diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml deleted file mode 100644 index 928bba2e..00000000 --- a/.github/workflows/auto-merge.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: auto-merge - -on: pull_request - -jobs: - auto-merge: - timeout-minutes: 5 - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: ahmadnassri/action-dependabot-auto-merge@v2 - with: - github-token: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/commit-lint.yml b/.github/workflows/commit-lint.yml deleted file mode 100644 index 1323a9b3..00000000 --- a/.github/workflows/commit-lint.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: commit-lint - -on: [push, pull_request] - -jobs: - commit-lint: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: ahmadnassri/action-commit-lint@v1 - with: - config: .github/linters/.commit-lint.yml diff --git a/.github/workflows/pull_request_target.yml b/.github/workflows/pull_request_target.yml new file mode 100644 index 00000000..060563d8 --- /dev/null +++ b/.github/workflows/pull_request_target.yml @@ -0,0 +1,79 @@ +# ------------------------------------------------------------- # +# Note: this file is automatically managed in template-template # +# ------------------------------------------------------------- # + +on: pull_request_target + +name: pull_request_target + +permissions: + pull-requests: write + contents: write + +jobs: + metadata: + runs-on: ubuntu-latest + + outputs: + repository: ${{ steps.metadata.outputs.repository }} + + steps: + - uses: actions/checkout@v2.3.5 + + - uses: ahmadnassri/action-metadata@v1 + id: metadata + + auto-merge: + timeout-minutes: 5 + + runs-on: ubuntu-latest + + # only run for dependabot PRs + if: ${{ github.actor == 'dependabot[bot]' }} + + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + + steps: + - id: dependabot + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: auto merge conditions + id: auto-merge + if: | + ( + steps.dependabot.outputs.update-type == 'version-update:semver-patch' && + contains('direct:production,indirect:production', steps.dependabot.outputs.dependency-type) + ) || ( + steps.dependabot.outputs.update-type == 'version-update:semver-minor' && + contains('direct:development,indirect:development', steps.dependabot.outputs.dependency-type) + ) + run: echo "::notice ::auto-merge conditions satisfied" + + - name: auto approve pr + if: ${{ steps.auto-merge.conclusion == 'success' }} + run: | + gh pr review --approve "$PR_URL" + gh pr merge --auto --rebase "$PR_URL" + + template-sync: + needs: metadata + + timeout-minutes: 20 + + runs-on: ubuntu-latest + + # only run for templates + if: ${{ fromJSON(needs.metadata.outputs.repository).is_template }} + + steps: + - uses: actions/checkout@v2.3.5 + with: + ref: ${{ github.event.pull_request.head.ref }} + - uses: ahmadnassri/action-workflow-queue@v1.1 + - uses: ahmadnassri/action-template-repository-sync@v1.6.0 + with: + github-token: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 00000000..f8b6c97f --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,234 @@ +# ----------------------------------------------- # +# Note: this file originates in template-node-lib # +# ----------------------------------------------- # + +on: + - push + - workflow_dispatch + +name: push + +jobs: + metadata: + runs-on: ubuntu-latest + + outputs: + repository: ${{ steps.metadata.outputs.repository }} + dockerfile: ${{ steps.dockerfile.outputs.exists }} + + steps: + - uses: actions/checkout@v2.3.5 + + - id: metadata + uses: ahmadnassri/action-metadata@v1 + + - id: dockerfile + run: | + [[ -f "${{ github.workspace }}/Dockerfile" ]] && echo '::set-output name=exists::yes' + + commit-lint: + timeout-minutes: 5 + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2.3.5 + + - uses: ahmadnassri/action-commit-lint@v1 + with: + config: .github/linters/.commit-lint.yml + + super-linter: + timeout-minutes: 5 + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2.3.5 + with: + fetch-depth: 0 + + - uses: github/super-linter/slim@v4 + env: + LOG_LEVEL: ERROR + VALIDATE_JSCPD: 'false' + VALIDATE_ALL_CODEBASE: 'false' + IGNORE_GITIGNORED_FILES: 'true' + FILTER_REGEX_EXCLUDE: '/github/workspace/README.md|test/fixtures/*' + GITHUB_TOKEN: ${{ github.token }} + + npm-audit: + timeout-minutes: 5 + + runs-on: ubuntu-latest + + defaults: + run: + working-directory: ${{ github.workspace }}/action + + steps: + - uses: actions/checkout@v2.3.5 + + - uses: actions/setup-node@v2.4.1 + + - run: npm audit --audit-level=critical + + test: + timeout-minutes: 5 + + runs-on: ubuntu-latest + + defaults: + run: + working-directory: ${{ github.workspace }}/action + + steps: + - uses: actions/setup-node@v2.4.1 + with: + node-version: 12 + + - uses: actions/checkout@v2.3.5 + with: + submodules: true + + - run: npm ci + - run: npm run test:ci + + release: + needs: + - metadata + - test + + # only runs on main branch for non template repos + if: ${{ github.ref == 'refs/heads/master' && !fromJSON(needs.metadata.outputs.repository).is_template }} + + timeout-minutes: 20 + + runs-on: ubuntu-latest + + outputs: + published: ${{ steps.release.outputs.published }} + release-version: ${{ steps.release.outputs.release-version }} + release-version-major: ${{ steps.release.outputs.release-version-major }} + release-version-minor: ${{ steps.release.outputs.release-version-minor }} + + steps: + - uses: actions/checkout@v2.3.5 + with: + submodules: true + + - id: release + uses: ahmadnassri/action-semantic-release@v1 + with: + config: ${{ github.workspace }}/.semantic.json + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + + alias: + needs: release + + if: ${{ needs.release.outputs.published == 'true' }} + + runs-on: ubuntu-latest + strategy: + matrix: + alias: + - version: v${{ needs.release.outputs.release-version-major }} + - version: v${{ needs.release.outputs.release-version-major }}.${{ needs.release.outputs.release-version-minor }} + + steps: + - uses: actions/github-script@v3 + with: + script: | + const tag = 'tags/${{ matrix.alias.version }}' + const repo = { + owner: context.repo.owner, + repo: context.repo.repo + } + + await github.git.deleteRef({ ...repo, ref: tag }).catch(() => {}) + await github.git.createRef({ ...repo, ref: `refs/${tag}` , sha: process.env.GITHUB_SHA }) + + publish-docker: + needs: + - release + - metadata + + timeout-minutes: 5 + + runs-on: ubuntu-latest + + if: ${{ needs.metadata.outputs.dockerfile == 'yes' }} + + steps: + - uses: actions/checkout@v2.3.5 + with: + submodules: true + + - uses: actions/cache@v2.1.6 + with: + path: /tmp/.buildx-cache + key: buildx-${{ github.sha }} + restore-keys: buildx- + + - uses: docker/setup-qemu-action@v1 + - uses: docker/setup-buildx-action@v1 + + # login to docker hub + - uses: docker/login-action@v1 + with: + username: ${{ github.repository_owner }} + password: ${{ secrets.DOCKER_TOKEN }} + + # login to github container registry + - uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GH_TOKEN }} + + - id: hub + run: | + echo "::set-output name=name::$(basename "${GITHUB_REPOSITORY/node-//}")" + echo "::set-output name=version::${{ needs.release.outputs.release-version }}" + + # publish + - uses: docker/build-push-action@v2 + with: + push: true + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + tags: | + ${{ github.repository_owner }}/${{ steps.hub.outputs.name }}:latest + ${{ github.repository_owner }}/${{ steps.hub.outputs.name }}:${{ steps.hub.outputs.release-version }} + ghcr.io/${{ github.repository_owner }}/${{ steps.hub.outputs.name }}:latest + ghcr.io/${{ github.repository_owner }}/${{ steps.hub.outputs.name }}:${{ steps.hub.outputs.release-version }} + labels: | + org.opencontainers.image.title=${{ steps.hub.outputs.name }} + org.opencontainers.image.url=${{ github.event.repository.html_url }} + org.opencontainers.image.version=${{ steps.hub.outputs.release-version }} + org.opencontainers.image.source=${{ github.event.repository.clone_url }} + org.opencontainers.image.revision=${{ github.sha }} + + template-sync: + timeout-minutes: 20 + + needs: + - metadata + - test + - commit-lint + - super-linter + + # only runs on main branch and only for the template + if: ${{ github.ref == 'refs/heads/master' && fromJSON(needs.metadata.outputs.repository).is_template }} + + runs-on: ubuntu-latest + + steps: + - uses: ahmadnassri/action-workflow-queue@v1.1 + + - uses: actions/checkout@v2.3.5 + + - uses: ahmadnassri/action-template-repository-sync@v1.6.0 + with: + github-token: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml deleted file mode 100644 index 8b0cf63e..00000000 --- a/.github/workflows/readme.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: readme - -on: - push: - branches: master - paths: - - docs/** - - colophon.yml - - .github/workflows/readme.yml - -jobs: - readme: - timeout-minutes: 5 - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: docker://pandoc/core:2.11.4 - with: - args: >- - --metadata-file=colophon.yml - --template=docs/README.template - --output=README.md - --from=gfm - --to=gfm - --fail-if-warnings - --wrap=preserve - docs/README.md - - - uses: actions/github-script@v3 - with: - github-token: ${{secrets.GH_TOKEN}} - script: | - const { readFileSync } = require('fs') - - const path = 'README.md' - - const content = readFileSync(`${process.env.GITHUB_WORKSPACE}/${path}`) - - const { data } = await github.repos.getContent({ ...context.repo, path }) - - if (Buffer.from(data.content, 'base64').compare(content) === 0) return - - await github.repos.createOrUpdateFileContents({...context.repo, path, - sha: data.sha, - message: 'docs(readme): update readme', - content: content.toString('base64') - }) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index c0c38ab4..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,104 +0,0 @@ -name: release - -on: - workflow_run: - workflows: [ test ] - branches: [ master ] - types: [ completed ] - -jobs: - release: - if: ${{ github.event.workflow_run.conclusion == 'success' }} - - runs-on: ubuntu-latest - - outputs: - published: ${{ steps.release.outputs.published }} - release-version: ${{ steps.release.outputs.release-version }} - release-version-major: ${{ steps.release.outputs.release-version-major }} - release-version-minor: ${{ steps.release.outputs.release-version-minor }} - - steps: - - uses: actions/checkout@v2 - - id: release - uses: ahmadnassri/action-semantic-release@v1 - with: - config: ${{ github.workspace }}/.semantic.json - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - alias: - needs: release - - if: needs.release.outputs.published == 'true' - - runs-on: ubuntu-latest - strategy: - matrix: - alias: - - version: v${{ needs.release.outputs.release-version-major }} - - version: v${{ needs.release.outputs.release-version-major }}.${{ needs.release.outputs.release-version-minor }} - - steps: - - uses: actions/github-script@v3 - with: - script: | - const tag = 'tags/${{ matrix.alias.version }}' - const repo = { - owner: context.repo.owner, - repo: context.repo.repo - } - - await github.git.deleteRef({ ...repo, ref: tag }).catch(() => {}) - await github.git.createRef({ ...repo, ref: `refs/${tag}` , sha: process.env.GITHUB_SHA }) - - publish: - needs: release - - if: needs.release.outputs.published == 'true' - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: actions/cache@v2.1.4 - with: - path: /tmp/.buildx-cache - key: buildx-${{ github.sha }} - restore-keys: buildx- - - - uses: docker/setup-qemu-action@v1 - - uses: docker/setup-buildx-action@v1 - - # login to docker hub - - uses: docker/login-action@v1 - with: - username: ${{ github.repository_owner }} - password: ${{ secrets.DOCKER_TOKEN }} - - # login to github container registry - - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GH_TOKEN }} - - # publish - - uses: docker/build-push-action@v2 - with: - push: true - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - tags: | - ${{ github.event.repository.full_name }}:latest - ${{ github.event.repository.full_name }}:v${{ needs.release.outputs.release-version-major }} - ${{ github.event.repository.full_name }}:v${{ needs.release.outputs.release-version }} - ghcr.io/${{ github.event.repository.full_name }}:latest - ghcr.io/${{ github.event.repository.full_name }}:v${{ needs.release.outputs.release-version-major }} - ghcr.io/${{ github.event.repository.full_name }}:v${{ needs.release.outputs.release-version }} - labels: | - org.opencontainers.image.title=${{ github.event.repository.name }} - org.opencontainers.image.url=${{ github.event.repository.html_url }} - org.opencontainers.image.version=${{ needs.release.outputs.release-version }} - org.opencontainers.image.source=${{ github.event.repository.clone_url }} - org.opencontainers.image.revision=${{ github.sha }} diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml deleted file mode 100644 index 697936aa..00000000 --- a/.github/workflows/super-linter.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: super-linter - -on: [ push, pull_request ] - -jobs: - deduplicate: - timeout-minutes: 5 - - runs-on: ubuntu-latest - - # run on external PRs, but on internal PRs as they'll be run by the push to the branch. - if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository - - steps: - - run: echo ::warning ::skipped duplicate run - - lint: - timeout-minutes: 5 - - needs: deduplicate - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: github/super-linter@v3 - env: - LOG_LEVEL: ERROR - VALIDATE_ALL_CODEBASE: false - GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 12e88f8a..00000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: test - -on: [ push, pull_request ] - -defaults: - run: - working-directory: action - -jobs: - deduplicate: - timeout-minutes: 5 - - runs-on: ubuntu-latest - - # run on external PRs, but on internal PRs as they'll be run by the push to the branch. - if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository - - steps: - - run: echo ::warning ::skipped duplicate run - working-directory: . - - audit: - timeout-minutes: 5 - - needs: deduplicate - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2.1.4 - - run: npm audit --audit-level=critical - - test: - timeout-minutes: 5 - - needs: audit - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2.1.4 - with: - node-version: 14 - - - uses: actions/cache@v2.1.4 - with: - path: ~/.npm - key: ${{ hashFiles('**/package-lock.json') }} - - - run: npm ci - - run: npm run test:ci