feat: add actions for deployment

Signed-off-by: Emilien Escalle <[email protected]>

.ghadocs.json

@@ -0,0 +1,17 @@
+{
+  "paths": {
+    "action": "action.yml",
+    "readme": "README.md"
+  },
+  "show_logo": true,
+  "versioning": {
+    "enabled": true,
+    "override": "",
+    "prefix": "v",
+    "branch": "main"
+  },
+  "owner": "hoverkraft-tech",
+  "repo": "ci-github-publish",
+  "title_prefix": "GitHub Action: ",
+  "prettier": true
+}

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ""
+labels: ""
+assignees: ""
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+
+- OS: [e.g. iOS]
+- Browser [e.g. chrome, safari]
+- Version [e.g. 22]
+
+**Mobile phone (please complete the following information):**
+
+- Device: [e.g. iPhone6]
+- OS: [e.g. iOS8.1]
+- Browser [e.g. stock browser, safari]
+- Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,19 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ""
+labels: ""
+assignees: ""
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/dependabot.yml

@@ -0,0 +1,27 @@
+version: 2
+updates:
+  - package-ecosystem: docker
+    open-pull-requests-limit: 20
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: friday
+      time: "04:00"
+    groups:
+      docker-dependencies:
+        patterns:
+          - "*"
+
+  - package-ecosystem: github-actions
+    open-pull-requests-limit: 20
+    directories:
+      - "/"
+      - "/actions/**/*"
+    schedule:
+      interval: weekly
+      day: friday
+      time: "04:00"
+    groups:
+      github-actions-dependencies:
+        patterns:
+          - "*"

.github/workflows/__main-ci.yml

@@ -0,0 +1,32 @@
+---
+name: Internal - Main - Continuous Integration
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches: [main]
+    tags: ["*"]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  statuses: write
+  deployments: write
+  # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
+  id-token: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  ci:
+    uses: ./.github/workflows/__shared-ci.yml
+
+  release:
+    needs: ci
+    uses: ./.github/workflows/release-actions.yml
+    with:
+      update-all: ${{ (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || github.event_name == 'workflow_dispatch' }}
+      github-app-id: ${{ vars.CI_BOT_APP_ID }}
+    secrets:
+      github-app-key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }}

.github/workflows/__need-fix-to-issue.yml

@@ -0,0 +1,29 @@
+---
+name: Need fix to Issue
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+    #checkov:skip=CKV_GHA_7: required
+    inputs:
+      manual-commit-ref:
+        description: "The SHA of the commit to get the diff for"
+        required: true
+      manual-base-ref:
+        description: |
+          By default, the commit entered above is compared to the one directly before it;
+          to go back further, enter an earlier SHA here
+        required: false
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  main:
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/[email protected]
+    with:
+      manual-commit-ref: ${{ inputs.manual-commit-ref }}
+      manual-base-ref: ${{ inputs.manual-base-ref }}

.github/workflows/__pull-request-ci.yml

@@ -0,0 +1,24 @@
+---
+name: Internal - Pull request - Continuous Integration
+
+on:
+  merge_group:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  issues: read
+  packages: write
+  pull-requests: read
+  statuses: write
+  # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
+  id-token: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  ci:
+    uses: ./.github/workflows/__shared-ci.yml

.github/workflows/__shared-ci.yml

@@ -0,0 +1,18 @@
+---
+name: Internal - Common Continuous Integration tasks
+
+on: # yamllint disable-line rule:truthy
+  workflow_call:
+
+permissions:
+  contents: read
+  statuses: write
+  deployments: write
+
+jobs:
+  linter:
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/[email protected]
+
+  test-action-docker-build-image:
+    needs: linter
+    uses: ./.github/workflows/__test-action-deployment.yml

.github/workflows/__stale.yml

@@ -0,0 +1,14 @@
+---
+name: Mark stale issues and pull requests
+
+on: # yamllint disable-line rule:truthy
+  schedule:
+    - cron: "30 1 * * *"
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  main:
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/[email protected]

.github/workflows/__test-action-deployment.yml

@@ -0,0 +1,43 @@
+name: Internal - Tests for deployment actions
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+  deployments: write
+
+jobs:
+  tests:
+    name: Tests for deployment actions
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - id: create-deployment
+        uses: ./actions/deployment/create
+        with:
+          environment: "review-apps"
+
+      - name: Check create outputs
+        run: |
+          if [ -z "${{ steps.create-deployment.outputs.deployment-id }}" ]; then
+            echo "Create deployment id output is not set"
+            exit 1
+          fi
+
+      - id: update-deployment
+        uses: ./actions/deployment/update
+        with:
+          deployment-id: ${{ steps.create-deployment.outputs.deployment-id }}
+          state: "in_progress"
+
+      - id: delete-deployment
+        uses: ./actions/deployment/delete
+
+      - name: Check delete outputs
+        run: |
+          if [ -z "${{ steps.delete-deployment.outputs.deployment-ids }}" ]; then
+            echo "Delete deployment ids output is not set"
+            exit 1
+          fi

.github/workflows/release-actions.md

@@ -0,0 +1,103 @@
+<!-- start branding -->
+<!-- end branding -->
+<!-- start title -->
+
+# GitHub Reusable Workflow: Release Actions
+
+<!-- end title -->
+<!-- start badges -->
+<!-- end badges -->
+<!-- start description -->
+
+Reusable workflow that performs actions and workflows release.
+
+- Generates readme for changed actions and workflows (documentation, versioning, etc.)
+- Commits and pushes the changes to the main branch
+
+<!-- end description -->
+<!-- start contents -->
+<!-- end contents -->
+
+# Usage
+
+<!-- start usage -->
+
+```yaml
+name: "Release Actions"
+
+on:
+  push:
+    branches: [main]
+    tags: ["*"]
+
+permissions:
+  contents: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  release:
+    uses: hoverkraft-tech/ci-github-publish/.github/workflows/[email protected]
+    with:
+      # Json array of runner(s) to use.
+      # See <https://docs.github.com/en/actions/using-jobs/choosing-the-runner-for-a-job>.
+      runs-on: '["ubuntu-latest"]'
+
+      # Update all actions and workflows, regardless of changes.
+      update-all: false
+
+      # GitHub App ID to generate GitHub token in place of private-access-token.
+      # See <https://github.com/actions/create-github-app-token>.
+      github-app-id: ""
+
+    secrets:
+      # GitHub token for creating and merging pull request (permissions contents: write and pull-requests: write, workflows: write).
+      # See <https://github.com/hoverkraft-tech/ci-github-common/blob/main/actions/create-and-merge-pull-request/README.md>.
+      github-token: ""
+
+      # GitHub App private key to generate GitHub token in place of github-token.
+      # See <https://github.com/actions/create-github-app-token>.
+      github-app-key: ""
+```
+
+<!-- end usage -->
+
+## Permissions
+
+<!-- start permissions -->
+
+This workflow requires the following permissions:
+
+- `contents: read`: To read the contents of the repository
+
+<!-- end permissions -->
+
+## Secrets
+
+<!-- start secrets -->
+
+| **Secret**                      | **Description**                                                                                                                                                                                                                                   | **Default**               | **Required** |
+| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | ------------ |
+| **<code>github-token</code>**   | GitHub token for creating and merging pull request (permissions contents: write and pull-requests: write, workflows: write). See <https://github.com/hoverkraft-tech/ci-github-common/blob/main/actions/create-and-merge-pull-request/README.md>. | <code>GITHUB_TOKEN</code> | **false**    |
+| **<code>github-app-key</code>** | GitHub App private key to generate GitHub token in place of github-token. See <https://github.com/actions/create-github-app-token>.                                                                                                               | <code></code>             | **false**    |
+
+<!-- end secrets -->
+
+## Inputs
+
+<!-- start inputs -->
+
+| **Input**                      | **Description**                                                                                                                    | **Default**                    | **Required** |
+| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | ------------ |
+| **<code>runs-on</code>**       | Json array of runner(s) to use. See <https://docs.github.com/en/actions/using-jobs/choosing-the-runner-for-a-job>.                 | <code>["ubuntu-latest"]</code> | **false**    |
+| **<code>update-all</code>**    | Update all actions and workflows, regardless of changes.                                                                           | <code>false</code>             | **false**    |
+| **<code>github-app-id</code>** | GitHub App ID to generate GitHub token in place of private-access-token. See <https://github.com/actions/create-github-app-token>. | <code></code>                  | **false**    |
+
+<!-- end inputs -->
+
+<!-- start outputs -->
+<!-- end outputs -->
+<!-- start [.github/ghadocs/examples/] -->
+<!-- end [.github/ghadocs/examples/] -->