From c635044db341422b458202a62538cffdaadb5fcc Mon Sep 17 00:00:00 2001 From: Pavel Boldyrev <627562+bpg@users.noreply.github.com> Date: Mon, 15 Jan 2024 21:40:06 -0500 Subject: [PATCH] chore(ci): update (#890) * Update release-please workflow Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> * test run Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> * update metrics workflow Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> * update other workflows Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> --------- Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com> --- .github/workflows/golangci-lint.yml | 19 +++++++++++-------- .github/workflows/metrics.yml | 15 ++++++++++----- .github/workflows/publish.yml | 25 ++++++++++++++++++------- .github/workflows/release-please.yml | 19 ++++++++++++++++--- .github/workflows/semgrep.yml | 17 +++++++++++------ .github/workflows/stale.yaml | 19 ++++++++++++++++--- .github/workflows/test.yml | 19 ++++++++++--------- 7 files changed, 92 insertions(+), 41 deletions(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index a2446d36..241f3b57 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -1,4 +1,5 @@ -name: golangci-lint +name: Linter + on: push: tags: @@ -11,16 +12,17 @@ permissions: pull-requests: read jobs: - - golangci: - name: lint + golangci-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + + - name: Checkout + uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 #v2.2.1 + - name: Filter paths + uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 #v2.2.1 id: filter with: filters: | @@ -28,12 +30,13 @@ jobs: - '**/*.go' - 'tools/go.mod' - - uses: actions/setup-go@v5 + - name: Setup Go + uses: actions/setup-go@v5 if: steps.filter.outputs.go == 'true' with: go-version-file: 'go.mod' - - name: golangci-lint + - name: Lint code if: steps.filter.outputs.go == 'true' run: | go run -modfile=tools/go.mod github.com/golangci/golangci-lint/cmd/golangci-lint run -v --timeout 5m diff --git a/.github/workflows/metrics.yml b/.github/workflows/metrics.yml index cc5e5c6a..d067545e 100644 --- a/.github/workflows/metrics.yml +++ b/.github/workflows/metrics.yml @@ -1,9 +1,12 @@ -name: metrics +name: Publish Metrics on: - schedule: [{cron: "0 0 * * *"}] + schedule: + - cron: "0 0 * * *" # every day at 00:00 UTC (8pm EST) workflow_dispatch: - push: {branches: ["main"]} + push: + branches: + - "main" jobs: github-metrics: @@ -11,13 +14,15 @@ jobs: permissions: contents: write steps: - - uses: lowlighter/metrics@latest + + - name: Generate Metrics + uses: lowlighter/metrics@latest with: template: repository filename: metrics.svg user: bpg repo: terraform-provider-proxmox - token: ${{ secrets.METRICS_TOKEN }} + token: "${{ secrets.METRICS_TOKEN }}" output_action: gist committer_gist: 2cc44ead81225542ed1ef0303d8f9eb9 plugin_lines: yes diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9c265b43..7e920ad6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -6,21 +6,33 @@ # secret. If you would rather own your own GPG handling, please fork this action # or use an alternative one for key handling. # -name: publish +name: Publish Release + on: push: tags: - 'v*' + jobs: goreleaser: runs-on: ubuntu-latest steps: + + - name: Generate Short Lived OAuth App Token + uses: actions/create-github-app-token@f04aa94d10cf56334d1c580e077ce2e3569e805d #v1.6.3 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + owner: "${{ github.repository_owner }}" + repositories: "${{ github.event.repository.name }}" + - name: Checkout uses: actions/checkout@v4 - name: Unshallow run: git fetch --prune --unshallow - + - name: Set up Go uses: actions/setup-go@v5 with: @@ -31,8 +43,8 @@ jobs: uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 #v6.1.0 with: git_user_signingkey: true - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.PASSPHRASE }} + gpg_private_key: "${{ secrets.GPG_PRIVATE_KEY }}" + passphrase: "${{ secrets.PASSPHRASE }}" - name: Run GoReleaser uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 #v5.0.0 @@ -40,6 +52,5 @@ jobs: version: latest args: release --rm-dist env: - GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} - # GitHub sets this automatically - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GPG_FINGERPRINT: "${{ steps.import_gpg.outputs.fingerprint }}" + GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}" diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 29688e42..ed595325 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -1,4 +1,4 @@ -name: release-please +name: Release Please on: push: @@ -9,10 +9,23 @@ on: jobs: release-please: runs-on: ubuntu-latest + permissions: + contents: write steps: - - uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 #v3.7.13 + + - name: Generate Short Lived OAuth App Token + uses: actions/create-github-app-token@f04aa94d10cf56334d1c580e077ce2e3569e805d #v1.6.3 + id: app-token with: - token: ${{ secrets.BOT_TOKEN }} + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + owner: "${{ github.repository_owner }}" + repositories: "${{ github.event.repository.name }}" + + - name: Create / Update Release PR + uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 #v3.7.13 + with: + token: "${{ steps.app-token.outputs.token }}" release-type: go bump-minor-pre-major: true extra-files: | diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 840f5668..0bb98f32 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -1,4 +1,6 @@ -on: +name: Semgrep + +on: pull_request: {} push: branches: @@ -8,15 +10,18 @@ on: schedule: # random HH:MM to avoid a load spike on GitHub Actions at 00:00 - cron: 29 16 * * * -name: Semgrep + jobs: semgrep: - name: Scan runs-on: ubuntu-latest env: - SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} + SEMGREP_APP_TOKEN: "${{ secrets.SEMGREP_APP_TOKEN }}" container: image: returntocorp/semgrep steps: - - uses: actions/checkout@v4 - - run: semgrep ci + + - name: Checkout + uses: actions/checkout@v4 + + - name: Semgrep + run: semgrep ci diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 1720996c..e8c5a07e 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -1,7 +1,9 @@ name: Manage Stale Items -'on': + +on: schedule: - cron: 00 00 * * * + jobs: stale: runs-on: ubuntu-latest @@ -9,9 +11,20 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v9 + + - name: Generate Short Lived OAuth App Token + uses: actions/create-github-app-token@f04aa94d10cf56334d1c580e077ce2e3569e805d #v1.6.3 + id: app-token with: - repo-token: '${{ secrets.GITHUB_TOKEN }}' + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" + owner: "${{ github.repository_owner }}" + repositories: "${{ github.event.repository.name }}" + + - name: Stale Issues and Pull Requests + uses: actions/stale@v9 + with: + repo-token: "${{ steps.app-token.outputs.token }}" days-before-stale: 180 days-before-close: 30 exempt-issue-labels: 'needs-triage, acknowledged, in-progress' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 39ef76de..52dd88c0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,4 +1,5 @@ name: Tests + on: pull_request: {} push: @@ -6,26 +7,25 @@ on: - main - "release/**" jobs: - build: - name: Build runs-on: ubuntu-latest timeout-minutes: 5 steps: - - name: Check out code into the Go module directory + - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 1 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 #v2.2.1 + - name: Filter paths + uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 #v2.2.1 id: filter with: filters: | go: - '**/*.go' - - name: Set up Go + - name: Setup Go if: steps.filter.outputs.go == 'true' uses: actions/setup-go@v5 with: @@ -40,23 +40,24 @@ jobs: run: go vet . && go build -v . test: - name: Unit Tests needs: build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 with: fetch-depth: 1 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 #v2.2.1 + - name: Filter paths + uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 #v2.2.1 id: filter with: filters: | go: - '**/*.go' - - name: Set up Go + - name: Setup Go if: steps.filter.outputs.go == 'true' uses: actions/setup-go@v5 with: