From c3a21ad62e1b2777bb6cac4697a9e2a46d816d6c Mon Sep 17 00:00:00 2001 From: Adam DeHaven Date: Thu, 4 Jan 2024 15:36:50 -0500 Subject: [PATCH] ci: add .github from alpha --- .github/CODEOWNERS | 15 +++ .../setup-pnpm-with-dependencies/action.yaml | 61 ++++++++++ .github/pull_request_template.md | 12 ++ .github/workflows/auto-approve.yaml | 20 ++++ .../workflows/cleanup-preview-packages.yaml | 34 ++++++ .github/workflows/commitlint.yaml | 21 ++++ .github/workflows/pr-closed.yaml | 22 ++++ .github/workflows/publish.yaml | 51 ++++++++ .github/workflows/test.yaml | 111 ++++++++++++++++++ 9 files changed, 347 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 .github/actions/setup-pnpm-with-dependencies/action.yaml create mode 100644 .github/pull_request_template.md create mode 100644 .github/workflows/auto-approve.yaml create mode 100644 .github/workflows/cleanup-preview-packages.yaml create mode 100644 .github/workflows/commitlint.yaml create mode 100644 .github/workflows/pr-closed.yaml create mode 100644 .github/workflows/publish.yaml create mode 100644 .github/workflows/test.yaml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..b3a77bfe --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,15 @@ +# These owners will be the default owners for everything in +# the repo. They will be requested for review whenever someone +# opens a PR, unless a later match takes precedence. +* @adamdehaven @jillztom @Kong/team-core-ui + +# Workflows & CI +/.github/ @adamdehaven @jillztom +/lefthook.yaml @adamdehaven @jillztom + +# ================================================ +# Renovate Bot approvals +# Allow Kongponents BOT to approve dependency updates +# These rules MUST remain at the bottom as the last entry +package.json @kongponents-bot @Kong/team-core-ui @adamdehaven @jillztom +yarn.lock @kongponents-bot @Kong/team-core-ui @adamdehaven @jillztom diff --git a/.github/actions/setup-pnpm-with-dependencies/action.yaml b/.github/actions/setup-pnpm-with-dependencies/action.yaml new file mode 100644 index 00000000..f07a15b5 --- /dev/null +++ b/.github/actions/setup-pnpm-with-dependencies/action.yaml @@ -0,0 +1,61 @@ +name: Setup PNPM with Yarn Dependencies +description: Reusable composition of setup-node, cache, and pnpm install actions +inputs: + nodejs-version: + description: 'Version of NodeJS to use (ex: 18.18.2)' + default: '18.18.2' + force-install: + description: When 'true', pnpm install will be executed regardless of a cache hit + required: false + default: 'false' + frozen-lockfile: + description: When false, pnpm install will use the --no-frozen-lockfile flag + required: false + default: 'true' +outputs: + cache-hit: + description: Whether or not there was a cache hit + value: ${{ steps.dependency-cache.outputs.cache-hit }} +runs: + using: composite + steps: + + - name: get Node version + id: node-version + shell: bash + run: | + voltaNodeVersion=$(cat package.json|jq -r ".volta.node") + if [[ $voltaNodeVersion == null ]]; then + voltaNodeVersion="${{ inputs.nodejs-version }}" + fi + voltaPnpmVersion=$(cat package.json|jq -r ".volta.pnpm") + if [[ $voltaPnpmVersion == null ]]; then + voltaPnpmVersion="8.10.5" + fi + + echo "node-version=${voltaNodeVersion}">> $GITHUB_OUTPUT + echo "pnpm-version=${voltaPnpmVersion}">> $GITHUB_OUTPUT + + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ steps.node-version.outputs.node-version }} + + - name: Install PNPM + shell: bash + run: | + npm i -g pnpm@${{ steps.node-version.outputs.pnpm-version }} + pnpm --version + + + - name: Dependency Cache + id: dependency-cache + uses: actions/cache@v3 + with: + path: '**/node_modules' + key: pnpm-${{ steps.node-version.outputs.pnpm-version }}-${{ steps.node-version.outputs.node-version }}-${{ runner.os }}-${{ hashFiles('**/pnpm-lock.yaml') }} + + - name: Install Dependencies + if: ${{ inputs.force-install == 'true' || steps.dependency-cache.outputs.cache-hit != 'true' }} + shell: bash + run: pnpm i${{ inputs.frozen-lockfile == 'false' && ' --no-frozen-lockfile' || '' }} diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 00000000..c2740c82 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,12 @@ +# Summary + + diff --git a/.github/workflows/auto-approve.yaml b/.github/workflows/auto-approve.yaml new file mode 100644 index 00000000..09a742ae --- /dev/null +++ b/.github/workflows/auto-approve.yaml @@ -0,0 +1,20 @@ +--- +name: Renovate Bot dependency updates auto-merge + +permissions: + pull-requests: write + contents: write + +on: pull_request_target + +jobs: + renovate-autoapprove: + runs-on: ubuntu-latest + if: ${{ github.actor == 'renovate[bot]' }} + steps: + - name: Approve a PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + # Use the bot account PAT to allow auto-approve and merge the PRs + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} diff --git a/.github/workflows/cleanup-preview-packages.yaml b/.github/workflows/cleanup-preview-packages.yaml new file mode 100644 index 00000000..2c0e85d2 --- /dev/null +++ b/.github/workflows/cleanup-preview-packages.yaml @@ -0,0 +1,34 @@ +name: Cleanup PR preview packages +on: + workflow_dispatch: + + schedule: + - cron: '0 2/6 * * 6,0' + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + cleanup: + name: Cleanup PR Previews + runs-on: ubuntu-latest + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} + + steps: + - name: Checkout Source Code + uses: actions/checkout@v4 + + - name: Prepare cleanup + id: prepare + run: | + echo "openPRs=$(gh pr list --state open --json number|jq -cM 'map(.number|tostring)')" >> $GITHUB_OUTPUT + echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc + + - name: Cleanup PR preview + uses: Kong/public-shared-actions/pr-previews/cleanup@main + with: + package: "@kong/markdown" + openPRs: ${{ steps.prepare.outputs.openPRs }} diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml new file mode 100644 index 00000000..8754169f --- /dev/null +++ b/.github/workflows/commitlint.yaml @@ -0,0 +1,21 @@ +name: Lint Commit Messages + +on: + pull_request: + +jobs: + commitlint: + if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]' }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + # See https://github.com/wagoid/commitlint-github-action/issues/560 + - name: Remove tsconfig + run: rm tsconfig.json + + - uses: wagoid/commitlint-github-action@v5.4.4 + with: + configFile: commitlint.config.cjs diff --git a/.github/workflows/pr-closed.yaml b/.github/workflows/pr-closed.yaml new file mode 100644 index 00000000..066e3784 --- /dev/null +++ b/.github/workflows/pr-closed.yaml @@ -0,0 +1,22 @@ +name: On closing PR +on: + pull_request_target: + types: + - closed + +jobs: + remove-pr-preview-comment: + name: Remove PR preview comment from PR + runs-on: ubuntu-latest + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} + steps: + - name: Checkout Source Code + uses: actions/checkout@v4 + + - name: Remove preview consumption comment + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr_preview_consumption + delete: true + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 00000000..1b11baec --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,51 @@ +name: Publish + +on: + push: + branches: + - main + - alpha + - beta + +jobs: + run-tests: + name: Tests + uses: ./.github/workflows/test.yaml + + publish: + name: Build and Publish + needs: + - run-tests + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.KONGPONENTS_BOT_PAT }} + + - name: setup git + run: | + git config user.email "konnectx-engineers+kongponents-bot@konghq.com" + git config user.name "Kong UI Bot" + + - name: Create .npmrc + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} + # Reference the env variable NPM_TOKEN here, not the secret + run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc + + - name: Setup PNPM with Dependencies + uses: ./.github/actions/setup-pnpm-with-dependencies/ + + - name: Build + # Since we lint in the Tests job, we can just build here + run: pnpm run build + + - name: Semantic Release + uses: cycjimmy/semantic-release-action@v3 + env: + # Since branch protections are on (pushing commits) you need to use a bot PAT + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} + diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 00000000..7cb78248 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,111 @@ +name: Tests + +on: + pull_request: + types: + - opened + - synchronize + - reopened + - labeled + branches: + - main + - alpha + - beta + + # Allow calling manually from GitHub + workflow_dispatch: + + # Allow workflow to be called by another workflow + workflow_call: + +jobs: + test: + name: Run Tests + runs-on: ubuntu-latest + timeout-minutes: 20 + steps: + - name: Remove preview consumption comment + if: github.event_name == 'pull_request' + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr_preview_consumption + delete: true + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} + + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup PNPM with Dependencies + uses: ./.github/actions/setup-pnpm-with-dependencies/ + with: + force-install: true + + - name: Stylelint + run: pnpm run stylelint + + - name: Lint + run: pnpm run lint + + - name: Build + run: pnpm run build + + - name: Test + run: pnpm run test + + - name: Publish Package Preview + id: package-preview + # Do not run for `alpha` or `beta` branches + if: github.event_name == 'pull_request' && (github.actor != 'renovate[bot]' || contains(github.event.pull_request.labels.*.name, 'create preview package')) && !contains(github.head_ref || github.ref_name, 'alpha') && !contains(github.head_ref || github.ref_name, 'beta') + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} + run: | + git config user.email "konnectx-engineers+kongponents-bot@konghq.com" + git config user.name "Kong UI Bot" + + preid="pr.${{ github.event.pull_request.number }}.$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" + tag="pr-${{ github.event.pull_request.number }}" + echo "preid=${preid}" + + echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc + + # Use yarn to bump the version for the prerelease + pnpm version prerelease --preid ${preid} --no-git-tag-version --yes --amend + + package_version=$(jq -r ".version" package.json) + package=@kong/markdown@"${package_version}" + + npm show "${package}" >/dev/null 2>&1 && npm_show_status=0 || npm_show_status=1 + if [ $npm_show_status -eq 0 ]; then + echo "Package ${package} is already published. Skipping publishing." + exit 0 + fi + + npm_instructions="" + + pkg=$(pnpm publish --no-git-checks --access public --report-summary --tag "${tag}" | grep "+ "| sed 's/+ //') + + if [[ -z "${pkg}" ]]; then + echo "Error publishing package" + exit -1 + fi + + npm_instructions="@$(echo ${pkg}|cut -d'@' -f2)@${tag}" + + echo "npm_instructions<> $GITHUB_OUTPUT + echo -e "$npm_instructions" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + - name: Provide preview link info + if: ${{ steps.package-preview.outputs.npm_instructions != '' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr_preview_consumption + message: | + ### Install the preview package from this PR + + ```sh + ${{ steps.package-preview.outputs.npm_instructions }} + ``` + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }}