From 130479aa6e50b2d9ac7bc73a83a57c551365936f Mon Sep 17 00:00:00 2001 From: jmeridth Date: Fri, 7 Jun 2024 15:09:49 -0500 Subject: [PATCH] chore: standardize github action types - [x] use one line lists for types and branches - [x] fix formatting (random 2 space column on some of the workflows) - [x] add `edited` and `reopened` to some of the workflows Signed-off-by: jmeridth --- .github/workflows/auto-labeler.yml | 40 +++---- .github/workflows/linter.yaml | 2 +- .github/workflows/pr-title.yml | 5 +- .github/workflows/release.yml | 178 ++++++++++++++--------------- .github/workflows/scorecard.yml | 2 +- 5 files changed, 111 insertions(+), 116 deletions(-) diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml index 9cb7f26..7ee1928 100644 --- a/.github/workflows/auto-labeler.yml +++ b/.github/workflows/auto-labeler.yml @@ -1,24 +1,24 @@ --- - name: Auto Labeler +name: Auto Labeler - on: - # pull_request_target event is required for autolabeler to support all PRs including forks - pull_request_target: - types: [opened, reopened, synchronize] +on: + # pull_request_target event is required for autolabeler to support all PRs including forks + pull_request_target: + types: [ opened, reopened, edited, synchronize ] - permissions: - contents: read +permissions: + contents: read - jobs: - main: - permissions: - contents: write - pull-requests: write - name: Auto label pull requests - runs-on: ubuntu-latest - steps: - - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - config-name: release-drafter.yml +jobs: + main: + permissions: + contents: write + pull-requests: write + name: Auto label pull requests + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + config-name: release-drafter.yml diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml index 1a8a28a..2ff3373 100644 --- a/.github/workflows/linter.yaml +++ b/.github/workflows/linter.yaml @@ -3,7 +3,7 @@ name: Lint Code Base on: pull_request: - branches: main + branches: [ main ] permissions: contents: read diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 50a04a8..3746ac8 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -4,10 +4,7 @@ name: "Lint PR Title" on: pull_request_target: - types: - - opened - - edited - - synchronize + types: [ opened, reopened, edited, synchronize ] permissions: contents: read diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b1953de..34b1465 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,94 +1,92 @@ --- - name: Release +name: Release - on: - workflow_dispatch: - pull_request_target: - types: - - closed - branches: - - main +on: + workflow_dispatch: + pull_request_target: + types: [ closed ] + branches: [ main ] - permissions: - contents: read +permissions: + contents: read - jobs: - create_release: - # release if - # manual deployment OR - # merged to main and labelled with release labels - if: | - (github.event_name == 'workflow_dispatch') || - (github.event.pull_request.merged == true && - (contains(github.event.pull_request.labels.*.name, 'breaking') || - contains(github.event.pull_request.labels.*.name, 'feature') || - contains(github.event.pull_request.labels.*.name, 'vuln') || - contains(github.event.pull_request.labels.*.name, 'release'))) - outputs: - full-tag: ${{ steps.release-drafter.outputs.tag_name }} - short-tag: ${{ steps.get_tag_name.outputs.SHORT_TAG }} - body: ${{ steps.release-drafter.outputs.body }} - runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: read - steps: - - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 - id: release-drafter - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - config-name: release-drafter.yml - publish: true - - name: Get the short tag - id: get_tag_name - run: | - short_tag=$(echo ${{ steps.release-drafter.outputs.tag_name }} | cut -d. -f1) - echo "SHORT_TAG=$short_tag" >> $GITHUB_OUTPUT - create_action_images: - needs: create_release - runs-on: ubuntu-latest - permissions: - packages: write - env: - REGISTRY: ghcr.io - IMAGE_NAME: github/issue_metrics # different than repo name (underscore instead of dash) - steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb - - name: Log in to the Container registry - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - name: Push Docker Image - if: ${{ success() }} - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 - with: - context: . - file: ./Dockerfile - push: true - tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create_release.outputs.full-tag }} - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create_release.outputs.short-tag }} - platforms: linux/amd64 - provenance: false - sbom: false - create_discussion: - needs: create_release - runs-on: ubuntu-latest - permissions: - discussions: write - steps: - - name: Create an announcement discussion for release - uses: abirismyname/create-discussion@6e6ef67e5eeb042343ef8b3d8d0f5d545cbdf024 - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - title: ${{ needs.create_release.outputs.full-tag }} - body: ${{ needs.create_release.outputs.body }} - repository-id: ${{ secrets.RELEASE_DISCUSSION_REPOSITORY_ID }} - category-id: ${{ secrets.RELEASE_DISCUSSION_CATEGORY_ID }} +jobs: + create_release: + # release if + # manual deployment OR + # merged to main and labelled with release labels + if: | + (github.event_name == 'workflow_dispatch') || + (github.event.pull_request.merged == true && + (contains(github.event.pull_request.labels.*.name, 'breaking') || + contains(github.event.pull_request.labels.*.name, 'feature') || + contains(github.event.pull_request.labels.*.name, 'vuln') || + contains(github.event.pull_request.labels.*.name, 'release'))) + outputs: + full-tag: ${{ steps.release-drafter.outputs.tag_name }} + short-tag: ${{ steps.get_tag_name.outputs.SHORT_TAG }} + body: ${{ steps.release-drafter.outputs.body }} + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: read + steps: + - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 + id: release-drafter + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + config-name: release-drafter.yml + publish: true + - name: Get the short tag + id: get_tag_name + run: | + short_tag=$(echo ${{ steps.release-drafter.outputs.tag_name }} | cut -d. -f1) + echo "SHORT_TAG=$short_tag" >> $GITHUB_OUTPUT + create_action_images: + needs: create_release + runs-on: ubuntu-latest + permissions: + packages: write + env: + REGISTRY: ghcr.io + IMAGE_NAME: github/issue_metrics # different than repo name (underscore instead of dash) + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb + - name: Log in to the Container registry + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - name: Push Docker Image + if: ${{ success() }} + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 + with: + context: . + file: ./Dockerfile + push: true + tags: | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create_release.outputs.full-tag }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create_release.outputs.short-tag }} + platforms: linux/amd64 + provenance: false + sbom: false + create_discussion: + needs: create_release + runs-on: ubuntu-latest + permissions: + discussions: write + steps: + - name: Create an announcement discussion for release + uses: abirismyname/create-discussion@6e6ef67e5eeb042343ef8b3d8d0f5d545cbdf024 + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + title: ${{ needs.create_release.outputs.full-tag }} + body: ${{ needs.create_release.outputs.body }} + repository-id: ${{ secrets.RELEASE_DISCUSSION_REPOSITORY_ID }} + category-id: ${{ secrets.RELEASE_DISCUSSION_CATEGORY_ID }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e378486..c5158ae 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -11,7 +11,7 @@ on: schedule: - cron: '29 11 * * 6' push: - branches: ["main"] + branches: [ main ] permissions: read-all