From c1922efd9318c8a95f6303336c14842e899bc6a0 Mon Sep 17 00:00:00 2001 From: Olblak Date: Tue, 13 Jan 2026 17:23:16 +0100 Subject: [PATCH 1/5] chore: refactor updatecli workflow Signed-off-by: Olblak --- .github/workflows/updatecli.yaml | 48 ++++++------------- ...cli.weekly.yaml => updatecli_release.yaml} | 27 +++++------ .github/workflows/updatecli_test.yaml | 26 ++++++++++ .github/workflows/updatecli_update.yaml | 28 +++++++++++ ...kly.yaml => updatecli-compose-release.yaml | 6 +++ updatecli/updatecli.d/docs.yaml | 12 ++--- updatecli/updatecli.d/installation.yaml | 13 ++--- updatecli/updatecli.d/jsonschema.yaml | 13 ++--- updatecli/values.d/scm.yaml | 2 +- 9 files changed, 108 insertions(+), 67 deletions(-) rename .github/workflows/{updatecli.weekly.yaml => updatecli_release.yaml} (55%) create mode 100644 .github/workflows/updatecli_test.yaml create mode 100644 .github/workflows/updatecli_update.yaml rename updatecli-compose.weekly.yaml => updatecli-compose-release.yaml (70%) diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml index a77a247c2..78cb816fd 100644 --- a/.github/workflows/updatecli.yaml +++ b/.github/workflows/updatecli.yaml @@ -1,49 +1,29 @@ ---- name: Updatecli on: - merge_group: - branch: master + release: workflow_dispatch: - push: - branches: [master] - pull_request: - branches: [master] schedule: - # * is a special character in YAML so you have to quote this string - # Run every hour - - cron: '0 * * * *' -# Commenting until https://github.com/orgs/community/discussions/41518 -# is fixed -#concurrency: -# # Restrict to one workflow per branch -# group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} -# cancel-in-progress: true + # Run at 12:00 every Saterday every 14 days + - cron: "0 12 */14 * 6" + jobs: updatecli: runs-on: ubuntu-latest steps: - name: "Checkout" - uses: "actions/checkout@v4" - - name: "Install Updatecli" - uses: "updatecli/updatecli-action@v2.96.0" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + + - name: "Setup updatecli" + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 with: - version: "v0.111.0" - - name: "Run updatecli in dryrun" - run: "updatecli compose diff" - env: - GITHUB_ACTOR: ${{ github.actor }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: "Login Udash" - if: github.ref == 'refs/heads/master' - run: "updatecli udash login --experimental --api-url $UPDATECLI_UDASH_API_URL --oauth-access-token $UPDATECLI_UDASH_ACCESS_TOKEN $UPDATECLI_UDASH_URL" - env: - UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} - UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} - UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} + version: "v0.113.0" + - name: "Run updatecli" - if: github.ref == 'refs/heads/master' - run: "updatecli compose apply --clean-git-branches=true --experimental" + run: updatecli compose apply --clean-git-branches=true --experimental env: UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} diff --git a/.github/workflows/updatecli.weekly.yaml b/.github/workflows/updatecli_release.yaml similarity index 55% rename from .github/workflows/updatecli.weekly.yaml rename to .github/workflows/updatecli_release.yaml index cca4301b5..fe9aaf00e 100644 --- a/.github/workflows/updatecli.weekly.yaml +++ b/.github/workflows/updatecli_release.yaml @@ -1,39 +1,38 @@ --- -name: Updatecli Weekly +name: Updatecli Release on: workflow_dispatch: schedule: # * is a special character in YAML so you have to quote this string # Run at 12:00 every Thursday - - cron: '0 12 * * 4' + - cron: "0 12 * * 4" repository_dispatch: types: - "updatecli-release" jobs: updatecli: - if: github.ref == 'refs/heads/master' runs-on: ubuntu-latest steps: - name: "Checkout" uses: "actions/checkout@v4" + - name: "Install Updatecli" uses: "updatecli/updatecli-action@v2.96.0" with: - version: "v0.111.0" + version: "v0.113.0" + # releasepost is required by the Updatecli # * policy ghcr.io/updatecli/policies/releasepost/releasepost - name: "Install Releasepost" uses: "updatecli/releasepost-action@v0.5.0" - - uses: tibdex/github-app-token@v2.1 - id: generate_token - if: github.ref == 'refs/heads/master' - with: - app_id: ${{ secrets.UPDATECLIBOT_APP_ID }} - private_key: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + - name: "Run updatecli" - if: github.ref == 'refs/heads/master' - run: "updatecli compose apply --file updatecli-compose.weekly.yaml" + run: "updatecli compose apply --file updatecli-compose-weekly.yaml" env: - GITHUB_ACTOR: ${{ secrets.UPDATECLI_BOT_GITHUB_ACTOR }} - GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} RELEASEPOST_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} + UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml new file mode 100644 index 000000000..7f1aed9df --- /dev/null +++ b/.github/workflows/updatecli_test.yaml @@ -0,0 +1,26 @@ +name: Updatecli Test + +on: + pull_request: + +permissions: + contents: read + +jobs: + updatecli: + runs-on: ubuntu-latest + steps: + - name: "Checkout" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + + - name: "Setup updatecli" + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 + with: + version: "v0.113.0" + + - name: "Test updatecli in dry-run mode" + run: "updatecli compose diff" + env: + # This step is executed in untrusted context. We use a GitHub token with minimal permissions. + UPDATECLI_GITHUB_USERNAME: ${{ github.actor }} + UPDATECLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/updatecli_update.yaml b/.github/workflows/updatecli_update.yaml new file mode 100644 index 000000000..cbb89264e --- /dev/null +++ b/.github/workflows/updatecli_update.yaml @@ -0,0 +1,28 @@ +name: Updatecli - Update +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + updatecli: + runs-on: ubuntu-latest + steps: + - name: "Checkout" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + + - name: "Setup updatecli" + uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 + with: + version: "v0.113.0" + + - name: "Run updatecli only on existing pipelines" + run: updatecli compose apply --clean-git-branches=true --existing-only=true --experimental + env: + UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} + UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} diff --git a/updatecli-compose.weekly.yaml b/updatecli-compose-release.yaml similarity index 70% rename from updatecli-compose.weekly.yaml rename to updatecli-compose-release.yaml index 5cc4ea05e..faa28e050 100644 --- a/updatecli-compose.weekly.yaml +++ b/updatecli-compose-release.yaml @@ -1,4 +1,10 @@ policies: + - name: Local policies + config: + - updatecli/updatecli.d/ + values: + - updatecli/values.d/scm.yaml + - name: Trigger releasepost policy: ghcr.io/updatecli/policies/releasepost/releasepost:0.10.0@sha256:b4b857efbed3a966cbdbc224b5ba0b9322c96322effa0cedff93a2b39d8e086d values: diff --git a/updatecli/updatecli.d/docs.yaml b/updatecli/updatecli.d/docs.yaml index c8fb00690..0f5c1c349 100644 --- a/updatecli/updatecli.d/docs.yaml +++ b/updatecli/updatecli.d/docs.yaml @@ -18,13 +18,13 @@ scms: default: kind: github spec: - branch: master - email: updatecli@olblak.com - owner: updatecli - repository: website - user: updatecli + branch: "{{ .scm.branch }}" + email: "{{ .scm.email }}" + owner: "{{ .scm.owner }}" + repository: "{{ .scm.repository }}" + user: "{{ .scm.user }}" force: true - commitusingapi: true + commitusingapi: {{ scm.commitusingapi }} disabled: false targets: diff --git a/updatecli/updatecli.d/installation.yaml b/updatecli/updatecli.d/installation.yaml index e09fae46e..bd2f676a0 100644 --- a/updatecli/updatecli.d/installation.yaml +++ b/updatecli/updatecli.d/installation.yaml @@ -17,12 +17,13 @@ scms: default: kind: github spec: - branch: master - email: updatecli@olblak.com - owner: updatecli - repository: website - user: updatecli - commitusingapi: true + branch: "{{ .scm.branch }}" + email: "{{ .scm.email }}" + owner: "{{ .scm.owner }}" + repository: "{{ .scm.repository }}" + user: "{{ .scm.user }}" + force: true + commitusingapi: {{ scm.commitusingapi }} disabled: false sources: diff --git a/updatecli/updatecli.d/jsonschema.yaml b/updatecli/updatecli.d/jsonschema.yaml index 7f2e0666c..0cb36ba33 100644 --- a/updatecli/updatecli.d/jsonschema.yaml +++ b/updatecli/updatecli.d/jsonschema.yaml @@ -18,12 +18,13 @@ scms: default: kind: github spec: - branch: master - email: updatecli@olblak.com - owner: updatecli - repository: website - user: updatecli - commitusingapi: true + branch: "{{ .scm.branch }}" + email: "{{ .scm.email }}" + owner: "{{ .scm.owner }}" + repository: "{{ .scm.repository }}" + user: "{{ .scm.user }}" + force: true + commitusingapi: {{ scm.commitusingapi }} disabled: false targets: diff --git a/updatecli/values.d/scm.yaml b/updatecli/values.d/scm.yaml index 903543b38..176784968 100644 --- a/updatecli/values.d/scm.yaml +++ b/updatecli/values.d/scm.yaml @@ -1,6 +1,6 @@ scm: enabled: true - user: updatecli-bot + user: updateclibot email: updatecli-bot@updatecli.io owner: updatecli repository: website From cfa2889cf3370ca80d4b1c123a382082d4bd27b7 Mon Sep 17 00:00:00 2001 From: Olblak Date: Tue, 13 Jan 2026 17:25:50 +0100 Subject: [PATCH 2/5] chore: enable experimental Signed-off-by: Olblak --- .github/workflows/updatecli_release.yaml | 2 +- .github/workflows/updatecli_test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/updatecli_release.yaml b/.github/workflows/updatecli_release.yaml index fe9aaf00e..a9eabae8f 100644 --- a/.github/workflows/updatecli_release.yaml +++ b/.github/workflows/updatecli_release.yaml @@ -27,7 +27,7 @@ jobs: uses: "updatecli/releasepost-action@v0.5.0" - name: "Run updatecli" - run: "updatecli compose apply --file updatecli-compose-weekly.yaml" + run: "updatecli compose apply --file updatecli-compose-weekly.yaml --experimental" env: RELEASEPOST_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml index 7f1aed9df..37eb2f733 100644 --- a/.github/workflows/updatecli_test.yaml +++ b/.github/workflows/updatecli_test.yaml @@ -19,7 +19,7 @@ jobs: version: "v0.113.0" - name: "Test updatecli in dry-run mode" - run: "updatecli compose diff" + run: "updatecli compose diff --experimental" env: # This step is executed in untrusted context. We use a GitHub token with minimal permissions. UPDATECLI_GITHUB_USERNAME: ${{ github.actor }} From 99327fa1d5068aac7215764fba15531fbcd939f7 Mon Sep 17 00:00:00 2001 From: Olblak Date: Wed, 25 Feb 2026 16:43:03 +0100 Subject: [PATCH 3/5] chore: add labels to updatecli manifest Signed-off-by: Olblak --- updatecli/updatecli.d/docs.yaml | 5 ++++- updatecli/updatecli.d/installation.yaml | 4 ++++ updatecli/updatecli.d/jsonschema.yaml | 4 ++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/updatecli/updatecli.d/docs.yaml b/updatecli/updatecli.d/docs.yaml index 0f5c1c349..22376c726 100644 --- a/updatecli/updatecli.d/docs.yaml +++ b/updatecli/updatecli.d/docs.yaml @@ -1,7 +1,10 @@ name: "docs: update Updatecli cli documentation" - pipelineid: cli_docs +labels: + event: release + monitoring: enable + actions: default: kind: github/pullrequest diff --git a/updatecli/updatecli.d/installation.yaml b/updatecli/updatecli.d/installation.yaml index bd2f676a0..aef80ad20 100644 --- a/updatecli/updatecli.d/installation.yaml +++ b/updatecli/updatecli.d/installation.yaml @@ -1,6 +1,10 @@ name: "docs: update Updatecli version throughout the documentation" pipelineid: updatecli/version +labels: + event: release + monitoring: enable + actions: default: kind: github/pullrequest diff --git a/updatecli/updatecli.d/jsonschema.yaml b/updatecli/updatecli.d/jsonschema.yaml index 0cb36ba33..8a3a2b102 100644 --- a/updatecli/updatecli.d/jsonschema.yaml +++ b/updatecli/updatecli.d/jsonschema.yaml @@ -1,6 +1,10 @@ pipelineid: jsonschema name: "docs: update Updatecli jsonschema" +labels: + event: release + monitoring: enable + actions: default: kind: github/pullrequest From 50db6817fef13457550fcb4939443ec67826e96e Mon Sep 17 00:00:00 2001 From: Olblak Date: Wed, 25 Feb 2026 16:43:43 +0100 Subject: [PATCH 4/5] chore: add typos ignore rule Signed-off-by: Olblak --- _typos.toml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/_typos.toml b/_typos.toml index 9ba8c9e8e..4bcff698d 100644 --- a/_typos.toml +++ b/_typos.toml @@ -1,5 +1,12 @@ [files] -extend-exclude = ["static/*", "assets/*", "vendor", "content/en/schema", "vale"] +extend-exclude = [ + "static/*", + "assets/*", + "vendor", + "content/en/schema", + "vale", + "content/en/changelogs/updatecli/changelogs/v0.87.0.adoc", +] [default] -extend-ignore-identifiers-re = ["equirements","stderr"] +extend-ignore-identifiers-re = ["equirements", "stderr"] From c496deccc4a9ec99591ed8af6cef1add0faa6890 Mon Sep 17 00:00:00 2001 From: Olblak Date: Wed, 25 Feb 2026 16:45:47 +0100 Subject: [PATCH 5/5] chore: refactor updatecli workflow Signed-off-by: Olblak --- .github/workflows/updatecli.yaml | 4 ++-- .github/workflows/updatecli_release.yaml | 14 ++++++++++++-- .github/workflows/updatecli_test.yaml | 2 +- .github/workflows/updatecli_update.yaml | 12 +++++++++++- 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml index 78cb816fd..c802e5dc3 100644 --- a/.github/workflows/updatecli.yaml +++ b/.github/workflows/updatecli.yaml @@ -4,7 +4,7 @@ on: workflow_dispatch: schedule: # Run at 12:00 every Saterday every 14 days - - cron: "0 12 */14 * 6" + - cron: "0 12 */14 * *" jobs: updatecli: @@ -16,7 +16,7 @@ jobs: - name: "Setup updatecli" uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 with: - version: "v0.113.0" + version: "v0.114.0" - name: "Run updatecli" run: updatecli compose apply --clean-git-branches=true --experimental diff --git a/.github/workflows/updatecli_release.yaml b/.github/workflows/updatecli_release.yaml index a9eabae8f..60f3b021c 100644 --- a/.github/workflows/updatecli_release.yaml +++ b/.github/workflows/updatecli_release.yaml @@ -19,15 +19,25 @@ jobs: - name: "Install Updatecli" uses: "updatecli/updatecli-action@v2.96.0" with: - version: "v0.113.0" + version: "v0.114.0" # releasepost is required by the Updatecli # * policy ghcr.io/updatecli/policies/releasepost/releasepost - name: "Install Releasepost" uses: "updatecli/releasepost-action@v0.5.0" + - name: "Run updatecli only on release pipelines" + run: updatecli compose apply --clean-git-branches=true --labels="event:release" --experimental + env: + UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} + UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} + - name: "Run updatecli" - run: "updatecli compose apply --file updatecli-compose-weekly.yaml --experimental" + run: "updatecli compose apply --file updatecli-compose-release.yaml --experimental" env: RELEASEPOST_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} diff --git a/.github/workflows/updatecli_test.yaml b/.github/workflows/updatecli_test.yaml index 37eb2f733..73775b6af 100644 --- a/.github/workflows/updatecli_test.yaml +++ b/.github/workflows/updatecli_test.yaml @@ -16,7 +16,7 @@ jobs: - name: "Setup updatecli" uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 with: - version: "v0.113.0" + version: "v0.114.0" - name: "Test updatecli in dry-run mode" run: "updatecli compose diff --experimental" diff --git a/.github/workflows/updatecli_update.yaml b/.github/workflows/updatecli_update.yaml index cbb89264e..3b07976ef 100644 --- a/.github/workflows/updatecli_update.yaml +++ b/.github/workflows/updatecli_update.yaml @@ -15,7 +15,17 @@ jobs: - name: "Setup updatecli" uses: "updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635" # v2.96.0 with: - version: "v0.113.0" + version: "v0.114.0" + + - name: "Run updatecli only on monitored pipelines" + run: updatecli compose apply --clean-git-branches=true --labels="monitoring:enabled" --experimental + env: + UPDATECLI_GITHUB_APP_CLIENT_ID: ${{ secrets.UPDATECLIBOT_APP_ID }} + UPDATECLI_GITHUB_APP_PRIVATE_KEY: ${{ secrets.UPDATECLIBOT_APP_PRIVKEY }} + UPDATECLI_GITHUB_APP_INSTALLATION_ID: ${{ secrets.UPDATECLIBOT_APP_INSTALLATION_ID }} + UPDATECLI_UDASH_API_URL: ${{ secrets.UPDATECLI_UDASH_API_URL }} + UPDATECLI_UDASH_ACCESS_TOKEN: ${{ secrets.UPDATECLI_UDASH_ACCESS_TOKEN }} + UPDATECLI_UDASH_URL: ${{ secrets.UPDATECLI_UDASH_URL }} - name: "Run updatecli only on existing pipelines" run: updatecli compose apply --clean-git-branches=true --existing-only=true --experimental