diff --git a/.github/workflows/dependabot_auto_approve_and_merge.yml b/.github/workflows/dependabot_auto_approve_and_merge.yml index 9e4b62f..4e5763c 100644 --- a/.github/workflows/dependabot_auto_approve_and_merge.yml +++ b/.github/workflows/dependabot_auto_approve_and_merge.yml @@ -23,21 +23,21 @@ jobs: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Approve patch and minor updates if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}} - run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**" + run: gh pr review "$PR_URL" --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**" env: PR_URL: ${{github.event.pull_request.html_url}} GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - name: Approve major updates of development dependencies if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}} - run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**" + run: gh pr review "$PR_URL" --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**" env: PR_URL: ${{github.event.pull_request.html_url}} GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - name: Comment on major updates of non-development dependencies if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}} run: | - gh pr comment $PR_URL --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**" - gh pr edit $PR_URL --add-label "requires-manual-qa" + gh pr comment "$PR_URL" --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**" + gh pr edit "$PR_URL" --add-label "requires-manual-qa" env: PR_URL: ${{github.event.pull_request.html_url}} GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml index ef9284c..fd741af 100644 --- a/.github/workflows/pr-link.yml +++ b/.github/workflows/pr-link.yml @@ -5,14 +5,18 @@ on: jobs: link-ticket: runs-on: ubuntu-latest + env: + REF: ${{ github.event.pull_request.head.ref }} steps: - name: Check ticket name conforms to requirements - run: echo ${{ github.event.pull_request.head.ref }} | grep -i -E -q "(aea-[0-9]+)|(apm-[0-9]+)|(apmspii-[0-9]+)|(adz-[0-9]+)|(amb-[0-9]+)|(dependabot\/)" + run: echo "$REF" | grep -i -E -q "(aea-[0-9]+)|(apm-[0-9]+)|(apmspii-[0-9]+)|(adz-[0-9]+)|(amb-[0-9]+)|(dependabot\/)" continue-on-error: true - name: Grab ticket name if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - run: echo ::set-env name=TICKET_NAME::$(echo ${{ github.event.pull_request.head.ref }} | grep -i -o '\(aea-[0-9]\+\)\|\(apm-[0-9]\+\)\|\(apmspii-[0-9]\+\)\|\(adz-[0-9]\+\)|\(amb-[0-9]\+\)' | tr '[:lower:]' '[:upper:]') + run: | + # shellcheck disable=SC2046 + echo name=TICKET_NAME::$(echo "$REF" | grep -i -o '\(aea-[0-9]\+\)\|\(apm-[0-9]\+\)\|\(apmspii-[0-9]\+\)\|\(adz-[0-9]\+\)|\(amb-[0-9]\+\)' | tr '[:lower:]' '[:upper:]') >> "$GITHUB_ENV" continue-on-error: true env: ACTIONS_ALLOW_UNSECURE_COMMANDS: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2d1d8de..3d4fc5f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,11 +53,11 @@ jobs: make install-python - name: Set SPEC_VERSION env var for merges to main - run: echo "SPEC_VERSION=$(poetry run python scripts/calculate_version.py)" >> $GITHUB_ENV + run: echo "SPEC_VERSION=$(poetry run python scripts/calculate_version.py)" >> "$GITHUB_ENV" if: github.ref == 'refs/heads/main' - name: Set SPEC_VERSION env var for tags - run: echo "SPEC_VERSION=${{ github.ref_name }}" >> $GITHUB_ENV + run: echo "SPEC_VERSION=${{ github.ref_name }}" >> "$GITHUB_ENV" if: github.ref != 'refs/heads/main' - name: Download build artifact @@ -88,4 +88,4 @@ jobs: - name: output SPEC_VERSION id: output_spec_version - run: echo SPEC_VERSION=${{ env.SPEC_VERSION }} >> $GITHUB_OUTPUT + run: echo SPEC_VERSION=${{ env.SPEC_VERSION }} >> "$GITHUB_OUTPUT"