Skip to content

Commit 2f9f83e

Browse files
ptrdomclaude
andauthored
Add dry-run mode to the Scala Steward workflow (#698)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
1 parent c95000d commit 2f9f83e

3 files changed

Lines changed: 121 additions & 26 deletions

File tree

.github/scala-steward-dry-run.conf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
# Global (default) repo config for the Scala Steward workflow's dry-run kind,
2+
# passed via the action's repo-config input (scala-steward --repo-config).
3+
# updates.limit = 0 runs the full update-detection pipeline but opens/updates
4+
# no PRs (scala-steward-org/scala-steward#1828), so PRs can validate the
5+
# workflow without side effects.
6+
#
7+
# Scala Steward merges this per-field with the repo's own .scala-steward.conf
8+
# (RepoConfigAlg: global |+| repo), so the repo's updates.ignore and
9+
# updatePullRequests are preserved; only updates.limit is added here. The
10+
# effective dry-run config is therefore the live config capped at zero PRs.
11+
updates.limit = 0
Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
# Reusable pipeline shared by every run kind, called from scala-steward.yml.
2+
# All the kind-specific behaviour is gated on inputs.kind so the logic lives in
3+
# one place; scala-steward.yml decides the kind and selects which caller job
4+
# runs.
5+
# LIVE - workflow_dispatch / schedule / push to main: real run, GitHub App
6+
# auth, opens dependency-update PRs.
7+
# DRY_RUN - pull_request: exercise the full update-detection pipeline with
8+
# updates.limit = 0 (no PRs) using the read-only github.token.
9+
on:
10+
workflow_call:
11+
inputs:
12+
kind:
13+
description: "LIVE | DRY_RUN"
14+
required: true
15+
type: string
16+
jobs:
17+
run:
18+
runs-on: ubuntu-24.04
19+
name: Launch Scala Steward
20+
steps:
21+
# DRY_RUN passes repo-config to the action, which reads it from the
22+
# workspace, so the repo must be checked out. LIVE needs no checkout:
23+
# Scala Steward clones the target repo itself.
24+
- uses: actions/checkout@v7
25+
if: inputs.kind == 'DRY_RUN'
26+
- uses: coursier/cache-action@v8
27+
- uses: coursier/setup-action@v3
28+
with:
29+
jvm: temurin:11
30+
# Pin to the sbt 1.x runner: the latest runner is sbt 2.x, which
31+
# requires JDK 17+. Kept in sync with sbt releases by Renovate.
32+
apps: sbt:1.12.13
33+
# Two separate invocations rather than one with expression-computed
34+
# inputs: the auth differs structurally (GitHub App vs github.token), and
35+
# passing blank github-app-* inputs risks the action treating App auth as
36+
# requested. The version pins are shared verbatim between them.
37+
- name: Launch Scala Steward
38+
if: inputs.kind == 'LIVE'
39+
uses: scala-steward-org/scala-steward-action@v2.92.0
40+
with:
41+
# Pin Scala Steward itself. The action otherwise downloads the latest
42+
# published version on every run; 0.39.1 dropped the Java 11 build and
43+
# requires Java 17+, which breaks the temurin:11 runner above. Renovate
44+
# tracks this pin; a bump past 0.39.0 fails on first run until the
45+
# runner is moved to JDK 17.
46+
scala-steward-version: 0.39.0
47+
# Pin the sbt and scalafmt versions Scala Steward runs against to the
48+
# ones used in this repository. Kept in sync by Renovate.
49+
sbt-version: 1.12.13
50+
scalafmt-version: 3.11.3
51+
github-app-id: ${{ secrets.SCALA_STEWARD_APP_ID }}
52+
github-app-installation-id: ${{ secrets.SCALA_STEWARD_APP_INSTALLATION_ID }}
53+
github-app-key: ${{ secrets.SCALA_STEWARD_APP_PRIVATE_KEY }}
54+
github-app-auth-only: true
55+
- name: Launch Scala Steward (dry run)
56+
if: inputs.kind == 'DRY_RUN'
57+
uses: scala-steward-org/scala-steward-action@v2.92.0
58+
with:
59+
# Kept in sync with the LIVE invocation above (Renovate).
60+
scala-steward-version: 0.39.0
61+
sbt-version: 1.12.13
62+
scalafmt-version: 3.11.3
63+
# No github-app-* inputs: the action falls back to the default
64+
# read-only github.token (so this also works on fork PRs). The
65+
# default repo config forces updates.limit = 0, so no PRs are opened
66+
# even before auth would matter.
67+
repo-config: .github/scala-steward-dry-run.conf

.github/workflows/scala-steward.yml

Lines changed: 43 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -5,39 +5,56 @@ on:
55
push:
66
branches:
77
- main
8+
pull_request:
9+
branches:
10+
- main
811

912
name: Launch Scala Steward
1013

1114
concurrency:
1215
group: ${{ github.workflow }}-${{ github.ref }}
1316
cancel-in-progress: true
1417

18+
# Deny-all default: each job opts back in to exactly what it needs.
19+
permissions: {}
20+
1521
jobs:
16-
scala-steward:
22+
# Decide once what this run does, then fan out to one job per kind so each
23+
# appears as its own job in the UI. The shared pipeline lives in
24+
# _scala-steward-run.yml; the jobs below only select it.
25+
# LIVE - workflow_dispatch / schedule / push to main: opens PRs.
26+
# DRY_RUN - pull_request: exercise the pipeline, open no PRs.
27+
determine:
1728
runs-on: ubuntu-24.04
18-
name: Launch Scala Steward
29+
permissions:
30+
contents: read
31+
outputs:
32+
kind: ${{ steps.kind.outputs.kind }}
1933
steps:
20-
- uses: coursier/cache-action@v8
21-
- uses: coursier/setup-action@v3
22-
with:
23-
jvm: temurin:11
24-
# Pin to the sbt 1.x runner: the latest runner is sbt 2.x, which
25-
# requires JDK 17+. Kept in sync with sbt releases by Renovate.
26-
apps: sbt:1.12.13
27-
- name: Launch Scala Steward
28-
uses: scala-steward-org/scala-steward-action@v2.92.0
29-
with:
30-
# Pin Scala Steward itself. The action otherwise downloads the latest
31-
# published version on every run; 0.39.1 dropped the Java 11 build and
32-
# requires Java 17+, which breaks the temurin:11 runner above. Renovate
33-
# tracks this pin; a bump past 0.39.0 fails on first run until the
34-
# runner is moved to JDK 17.
35-
scala-steward-version: 0.39.0
36-
# Pin the sbt and scalafmt versions Scala Steward runs against to the
37-
# ones used in this repository. Kept in sync by Renovate.
38-
sbt-version: 1.12.13
39-
scalafmt-version: 3.11.3
40-
github-app-id: ${{ secrets.SCALA_STEWARD_APP_ID }}
41-
github-app-installation-id: ${{ secrets.SCALA_STEWARD_APP_INSTALLATION_ID }}
42-
github-app-key: ${{ secrets.SCALA_STEWARD_APP_PRIVATE_KEY }}
43-
github-app-auth-only: true
34+
- name: Determine run kind
35+
id: kind
36+
run: |
37+
case "$GITHUB_EVENT_NAME" in
38+
pull_request) KIND=DRY_RUN ;;
39+
*) KIND=LIVE ;;
40+
esac
41+
echo "Run kind: $KIND"
42+
echo "kind=$KIND" >> "$GITHUB_OUTPUT"
43+
live:
44+
needs: determine
45+
if: needs.determine.outputs.kind == 'LIVE'
46+
permissions:
47+
contents: read
48+
uses: ./.github/workflows/_scala-steward-run.yml
49+
with:
50+
kind: LIVE
51+
secrets: inherit
52+
dry-run:
53+
needs: determine
54+
if: needs.determine.outputs.kind == 'DRY_RUN'
55+
permissions:
56+
contents: read
57+
uses: ./.github/workflows/_scala-steward-run.yml
58+
with:
59+
kind: DRY_RUN
60+
secrets: inherit

0 commit comments

Comments
 (0)