feat: extract reusable workflows + actions automerge in preset#12
Merged
Conversation
Extract three shared CI workflows so the four active repos (asia-trip-bot, kurwa_bot, docker_infra, training_tracker) call them instead of copy-pasting: - zizmor-reusable.yml: Actions security scan (workflow_call) - validate-renovate-reusable.yml: renovate.json schema validation (config-file input) - docker-publish-reusable.yml: GHCR build/push + Komodo deploy for the bots (image / komodo-stack / komodo-host / context inputs) Also add a packageRules entry to the shared Renovate preset that auto-merges github-actions patch/minor updates, so every consuming repo inherits Renovate automerge for actions without a local rule (Dependabot stays as the backup). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- dependabot-auto-merge.yml: pin actions/setup-node to the v6 SHA (zizmor unpinned-uses error; matches other repos' pin). - docker-publish-reusable.yml: komodo-host is now a required input with no default. This repo is public, so the previous default leaked an internal infra hostname; callers (private repos) supply their own host. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Step 1 of unifying the four active repos (asia-trip-bot, kurwa_bot, docker_infra, training_tracker) around shared config. This extracts the workflows that are currently copy-pasted (or missing) so each repo calls them instead.
New reusable workflows
zizmor-reusable.yml— Actions security scan (workflow_call). Today an identical copy lives in asia-trip-bot and kurwa_bot, and is absent from docker_infra / training_tracker.validate-renovate-reusable.yml—renovate.jsonschema validation (config-fileinput, defaultrenovate.json). Today only docker_infra validates its Renovate config; all four ship one.docker-publish-reusable.yml— GHCR build/push + instant Komodo deploy, for the bots. Inputs:image,komodo-stack,komodo-host(defaultkomo.domovas.uk),context. asia-trip-bot and kurwa_bot are byte-identical apart from image name and stack name.Preset change
packageRulesentry that auto-merges github-actions patch/minor updates. Every consuming repo inherits Renovate automerge for actions with no local rule needed; the 10-dayminimumReleaseAgestill gates the merge. Dependabot stays as the github-actions backup (with its existing auto-merge).Follow-ups (separate PRs, per repo)
Validation
renovate-config-validatorpasses on the updated preset.🤖 Generated with Claude Code