requests or issues, you may need to add, for example, contents: read and pull-requests: write. The fix is to insert the permissions: block after the name: field and before the on: field (lines 2–4), matching GitHub Actions conventions.

Suggested changeset 1
.github/workflows/conventional-commits.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml
--- a/.github/workflows/conventional-commits.yml
+++ b/.github/workflows/conventional-commits.yml
@@ -1,5 +1,7 @@
 ---
 name: conventional-commits
+permissions:
+  contents: read
 
 "on":
   pull_request:
EOF
@@ -1,5 +1,7 @@
---
name: conventional-commits
permissions:
contents: read

"on":
pull_request:
Copilot is powered by AI and may make mistakes. Always verify output.
.github/workflows/prevent-file-change.yml
Comment on lines +14 to +16
uses: sous-chefs/.github/.github/workflows/[email protected]
secrets:
token: ${{ secrets.GITHUB_TOKEN }}

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI about 1 month ago

To fix the problem, add a permissions block to the workflow file, specifying the minimum permissions required for the workflow to perform its tasks. Since the workflow wraps a reusable workflow that handles "prevent file change" operations on pull requests, it's prudent to start with contents: read for basic read access, unless the underlying reusable workflow requires more. The block should be placed at the root level (top-level, after name: and before on:), making it apply to all jobs unless overridden.

The change is:

  • Insert the following after the name: prevent-file-change line and before the "on": block: 
    permissions:
  contents: read
  • No new imports, definitions, or methods are required for YAML workflows.
Suggested changeset 1
.github/workflows/prevent-file-change.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/prevent-file-change.yml b/.github/workflows/prevent-file-change.yml
--- a/.github/workflows/prevent-file-change.yml
+++ b/.github/workflows/prevent-file-change.yml
@@ -1,5 +1,7 @@
 ---
 name: prevent-file-change
+permissions:
+  contents: read
 
 "on":
   pull_request:
EOF
@@ -1,5 +1,7 @@
---
name: prevent-file-change
permissions:
contents: read

"on":
pull_request:
Copilot is powered by AI and may make mistakes. Always verify output.
This was referenced Oct 15, 2025
Merged
Merged
@kitchen-porter kitchen-porter mentioned this pull request Nov 20, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@damacus