From e20aadebd50468409ceb5178dfe57b903503c763 Mon Sep 17 00:00:00 2001 From: Dafydd Jones Date: Mon, 13 Jul 2026 22:13:55 +0100 Subject: [PATCH 1/3] chore(copier): update template https://github.com/dafyddj/copier-safe-settings to v2 --- .copier-answers.safe-settings.yml | 2 +- ...safe-settings.yml => libsafe-settings.yml} | 55 ++++++++++--------- 2 files changed, 31 insertions(+), 26 deletions(-) rename .github/workflows/{safe-settings.yml => libsafe-settings.yml} (52%) diff --git a/.copier-answers.safe-settings.yml b/.copier-answers.safe-settings.yml index c05f9f3..d375309 100644 --- a/.copier-answers.safe-settings.yml +++ b/.copier-answers.safe-settings.yml @@ -1,3 +1,3 @@ # Changes here will be overwritten by Copier; NEVER EDIT MANUALLY -_commit: v1.1.0 +_commit: v2.0.0 _src_path: https://github.com/dafyddj/copier-safe-settings diff --git a/.github/workflows/safe-settings.yml b/.github/workflows/libsafe-settings.yml similarity index 52% rename from .github/workflows/safe-settings.yml rename to .github/workflows/libsafe-settings.yml index da653e1..b366610 100644 --- a/.github/workflows/safe-settings.yml +++ b/.github/workflows/libsafe-settings.yml @@ -1,12 +1,28 @@ name: Apply Safe Settings on: - workflow_dispatch: + workflow_call: inputs: + admin-repo: + type: string + default: .github + app-id: + required: true + type: string + config-path: + type: string + default: safe-settings + deployment-config-file: + type: string + default: deployment-settings.yml dry-run: - description: Whether to run in `dry-run` mode or not - required: false type: boolean default: true + skip-dry-run-errors: + type: boolean + default: true + secrets: + private-key: + required: true permissions: {} @@ -23,19 +39,18 @@ jobs: # Path on GHA runner box where safe-settings code downloaded to: SAFE_SETTINGS_CODE_DIR: .safe-settings-code steps: - # Self-checkout of 'admin' repo for access to safe-settings deployment configuration - - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + # Self-checkout to access deployment configuration + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - # Checkout of `safe-settings` source repository to apply all settings - - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + # Checkout of `safe-settings` source repository to run app + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: github/safe-settings ref: ${{ env.SAFE_SETTINGS_VERSION }} path: ${{ env.SAFE_SETTINGS_CODE_DIR }} persist-credentials: false - - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: cache: npm cache-dependency-path: ${{ env.SAFE_SETTINGS_CODE_DIR }}/package-lock.json @@ -43,25 +58,15 @@ jobs: - run: npm install working-directory: ${{ env.SAFE_SETTINGS_CODE_DIR }} - name: Run Safe-Settings Full-Sync + continue-on-error: ${{ inputs.dry-run && inputs.skip-dry-run-errors }} run: | - set +e # Allow commands to fail npm run full-sync - exit_code=$? - echo "Full-sync exit code: $exit_code" - - if [[ "$FULL_SYNC_NOP" == "true" ]]; then - echo "Dry-run mode — ignoring failure" - exit 0 - fi - - exit $exit_code working-directory: ${{ env.SAFE_SETTINGS_CODE_DIR }} env: - APP_ID: ${{ vars.SAFE_SETTINGS_APP_ID }} - ADMIN_REPO: ${{ vars.SAFE_SETTINGS_ADMIN_REPO || '.github' }} - CONFIG_PATH: ${{ vars.SAFE_SETTINGS_CONFIG_PATH || 'safe-settings' }} - DEPLOYMENT_CONFIG_FILE: ${{ github.workspace }}/${{ vars.SAFE_SETTINGS_CONFIG_PATH || 'safe-settings' }}/deployment-settings.yml + APP_ID: ${{ inputs.app-id }} + ADMIN_REPO: ${{ inputs.admin-repo }} + CONFIG_PATH: ${{ inputs.config-path }} + DEPLOYMENT_CONFIG_FILE: ${{ github.workspace }}/${{ inputs.config-path }}/${{ inputs.deployment-config-file }} FULL_SYNC_NOP: ${{ inputs.dry-run }} - GH_ORG: ${{ vars.SAFE_SETTINGS_GH_ORG }} LOG_LEVEL: ${{ vars.SAFE_SETTINGS_LOG_LEVEL || 'debug' }} - PRIVATE_KEY: ${{ secrets.SAFE_SETTINGS_PRIVATE_KEY }} + PRIVATE_KEY: ${{ secrets.private-key }} From 073b8b58e35ac88dbf5788a963182680634d6912 Mon Sep 17 00:00:00 2001 From: Dafydd Jones Date: Mon, 13 Jul 2026 22:44:26 +0100 Subject: [PATCH 2/3] ci(workflows): switch the main Safe Settings workflow to use `libsafe-settings` --- .github/workflows/apply-ss-to-formulas.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/apply-ss-to-formulas.yml diff --git a/.github/workflows/apply-ss-to-formulas.yml b/.github/workflows/apply-ss-to-formulas.yml new file mode 100644 index 0000000..fb983ed --- /dev/null +++ b/.github/workflows/apply-ss-to-formulas.yml @@ -0,0 +1,22 @@ +name: Apply Safe Settings to Formulas +on: + workflow_dispatch: + inputs: + dry-run: + description: Whether to run in `dry-run` mode or not + required: false + type: boolean + default: true + +permissions: {} + +jobs: + apply-safe-settings: + permissions: + contents: read + uses: ./.github/workflows/libsafe-settings.yml + with: + app-id: ${{ vars.SAFE_SETTINGS_APP_ID }} + dry-run: ${{ inputs.dry-run }} + secrets: + private-key: ${{ secrets.SAFE_SETTINGS_PRIVATE_KEY }} From 20162077b84a6f0bb126b996df6e60c19b795e7b Mon Sep 17 00:00:00 2001 From: Dafydd Jones Date: Tue, 14 Jul 2026 15:17:24 +0100 Subject: [PATCH 3/3] ci(workflows): revert filename change --- .../workflows/{apply-ss-to-formulas.yml => safe-settings.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{apply-ss-to-formulas.yml => safe-settings.yml} (92%) diff --git a/.github/workflows/apply-ss-to-formulas.yml b/.github/workflows/safe-settings.yml similarity index 92% rename from .github/workflows/apply-ss-to-formulas.yml rename to .github/workflows/safe-settings.yml index fb983ed..613f478 100644 --- a/.github/workflows/apply-ss-to-formulas.yml +++ b/.github/workflows/safe-settings.yml @@ -1,4 +1,4 @@ -name: Apply Safe Settings to Formulas +name: Apply Safe Settings on: workflow_dispatch: inputs: