From 71a7305ed703a753ed5b056924ce513068cc56da Mon Sep 17 00:00:00 2001 From: Cursor Date: Tue, 14 Apr 2026 14:50:18 +0000 Subject: [PATCH 1/3] Add Dependabot auto-approve and auto-merge workflow. Automatically approve Dependabot PRs and enable auto-merge so updates land once required status checks pass. Made-with: Cursor --- .../dependabot_auto_approve_merge.yml | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .github/workflows/dependabot_auto_approve_merge.yml diff --git a/.github/workflows/dependabot_auto_approve_merge.yml b/.github/workflows/dependabot_auto_approve_merge.yml new file mode 100644 index 0000000..338192d --- /dev/null +++ b/.github/workflows/dependabot_auto_approve_merge.yml @@ -0,0 +1,46 @@ +# Approve Dependabot pull requests and enable auto-merge so GitHub merges them once +# required status checks pass. Enable "Allow auto-merge" under Settings → General → +# Pull Requests, and require status checks on the default branch. See: +# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions + +name: Dependabot auto-approve and merge + +on: + pull_request: + types: [opened, reopened, synchronize] + +permissions: + contents: write + issues: write + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: github.event.pull_request.user.login == 'dependabot[bot]' + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Approve pull request + run: | + set -euo pipefail + if [ "$(gh pr view "${PR_NUMBER}" --json reviewDecision -q .reviewDecision)" != "APPROVED" ]; then + gh pr review --approve "${PR_NUMBER}" + fi + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Enable auto-merge + run: | + set -euo pipefail + if [ "$(gh pr view "${PR_NUMBER}" --json autoMergeRequest -q '.autoMergeRequest != null')" != "true" ]; then + gh pr merge --auto --merge "${PR_NUMBER}" + fi + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 13d77e98cb958ac2182c64f136acc3a1f0e1d85b Mon Sep 17 00:00:00 2001 From: Cursor Date: Tue, 14 Apr 2026 14:56:19 +0000 Subject: [PATCH 2/3] Run integration workflows on every PR with conditional test execution. Trigger each language integration workflow for all pull requests so checks can be required, while skipping setup and tests unless relevant files changed. Made-with: Cursor --- .../proxy_integration_tests_javascript.yml | 26 +++++++++++++++--- .../workflows/proxy_integration_tests_php.yml | 26 +++++++++++++++--- .../proxy_integration_tests_python.yml | 27 ++++++++++++++++--- .../proxy_integration_tests_ruby.yml | 25 ++++++++++++++--- 4 files changed, 92 insertions(+), 12 deletions(-) diff --git a/.github/workflows/proxy_integration_tests_javascript.yml b/.github/workflows/proxy_integration_tests_javascript.yml index de0089d..0ef5f8b 100644 --- a/.github/workflows/proxy_integration_tests_javascript.yml +++ b/.github/workflows/proxy_integration_tests_javascript.yml @@ -7,9 +7,6 @@ name: Proxy integration tests (JavaScript) on: pull_request: - paths: - - "javascript/**" - - ".github/workflows/proxy_integration_tests_javascript.yml" permissions: contents: read @@ -23,7 +20,23 @@ jobs: with: persist-credentials: false + - name: Detect JavaScript changes + id: changes + run: | + set -euo pipefail + changed="false" + while IFS= read -r file; do + case "${file}" in + javascript/*|.github/workflows/proxy_integration_tests_javascript.yml) + changed="true" + break + ;; + esac + done < <(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}") + echo "changed=${changed}" >> "${GITHUB_OUTPUT}" + - name: Set up Node + if: steps.changes.outputs.changed == 'true' uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 (Node 24) with: node-version: "24" @@ -31,10 +44,12 @@ jobs: cache-dependency-path: javascript/package-lock.json - name: Install dependencies + if: steps.changes.outputs.changed == 'true' working-directory: javascript run: npm ci - name: Require PROXY_URL Actions secret + if: steps.changes.outputs.changed == 'true' env: PROXY_URL: ${{ secrets.PROXY_URL }} run: | @@ -44,7 +59,12 @@ jobs: fi - name: Run integration tests + if: steps.changes.outputs.changed == 'true' working-directory: javascript env: PROXY_URL: ${{ secrets.PROXY_URL }} run: npm test + + - name: Skip when JavaScript files are unchanged + if: steps.changes.outputs.changed != 'true' + run: echo "No JavaScript integration test changes detected; skipping." diff --git a/.github/workflows/proxy_integration_tests_php.yml b/.github/workflows/proxy_integration_tests_php.yml index 1f41742..830f8e0 100644 --- a/.github/workflows/proxy_integration_tests_php.yml +++ b/.github/workflows/proxy_integration_tests_php.yml @@ -7,9 +7,6 @@ name: Proxy integration tests (PHP) on: pull_request: - paths: - - "php/**" - - ".github/workflows/proxy_integration_tests_php.yml" permissions: contents: read @@ -23,7 +20,23 @@ jobs: with: persist-credentials: false + - name: Detect PHP changes + id: changes + run: | + set -euo pipefail + changed="false" + while IFS= read -r file; do + case "${file}" in + php/*|.github/workflows/proxy_integration_tests_php.yml) + changed="true" + break + ;; + esac + done < <(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}") + echo "changed=${changed}" >> "${GITHUB_OUTPUT}" + - name: Set up PHP + if: steps.changes.outputs.changed == 'true' uses: shivammathur/setup-php@v2 with: php-version: "8.3" @@ -31,10 +44,12 @@ jobs: coverage: none - name: Install Composer dependencies + if: steps.changes.outputs.changed == 'true' working-directory: php run: composer install --no-interaction --prefer-dist - name: Require PROXY_URL Actions secret + if: steps.changes.outputs.changed == 'true' env: PROXY_URL: ${{ secrets.PROXY_URL }} run: | @@ -44,7 +59,12 @@ jobs: fi - name: Run integration tests + if: steps.changes.outputs.changed == 'true' working-directory: php env: PROXY_URL: ${{ secrets.PROXY_URL }} run: php run_tests.php + + - name: Skip when PHP files are unchanged + if: steps.changes.outputs.changed != 'true' + run: echo "No PHP integration test changes detected; skipping." diff --git a/.github/workflows/proxy_integration_tests_python.yml b/.github/workflows/proxy_integration_tests_python.yml index f2c8c49..8946c58 100644 --- a/.github/workflows/proxy_integration_tests_python.yml +++ b/.github/workflows/proxy_integration_tests_python.yml @@ -7,9 +7,6 @@ name: Proxy integration tests (Python) on: pull_request: - paths: - - "python/**" - - ".github/workflows/proxy_integration_tests_python.yml" permissions: contents: read @@ -23,21 +20,40 @@ jobs: with: persist-credentials: false + - name: Detect Python changes + id: changes + run: | + set -euo pipefail + changed="false" + while IFS= read -r file; do + case "${file}" in + python/*|.github/workflows/proxy_integration_tests_python.yml) + changed="true" + break + ;; + esac + done < <(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}") + echo "changed=${changed}" >> "${GITHUB_OUTPUT}" + - name: Set up Python + if: steps.changes.outputs.changed == 'true' uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 (Node 24) with: # Pin for reproducible dependency wheels (pycurl, etc.); adjust as needed. python-version: "3.12" - name: Install system dependencies (pycurl) + if: steps.changes.outputs.changed == 'true' run: sudo apt-get update && sudo apt-get install -y libcurl4-openssl-dev - name: Install example dependencies + if: steps.changes.outputs.changed == 'true' run: | python -m pip install --upgrade pip pip install -r python/requirements.txt - name: Require PROXY_URL Actions secret + if: steps.changes.outputs.changed == 'true' env: PROXY_URL: ${{ secrets.PROXY_URL }} run: | @@ -47,7 +63,12 @@ jobs: fi - name: Run integration tests + if: steps.changes.outputs.changed == 'true' working-directory: python env: PROXY_URL: ${{ secrets.PROXY_URL }} run: python run_tests.py + + - name: Skip when Python files are unchanged + if: steps.changes.outputs.changed != 'true' + run: echo "No Python integration test changes detected; skipping." diff --git a/.github/workflows/proxy_integration_tests_ruby.yml b/.github/workflows/proxy_integration_tests_ruby.yml index 648e3f9..0893081 100644 --- a/.github/workflows/proxy_integration_tests_ruby.yml +++ b/.github/workflows/proxy_integration_tests_ruby.yml @@ -7,9 +7,6 @@ name: Proxy integration tests (Ruby) on: pull_request: - paths: - - "ruby/**" - - ".github/workflows/proxy_integration_tests_ruby.yml" permissions: contents: read @@ -23,7 +20,23 @@ jobs: with: persist-credentials: false + - name: Detect Ruby changes + id: changes + run: | + set -euo pipefail + changed="false" + while IFS= read -r file; do + case "${file}" in + ruby/*|.github/workflows/proxy_integration_tests_ruby.yml) + changed="true" + break + ;; + esac + done < <(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}") + echo "changed=${changed}" >> "${GITHUB_OUTPUT}" + - name: Set up Ruby + if: steps.changes.outputs.changed == 'true' uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0 (Node 24) with: ruby-version: "3.3" @@ -31,6 +44,7 @@ jobs: working-directory: ruby - name: Require PROXY_URL Actions secret + if: steps.changes.outputs.changed == 'true' env: PROXY_URL: ${{ secrets.PROXY_URL }} run: | @@ -40,7 +54,12 @@ jobs: fi - name: Run integration tests + if: steps.changes.outputs.changed == 'true' working-directory: ruby env: PROXY_URL: ${{ secrets.PROXY_URL }} run: bundle exec ruby run_tests.rb + + - name: Skip when Ruby files are unchanged + if: steps.changes.outputs.changed != 'true' + run: echo "No Ruby integration test changes detected; skipping." From 6257d888e98df585294b7e3b061641de3ab231f7 Mon Sep 17 00:00:00 2001 From: Cursor Date: Tue, 14 Apr 2026 15:37:38 +0000 Subject: [PATCH 3/3] Refactor integration workflow skipping with job-level conditions. Use a dedicated paths-filter job and gate each integration job with jobs.if so skipped checks stay clean and still satisfy required-check reporting. Made-with: Cursor --- .../proxy_integration_tests_javascript.yml | 40 ++++++++---------- .../workflows/proxy_integration_tests_php.yml | 40 ++++++++---------- .../proxy_integration_tests_python.yml | 41 ++++++++----------- .../proxy_integration_tests_ruby.yml | 39 ++++++++---------- 4 files changed, 68 insertions(+), 92 deletions(-) diff --git a/.github/workflows/proxy_integration_tests_javascript.yml b/.github/workflows/proxy_integration_tests_javascript.yml index 0ef5f8b..8220191 100644 --- a/.github/workflows/proxy_integration_tests_javascript.yml +++ b/.github/workflows/proxy_integration_tests_javascript.yml @@ -10,9 +10,26 @@ on: permissions: contents: read + pull-requests: read jobs: + changes: + runs-on: ubuntu-latest + outputs: + relevant: ${{ steps.filter.outputs.relevant }} + steps: + - name: Detect JavaScript changes + id: filter + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 + with: + filters: | + relevant: + - "javascript/**" + - ".github/workflows/proxy_integration_tests_javascript.yml" + integration: + needs: changes + if: needs.changes.outputs.relevant == 'true' runs-on: ubuntu-latest steps: @@ -20,23 +37,7 @@ jobs: with: persist-credentials: false - - name: Detect JavaScript changes - id: changes - run: | - set -euo pipefail - changed="false" - while IFS= read -r file; do - case "${file}" in - javascript/*|.github/workflows/proxy_integration_tests_javascript.yml) - changed="true" - break - ;; - esac - done < <(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}") - echo "changed=${changed}" >> "${GITHUB_OUTPUT}" - - name: Set up Node - if: steps.changes.outputs.changed == 'true' uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 (Node 24) with: node-version: "24" @@ -44,12 +45,10 @@ jobs: cache-dependency-path: javascript/package-lock.json - name: Install dependencies - if: steps.changes.outputs.changed == 'true' working-directory: javascript run: npm ci - name: Require PROXY_URL Actions secret - if: steps.changes.outputs.changed == 'true' env: PROXY_URL: ${{ secrets.PROXY_URL }} run: | @@ -59,12 +58,7 @@ jobs: fi - name: Run integration tests - if: steps.changes.outputs.changed == 'true' working-directory: javascript env: PROXY_URL: ${{ secrets.PROXY_URL }} run: npm test - - - name: Skip when JavaScript files are unchanged - if: steps.changes.outputs.changed != 'true' - run: echo "No JavaScript integration test changes detected; skipping." diff --git a/.github/workflows/proxy_integration_tests_php.yml b/.github/workflows/proxy_integration_tests_php.yml index 830f8e0..6678f04 100644 --- a/.github/workflows/proxy_integration_tests_php.yml +++ b/.github/workflows/proxy_integration_tests_php.yml @@ -10,9 +10,26 @@ on: permissions: contents: read + pull-requests: read jobs: + changes: + runs-on: ubuntu-latest + outputs: + relevant: ${{ steps.filter.outputs.relevant }} + steps: + - name: Detect PHP changes + id: filter + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 + with: + filters: | + relevant: + - "php/**" + - ".github/workflows/proxy_integration_tests_php.yml" + integration: + needs: changes + if: needs.changes.outputs.relevant == 'true' runs-on: ubuntu-latest steps: @@ -20,23 +37,7 @@ jobs: with: persist-credentials: false - - name: Detect PHP changes - id: changes - run: | - set -euo pipefail - changed="false" - while IFS= read -r file; do - case "${file}" in - php/*|.github/workflows/proxy_integration_tests_php.yml) - changed="true" - break - ;; - esac - done < <(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}") - echo "changed=${changed}" >> "${GITHUB_OUTPUT}" - - name: Set up PHP - if: steps.changes.outputs.changed == 'true' uses: shivammathur/setup-php@v2 with: php-version: "8.3" @@ -44,12 +45,10 @@ jobs: coverage: none - name: Install Composer dependencies - if: steps.changes.outputs.changed == 'true' working-directory: php run: composer install --no-interaction --prefer-dist - name: Require PROXY_URL Actions secret - if: steps.changes.outputs.changed == 'true' env: PROXY_URL: ${{ secrets.PROXY_URL }} run: | @@ -59,12 +58,7 @@ jobs: fi - name: Run integration tests - if: steps.changes.outputs.changed == 'true' working-directory: php env: PROXY_URL: ${{ secrets.PROXY_URL }} run: php run_tests.php - - - name: Skip when PHP files are unchanged - if: steps.changes.outputs.changed != 'true' - run: echo "No PHP integration test changes detected; skipping." diff --git a/.github/workflows/proxy_integration_tests_python.yml b/.github/workflows/proxy_integration_tests_python.yml index 8946c58..9edc18e 100644 --- a/.github/workflows/proxy_integration_tests_python.yml +++ b/.github/workflows/proxy_integration_tests_python.yml @@ -10,9 +10,26 @@ on: permissions: contents: read + pull-requests: read jobs: + changes: + runs-on: ubuntu-latest + outputs: + relevant: ${{ steps.filter.outputs.relevant }} + steps: + - name: Detect Python changes + id: filter + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 + with: + filters: | + relevant: + - "python/**" + - ".github/workflows/proxy_integration_tests_python.yml" + integration: + needs: changes + if: needs.changes.outputs.relevant == 'true' runs-on: ubuntu-latest steps: @@ -20,40 +37,21 @@ jobs: with: persist-credentials: false - - name: Detect Python changes - id: changes - run: | - set -euo pipefail - changed="false" - while IFS= read -r file; do - case "${file}" in - python/*|.github/workflows/proxy_integration_tests_python.yml) - changed="true" - break - ;; - esac - done < <(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}") - echo "changed=${changed}" >> "${GITHUB_OUTPUT}" - - name: Set up Python - if: steps.changes.outputs.changed == 'true' uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 (Node 24) with: # Pin for reproducible dependency wheels (pycurl, etc.); adjust as needed. python-version: "3.12" - name: Install system dependencies (pycurl) - if: steps.changes.outputs.changed == 'true' run: sudo apt-get update && sudo apt-get install -y libcurl4-openssl-dev - name: Install example dependencies - if: steps.changes.outputs.changed == 'true' run: | python -m pip install --upgrade pip pip install -r python/requirements.txt - name: Require PROXY_URL Actions secret - if: steps.changes.outputs.changed == 'true' env: PROXY_URL: ${{ secrets.PROXY_URL }} run: | @@ -63,12 +61,7 @@ jobs: fi - name: Run integration tests - if: steps.changes.outputs.changed == 'true' working-directory: python env: PROXY_URL: ${{ secrets.PROXY_URL }} run: python run_tests.py - - - name: Skip when Python files are unchanged - if: steps.changes.outputs.changed != 'true' - run: echo "No Python integration test changes detected; skipping." diff --git a/.github/workflows/proxy_integration_tests_ruby.yml b/.github/workflows/proxy_integration_tests_ruby.yml index 0893081..fee1efa 100644 --- a/.github/workflows/proxy_integration_tests_ruby.yml +++ b/.github/workflows/proxy_integration_tests_ruby.yml @@ -10,9 +10,26 @@ on: permissions: contents: read + pull-requests: read jobs: + changes: + runs-on: ubuntu-latest + outputs: + relevant: ${{ steps.filter.outputs.relevant }} + steps: + - name: Detect Ruby changes + id: filter + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 + with: + filters: | + relevant: + - "ruby/**" + - ".github/workflows/proxy_integration_tests_ruby.yml" + integration: + needs: changes + if: needs.changes.outputs.relevant == 'true' runs-on: ubuntu-latest steps: @@ -20,23 +37,7 @@ jobs: with: persist-credentials: false - - name: Detect Ruby changes - id: changes - run: | - set -euo pipefail - changed="false" - while IFS= read -r file; do - case "${file}" in - ruby/*|.github/workflows/proxy_integration_tests_ruby.yml) - changed="true" - break - ;; - esac - done < <(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}") - echo "changed=${changed}" >> "${GITHUB_OUTPUT}" - - name: Set up Ruby - if: steps.changes.outputs.changed == 'true' uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0 (Node 24) with: ruby-version: "3.3" @@ -44,7 +45,6 @@ jobs: working-directory: ruby - name: Require PROXY_URL Actions secret - if: steps.changes.outputs.changed == 'true' env: PROXY_URL: ${{ secrets.PROXY_URL }} run: | @@ -54,12 +54,7 @@ jobs: fi - name: Run integration tests - if: steps.changes.outputs.changed == 'true' working-directory: ruby env: PROXY_URL: ${{ secrets.PROXY_URL }} run: bundle exec ruby run_tests.rb - - - name: Skip when Ruby files are unchanged - if: steps.changes.outputs.changed != 'true' - run: echo "No Ruby integration test changes detected; skipping."