From 76363b88928e68ad56b7e600b39d321c3526dabc Mon Sep 17 00:00:00 2001
From: Steve Axthelm <steve@puppet.com>
Date: Fri, 26 Jan 2024 12:09:29 -0800
Subject: [PATCH] (maint) add testing, release, and security workflows

Also update codeowners to dumpling and skeletor
---
 .github/workflows/release.yml  | 64 ++++++++++++++++++++++++++++++++++
 .github/workflows/security.yml | 39 +++++++++++++++++++++
 .github/workflows/testing.yml  | 23 ++++++++++++
 CODEOWNERS                     |  2 +-
 4 files changed, 127 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/release.yml
 create mode 100644 .github/workflows/security.yml
 create mode 100644 .github/workflows/testing.yml

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..4ca11a4
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,64 @@
+name: Tag Release & Push Gem
+
+on: workflow_dispatch
+
+jobs:
+  release:
+    name: Validate Docs, Tag, and Push Gem
+    runs-on: ubuntu-latest
+    if: github.repository == 'puppetlabs/beaker-answers'
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.ref }}
+        clean: true
+        fetch-depth: 0
+
+    - name: Get New Version
+      id: nv
+      run: |
+        version=$(grep STRING lib/beaker-answers/version.rb |rev |cut -d "'" -f2 |rev)
+        echo "version=$version" >> $GITHUB_OUTPUT
+        echo "Found version $version from lib/beaker-answers/version.rb"
+
+    - name: Get Current Version
+      uses: actions/github-script@v7
+      id: cv
+      with:
+        script: |
+          const { data: response } = await github.rest.repos.getLatestRelease({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+          })
+          console.log(`The latest release is ${response.tag_name}`)
+          return response.tag_name
+        result-encoding: string
+
+    - name: Tag Release
+      uses: ncipollo/release-action@v1
+      with:
+        tag: ${{ steps.nv.outputs.version }}
+        token: ${{ secrets.GITHUB_TOKEN }}
+        bodyfile: release-notes.md
+        draft: false
+        prerelease: false
+
+    - name: Set up Ruby 2.7
+      uses: actions/setup-ruby@v1
+      with:
+        version: 2.7.x
+
+    - name: Build gem
+      run: gem build *.gemspec
+
+    - name: Publish gem
+      run: |
+        mkdir -p $HOME/.gem
+        touch $HOME/.gem/credentials
+        chmod 0600 $HOME/.gem/credentials
+        printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        gem push *.gem
+      env:
+        GEM_HOST_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 0000000..0486d12
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,39 @@
+name: Security
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  scan:
+    name: Mend Scanning
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout repo content
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 1
+    - name: setup ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.7
+    # setup a package lock if one doesn't exist, otherwise do nothing
+    - name: check lock
+      run: '[ -f "Gemfile.lock" ] && echo "package lock file exists, skipping" || bundle lock'
+    # install java
+    - uses: actions/setup-java@v4
+      with:
+        distribution: 'temurin' # See 'Supported distributions' for available options
+        java-version: '17'
+    # download mend
+    - name: download_mend
+      run: curl -o wss-unified-agent.jar https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar
+    - name: run mend
+      run: java -jar wss-unified-agent.jar
+      env:
+        WS_APIKEY: ${{ secrets.MEND_API_KEY }}
+        WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent
+        WS_USERKEY: ${{ secrets.MEND_TOKEN }}
+        WS_PRODUCTNAME: RE
+        WS_PROJECTNAME: ${{ github.event.repository.name }}
\ No newline at end of file
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
new file mode 100644
index 0000000..94f9e41
--- /dev/null
+++ b/.github/workflows/testing.yml
@@ -0,0 +1,23 @@
+name: Testing
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  spec_tests:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version:
+          - '2.7'
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: Run spec tests
+      run: bundle exec rake test
\ No newline at end of file
diff --git a/CODEOWNERS b/CODEOWNERS
index 5ebb9d6..1f24d75 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -1,2 +1,2 @@
 # This repo is owned by the Installer team
-* @puppetlabs/installer-and-management
+* @puppetlabs/dumpling @puppetlabs/skeletor