harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
zeroclaw/.github/workflows/update-notice.yml
Will Sarg 32bfe1d186
ci(workflows): consolidate policy and rust workflow setup (#564) 
* fix(workflows): standardize runner configuration for security jobs

* ci(actionlint): add Blacksmith runner label to config

Add blacksmith-2vcpu-ubuntu-2404 to actionlint self-hosted-runner labels config
to suppress "unknown label" warnings during workflow linting.

This label is used across all workflows after the Blacksmith migration.

* fix(actionlint): adjust indentation for self-hosted runner labels

* feat(security): enhance security workflow with CodeQL analysis steps

* fix(security): update CodeQL action to version 4 for improved analysis

* fix(security): remove duplicate permissions in security workflow

* fix(security): revert CodeQL action to v3 for stability

The v4 version was causing workflow file validation failures.
Reverting to proven v3 version that is working on main branch.

* fix(security): remove duplicate permissions causing workflow validation failure

The permissions block had duplicate security-events and actions keys,
which caused YAML validation errors and prevented workflow execution.

Fixes: workflow file validation failures on main branch

* fix(security): remove pull_request trigger to reduce costs

* fix(security): restore PR trigger but skip codeql on PRs

* fix(security): resolve YAML syntax error in security workflow

* refactor(security): split CodeQL into dedicated scheduled workflow

* fix(security): update workflow name to Rust Package Security Audit

* fix(codeql): remove push trigger, keep schedule and on-demand only

* feat(codeql): add CodeQL configuration file to ignore specific paths

* Potential fix for code scanning alert no. 39: Hard-coded cryptographic value

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* fix(ci): resolve auto-response workflow merge markers

* fix(build): restore ChannelMessage reply_target usage

* ci(workflows): run workflow sanity on workflow pushes for all branches

* ci(workflows): rename auto-response workflow to PR Auto Responder

* ci(workflows): require owner approval for workflow file changes

* ci: add lint-first PR feedback gate

* ci(workflows): split label policy checks from workflow sanity

* ci(workflows): consolidate policy and rust workflow setup

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-02-17 11:35:20 -05:00

116 lines
3.5 KiB
YAML
Raw Blame History

name: Update Contributors NOTICE
on:
workflow_dispatch:
schedule:
# Run every Sunday at 00:00 UTC
- cron: '0 0 * * 0'
concurrency:
group: update-notice-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: write
pull-requests: write
jobs:
update-notice:
name: Update NOTICE with new contributors
runs-on: blacksmith-2vcpu-ubuntu-2404
steps:
- name: Checkout repository
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- name: Fetch contributors
id: contributors
env:
GH_TOKEN: ${{ github.token }}
run: |
# Fetch all contributors (excluding bots)
gh api \
--paginate \
"repos/${{ github.repository }}/contributors" \
--jq '.[] | select(.type != "Bot") | .login' > /tmp/contributors_raw.txt
# Sort alphabetically and filter
sort -f < /tmp/contributors_raw.txt > contributors.txt
# Count contributors
count=$(wc -l < contributors.txt | tr -d ' ')
echo "count=$count" >> "$GITHUB_OUTPUT"
- name: Generate new NOTICE file
run: |
cat > NOTICE << 'EOF'
ZeroClaw
Copyright 2025 ZeroClaw Labs
This product includes software developed at ZeroClaw Labs (https://github.com/zeroclaw-labs).
Contributors
============
The following individuals have contributed to ZeroClaw:
EOF
# Append contributors in alphabetical order
sed 's/^/- /' contributors.txt >> NOTICE
# Add third-party dependencies section
cat >> NOTICE << 'EOF'
Third-Party Dependencies
=========================
This project uses the following third-party libraries and components,
each licensed under their respective terms:
See Cargo.lock for a complete list of dependencies and their licenses.
EOF
- name: Check if NOTICE changed
id: check_diff
run: |
if git diff --quiet NOTICE; then
echo "changed=false" >> "$GITHUB_OUTPUT"
else
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Create Pull Request
if: steps.check_diff.outputs.changed == 'true'
env:
GH_TOKEN: ${{ github.token }}
COUNT: ${{ steps.contributors.outputs.count }}
run: |
branch_name="auto/update-notice-$(date +%Y%m%d)"
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git checkout -b "$branch_name"
git add NOTICE
git commit -m "chore(notice): update contributor list"
git push origin "$branch_name"
gh pr create \
--title "chore(notice): update contributor list" \
--body "Auto-generated update to NOTICE file with $COUNT contributors." \
--label "chore" \
--label "docs" \
--draft || true
- name: Summary
run: |
echo "## NOTICE Update Results" >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"
if [ "${{ steps.check_diff.outputs.changed }}" = "true" ]; then
echo "✅ PR created to update NOTICE" >> "$GITHUB_STEP_SUMMARY"
else
echo "✓ NOTICE file is up to date" >> "$GITHUB_STEP_SUMMARY"
fi
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "**Contributors:** ${{ steps.contributors.outputs.count }}" >> "$GITHUB_STEP_SUMMARY"
Reference in a new issue View git blame Copy permalink