From 4b5b5c7951d2b1cf99051a92e51553664f566ff2 Mon Sep 17 00:00:00 2001 From: Pete Johns Date: Tue, 9 Sep 2025 15:26:59 +1000 Subject: [PATCH 1/3] fix(actions): upgrade cache ``` Error: This request has been automatically failed because it uses a deprecated version of `actions/cache: v2`. Please update your workflow to use v3/v4 of actions/cache to avoid interruptions. Learn more: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down ``` --- .github/workflows/build-website.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-website.yml b/.github/workflows/build-website.yml index ba0524f4..ca580147 100644 --- a/.github/workflows/build-website.yml +++ b/.github/workflows/build-website.yml @@ -33,7 +33,7 @@ jobs: submodules: recursive # Use GitHub Actions' cache to shorten build times and decrease load on servers - - uses: actions/cache@v2 + - uses: actions/cache@v4 with: path: vendor/bundle key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile') }} From 1d55df36b5667426b6456445ffec670c39415510 Mon Sep 17 00:00:00 2001 From: Pete Johns Date: Tue, 9 Sep 2025 15:31:25 +1000 Subject: [PATCH 2/3] feat(dependabot): keep dependencies up-to-date automatically --- .github/dependabot.yml | 99 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..1dd9cd99 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,99 @@ +version: 2 +updates: + # Enable version updates for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "UTC" + # Allow both major and minor updates for actions + open-pull-requests-limit: 10 + # Group updates by action to reduce PR noise + groups: + github-actions: + patterns: + - "*" + # Auto-merge minor updates for trusted actions + commit-message: + prefix: "chore" + include: "scope" + # Reviewers for action updates + reviewers: + - "fraz3alpha" + # Labels for action updates + labels: + - "dependencies" + - "github-actions" + - "automated" + + # Enable version updates for npm dependencies + - package-ecosystem: "npm" + directory: "/browser-extensions/common/js/tests" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "UTC" + open-pull-requests-limit: 5 + groups: + npm-dependencies: + patterns: + - "*" + commit-message: + prefix: "chore" + include: "scope" + reviewers: + - "fraz3alpha" + labels: + - "dependencies" + - "npm" + - "automated" + + # Enable version updates for npm dependencies in ui-test + - package-ecosystem: "npm" + directory: "/browser-extensions/common/js/tests/ui-test" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "UTC" + open-pull-requests-limit: 5 + groups: + npm-dependencies: + patterns: + - "*" + commit-message: + prefix: "chore" + include: "scope" + reviewers: + - "fraz3alpha" + labels: + - "dependencies" + - "npm" + - "automated" + + # Enable version updates for Ruby/Bundler dependencies + - package-ecosystem: "bundler" + directory: "/website" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "UTC" + open-pull-requests-limit: 5 + groups: + bundler-dependencies: + patterns: + - "*" + commit-message: + prefix: "chore" + include: "scope" + reviewers: + - "fraz3alpha" + labels: + - "dependencies" + - "ruby" + - "bundler" + - "automated" From e3ced9fa6d9ab9dd96422926fe96753d86ea3e75 Mon Sep 17 00:00:00 2001 From: Pete Johns Date: Tue, 9 Sep 2025 15:40:30 +1000 Subject: [PATCH 3/3] doc(README): reflect current ci/cd config --- README.md | 89 ++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 71 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 5bda0790..37c300f1 100644 --- a/README.md +++ b/README.md @@ -30,12 +30,30 @@ locally for testing by running a bash script (Linux and Mac only). 1. To stop the local website running, press CTRL+C in the terminal. You might find you need to update the Gemfile.lock file occasionally. -To do that I've run the following from within the `website` directory. + +## Updating Ruby Dependencies + +### Option 1: Using Dependabot (Recommended) +Dependabot will automatically create pull requests for outdated Ruby dependencies. Check the [Dependencies tab](https://github.com/fraz3alpha/running-challenges/network/dependencies) or look for PRs labeled `dependencies` and `ruby`. + +### Option 2: Manual Update +If you need to update manually, run from the `website` directory: + +```bash +cd website +bundle update +git add Gemfile.lock +git commit -m "chore: update Ruby dependencies" ``` + +### Option 3: Using Docker (Legacy) +If you prefer the Docker approach: +```bash +cd website docker run -it -v `pwd`:/tmp/website-data jekyll/jekyll bash ``` -and then inside the container run: -``` +Then inside the container: +```bash bundle update ``` @@ -101,14 +119,50 @@ Instead, for testing purposes, you have to install it as a [temporary installati # Automated builds -This repository is integrated with TravisCI so that code pushed to the master -branch in GitHub is built. This will update the website, and if a suitable tag -is present, then a GitHub Release is created and a copy of the extension at that -level is uploaded for further submission to the Chrome and Firefox extension/addon -webstores. +This repository uses GitHub Actions for continuous integration and deployment. The following workflows are configured: + +## Production Website Build +- **Trigger**: Push to `master` branch +- **Action**: Builds and deploys the main website to `gh-pages` branch +- **Workflow**: `.github/workflows/build-website.yml` + +## Staging Website Build +- **Trigger**: Push to any branch except `master`, `gh-pages`, or `gh-pages-staging` +- **Action**: Builds and deploys a staging version to `staging.running-challenges.co.uk` +- **Workflow**: `.github/workflows/build-staging-website.yml` + +## Extension Build & Release +- **Trigger**: Push to `master` branch or manual dispatch +- **Action**: Builds Chrome and Firefox extensions, creates GitHub releases on version tags +- **Workflow**: `.github/workflows/build-extension.yml` + +## Code Quality Analysis +- **Trigger**: Push to `master` branch, pull requests, or manual dispatch +- **Action**: Runs CodeQL security analysis +- **Workflow**: `.github/workflows/codeql-analysis.yml` + +# Dependency Management + +This repository uses [Dependabot](https://docs.github.com/en/code-security/dependabot) to automatically keep dependencies up-to-date: + +## Automated Updates +- **GitHub Actions**: All workflow actions are automatically updated weekly +- **npm Dependencies**: Node.js packages in test directories are updated weekly +- **Ruby/Bundler**: Jekyll and other Ruby gems are updated weekly +- **Schedule**: Every Monday at 9:00 AM UTC + +## Configuration +Dependabot is configured in `.github/dependabot.yml` and will: +- Create pull requests for outdated dependencies +- Group related updates to reduce PR noise +- Assign appropriate labels (`dependencies`, `github-actions`, `npm`, `ruby`, `bundler`, `automated`) +- Use consistent commit message format (`chore:` prefix) -Each PR created, and when additional commits are pushed to existing PR branches, -an additional build it run to build a copy of the website on staging.running-challenges.co.uk . +## Manual Updates +If you need to update dependencies manually: +- **GitHub Actions**: Edit workflow files in `.github/workflows/` +- **npm**: Run `npm update` in the relevant test directories +- **Ruby**: Run `bundle update` in the `website/` directory # Adding a new volunteer role @@ -144,10 +198,10 @@ It is impossible to add a new country until the new website is made live, and th # Version numbers There hasn't been any real consistency in how the versions have been numbered, with the versions mostly going up -a point release when something was changed. The only thing that has been consistent is that the last number has +a point release when something was changed. The only thing that has been consistent is that the last number has referred back to the Travis build that generated the release. -To make this more consistent, from January 2020 the numbering, which follows the format +To make this more consistent, from January 2020 the numbering, which follows the format `...` will refer to: ### Major version @@ -156,27 +210,26 @@ Something big has changed in the way the extension works. We may never go to ver ### Minor version -A new challenge, stat, or badge has been added - or there has been a significant addition to the way the data is +A new challenge, stat, or badge has been added - or there has been a significant addition to the way the data is displayed on the webpage. ### Patch version -Bug fixes or minor rendering changes +Bug fixes or minor rendering changes ### Build Number -This will remain as it always has, including the Travis build number. +This will remain as it always has, including the GitHub Actions build number. # Releasing a new version 1. When everything has been tested and merged into master, tag master with the -version in `build/version.sh`. This will trigger a Travis build to push the built -zips to a Github release. +version in `build/version.sh`. This will trigger a GitHub Actions workflow to build and create a GitHub release. ``` git tag v0.7.5 git push origin v0.7.5 ``` -1. Watch the [Travis build](https://travis-ci.org/fraz3alpha/running-challenges) run. +1. Watch the [GitHub Actions workflow](https://github.com/fraz3alpha/running-challenges/actions) run. 1. Head over to the [releases](https://github.com/fraz3alpha/running-challenges/releases) tab in Github and find the release for the [version you tagged](https://github.com/fraz3alpha/running-challenges/releases/tag/v0.7.5). 1. Edit the release with any information that you may want to include in release notes, or perhaps form the basis of the blog post.