From 056aec5392bbecdd7efa563807bd5a88acd7fe5d Mon Sep 17 00:00:00 2001
From: Tom Stovall <tom.stovall@pantheon.io>
Date: Tue, 14 Jan 2025 13:31:17 -0800
Subject: [PATCH 1/3] update github actions

---
 .github/workflows/dependabot-merge-prs.yml | 18 ++++++++++
 .github/workflows/dependabot.yml           | 33 +++++++++++++++++
 .github/workflows/release.yml              | 42 ++++++++--------------
 3 files changed, 65 insertions(+), 28 deletions(-)
 create mode 100644 .github/workflows/dependabot-merge-prs.yml
 create mode 100644 .github/workflows/dependabot.yml

diff --git a/.github/workflows/dependabot-merge-prs.yml b/.github/workflows/dependabot-merge-prs.yml
new file mode 100644
index 0000000..b1ef38a
--- /dev/null
+++ b/.github/workflows/dependabot-merge-prs.yml
@@ -0,0 +1,18 @@
+name: Auto-merge Dependabot PRs
+
+on: pull_request_target
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
\ No newline at end of file
diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
new file mode 100644
index 0000000..b4a24a3
--- /dev/null
+++ b/.github/workflows/dependabot.yml
@@ -0,0 +1,33 @@
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: ".github/workflows"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "github_actions"
+    reviewers:
+      - "dependabot"
+
+  # Maintain dependencies for Composer
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    commit-message:
+      prefix: "composer"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "php"
+    versioning-strategy: "increase-if-necessary"
+    allow:
+      - dependency-type: "direct"
+      - dependency-type: "indirect"
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6654e61..960461a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,7 +8,6 @@ jobs:
     name: "Run validation test suite"
     runs-on: ubuntu-latest
     env:
-      # GITHUB_CONTEXT: ${{ toJson(github) }}
       WP_CLI_BIN_DIR: /tmp/wp-cli-phar
       DB_NAME: pantheon
       DB_USER: pantheon
@@ -44,10 +43,10 @@ jobs:
       - name: Get Composer Cache Directory
         id: composer-cache
         run: |
-          echo "::set-output name=dir::$(composer config cache-files-dir)"
+          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache Composer Downloads
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -55,7 +54,7 @@ jobs:
             ${{ runner.os }}-composer-
 
       - name: Cache PHP dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: vendor
           key: ${{ runner.OS }}-build-${{ hashFiles('**/composer.lock') }}
@@ -66,7 +65,6 @@ jobs:
 
       - name: Install WP-CLI
         run: |
-          # The Behat test suite will pick up the executable found in $WP_CLI_BIN_DIR
           mkdir -p $WP_CLI_BIN_DIR
           curl -s https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar > $WP_CLI_BIN_DIR/wp
           chmod +x $WP_CLI_BIN_DIR/wp
@@ -80,22 +78,25 @@ jobs:
           vendor/bin/behat --ansi
 
       - name: Archive phar
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: wp-launch-check-phar
           path: wp_launch_check.phar
           retention-days: 5
+          if-no-files-found: error
 
   deploy-packages:
     name: Deploy
     runs-on: ubuntu-latest
     needs: [validate]
+    permissions:
+      contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Download Phar
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: wp-launch-check-phar
 
@@ -105,26 +106,11 @@ jobs:
         with:
           myToken: ${{ secrets.ACCESS_TOKEN }}
 
-      - name: Create Release
-        id: create_release
-        uses: actions/create-release@latest
-        env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      - name: Release
+        uses: softprops/action-gh-release@v1
         with:
-          tag_name: ${{ github.ref }}
-          release_name: ${{ github.ref }}
-          body: |
-            ${{ steps.changelog.outputs.changelog }}
+          token: ${{ secrets.ACCESS_TOKEN }}
+          body: ${{ steps.changelog.outputs.changelog }}
+          files: wp_launch_check.phar
           draft: false
-          prerelease: false
-
-      - name: Upload Release Asset
-        id: upload-release-asset
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./wp_launch_check.phar
-          asset_name: wp_launch_check.phar
-          asset_content_type: application/zip
+          prerelease: false
\ No newline at end of file

From 39c3d756df312a52ae759f65e23d87121f8a2c23 Mon Sep 17 00:00:00 2001
From: Tom Stovall <tom.stovall@pantheon.io>
Date: Tue, 14 Jan 2025 13:52:15 -0800
Subject: [PATCH 2/3] update to daily

---
 .github/workflows/dependabot.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
index b4a24a3..b348b15 100644
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -2,9 +2,9 @@ version: 2
 updates:
   # Maintain dependencies for GitHub Actions
   - package-ecosystem: "github-actions"
-    directory: ".github/workflows"
+    directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
     open-pull-requests-limit: 10
     commit-message:
       prefix: "ci"

From 41c139d67f2d674318f8539a287e72573f85c74a Mon Sep 17 00:00:00 2001
From: Tom Stovall <tom.stovall@pantheon.io>
Date: Tue, 14 Jan 2025 17:12:25 -0800
Subject: [PATCH 3/3] removing auto-merge\

---
 .github/workflows/dependabot-merge-prs.yml | 18 ------------------
 1 file changed, 18 deletions(-)
 delete mode 100644 .github/workflows/dependabot-merge-prs.yml

diff --git a/.github/workflows/dependabot-merge-prs.yml b/.github/workflows/dependabot-merge-prs.yml
deleted file mode 100644
index b1ef38a..0000000
--- a/.github/workflows/dependabot-merge-prs.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: Auto-merge Dependabot PRs
-
-on: pull_request_target
-
-permissions:
-  pull-requests: write
-  contents: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - name: Enable auto-merge for Dependabot PRs
-        run: gh pr merge --auto --merge "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
\ No newline at end of file