diff --git a/.github/workflows/auto-update.yml b/.github/workflows/auto-update.yml index d736efd8c..c8cba880d 100644 --- a/.github/workflows/auto-update.yml +++ b/.github/workflows/auto-update.yml @@ -1,40 +1,40 @@ -# SPDX-FileCopyrightText: (C) 2025 Intel Corporation -# SPDX-License-Identifier: Apache-2.0 - ---- - -name: Auto Update PR - -# On push to the main branch and support branches, update any branches that are out of date -# and have auto-merge enabled. If the branch is currently out of date with the base branch, -# it must be first manually updated and then will be kept up to date on future runs. -on: - push: - branches: - - main - - release-* - -permissions: {} - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - update-pull-requests: - permissions: - contents: read - pull-requests: write - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: Update pull requests +# SPDX-FileCopyrightText: (C) 2025 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +--- + +name: Auto Update PR + +# On push to the main branch and support branches, update any branches that are out of date +# and have auto-merge enabled. If the branch is currently out of date with the base branch, +# it must be first manually updated and then will be kept up to date on future runs. +on: + push: + branches: + - main + - release-* + +permissions: {} + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + update-pull-requests: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: Update pull requests uses: open-edge-platform/orch-ci/.github/actions/pr_updater@592eafb7c84669729eb1adc610515bad61c3550b # 0.1.67 - with: - github_token: ${{ secrets.SYS_ORCH_GITHUB }} - + with: + github_token: ${{ secrets.SYS_EMF_GH_TOKEN }} + diff --git a/.github/workflows/post-merge-scorecard.yml b/.github/workflows/post-merge-scorecard.yml index 1da3f57e1..fc353eccb 100644 --- a/.github/workflows/post-merge-scorecard.yml +++ b/.github/workflows/post-merge-scorecard.yml @@ -20,8 +20,8 @@ jobs: id-token: write contents: read - uses: open-edge-platform/orch-ci/.github/workflows/post-merge-scorecard.yml@d3fe218ea585fb390b73c87f9e482cbe1424829c # v0.1.68 + uses: open-edge-platform/orch-ci/.github/workflows/post-merge-scorecard.yml@20b640842e63420b06b3ff4247e608228e14c74a # 2026.0.1 with: project_folder: "." secrets: - SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }} + SYS_EMF_GH_TOKEN: ${{ secrets.SYS_EMF_GH_TOKEN }} diff --git a/.github/workflows/virtual-integration.yml b/.github/workflows/virtual-integration.yml index f866536f7..ae3421cc6 100644 --- a/.github/workflows/virtual-integration.yml +++ b/.github/workflows/virtual-integration.yml @@ -159,7 +159,7 @@ jobs: shell: bash run: | echo "GOPRIVATE=github.com/open-edge-platform" >> $GITHUB_ENV - git config --global url."https://${{ secrets.SYS_ORCH_GITHUB }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" + git config --global url."https://${{ secrets.SYS_EMF_GH_TOKEN }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" - name: Setup asdf and install dependencies uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] @@ -273,7 +273,7 @@ jobs: shell: bash run: | echo "GOPRIVATE=github.com/open-edge-platform" >> $GITHUB_ENV - git config --global url."https://${{ secrets.SYS_ORCH_GITHUB }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" + git config --global url."https://${{ secrets.SYS_EMF_GH_TOKEN }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" - name: Setup asdf and install dependencies uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] @@ -306,7 +306,7 @@ jobs: shell: bash run: | echo "GOPRIVATE=github.com/open-edge-platform" >> $GITHUB_ENV - git config --global url."https://${{ secrets.SYS_ORCH_GITHUB }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" + git config --global url."https://${{ secrets.SYS_EMF_GH_TOKEN }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" - name: Setup asdf and install dependencies uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] @@ -365,7 +365,7 @@ jobs: shell: bash run: | echo "GOPRIVATE=github.com/open-edge-platform" >> $GITHUB_ENV - git config --global url."https://${{ secrets.SYS_ORCH_GITHUB }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" + git config --global url."https://${{ secrets.SYS_EMF_GH_TOKEN }}:x-oauth-basic@github.com/".insteadOf "https://github.com/" - name: Setup asdf and install dependencies uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main # zizmor: ignore[unpinned-uses] @@ -495,7 +495,7 @@ jobs: orch_password: ${{ secrets.ORCH_DEFAULT_PASSWORD }} docker_username: ${{ secrets.SYS_DOCKERHUB_USERNAME }} docker_password: ${{ secrets.SYS_DOCKERHUB_RO }} - token: ${{ secrets.SYS_ORCH_GITHUB }} + token: ${{ secrets.SYS_EMF_GH_TOKEN }} deployment_type: all - name: Collect diagnostics if: always() @@ -559,7 +559,7 @@ jobs: if: ${{ always() && steps.deploy-kind-orchestrator.conclusion == 'success' && steps.default-mt-setup.conclusion == 'success' }} uses: ./.github/actions/cypress with: - token: ${{ secrets.SYS_ORCH_GITHUB }} + token: ${{ secrets.SYS_EMF_GH_TOKEN }} en_serial_number: ${{ env.EN_SN }} en_uuid: ${{ env.EN_UUID }} infra: "cypress/e2e/infra/locations.cy.ts,cypress/e2e/infra/new-host-provision.cy.ts,cypress/e2e/infra/verify-host.cy.ts" @@ -734,7 +734,7 @@ jobs: path: edge-manage-test-automation ref: ${{ steps.read-test-automation-version.outputs.version }} submodules: 'recursive' - token: ${{ secrets.SYS_ORCH_GITHUB }} + token: ${{ secrets.SYS_EMF_GH_TOKEN }} persist-credentials: false - name: Install vEN Deps @@ -879,13 +879,13 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: open-edge-platform/orch-ci - token: ${{ secrets.SYS_ORCH_GITHUB }} + token: ${{ secrets.SYS_EMF_GH_TOKEN }} path: orch-ci persist-credentials: false - name: Tag repo env: - GITHUB_TOKEN: ${{ secrets.SYS_ORCH_GITHUB }} + GITHUB_TOKEN: ${{ secrets.SYS_EMF_GH_TOKEN }} run: orch-ci/scripts/version-tag.sh post-merge: @@ -894,12 +894,12 @@ jobs: security-events: write id-token: write if: github.event_name == 'push' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-pass-validation' ) - uses: open-edge-platform/orch-ci/.github/workflows/post-merge.yml@592eafb7c84669729eb1adc610515bad61c3550b # 0.1.67 + uses: open-edge-platform/orch-ci/.github/workflows/post-merge.yml@20b640842e63420b06b3ff4247e608228e14c74a # 2026.0.1 with: run_build: false run_version_tag: false secrets: - SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }} + SYS_EMF_GH_TOKEN: ${{ secrets.SYS_EMF_GH_TOKEN }} NO_AUTH_ECR_PUSH_USERNAME: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} NO_AUTH_ECR_PUSH_PASSWD: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} MSTEAMS_WEBHOOK: ${{ secrets.TEAMS_WEBHOOK }}