diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cbf05eef..ddaf9108 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,16 +6,13 @@ on: pull_request: branches: ["main"] -permissions: - contents: read +permissions: read-all jobs: build: runs-on: ubuntu-latest permissions: - actions: read - contents: read security-events: write strategy: diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml index dfc0e276..0554c538 100644 --- a/.github/workflows/check_properties.yml +++ b/.github/workflows/check_properties.yml @@ -1,21 +1,17 @@ -name: Check Properties Files +name: Check Properties Files on PR on: pull_request_target: types: [opened, synchronize, reopened] paths: - "src/main/resources/messages_*.properties" - push: - branches: ["main"] - paths: - - "src/main/resources/messages_en_GB.properties" + +permissions: read-all jobs: check-files: if: github.event_name == 'pull_request_target' runs-on: ubuntu-latest - permissions: - contents: read steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 @@ -164,64 +160,3 @@ jobs: run: | echo "Failing the job because errors were detected." exit 1 - - update-translations-main: - if: github.event_name == 'push' - permissions: - contents: write - pull-requests: write - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up Python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 - with: - python-version: "3.x" - - - name: Run Python script to check files - id: run-check - run: | - echo "Running Python script to check files..." - python .github/scripts/check_language_properties.py \ - --reference-file src/main/resources/messages_en_GB.properties \ - --branch main - - - name: Set up git config - run: | - git config --global user.name "github-actions[bot]" - git config --global user.email "github-actions[bot]@users.noreply.github.com" - - - name: Add translation keys - run: | - git add src/main/resources/messages_*.properties - git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV - - - name: Create Pull Request - id: cpr - if: env.CHANGES_DETECTED == 'true' - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: "Update translation files" - committer: GitHub Action - author: GitHub Action - signoff: true - branch: update_translation_files - title: "Update translation files" - add-paths: | - src/main/resources/messages_*.properties - body: | - Auto-generated by [create-pull-request][1] - - [1]: https://github.com/peter-evans/create-pull-request - labels: Translation - draft: false - delete-branch: true - sign-commits: true diff --git a/.github/workflows/update-translations.yml b/.github/workflows/update-translations.yml new file mode 100644 index 00000000..141d9a72 --- /dev/null +++ b/.github/workflows/update-translations.yml @@ -0,0 +1,71 @@ +name: Update Translations + +on: + push: + branches: ["main"] + paths: + - "src/main/resources/messages_en_GB.properties" + +permissions: read-all + +jobs: + update-translations-main: + if: github.event_name == 'push' + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Set up Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: "3.x" + + - name: Run Python script to check files + id: run-check + run: | + echo "Running Python script to check files..." + python .github/scripts/check_language_properties.py \ + --reference-file src/main/resources/messages_en_GB.properties \ + --branch main + + - name: Set up git config + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + + - name: Add translation keys + run: | + git add src/main/resources/messages_*.properties + git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV + + - name: Create Pull Request + id: cpr + if: env.CHANGES_DETECTED == 'true' + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: "Update translation files" + committer: GitHub Action + author: GitHub Action + signoff: true + branch: update_translation_files + title: "Update translation files" + add-paths: | + src/main/resources/messages_*.properties + body: | + Auto-generated by [create-pull-request][1] + + [1]: https://github.com/peter-evans/create-pull-request + labels: Translation + draft: false + delete-branch: true + sign-commits: true