From e7ca49e86f8385eaf88cc55d5d7e0c7b557b7163 Mon Sep 17 00:00:00 2001
From: Max Lobur <max_lobur@outlook.com>
Date: Wed, 17 May 2023 16:23:37 +0300
Subject: [PATCH] Sync github (#167)
---
.github/auto-release.yml | 1 +
.github/mergify.yml | 17 +++-
.github/renovate.json | 1 +
.github/workflows/auto-context.yml | 57 -------------
.github/workflows/auto-format.yml | 88 --------------------
.github/workflows/auto-readme.yml | 71 ----------------
.github/workflows/auto-release.yml | 26 ------
.github/workflows/chatops.yml | 37 --------
.github/workflows/feature-branch-chatops.yml | 16 ++++
.github/workflows/feature-branch.yml | 19 +++++
.github/workflows/release-branch.yml | 22 +++++
.github/workflows/release-published.yml | 14 ++++
.github/workflows/scheduled.yml | 17 ++++
.github/workflows/validate-codeowners.yml | 30 -------
14 files changed, 104 insertions(+), 312 deletions(-)
delete mode 100644 .github/workflows/auto-context.yml
delete mode 100644 .github/workflows/auto-format.yml
delete mode 100644 .github/workflows/auto-readme.yml
delete mode 100644 .github/workflows/auto-release.yml
delete mode 100644 .github/workflows/chatops.yml
create mode 100644 .github/workflows/feature-branch-chatops.yml
create mode 100644 .github/workflows/feature-branch.yml
create mode 100644 .github/workflows/release-branch.yml
create mode 100644 .github/workflows/release-published.yml
create mode 100644 .github/workflows/scheduled.yml
delete mode 100644 .github/workflows/validate-codeowners.yml
diff --git a/.github/auto-release.yml b/.github/auto-release.yml
index 17cd39c8..cc9bf057 100644
--- a/.github/auto-release.yml
+++ b/.github/auto-release.yml
@@ -18,6 +18,7 @@ version-resolver:
- 'bug'
- 'hotfix'
default: 'minor'
+filter-by-commitish: true
categories:
- title: '🚀 Enhancements'
diff --git a/.github/mergify.yml b/.github/mergify.yml
index ef15545e..148d85c0 100644
--- a/.github/mergify.yml
+++ b/.github/mergify.yml
@@ -4,13 +4,17 @@ pull_request_rules:
- name: "approve automated PRs that have passed checks"
conditions:
- "author~=^(cloudpossebot|renovate\\[bot\\])$"
- - "base=master"
- "-closed"
- "head~=^(auto-update|renovate)/.*"
- "check-success=test/bats"
- "check-success=test/readme"
- "check-success=test/terratest"
- "check-success=validate-codeowners"
+ - or:
+ - "base=master"
+ - "base=main"
+ - "base~=^release/v\\d{1,2}$"
+
actions:
review:
type: "APPROVE"
@@ -20,7 +24,6 @@ pull_request_rules:
- name: "merge automated PRs when approved and tests pass"
conditions:
- "author~=^(cloudpossebot|renovate\\[bot\\])$"
- - "base=master"
- "-closed"
- "head~=^(auto-update|renovate)/.*"
- "check-success=test/bats"
@@ -30,6 +33,11 @@ pull_request_rules:
- "#approved-reviews-by>=1"
- "#changes-requested-reviews-by=0"
- "#commented-reviews-by=0"
+ - or:
+ - "base=master"
+ - "base=main"
+ - "base~=^release/v\\d{1,2}$"
+
actions:
merge:
method: "squash"
@@ -50,7 +58,10 @@ pull_request_rules:
- name: "remove outdated reviews"
conditions:
- - "base=master"
+ - or:
+ - "base=master"
+ - "base=main"
+ - "base~=^release/v\\d{1,2}$"
actions:
dismiss_reviews:
changes_requested: true
diff --git a/.github/renovate.json b/.github/renovate.json
index a7802980..b61ed24f 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -3,6 +3,7 @@
"config:base",
":preserveSemverRanges"
],
+ "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"],
"labels": ["auto-update"],
"dependencyDashboardAutoclose": true,
"enabledManagers": ["terraform"],
diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml
deleted file mode 100644
index 831e7faa..00000000
--- a/.github/workflows/auto-context.yml
+++ /dev/null
@@ -1,57 +0,0 @@
-name: "auto-context"
-on:
- schedule:
- # Update context.tf nightly
- - cron: '0 3 * * *'
-
-jobs:
- update:
- if: github.event_name == 'schedule'
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
-
- - name: Update context.tf
- shell: bash
- id: update
- env:
- GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- run: |
- if [[ -f context.tf ]]; then
- echo "Discovered existing context.tf! Fetching most recent version to see if there is an update."
- curl -o context.tf -fsSL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf
- if git diff --no-patch --exit-code context.tf; then
- echo "No changes detected! Exiting the job..."
- else
- echo "context.tf file has changed. Update examples and rebuild README.md."
- make init
- make github/init/context.tf
- make readme/build
- echo "create_pull_request=true" >> "$GITHUB_OUTPUT"
- fi
- else
- echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates."
- fi
-
- - name: Create Pull Request
- if: steps.update.outputs.create_pull_request == 'true'
- uses: cloudposse/actions/github/create-pull-request@0.30.0
- with:
- token: ${{ secrets.REPO_ACCESS_TOKEN }}
- committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
- author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>'
- commit-message: Update context.tf from origin source
- title: Update context.tf
- body: |-
- ## what
- This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label`
-
- ## why
- To support all the features of the `context` interface.
-
- branch: auto-update/context.tf
- base: master
- delete-branch: true
- labels: |
- auto-update
- context
diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml
deleted file mode 100644
index b8c20641..00000000
--- a/.github/workflows/auto-format.yml
+++ /dev/null
@@ -1,88 +0,0 @@
-name: Auto Format
-on:
- pull_request_target:
- types: [opened, synchronize]
-
-jobs:
- auto-format:
- runs-on: ubuntu-latest
- container: cloudposse/build-harness:latest
- steps:
- # Checkout the pull request branch
- # "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using
- # the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains
- # a workflow configured to run when push events occur."
- # However, using a personal access token will cause events to be triggered.
- # We need that to ensure a status gets posted after the auto-format commit.
- # We also want to trigger tests if the auto-format made no changes.
- - uses: actions/checkout@v2
- if: github.event.pull_request.state == 'open'
- name: Privileged Checkout
- with:
- token: ${{ secrets.REPO_ACCESS_TOKEN }}
- repository: ${{ github.event.pull_request.head.repo.full_name }}
- # Check out the PR commit, not the merge commit
- # Use `ref` instead of `sha` to enable pushing back to `ref`
- ref: ${{ github.event.pull_request.head.ref }}
-
- # Do all the formatting stuff
- - name: Auto Format
- if: github.event.pull_request.state == 'open'
- shell: bash
- env:
- GITHUB_TOKEN: "${{ secrets.REPO_ACCESS_TOKEN }}"
- run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host
-
- # Commit changes (if any) to the PR branch
- - name: Commit changes to the PR branch
- if: github.event.pull_request.state == 'open'
- shell: bash
- id: commit
- env:
- SENDER: ${{ github.event.sender.login }}
- run: |
- set -x
- output=$(git diff --name-only)
-
- if [ -n "$output" ]; then
- echo "Changes detected. Pushing to the PR branch"
- git config --global user.name 'cloudpossebot'
- git config --global user.email '11232728+cloudpossebot@users.noreply.github.com'
- git add -A
- git commit -m "Auto Format"
- # Prevent looping by not pushing changes in response to changes from cloudpossebot
- [[ $SENDER == "cloudpossebot" ]] || git push
- # Set status to fail, because the push should trigger another status check,
- # and we use success to indicate the checks are finished.
- echo "changed=true" >> "$GITHUB_OUTPUT"
- exit 1
- else
- echo "changed=false" >> "$GITHUB_OUTPUT"
- echo "No changes detected"
- fi
-
- - name: Auto Test
- uses: cloudposse/actions/github/repository-dispatch@0.30.0
- # match users by ID because logins (user names) are inconsistent,
- # for example in the REST API Renovate Bot is `renovate[bot]` but
- # in GraphQL it is just `renovate`, plus there is a non-bot
- # user `renovate` with ID 1832810.
- # Mergify bot: 37929162
- # Renovate bot: 29139614
- # Cloudpossebot: 11232728
- # Need to use space separators to prevent "21" from matching "112144"
- if: >
- contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id))
- && steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open'
- with:
- token: ${{ secrets.REPO_ACCESS_TOKEN }}
- repository: cloudposse/actions
- event-type: test-command
- client-payload: |-
- { "slash_command":{"args": {"unnamed": {"all": "all", "arg1": "all"}}},
- "pull_request": ${{ toJSON(github.event.pull_request) }},
- "github":{"payload":{"repository": ${{ toJSON(github.event.repository) }},
- "comment": {"id": ""}
- }
- }
- }
diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml
deleted file mode 100644
index b2db520b..00000000
--- a/.github/workflows/auto-readme.yml
+++ /dev/null
@@ -1,71 +0,0 @@
-name: "auto-readme"
-on:
- workflow_dispatch:
-
- schedule:
- # Example of job definition:
- # .---------------- minute (0 - 59)
- # | .------------- hour (0 - 23)
- # | | .---------- day of month (1 - 31)
- # | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
- # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
- # | | | | |
- # * * * * * user-name command to be executed
-
- # Update README.md nightly at 4am UTC
- - cron: '0 4 * * *'
-
-jobs:
- update:
- if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
-
- - name: Find default branch name
- id: defaultBranch
- shell: bash
- env:
- GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- run: |
- default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name)
- echo "defaultBranch=${default_branch}" >> "$GITHUB_OUTPUT"
- printf "defaultBranchRef.name=%s\n" "${default_branch}"
-
- - name: Update readme
- shell: bash
- id: update
- env:
- GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- DEF: "${{ steps.defaultBranch.outputs.defaultBranch }}"
- run: |
- make init
- make readme/build
- # Ignore changes if they are only whitespace
- if ! git diff --quiet README.md && git diff --ignore-all-space --ignore-blank-lines --quiet README.md; then
- git restore README.md
- echo Ignoring whitespace-only changes in README
- fi
-
- - name: Create Pull Request
- # This action will not create or change a pull request if there are no changes to make.
- # If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR.
- uses: cloudposse/actions/github/create-pull-request@0.30.0
- with:
- token: ${{ secrets.REPO_ACCESS_TOKEN }}
- commit-message: Update README.md and docs
- title: Update README.md and docs
- body: |-
- ## what
- This is an auto-generated PR that updates the README.md and docs
-
- ## why
- To have most recent changes of README.md and doc from origin templates
-
- branch: auto-update/readme
- base: ${{ steps.defaultBranch.outputs.defaultBranch }}
- delete-branch: true
- labels: |
- auto-update
- no-release
- readme
diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
deleted file mode 100644
index 17d6cabb..00000000
--- a/.github/workflows/auto-release.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: auto-release
-
-on:
- push:
- branches:
- - main
- - master
- - production
-
-jobs:
- publish:
- runs-on: ubuntu-latest
- steps:
- # Get PR from merged commit to master
- - uses: actions-ecosystem/action-get-merged-pull-request@v1
- id: get-merged-pull-request
- with:
- github_token: ${{ secrets.REPO_ACCESS_TOKEN }}
- # Drafts your next Release notes as Pull Requests are merged into "main"
- - uses: release-drafter/release-drafter@v5
- with:
- publish: ${{ !contains(steps.get-merged-pull-request.outputs.labels, 'no-release') }}
- prerelease: false
- config-name: auto-release.yml
- env:
- GITHUB_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml
deleted file mode 100644
index 0f645747..00000000
--- a/.github/workflows/chatops.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-name: chatops
-on:
- issue_comment:
- types: [created]
-
-jobs:
- default:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
- - name: "Handle common commands"
- uses: cloudposse/actions/github/slash-command-dispatch@0.30.0
- with:
- token: ${{ secrets.REPO_ACCESS_TOKEN }}
- reaction-token: ${{ secrets.GITHUB_TOKEN }}
- repository: cloudposse/actions
- commands: rebuild-readme, terraform-fmt
- permission: triage
- issue-type: pull-request
-
- test:
- runs-on: ubuntu-latest
- steps:
- - name: "Checkout commit"
- uses: actions/checkout@v2
- - name: "Run tests"
- uses: cloudposse/actions/github/slash-command-dispatch@0.30.0
- with:
- token: ${{ secrets.REPO_ACCESS_TOKEN }}
- reaction-token: ${{ secrets.GITHUB_TOKEN }}
- repository: cloudposse/actions
- commands: test
- permission: triage
- issue-type: pull-request
- reactions: false
-
-
diff --git a/.github/workflows/feature-branch-chatops.yml b/.github/workflows/feature-branch-chatops.yml
new file mode 100644
index 00000000..9abfc612
--- /dev/null
+++ b/.github/workflows/feature-branch-chatops.yml
@@ -0,0 +1,16 @@
+---
+name: feature-branch-chatops
+on:
+ issue_comment:
+ types: [created]
+
+permissions:
+ pull-requests: write
+ id-token: write
+ contents: write
+
+jobs:
+ terraform-module:
+ uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch-chatops.yml@main
+ secrets:
+ github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }}
diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml
new file mode 100644
index 00000000..8faa955f
--- /dev/null
+++ b/.github/workflows/feature-branch.yml
@@ -0,0 +1,19 @@
+---
+name: feature-branch
+on:
+ pull_request:
+ branches:
+ - main
+ - release/**
+ types: [opened, synchronize, reopened, labeled, unlabeled]
+
+permissions:
+ pull-requests: write
+ id-token: write
+ contents: write
+
+jobs:
+ terraform-module:
+ uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main
+ secrets:
+ github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }}
diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
new file mode 100644
index 00000000..3f8fe623
--- /dev/null
+++ b/.github/workflows/release-branch.yml
@@ -0,0 +1,22 @@
+---
+name: release-branch
+on:
+ push:
+ branches:
+ - main
+ - release/**
+ paths-ignore:
+ - '.github/**'
+ - 'docs/**'
+ - 'examples/**'
+ - 'test/**'
+
+permissions:
+ contents: write
+ id-token: write
+
+jobs:
+ terraform-module:
+ uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-branch.yml@main
+ secrets:
+ github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }}
diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml
new file mode 100644
index 00000000..f86352b3
--- /dev/null
+++ b/.github/workflows/release-published.yml
@@ -0,0 +1,14 @@
+---
+name: release-published
+on:
+ release:
+ types:
+ - published
+
+permissions:
+ contents: write
+ id-token: write
+
+jobs:
+ terraform-module:
+ uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main
diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml
new file mode 100644
index 00000000..163be0b4
--- /dev/null
+++ b/.github/workflows/scheduled.yml
@@ -0,0 +1,17 @@
+---
+name: scheduled
+on:
+ workflow_dispatch: { } # Allows manually trigger this workflow
+ schedule:
+ - cron: "0 3 * * *"
+
+permissions:
+ pull-requests: write
+ id-token: write
+ contents: write
+
+jobs:
+ scheduled:
+ uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/scheduled.yml@main
+ secrets:
+ github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }}
diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml
deleted file mode 100644
index b3f7c327..00000000
--- a/.github/workflows/validate-codeowners.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-name: Validate Codeowners
-on:
- workflow_dispatch:
-
- pull_request:
-
-jobs:
- validate-codeowners:
- runs-on: ubuntu-latest
- steps:
- - name: "Checkout source code at current commit"
- uses: actions/checkout@v2
- # Leave pinned at 0.7.1 until https://github.com/mszostok/codeowners-validator/issues/173 is resolved
- - uses: mszostok/codeowners-validator@v0.7.1
- if: github.event.pull_request.head.repo.full_name == github.repository
- name: "Full check of CODEOWNERS"
- with:
- # For now, remove "files" check to allow CODEOWNERS to specify non-existent
- # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos
- # checks: "files,syntax,owners,duppatterns"
- checks: "syntax,owners,duppatterns"
- owner_checker_allow_unowned_patterns: "false"
- # GitHub access token is required only if the `owners` check is enabled
- github_access_token: "${{ secrets.REPO_ACCESS_TOKEN }}"
- - uses: mszostok/codeowners-validator@v0.7.1
- if: github.event.pull_request.head.repo.full_name != github.repository
- name: "Syntax check of CODEOWNERS"
- with:
- checks: "syntax,duppatterns"
- owner_checker_allow_unowned_patterns: "false"