fix(ci): drop auto-merge, drop suppressions.xml

2026-01-26 11:34:00 +00:00 · 2025-02-02 14:57:32 +02:00
parent 940e9320d1
commit a23c43af8d
4 changed files with 0 additions and 235 deletions
--- a/.github/workflows/auto-merge.yml
+++ b/.github/workflows/auto-merge.yml
@@ -1,178 +0,0 @@
---
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
-name: Auto Merge
-
-on:
-  pull_request_target:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - labeled
-      - unlabeled
-  check_suite:
-    types:
-      - completed
-  status: {}
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false # Don't cancel as this could leave PRs in inconsistent state
-
-permissions:
-  contents: read
-  checks: read
-  statuses: read
-
-jobs:
-  auto-merge:
-    name: 🤝 Auto Merge
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-
-    permissions:
-      contents: write
-      pull-requests: write
-
-    steps:
-      - name: Check Required Secrets
-        id: check-secrets
-        run: |
-          # shellcheck disable=SC2016
-          if [ -z "${{ secrets.APP_ID }}" ] || [ -z "${{ secrets.APP_PRIVATE_KEY }}" ]; then
-            echo "::warning::GitHub App credentials not configured. Using GITHUB_TOKEN instead."
-            echo "use_github_token=true" >> $GITHUB_OUTPUT
-          else
-            echo "use_github_token=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Generate Token
-        id: generate-token
-        if: steps.check-secrets.outputs.use_github_token == 'false'
-        uses: actions/create-github-app-token@136412a57a7081aa63c935a2cc2918f76c34f514 # v1.11.2
-        with:
-          app-id: ${{ secrets.APP_ID }}
-          private-key: ${{ secrets.APP_PRIVATE_KEY }}
-
-      - name: Auto Merge PR
-        uses: pascalgn/automerge-action@7961b8b5eec56cc088c140b56d864285eabd3f67 # v0.16.4
-        env:
-          GITHUB_TOKEN: ${{ steps.check-secrets.outputs.use_github_token == 'true' && github.token || steps.generate-token.outputs.token }}
-          MERGE_LABELS: 'dependencies,automated-pr,!work-in-progress,!do-not-merge'
-          MERGE_METHOD: 'squash'
-          MERGE_COMMIT_MESSAGE: 'pull-request-title'
-          MERGE_RETRIES: '6'
-          MERGE_RETRY_SLEEP: '10000'
-          MERGE_REQUIRED_APPROVALS: '0'
-          MERGE_DELETE_BRANCH: 'true'
-          UPDATE_LABELS: 'automerge'
-          UPDATE_METHOD: 'rebase'
-          MERGE_ERROR_FAIL: 'false'
-
-      - name: Check Merge Status
-        if: always()
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{ steps.check-secrets.outputs.use_github_token == 'true' && github.token || steps.generate-token.outputs.token }}
-          script: |
-            const { repo, owner } = context.repo;
-            const pr = context.payload.pull_request;
-
-            if (!pr) return;
-
-            try {
-              const status = await github.rest.pulls.get({
-                owner,
-                repo,
-                pull_number: pr.number
-              });
-
-              if (status.data.merged) {
-                console.log(`PR #${pr.number} was successfully merged`);
-
-                // Add merge success comment
-                await github.rest.issues.createComment({
-                  owner,
-                  repo,
-                  issue_number: pr.number,
-                  body: '✅ Successfully auto-merged! Branch will be deleted.'
-                });
-              } else {
-                console.log(`PR #${pr.number} is not merged. State: ${status.data.state}`);
-
-                // Check merge blockers
-                if (status.data.mergeable_state === 'blocked') {
-                  console.log('PR is blocked from merging. Check branch protection rules.');
-                  await github.rest.issues.createComment({
-                    owner,
-                    repo,
-                    issue_number: pr.number,
-                    body: '⚠️ Auto-merge is blocked. Please check branch protection rules and resolve any conflicts.'
-                  });
-                }
-
-                // Check if using reduced permissions
-                if ('${{ steps.check-secrets.outputs.use_github_token }}' === 'true') {
-                  await github.rest.issues.createComment({
-                    owner,
-                    repo,
-                    issue_number: pr.number,
-                    body: '⚠️ Note: Running with reduced permissions as GitHub App credentials are not configured.'
-                  });
-                }
-              }
-            } catch (error) {
-              console.error('Error checking merge status:', error);
-              core.setFailed(`Failed to check merge status: ${error.message}`);
-
-              // Add error comment to PR
-              try {
-                await github.rest.issues.createComment({
-                  owner,
-                  repo,
-                  issue_number: pr.number,
-                  body: `❌ Error checking merge status: ${error.message}`
-                });
-              } catch (commentError) {
-                console.error('Failed to add error comment:', commentError);
-              }
-            }
-
-      - name: Remove Labels on Failure
-        if: failure()
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{ steps.check-secrets.outputs.use_github_token == 'true' && github.token || steps.generate-token.outputs.token }}
-          script: |
-            const { repo, owner } = context.repo;
-            const pr = context.payload.pull_request;
-
-            if (!pr) return;
-
-            try {
-              // Remove automerge label
-              await github.rest.issues.removeLabel({
-                owner,
-                repo,
-                issue_number: pr.number,
-                name: 'automerge'
-              }).catch(e => console.log('automerge label not found'));
-
-              // Add merge-failed label
-              await github.rest.issues.addLabels({
-                owner,
-                repo,
-                issue_number: pr.number,
-                labels: ['merge-failed']
-              });
-
-              // Add failure comment
-              await github.rest.issues.createComment({
-                owner,
-                repo,
-                issue_number: pr.number,
-                body: '❌ Auto-merge failed. The automerge label has been removed and merge-failed label added.'
-              });
-            } catch (error) {
-              console.error('Error handling merge failure:', error);
-            }
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -90,7 +90,6 @@ jobs:
            --enableRetired
            --enableExperimental
            --failOnCVSS 7
-            --suppression suppressions.xml

      - name: Upload OWASP Results
        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8