ci: CI/CD workflow

itsmechlark · Sep 8, 2023 · b82655d · b82655d
1 parent 5ffcab8
commit b82655d
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 63 deletions.
diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
diff --git a/.github/workflows/dev.yaml b/.github/workflows/dev.yaml
@@ -4,9 +4,16 @@ on:
   pull_request:
     types: [opened, reopened, synchronize]
 
+permissions:
+  contents: read
+
 jobs:
   setup_pr:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
     # Dependabot no longer have access to secrets unless we move to pull_request_target.
     # Read more: https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions
     if: ${{ github.actor != 'dependabot[bot]' }}
@@ -18,7 +25,7 @@ jobs:
         with:
           # Fallback to github action token with limited access
           # when DevOps token isn't available this happens on dependabot.
-          github-token: ${{secrets.DEVOPS_GITHUB_TOKEN || github.token}}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             github.issues.removeLabel({
               issue_number: context.issue.number,
@@ -33,7 +40,7 @@ jobs:
         with:
           # Fallback to github action token with limited access
           # when DevOps token isn't available this happens on dependabot.
-          github-token: ${{secrets.DEVOPS_GITHUB_TOKEN || github.token}}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             github.issues.addLabels({
               issue_number: context.issue.number,
@@ -45,7 +52,7 @@ jobs:
   rubocop:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
@@ -57,9 +64,9 @@ jobs:
   codespell:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
       with:
         python-version: 3.8
     - name: Install dependencies
@@ -92,7 +99,7 @@ jobs:
     env:
       BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
 
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -4,11 +4,15 @@ on:
   release:
     types: [published]
 
+permissions:
+  contents: write
+  packages: write
+
 jobs:
   publish-package:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Ruby 2.7
       uses: actions/setup-ruby@v1
       with:
@@ -23,5 +27,5 @@ jobs:
         gem build *.gemspec
         gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
       env:
-        GEM_HOST_API_KEY: "Bearer ${{secrets.DEVOPS_GITHUB_TOKEN}}"
+        GEM_HOST_API_KEY: "Bearer ${{ secrets.GITHUB_TOKEN }}"
         OWNER: ${{ github.repository_owner }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,36 +5,14 @@ on:
     branches:
       - main
 
-jobs:
-  check_changelog:
-    runs-on: ubuntu-latest
-    outputs:
-      version: ${{ steps.released.outputs.version }}
-      changelog: ${{ steps.released.outputs.changes || '' }}
-      status: ${{ steps.released.outputs.status || 'unreleased' }}
-    steps:
-      - uses: actions/checkout@v2
-      - uses: zattoo/changelog@v1
-        name: Validate Changelog
-        with:
-          token: ${{ secrets.DEVOPS_GITHUB_TOKEN }}
-          sources: "app/, lib/, devise-auth0.gemspec"
-      - name: Get Unreleased
-        id: unreleased
-        if: ${{ always() }}
-        uses: mindsers/changelog-reader-action@v2
-        continue-on-error: true
-        with:
-          version: "Unreleased"
-      - name: Get Latest Released
-        id: released
-        if: ${{ always() && (steps.unreleased.outputs.changes == '' || steps.unreleased.outputs.status != 'unreleased') }}
-        uses: mindsers/changelog-reader-action@v2
+permissions:
+  contents: read
 
+jobs:
   rubocop:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
@@ -46,9 +24,9 @@ jobs:
   codespell:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
       with:
         python-version: 3.8
     - name: Install dependencies
@@ -82,7 +60,7 @@ jobs:
     env:
       BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
 
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
@@ -96,17 +74,36 @@ jobs:
 
   release:
     runs-on: ubuntu-latest
-    needs: [check_changelog, unit_test]
-    if: ${{ needs.check_changelog.outputs.status != 'unreleased' }}
+    permissions:
+      contents: write
+      pull-requests: write
+    needs: [unit_test]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+      - uses: google-github-actions/release-please-action@v3
+        id: release
         with:
-          repository: carabao-capital/actions
-          ref: ${{ secrets.DEVOPS_ACTIONS_REF }}
-          token: ${{ secrets.DEVOPS_GITHUB_TOKEN }}
-      - uses: ./create-release
+          token: ${{ secrets.GITHUB_TOKEN }}
+          release-type: ruby
+          changelog-types:  '[{"type":"feat","section":"Features","hidden":false},
+              {"type":"fix","section":"Bug Fixes","hidden":false},
+              {"type":"docs","section":"Documentation","hidden":false},
+              {"type":"test","section":"Tests","hidden":false},
+              {"type":"chore","section":"Miscellaneous","hidden":false},
+              {"type":"ci","section":"Miscellaneous","hidden":false}]'
+
+      - name: Push to Release Branch
+        if: ${{ steps.release.outputs.release_created }}
+        uses: actions/github-script@v6
+        env:
+          MAJOR_VERSION: ${{ steps.release.outputs.major }}
         with:
-          github-token: ${{ secrets.DEVOPS_GITHUB_TOKEN }}
-          slack-token: ${{ secrets.DEVOPS_SLACK_TOKEN }}
-          version: ${{ needs.check_changelog.outputs.version }}
-          changelog: ${{ needs.check_changelog.outputs.changelog }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.rest.git.updateRef({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              ref: `heads/${process.env.MAJOR_VERSION}-stable`,
+              sha: context.sha,
+              force: true
+            });
diff --git a/.release-config.json b/.release-config.json
@@ -0,0 +1,3 @@
+{
+    "bootstrap-sha": "e37cf205a2dce2de7254a61bc00cda96a5255be7"
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Bump changelog-enforcer to v3
 ### Fixed
 - Fixes rubocop lint
+- CI/CD workflow
 
 ## [1.0.0-rc.10] - 2022-05-26
 ### Changed