Enhance GitHub workflows (handle Dependabot, etc.)

[louismaximepiton]

Fixes #847

Features :

• Keep the Boosted method with the skip labels (But should be less used now).
• Remove dependabot branches by the actor dependabot itself.
• Move the checks at a job level.
• Dependabot ci could be triggered by any user action on the PR (adding a label).
• Removed the optimize dupe workflow on Boosted.

Note :

• top-level triggers such as push or pull_request are in a OR statement. That means that either will trigger action. On the other side (and I'm sorry, I misunderstood this at first) the branches, tags or paths are in a AND statement. That means that a worflow will trigger if the changes are in a specified path AND on a specified branch. (link)
• The pull_request trigger branches is the base branch, so that's why former workflow was not ignoring it.
• The different types of pull_requests are here.
• Doesn't cause any issue atm but workflow-dispatch could have issues in the future, triggering the workflow manually with the skip:ci label activatede. (IF conditions in step is ignored when called in a workflow_call actions/runner#2005)

[julien-deramond]

@louismaximepiton Apparently Bootstrap is working on this topic as well via twbs/bootstrap#35574. Maybe to compare with what you've done so far.

[julien-deramond]

@louismaximepiton Since we're waiting to see what Bootstrap will do with Dependabot, is it possible to extract in an another PR your work on Percy (Browserstack) to run it automatically for main && v4-dev and manually for pushes and PRs? IMO it could be reviewed/merged independently.

Note: For the "manual" workflows with Percy and Browserstack, we'll need to update the DoDs to explain how to update the snapshots after each merges.

[XhmikosR]

What's the issue with dependabot exactly? Trying to understand if we are missing something upstream.

I still need some help with BrowserStack and PRs, but other than the twbs/bootstrap#35574 is ready to be merged.

[julien-deramond]

What's the issue with dependabot exactly? Trying to understand if we are missing something upstream.

I still need some help with BrowserStack and PRs, but other than the twbs/bootstrap#35574 is ready to be merged.

@XhmikosR We are still discussing it but we plan to do something like that:

• Basically it is very handy to know when the dependencies need to be updated but we want to stop launching the jobs automatically from Dependabot PRs because:
  • Most of the time we are waiting for you (Bootstrap) to update the dependencies to avoid conflicts
  • For our unique dependencies like pa11y-ci (and some others) I still need to check it manually (I never merge directly from the Dependabot PRs or rarely)
  • It slows down everything when it re-runs jobs while pushing real PRs or branches in the meantime
  • We have a limited amount of Browserstack / Percy runs and snapshots each month
• Run manually Percy when needed (and maybe Browserstack as well) just before merging a PR
• Run automatically Percy and Browserstack only for the main branch (and maybe v4-dev)

We also have skip:browserstack, skip:ci etc. labels to avoid some actions to be run but it is not really automatic and not enough. We also thought using our skip:ci label on all Dependabot PRs (a bit uglier than to tackle the real problem :p)

[julien-deramond]

This PR needs a rebase after the merge of #1004

[netlify]

✅ Deploy Preview for boosted ready!

Name	Link
🔨 Latest commit	c5f2cce
🔍 Latest deploy log	https://app.netlify.com/sites/boosted/deploys/63847a20eb445d000895557d
😎 Deploy Preview	https://deploy-preview-983--boosted.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[julien-deramond]

@louismaximepiton Is this PR still fixing the issue and up to date? Can it be reviewed?

[julien-deramond]

Modifications seems logical. I won't try all the use cases myself. Trust you on this. Let's merge and see if it works as expected. 🚀 🤖

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information