From b82655d9a7af844f1a62d558e65799ef796951fc Mon Sep 17 00:00:00 2001 From: John Clark Date: Fri, 8 Sep 2023 20:06:29 +0800 Subject: [PATCH] ci: CI/CD workflow --- .github/workflows/changelog.yml | 15 ------- .github/workflows/dev.yaml | 19 +++++--- .github/workflows/publish.yml | 8 +++- .github/workflows/release.yml | 77 ++++++++++++++++----------------- .release-config.json | 3 ++ CHANGELOG.md | 1 + 6 files changed, 60 insertions(+), 63 deletions(-) delete mode 100644 .github/workflows/changelog.yml create mode 100644 .release-config.json diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml deleted file mode 100644 index bac4534..0000000 --- a/.github/workflows/changelog.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: Changelog -on: - pull_request: - types: [opened, synchronize, reopened, ready_for_review, labeled, unlabeled] - -jobs: - changelog: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: dangoslen/changelog-enforcer@v3 - with: - changeLogPath: "CHANGELOG.md" - skipLabels: "skip_changelog" - token: ${{secrets.DEVOPS_GITHUB_TOKEN || github.token}} diff --git a/.github/workflows/dev.yaml b/.github/workflows/dev.yaml index a75e15a..5b54917 100644 --- a/.github/workflows/dev.yaml +++ b/.github/workflows/dev.yaml @@ -4,9 +4,16 @@ on: pull_request: types: [opened, reopened, synchronize] +permissions: + contents: read + jobs: setup_pr: runs-on: ubuntu-latest + permissions: + contents: read + issues: write + pull-requests: write # Dependabot no longer have access to secrets unless we move to pull_request_target. # Read more: https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions if: ${{ github.actor != 'dependabot[bot]' }} @@ -18,7 +25,7 @@ jobs: with: # Fallback to github action token with limited access # when DevOps token isn't available this happens on dependabot. - github-token: ${{secrets.DEVOPS_GITHUB_TOKEN || github.token}} + github-token: ${{ secrets.GITHUB_TOKEN }} script: | github.issues.removeLabel({ issue_number: context.issue.number, @@ -33,7 +40,7 @@ jobs: with: # Fallback to github action token with limited access # when DevOps token isn't available this happens on dependabot. - github-token: ${{secrets.DEVOPS_GITHUB_TOKEN || github.token}} + github-token: ${{ secrets.GITHUB_TOKEN }} script: | github.issues.addLabels({ issue_number: context.issue.number, @@ -45,7 +52,7 @@ jobs: rubocop: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up Ruby uses: ruby/setup-ruby@v1 with: @@ -57,9 +64,9 @@ jobs: codespell: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: 3.8 - name: Install dependencies @@ -92,7 +99,7 @@ jobs: env: BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up Ruby uses: ruby/setup-ruby@v1 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 12a9251..afe2769 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -4,11 +4,15 @@ on: release: types: [published] +permissions: + contents: write + packages: write + jobs: publish-package: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up Ruby 2.7 uses: actions/setup-ruby@v1 with: @@ -23,5 +27,5 @@ jobs: gem build *.gemspec gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem env: - GEM_HOST_API_KEY: "Bearer ${{secrets.DEVOPS_GITHUB_TOKEN}}" + GEM_HOST_API_KEY: "Bearer ${{ secrets.GITHUB_TOKEN }}" OWNER: ${{ github.repository_owner }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fda1ccc..03c8fb9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,36 +5,14 @@ on: branches: - main -jobs: - check_changelog: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.released.outputs.version }} - changelog: ${{ steps.released.outputs.changes || '' }} - status: ${{ steps.released.outputs.status || 'unreleased' }} - steps: - - uses: actions/checkout@v2 - - uses: zattoo/changelog@v1 - name: Validate Changelog - with: - token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} - sources: "app/, lib/, devise-auth0.gemspec" - - name: Get Unreleased - id: unreleased - if: ${{ always() }} - uses: mindsers/changelog-reader-action@v2 - continue-on-error: true - with: - version: "Unreleased" - - name: Get Latest Released - id: released - if: ${{ always() && (steps.unreleased.outputs.changes == '' || steps.unreleased.outputs.status != 'unreleased') }} - uses: mindsers/changelog-reader-action@v2 +permissions: + contents: read +jobs: rubocop: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up Ruby uses: ruby/setup-ruby@v1 with: @@ -46,9 +24,9 @@ jobs: codespell: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: 3.8 - name: Install dependencies @@ -82,7 +60,7 @@ jobs: env: BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up Ruby uses: ruby/setup-ruby@v1 @@ -96,17 +74,36 @@ jobs: release: runs-on: ubuntu-latest - needs: [check_changelog, unit_test] - if: ${{ needs.check_changelog.outputs.status != 'unreleased' }} + permissions: + contents: write + pull-requests: write + needs: [unit_test] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 + - uses: google-github-actions/release-please-action@v3 + id: release with: - repository: carabao-capital/actions - ref: ${{ secrets.DEVOPS_ACTIONS_REF }} - token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} - - uses: ./create-release + token: ${{ secrets.GITHUB_TOKEN }} + release-type: ruby + changelog-types: '[{"type":"feat","section":"Features","hidden":false}, + {"type":"fix","section":"Bug Fixes","hidden":false}, + {"type":"docs","section":"Documentation","hidden":false}, + {"type":"test","section":"Tests","hidden":false}, + {"type":"chore","section":"Miscellaneous","hidden":false}, + {"type":"ci","section":"Miscellaneous","hidden":false}]' + + - name: Push to Release Branch + if: ${{ steps.release.outputs.release_created }} + uses: actions/github-script@v6 + env: + MAJOR_VERSION: ${{ steps.release.outputs.major }} with: - github-token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} - slack-token: ${{ secrets.DEVOPS_SLACK_TOKEN }} - version: ${{ needs.check_changelog.outputs.version }} - changelog: ${{ needs.check_changelog.outputs.changelog }} + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + github.rest.git.updateRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: `heads/${process.env.MAJOR_VERSION}-stable`, + sha: context.sha, + force: true + }); diff --git a/.release-config.json b/.release-config.json new file mode 100644 index 0000000..695eccd --- /dev/null +++ b/.release-config.json @@ -0,0 +1,3 @@ +{ + "bootstrap-sha": "e37cf205a2dce2de7254a61bc00cda96a5255be7" +} diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b16c6a..339256c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Bump changelog-enforcer to v3 ### Fixed - Fixes rubocop lint +- CI/CD workflow ## [1.0.0-rc.10] - 2022-05-26 ### Changed