Charon/.github/workflows/renovate_prune.yml at eec8c28fb3c2e8c0bc387bb3139184b8d67f1b21

akanealw/Charon

Fork 0

Files

akanealw eec8c28fb3

Go Benchmark / Performance Regression Check (push) Waiting to run

Details

Cerberus Integration / Cerberus Security Stack Integration (push) Waiting to run

Details

Upload Coverage to Codecov / Backend Codecov Upload (push) Waiting to run

Details

Upload Coverage to Codecov / Frontend Codecov Upload (push) Waiting to run

Details

CodeQL - Analyze / CodeQL analysis (go) (push) Waiting to run

Details

CodeQL - Analyze / CodeQL analysis (javascript-typescript) (push) Waiting to run

Details

CrowdSec Integration / CrowdSec Bouncer Integration (push) Waiting to run

Details

Docker Build, Publish & Test / build-and-push (push) Waiting to run

Details

Docker Build, Publish & Test / Security Scan PR Image (push) Blocked by required conditions

Details

Quality Checks / Auth Route Protection Contract (push) Waiting to run

Details

Quality Checks / Codecov Trigger/Comment Parity Guard (push) Waiting to run

Details

Quality Checks / Backend (Go) (push) Waiting to run

Details

Quality Checks / Frontend (React) (push) Waiting to run

Details

Rate Limit integration / Rate Limiting Integration (push) Waiting to run

Details

Security Scan (PR) / Trivy Binary Scan (push) Waiting to run

Details

Supply Chain Verification (PR) / Verify Supply Chain (push) Waiting to run

Details

WAF integration / Coraza WAF Integration (push) Waiting to run

Details

changed perms

2026-04-22 18:19:14 +00:00

102 lines

3.4 KiB

YAML

Executable File

Raw Blame History

 name: "Prune Renovate Branches"
 on:
   workflow_dispatch:
   schedule:
     - cron: '0 3 * * *'   # daily at 03:00 UTC
 permissions:
   contents: write       # required to delete branch refs
   pull-requests: read
 jobs:
   prune:
     runs-on: ubuntu-latest
     concurrency:
       group: prune-renovate-branches
       cancel-in-progress: true
     env:
       BRANCH_PREFIX: "renovate/"  # adjust if you use a different prefix
     steps:
       - name: Choose GitHub Token
         run: |
           if [ -n "${{ secrets.GITHUB_TOKEN }}" ]; then
             echo "Using GITHUB_TOKEN" >&2
             echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
           else
             echo "Using CHARON_TOKEN fallback" >&2
             echo "GITHUB_TOKEN=${{ secrets.CHARON_TOKEN }}" >> "$GITHUB_ENV"
           fi
       - name: Prune renovate branches
         uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
         with:
           github-token: ${{ env.GITHUB_TOKEN }}
           script: |
             const owner = context.repo.owner;
             const repo = context.repo.repo;
             const branchPrefix = (process.env.BRANCH_PREFIX || 'renovate/').replace(/^refs\/heads\//, '');
             const refPrefix = `heads/${branchPrefix}`; // e.g. "heads/renovate/"
             core.info(`Searching for refs with prefix: ${refPrefix}`);
             // List matching refs (branches) under the prefix
             let refs;
             try {
               refs = await github.rest.git.listMatchingRefs({
                 owner,
                 repo,
                 ref: refPrefix
               });
             } catch (err) {
               core.info(`No matching refs or API error: ${err.message}`);
               refs = { data: [] };
             }
             for (const r of refs.data) {
               const fullRef = r.ref; // "refs/heads/renovate/..."
               const branchName = fullRef.replace('refs/heads/', '');
               core.info(`Evaluating branch: ${branchName}`);
               // Find PRs for this branch (head = "owner:branch")
               const prs = await github.rest.pulls.list({
                 owner,
                 repo,
                 head: `${owner}:${branchName}`,
                 state: 'all',
                 per_page: 100
               });
               let shouldDelete = false;
               if (!prs.data || prs.data.length === 0) {
                 core.info(`No PRs found for ${branchName} — marking for deletion.`);
                 shouldDelete = true;
               } else {
                 // If none of the PRs are open, safe to delete
                 const hasOpen = prs.data.some(p => p.state === 'open');
                 if (!hasOpen) {
                   core.info(`All PRs for ${branchName} are closed — marking for deletion.`);
                   shouldDelete = true;
                 } else {
                   core.info(`Open PR(s) exist for ${branchName} — skipping deletion.`);
                 }
               }
               if (shouldDelete) {
                 try {
                   await github.rest.git.deleteRef({
                     owner,
                     repo,
                     ref: `heads/${branchName}`
                   });
                   core.info(`Deleted branch: ${branchName}`);
                 } catch (delErr) {
                   core.warning(`Failed to delete ${branchName}: ${delErr.message}`);
                 }
               }
             }
       - name: Done
         run: echo "Prune run completed."

102 lines 3.4 KiB YAML Executable File Raw Blame History

102 lines

3.4 KiB

YAML

Executable File

Raw Blame History