From a3d0a26f2c87d3c5f983b703991cfa38a44d338a Mon Sep 17 00:00:00 2001
From: jnicoulaud-ledger <102984500+jnicoulaud-ledger@users.noreply.github.com>
Date: Mon, 23 Sep 2024 17:00:04 +0200
Subject: [PATCH] chore(BACK-7692): align CI with
 clear-signing-erc7730-registry (#222)

- fix CODEOWNERS
- trigger updates on CAL on merge to main
- setup auto labeler
- setup dependabot Github actions updates
---
 .github/CODEOWNERS                 |  2 -
 .github/dependabot.yml             | 16 ++++++++
 .github/labeler.yml                | 11 +++++
 .github/pull_request_template.md   |  0
 .github/workflows/ci.yml           | 56 -------------------------
 .github/workflows/main.yml         | 61 ++++++++++++++++++++++++++++
 .github/workflows/pull_request.yml | 65 ++++++++++++++++++++++++++++++
 CODEOWNERS                         |  1 +
 8 files changed, 154 insertions(+), 58 deletions(-)
 delete mode 100644 .github/CODEOWNERS
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/labeler.yml
 create mode 100644 .github/pull_request_template.md
 delete mode 100644 .github/workflows/ci.yml
 create mode 100644 .github/workflows/main.yml
 create mode 100644 .github/workflows/pull_request.yml
 create mode 100644 CODEOWNERS

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
deleted file mode 100644
index bbe8474a..00000000
--- a/.github/CODEOWNERS
+++ /dev/null
@@ -1,2 +0,0 @@
-* @LedgerHQ/crypto-assets-developers
-/ethereum/ @LedgerHQ/crypto-assets-owners
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..2de44d13
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+version: 2
+
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "[ci] "
+    labels:
+      - "ci"
+    assignees:
+      - "LedgerHQ/backend-core"
+    reviewers:
+      - "LedgerHQ/backend-core"
diff --git a/.github/labeler.yml b/.github/labeler.yml
new file mode 100644
index 00000000..079920ec
--- /dev/null
+++ b/.github/labeler.yml
@@ -0,0 +1,11 @@
+documentation:
+  - changed-files:
+      - any-glob-to-any-file: ['*.md']
+
+descriptors:
+  - changed-files:
+      - any-glob-to-any-file: ['*/**/*.json']
+
+ci:
+  - changed-files:
+      - any-glob-to-any-file: ['.github/**', '**/*.py', 'Pipfile*']
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 00000000..e69de29b
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
deleted file mode 100644
index e7c3efc4..00000000
--- a/.github/workflows/ci.yml
+++ /dev/null
@@ -1,56 +0,0 @@
----
-name: CI
-
-on:
-  push:
-    # Trigger a build on tags, on push against main and release branches and ci/ to test
-    tags:
-      - "*"
-    branches:
-      - main
-      - release/*
-  pull_request:
-    # Trigger a build on PR against main, feature branches and release branches
-    branches:
-      - main
-      - feature/*
-      - release/*
-  # Manual trigger, allows reusage from other workflows (like release)
-  workflow_dispatch:
-
-
-env:
-  PIPENV_NOSPIN: 1
-
-jobs:
-  # Compute metadata once to ensure every following job is using the same
-  # and avoid logic and step repetition
-  lint:
-    name: Static analysis
-    runs-on: ubuntu-latest
-
-    steps:
-
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Setup Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.9'
-          cache: 'pipenv'
-
-      - name: Install pipenv
-        run: pip install -U pip pipenv wheel
-
-      - name: Install python dependencies
-        env:
-          PYPI_DEPLOY_TOKEN: ${{ secrets.PYPI_DEPLOY_TOKEN }}
-        run: pipenv sync --dev
-
-      - name: Validate files and format
-        id: validation
-        uses: 'selfagency/capture-output@v1'
-        with:
-          cmd: pipenv
-          args: run,validate_files
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 00000000..c77f7710
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,61 @@
+name: main
+
+on:
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  PIPENV_NOSPIN: 1
+
+jobs:
+  ci:
+    name: ci
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    steps:
+
+      - name: Checkout
+        timeout-minutes: 10
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          cache: 'pipenv'
+
+      - name: Install pipenv
+        run: pip install -U pip pipenv wheel
+
+      - name: Install python dependencies
+        env:
+          PYPI_DEPLOY_TOKEN: ${{ secrets.PYPI_DEPLOY_TOKEN }}
+        run: pipenv sync --dev
+
+      - name: Validate files and format
+        id: validation
+        uses: selfagency/capture-output@v1
+        with:
+          cmd: pipenv
+          args: run,validate_files
+
+  update_cal:
+    runs-on: ubuntu-latest
+    needs: ci
+    timeout-minutes: 60
+    strategy:
+      matrix:
+        repo: ['LedgerHQ/crypto-assets', 'LedgerHQ/crypto-assets-clear-signing-initiative']
+    steps:
+      - name: Trigger update on ${{ matrix.repo }}
+        timeout-minutes: 60
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.CI_BOT_TOKEN }}
+          repository: ${{ matrix.repo }}
+          event-type: submodules
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
new file mode 100644
index 00000000..680548a8
--- /dev/null
+++ b/.github/workflows/pull_request.yml
@@ -0,0 +1,65 @@
+name: pull request
+
+on:
+  pull_request:
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  PIPENV_NOSPIN: 1
+
+jobs:
+  pull_request:
+    name: pull request
+    runs-on: public-ledgerhq-shared-small
+    timeout-minutes: 60
+    steps:
+
+      - name: Checkout
+        timeout-minutes: 10
+        uses: actions/checkout@v4
+
+      - name: Add labels
+        timeout-minutes: 30
+        uses: actions/labeler@v5
+
+      - name: Enforce labels
+        timeout-minutes: 5
+        uses: mheap/github-action-required-labels@v5
+        with:
+          mode: minimum
+          count: 1
+          labels: |
+            documentation
+            specifications
+            descriptors
+            ci
+          add_comment: true
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          cache: 'pipenv'
+
+      - name: Install pipenv
+        run: pip install -U pip pipenv wheel
+
+      - name: Install python dependencies
+        env:
+          PYPI_DEPLOY_TOKEN: ${{ secrets.PYPI_DEPLOY_TOKEN }}
+        run: pipenv sync --dev
+
+      - name: Validate files and format
+        id: validation
+        uses: selfagency/capture-output@v1
+        with:
+          cmd: pipenv
+          args: run,validate_files
diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 00000000..750ac032
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1 @@
+* @LedgerHQ/crypto-assets-owners