frederickw082922 · frederickw082922 · Mar 10, 2026 · Jan 12, 2026 · Jan 12, 2026 · Jan 12, 2026
diff --git a/.github/workflows/auto-pre-commit-merge.yml b/.github/workflows/auto-pre-commit-merge.yml
@@ -32,87 +32,80 @@ jobs:
     steps:
       # Step 1: Verify that the PR was created by the pre-commit-ci bot
       # This is a security measure to ensure we only auto-merge bot PRs
+      # Identifier used to reference this step's outputs in later steps
+      # Compare the actor (PR creator) with the expected bot username
+      # Set output variable to true if it's the pre-commit bot
+      # Set output variable to false for any other user/bot
       - name: Check PR author
-        id: check_author # Identifier used to reference this step's outputs in later steps
+        id: check_author
         run: |
-          # Compare the actor (PR creator) with the expected bot username
           if [[ "${{ github.actor }}" == "pre-commit-ci[bot]" ]]; then
-            # Set output variable to true if it's the pre-commit bot
             echo "is_precommit_bot=true" >> $GITHUB_OUTPUT
           else
-            # Set output variable to false for any other user/bot
             echo "is_precommit_bot=false" >> $GITHUB_OUTPUT
           fi
 
       # Step 2: Clone the repository to analyze the changes
       # This step only runs if the previous step confirmed it's the pre-commit bot
+      # Use the main branch of the checkout action
+      # Fetch all history for all branches and tags (needed for git diff)
       - name: Checkout code
         if: steps.check_author.outputs.is_precommit_bot == 'true'
-        uses: actions/checkout@main  # Use the main branch of the checkout action
+        uses: actions/checkout@main
         with:
-          fetch-depth: 0 # Fetch all history for all branches and tags (needed for git diff)
+          fetch-depth: 0
 
       # Step 3: Verify that ONLY the .pre-commit-config.yaml file was modified
       # This is a critical safety check to prevent auto-merging unintended changes
+      # Get the list of files changed between the base branch and the PR head
+      # origin/${{ github.base_ref }} is the target branch (e.g., main)
+      # HEAD is the current PR branch
+      # Check if the ONLY changed file is .pre-commit-config.yaml
+      # If other files changed, don't auto-merge (requires manual review)
       - name: Check if only .pre-commit-config.yaml changed
         if: steps.check_author.outputs.is_precommit_bot == 'true'
         id: check_changes
         run: |
-          # Get the list of files changed between the base branch and the PR head
-          # origin/${{ github.base_ref }} is the target branch (e.g., main)
-          # HEAD is the current PR branch
-          changed_files=$(git diff --name-only origin/${{ github.base_ref }}...HEAD)
-          echo "Changed files: $changed_files"  # Log for debugging purposes
-
-          # Check if the ONLY changed file is .pre-commit-config.yaml
+          changed_files=$(git diff --name-only origin/devel...HEAD)
+          echo "Changed files: $changed_files"
           if [[ "$changed_files" == ".pre-commit-config.yaml" ]]; then
             echo "only_precommit=true" >> $GITHUB_OUTPUT
           else
-            # If other files changed, don't auto-merge (requires manual review)
             echo "only_precommit=false" >> $GITHUB_OUTPUT
           fi
 
       # Step 4: Automatically approve the PR
       # Only runs if all previous checks passed (bot author + only pre-commit config changed)
+      # Third-party action for PR approval
       - name: Auto-approve PR
         if: steps.check_changes.outputs.only_precommit == 'true'
-        uses: hmarr/auto-approve-action@v4 # Third-party action for PR approval
+        uses: hmarr/auto-approve-action@v4
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ secrets.BOT_PAT }}
 
       # Step 5: Add an informative comment to the PR
       # This provides transparency about what the workflow is doing
+      # Allows running custom JavaScript in the workflow
       - name: Add comment on PR
         if: steps.check_changes.outputs.only_precommit == 'true'
-        uses: actions/github-script@main # Allows running custom JavaScript in the workflow
+        uses: actions/github-script@v8
         with:
-          github-token: ${{ secrets.BOT_PAT }}
           script: |
-            # Use the GitHub REST API to create a comment on the PR
             github.rest.issues.createComment({
-              issue_number: context.issue.number, # PR number from the event context
-              owner: context.repo.owner, # Repository owner
-              repo: context.repo.repo, # Repository name
-              body: "Auto-approved pre-commit version update. Merging after checks pass."
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'Auto-approved pre-commit version update. Merging after checks pass.'
             })
 
-      # Step 6: Wait for all CI/CD checks to complete successfully
-      # This ensures we don't merge a PR that breaks tests or other quality checks
-      - name: Wait for all checks to pass
-        if: steps.check_changes.outputs.only_precommit == 'true'
-        uses: lewagon/wait-on-check-action@master
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}  # The commit SHA to check
-          repo-token: ${{ secrets.BOT_PAT }}
-          wait-interval: 20  # Check status every 20 seconds
-          allowed-conclusions: success  # Only proceed if all checks succeed (not skipped/neutral)
-
-      # Step 7: Automatically merge the PR
+      # Step 6: Automatically merge the PR
       # This is the final step, only executed after all checks pass
+       # Squash all commits into a single commit on merge
       - name: Auto-merge PR
         if: steps.check_changes.outputs.only_precommit == 'true'
         uses: pascalgn/automerge-action@main
         env:
           GITHUB_TOKEN: ${{ secrets.BOT_PAT }}
-          MERGE_METHOD: squash  # Squash all commits into a single commit on merge
+          MERGE_LABELS: "automerge"
+          MERGE_METHOD: "squash"
           # Other options: merge (creates merge commit), rebase (rebases commits)
diff --git a/.github/workflows/manual-pre-commit-merge.yml b/.github/workflows/manual-pre-commit-merge.yml
@@ -32,88 +32,80 @@ jobs:
     steps:
       # Step 1: Verify that the PR was created by the pre-commit-ci bot
       # This is a security measure to ensure we only auto-merge bot PRs
+      # Identifier used to reference this step's outputs in later steps
+      # Compare the actor (PR creator) with the expected bot username
+      # Set output variable to true if it's the pre-commit bot
+      # Set output variable to false for any other user/bot
       - name: Check PR author
-        id: check_author # Identifier used to reference this step's outputs in later steps
+        id: check_author
         run: |
-          # Compare the actor (PR creator) with the expected bot username
           if [[ "${{ github.actor }}" == "uk-bolly" ]]; then
-            # Set output variable to true if it's the pre-commit bot
             echo "is_precommit_bot=true" >> $GITHUB_OUTPUT
           else
-            # Set output variable to false for any other user/bot
             echo "is_precommit_bot=false" >> $GITHUB_OUTPUT
           fi
 
       # Step 2: Clone the repository to analyze the changes
       # This step only runs if the previous step confirmed it's the pre-commit bot
+      # Use the main branch of the checkout action
+      # Fetch all history for all branches and tags (needed for git diff)
       - name: Checkout code
         if: steps.check_author.outputs.is_precommit_bot == 'true'
-        uses: actions/checkout@main  # Use the main branch of the checkout action
+        uses: actions/checkout@main
         with:
-          fetch-depth: 0 # Fetch all history for all branches and tags (needed for git diff)
+          fetch-depth: 0
 
       # Step 3: Verify that ONLY the .pre-commit-config.yaml file was modified
       # This is a critical safety check to prevent auto-merging unintended changes
+      # Get the list of files changed between the base branch and the PR head
+      # origin/${{ github.base_ref }} is the target branch (e.g., main)
+      # HEAD is the current PR branch
+      # Check if the ONLY changed file is .pre-commit-config.yaml
+      # If other files changed, don't auto-merge (requires manual review)
       - name: Check if only .pre-commit-config.yaml changed
         if: steps.check_author.outputs.is_precommit_bot == 'true'
         id: check_changes
         run: |
-          # Get the list of files changed between the base branch and the PR head
-          # origin/${{ github.base_ref }} is the target branch (e.g., main)
-          # HEAD is the current PR branch
-          changed_files=$(git diff --name-only origin/${{ github.base_ref }}...HEAD)
-          echo "Changed files: $changed_files"  # Log for debugging purposes
-
-          # Check if the ONLY changed file is .pre-commit-config.yaml
+          changed_files=$(git diff --name-only origin/devel...HEAD)
+          echo "Changed files: $changed_files"
           if [[ "$changed_files" == ".pre-commit-config.yaml" ]]; then
             echo "only_precommit=true" >> $GITHUB_OUTPUT
           else
-            # If other files changed, don't auto-merge (requires manual review)
             echo "only_precommit=false" >> $GITHUB_OUTPUT
           fi
 
       # Step 4: Automatically approve the PR
       # Only runs if all previous checks passed (bot author + only pre-commit config changed)
+      # Third-party action for PR approval
       - name: Auto-approve PR
         if: steps.check_changes.outputs.only_precommit == 'true'
-        uses: hmarr/auto-approve-action@v4 # Third-party action for PR approval
+        uses: hmarr/auto-approve-action@v4
         with:
           github-token: ${{ secrets.BOT_PAT }}
 
       # Step 5: Add an informative comment to the PR
       # This provides transparency about what the workflow is doing
+      # Allows running custom JavaScript in the workflow
       - name: Add comment on PR
         if: steps.check_changes.outputs.only_precommit == 'true'
-        uses: actions/github-script@main # Allows running custom JavaScript in the workflow
+        uses: actions/github-script@v8
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
-            # Use the GitHub REST API to create a comment on the PR
             github.rest.issues.createComment({
-              issue_number: context.issue.number, # PR number from the event context
-              owner: context.repo.owner, # Repository owner
-              repo: context.repo.repo, # Repository name
-              body: "Auto-approved pre-commit version update. Merging after checks pass."
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'Auto-approved pre-commit version update. Merging after checks pass.'
             })
 
-      # Step 6: Wait for all CI/CD checks to complete successfully
-      # This ensures we don't merge a PR that breaks tests or other quality checks
-      - name: Wait for all checks to pass
-        if: steps.check_changes.outputs.only_precommit == 'true'
-        uses: lewagon/wait-on-check-action@master
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}  # The commit SHA to check
-          repo-token: ${{ secrets.BOT_PAT }}
-          wait-interval: 20  # Check status every 20 seconds
-          allowed-conclusions: success  # Only proceed if all checks succeed (not skipped/neutral)
-
-      # Step 7: Automatically merge the PR
+      # Step 6: Automatically merge the PR
       # This is the final step, only executed after all checks pass
+       # Squash all commits into a single commit on merge
       - name: Auto-merge PR
         if: steps.check_changes.outputs.only_precommit == 'true'
         uses: pascalgn/automerge-action@main
         env:
-
           GITHUB_TOKEN: ${{ secrets.BOT_PAT }}
-          MERGE_METHOD: squash  # Squash all commits into a single commit on merge
+          MERGE_LABELS: "automerge"
+          MERGE_METHOD: "squash"
           # Other options: merge (creates merge commit), rebase (rebases commits)
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -46,7 +46,7 @@ repos:
   - id: gitleaks
 
 - repo: https://github.com/ansible-community/ansible-lint
-  rev: v25.12.1
+  rev: v26.3.0
   hooks:
   - id: ansible-lint
     name: Ansible-lint
@@ -65,7 +65,7 @@ repos:
     # - ansible-core>=2.10.1
 
 - repo: https://github.com/adrienverge/yamllint.git
-  rev: v1.37.1  # or higher tag
+  rev: v1.38.0  # or higher tag
   hooks:
   - id: yamllint
     name: Check YAML Lint