feat(ci): initial repo setup

teutonet · May 29, 2024 · 8009c05 · 8009c05
commit 8009c05
Show file tree

Hide file tree

Showing 30 changed files with 1,115 additions and 0 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @teutonet/oci-images
diff --git a/.github/auto_assign.yml b/.github/auto_assign.yml
@@ -0,0 +1,3 @@
+addReviewers: false
+addAssignees: author
+runOnDraft: true
diff --git a/.github/json-schema-to-md.yaml b/.github/json-schema-to-md.yaml
@@ -0,0 +1,7 @@
+template_name: md
+show_toc: false
+examples_as_yaml: true
+template_md_options:
+  badge_as_image: true
+link_to_reused_ref: true
+with_footer: false
diff --git a/.github/labels.yml b/.github/labels.yml
@@ -0,0 +1,62 @@
+---
+- color: d73a4a
+  name: breaking
+  description: Introduces a breaking change
+
+- color: a2eeef
+  name: enhancement
+  description: New feature or request
+- color: b20b02
+  name: security
+  description: Security fixes
+
+- color: d73a4a
+  name: bug
+  description: Something isn't working
+- color: 7057ff
+  name: dependencies
+  description: Updates a dependency
+- name: refactor
+  color: 1d76db
+  description: Improvement of existing code, not introducing new features
+
+- color: 0366d6
+  name: documentation
+  description: Improvements or additions to documentation
+
+- color: e4e669
+  name: deprecated
+  description: Will be removed soon
+
+- color: 7057ff
+  name: good first issue
+  description: Good for newcomers
+- color: 008672
+  name: help wanted
+  description: Extra attention is needed
+- color: d876e3
+  name: question
+  description: Further information is requested
+
+- color: cfd3d7
+  name: duplicate
+  description: This issue or pull request already exists
+- color: ffffff
+  name: wontfix
+  description: This will not be worked on
+- color: e4e669
+  name: invalid
+  description: This doesn't seem right
+- color: e4e669
+  name: ignore
+  description: This will be ignored
+- color: cfd3d7
+  name: stale
+  description: This issue or pull request has been marked 'stale' due to lack of recent activity
+
+- name: major
+  color: b60205
+  description: This causes a major version bump in the version number
+- name: minor
+  color: 0e8a16
+  description: This causes a minor version bump in the version number
diff --git a/.github/release-please/config.json b/.github/release-please/config.json
@@ -0,0 +1,31 @@
+{
+  "release-type": "simple",
+  "changelog-sections": [
+    {
+      "type": "feat",
+      "section": "Features"
+    },
+    {
+      "type": "fix",
+      "section": "Bug Fixes"
+    },
+    {
+      "type": "chore",
+      "section": "Miscellaneous Chores"
+    }
+  ],
+  "include-component-in-tag": true,
+  "pull-request-title-pattern": "chore${scope}: [bot] release${component}:${version}",
+  "separate-pull-requests": true,
+  "packages": {
+    "images/ckan": {
+      "package-name": "ckan"
+    },
+    "images/ckan-dcatapde": {
+      "package-name": "ckan-dcatapde"
+    },
+    "images/solr-ckan": {
+      "package-name": "solr-ckan"
+    }
+  }
+}
diff --git a/.github/release-please/manifest.json b/.github/release-please/manifest.json
@@ -0,0 +1 @@
+{"images/ckan":"0.1.0","images/ckan-dcatapde":"0.1.0","images/solr-ckan":"0.1.0"}
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -0,0 +1,17 @@
+{
+  "extends": [
+    "config:best-practices"
+  ],
+  "addLabels": ["dependencies"],
+  "packageRules": [
+    {
+      "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
+      "automerge": true
+    },
+    {
+      "matchDepTypes": ["devDependencies"],
+      "automerge": true
+    }
+  ],
+  "platformAutomerge": true
+}
diff --git a/.github/scripts/sync-codeowners.sh b/.github/scripts/sync-codeowners.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+[[ "$RUNNER_DEBUG" == 1 ]] && set -x
+[[ -o xtrace ]] && export RUNNER_DEBUG=1
+
+echo "* @teutonet/oci-images"
diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml
@@ -0,0 +1,19 @@
+name: lint github workflows
+
+on:
+  pull_request:
+    paths:
+      - ".github/**/*.ya?ml"
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    name: lint github workflows
+    steps:
+      - uses: actions/checkout@v4
+      - name: Add problem matchers
+        run: |
+          # https://github.com/rhysd/actionlint/blob/3a2f2c7/docs/usage.md#problem-matchers
+          curl -LO https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json
+          echo "::add-matcher::actionlint-matcher.json"
+      - uses: docker://rhysd/actionlint:latest
diff --git a/.github/workflows/auto-assign-pr.yaml b/.github/workflows/auto-assign-pr.yaml
@@ -0,0 +1,12 @@
+name: 'Auto Assign'
+on:
+  pull_request:
+    types:
+      - opened
+      - ready_for_review
+
+jobs:
+  auto-assign:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: kentaro-m/[email protected]
diff --git a/.github/workflows/conventional-commits.yaml b/.github/workflows/conventional-commits.yaml
@@ -0,0 +1,16 @@
+name: Check commits for compliance with conventional commit spec
+
+on:
+  - push
+
+jobs:
+  cogCheck:
+    runs-on: ubuntu-latest
+    name: check conventional commit compliance
+    steps:
+      - uses: actions/checkout@main
+        with:
+          fetch-depth: 0
+
+      - name: Conventional commits check
+        uses: oknozor/cocogitto-action@v3
diff --git a/.github/workflows/create-release-prs.yaml b/.github/workflows/create-release-prs.yaml
@@ -0,0 +1,33 @@
+name: Create Release PR for containers
+
+on:
+  workflow_dispatch: {}
+  push:
+    branches:
+      - main
+    paths:
+      - images/**
+
+jobs:
+  createReleasePR:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: googleapis/release-please-action@v4
+        with:
+          skip-github-release: true
+          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          config-file: .github/release-please/config.json
+          manifest-file: .github/release-please/manifest.json
+        id: release-please
+      - uses: actions/checkout@v4
+        if: ${{ steps.release-please.outputs.prs_created == 'true' }}
+      - name: Set PRs to auto-merge
+        if: ${{ steps.release-please.outputs.prs_created == 'true' }}
+        run: |
+          for pr_number in ${PR_NUMBERS};do
+            gh pr merge --auto --squash "$pr_number"
+          done
+        env:
+          GH_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          PR_NUMBERS: ${{ github.event.number }}
+          merge-method: squash
diff --git a/.github/workflows/default-pullrequest.yaml b/.github/workflows/default-pullrequest.yaml
@@ -0,0 +1,12 @@
+name: Validate Pull Request
+
+on:
+  merge_group:
+    types:
+      - checks_requested
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo 'Always success'
diff --git a/.github/workflows/default-update-metadata.yaml b/.github/workflows/default-update-metadata.yaml
@@ -0,0 +1,12 @@
+name: Update metadata files for release
+
+on:
+  push:
+    branches-ignore:
+      - release-please--branches--main--components-*
+
+jobs:
+  update-metadata-files:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo 'Always success'
diff --git a/.github/workflows/release-image.yaml b/.github/workflows/release-image.yaml
@@ -0,0 +1,100 @@
+name: Release Image
+
+on:
+  workflow_dispatch: {}
+  push:
+    branches:
+      - main
+    paths:
+      - .github/release-please/manifest.json
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  release_please:
+    runs-on: ubuntu-latest
+    outputs:
+      releases_created: ${{ steps.release.outputs.releases_created }}
+      paths_released: ${{ steps.release.outputs.paths_released }}
+    steps:
+      - uses: googleapis/release-please-action@v4
+        id: release
+        with:
+          skip-github-pull-request: true
+          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          config-file: .github/release-please/config.json
+          manifest-file: .github/release-please/manifest.json
+  release_image:
+    runs-on: ubuntu-latest
+    needs: release_please
+    if: ${{ needs.release_please.outputs.releases_created }}
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+        image: ${{ fromJson(needs.release_please.outputs.paths_released) }}
+        exclude:
+          - image: images/ckan
+            platform: linux/arm64
+          - image: images/ckan-dcatapde
+            platform: linux/arm64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - name: Detect changes
+        uses: dorny/[email protected]
+        id: filter
+        with:
+          filters: |
+            build:
+              - ${{ matrix.image }}/!(**.md)
+      - name: Get image name
+        env:
+          IMAGE: ${{ matrix.image }}
+        id: get-image-name
+        run: echo "fragment=${IMAGE##*/}" >> "$GITHUB_OUTPUT"
+      - name: Get image version
+        id: get-image-version
+        run: echo "version=$(jq -r '."${{ matrix.image }}"' < .github/release-please/manifest.json)" >> "$GITHUB_OUTPUT"
+      - name: Docker Metadata
+        uses: docker/[email protected]
+        id: meta
+        with:
+          images: ${{ format('{0}/{1}/{2}', env.REGISTRY ,'teutonet/oci-images', steps.get-image-name.outputs.fragment ) }}
+          flavor: |
+            latest=false
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}},value=${{ steps.get-image-version.outputs.version }}
+            type=sha,prefix=
+      - name: Set up QEMU
+        uses: docker/[email protected]
+      - name: Set up Docker BuildX
+        uses: docker/[email protected]
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        id: push
+        uses: docker/[email protected]
+        with:
+          context: ${{ matrix.image }}
+          platforms: ${{ matrix.platform }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          push: ${{ github.event_name != 'pull_request' }}
+  abort:
+    runs-on: ubuntu-latest
+    needs: release_please
+    if: ${{ !needs.release_please.outputs.releases_created }}
+    steps:
+      - name: abort if no release was made
+        run: |
+          gh run cancel ${{ github.run_id }}
+          gh run watch ${{ github.run_id }}
diff --git a/.github/workflows/update-codeowners.yaml b/.github/workflows/update-codeowners.yaml
@@ -0,0 +1,35 @@
+name: Update CODEOWNERS
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  generateCodeowners:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: generate CODEOWNERS
+        run: ./.github/scripts/sync-codeowners.sh > .github/CODEOWNERS
+
+      - name: Create PR
+        id: create-pr
+        uses: peter-evans/create-pull-request@v6
+        with:
+          add-paths: |
+            .github/CODEOWNERS
+          commit-message: "ci: [bot] Update 'CODEOWNERS'"
+          branch: ci/update-codeowners
+          title: "ci: Update CODEOWNERS"
+      - name: Set PR to auto-merge
+        if: ${{ steps.create-pr.outputs.pull-request-number }}
+        run: gh pr merge --auto --squash "$PR_NUMBER"
+        env:
+          GH_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          PR_NUMBER: ${{ steps.create-pr.outputs.pull-request-number }}
+          merge-method: squash