diff --git a/.github/workflows/changelog.yaml b/.github/workflows/changelog.yaml deleted file mode 100644 index cfd5cc44f34b..000000000000 --- a/.github/workflows/changelog.yaml +++ /dev/null @@ -1,51 +0,0 @@ -name: Changelog Generator - -on: - schedule: - - cron: 0 0 * * 1,4 - push: - tags: - - '*.*.*' - -jobs: - changelog: - name: Changelog Generator - runs-on: ubuntu-22.04 - timeout-minutes: 30 - - steps: - - uses: actions/checkout@v4 - if: github.event_name == 'push' && github.ref_type == 'tag' - - name: Create release - run: |- - if [[ ${{ github.ref_name }} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - gh release create ${{ github.ref_name }} --generate-notes || true - fi - if: github.event_name == 'push' && github.ref_type == 'tag' - env: - GH_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} - - - name: Get Date - id: get-date - run: echo "date=$(/bin/date -u "+%Y%m%d%H%M%S")" >> $GITHUB_OUTPUT - - uses: actions/cache@v3 - with: - path: .cache - key: automation-${{ steps.get-date.outputs.date }} - restore-keys: |+ - automation- - - - run: docker pull aeonphp/automation - - name: Generate changelog - run: >- - docker run --env=AEON_AUTOMATION_GH_TOKEN --rm --volume=$(pwd)/.cache:/cache aeonphp/automation - changelog:generate:all - ${{ github.repository }} - --github-release-update - --cache-path=/cache - --skip-from=dependabot-preview[bot] - --skip-from=dependabot[bot] - --skip-from=renovate[bot] - -v - env: - AEON_AUTOMATION_GH_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml deleted file mode 100644 index 6f643584b233..000000000000 --- a/.github/workflows/codeql.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -name: CodeQL scanning - -on: - push: - -env: - HAS_SECRETS: ${{ secrets.HAS_SECRETS }} - -jobs: - codeql: - name: CodeQL scanning - runs-on: ubuntu-22.04 - timeout-minutes: 15 - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - if: env.HAS_SECRETS == 'HAS_SECRETS' - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - if: env.HAS_SECRETS == 'HAS_SECRETS' - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - if: env.HAS_SECRETS == 'HAS_SECRETS' - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - if: env.HAS_SECRETS == 'HAS_SECRETS' diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 79900e260cb1..75c202ce59a7 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -18,16 +18,17 @@ env: jobs: not-failed-backport: - runs-on: ubuntu-22.04 name: Test that's not a failed backport + runs-on: ubuntu-22.04 timeout-minutes: 5 + steps: - run: 'false' if: github.event.head_commit.message == '[skip ci] Add instructions to finish the backport.' main: - runs-on: ubuntu-22.04 name: Continuous integration + runs-on: ubuntu-22.04 timeout-minutes: 50 if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" @@ -79,7 +80,13 @@ jobs: key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-" - run: pre-commit run --all-files - - run: git diff + - run: git diff --exit-code --patch > /tmp/pre-commit.patch || true + if: failure() + - uses: actions/upload-artifact@v4 + with: + name: Apply pre-commit fix.patch + path: /tmp/pre-commit.patch + retention-days: 1 if: failure() - name: Checks run: c2cciutils-checks @@ -180,17 +187,17 @@ jobs: - name: Publish Storybook to Chromatic to run visual tests run: npm run chromatic -- --project-token=$(gopass show gs/ci/chromatic/ngeo_token) - if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name == 'push' env: NODE_OPTIONS: --openssl-legacy-provider + if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name == 'push' - name: Publish Storybook to Chromatic to run visual tests run: GITHUB_SHA=${GITHUB_SHA_} npm run chromatic -- --project-token=$(gopass show gs/ci/chromatic/ngeo_token) --branch-name=${GITHUB_HEAD_REF} - if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name != 'push' env: NODE_OPTIONS: --openssl-legacy-provider GITHUB_SHA_: ${{ steps.sha.outputs.sha }} + if: env.HAS_SECRETS == 'HAS_SECRETS' && github.event_name != 'push' - name: Notify c2cgeoportal run: > @@ -219,8 +226,8 @@ jobs: if: env.HAS_SECRETS == 'HAS_SECRETS' gh-pages: - runs-on: ubuntu-22.04 name: Github Pages + runs-on: ubuntu-22.04 timeout-minutes: 10 concurrency: gh-pages-push needs: @@ -239,9 +246,9 @@ jobs: - id: branch run: echo "branch=${GITHUB_REF}" >> $GITHUB_OUTPUT - if: env.HAS_SECRETS == 'HAS_SECRETS' env: GITHUB_REF: ${{ github.head_ref || github.ref_name }} + if: env.HAS_SECRETS == 'HAS_SECRETS' - uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml deleted file mode 100644 index 14489eb5873d..000000000000 --- a/.github/workflows/pr-checks.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Pull request check - -on: - pull_request: - types: - - opened - - reopened - - edited - - synchronize - -jobs: - build: - name: Pull request check - runs-on: ubuntu-22.04 - timeout-minutes: 5 - if: github.event.pull_request.user.login != 'renovate[bot]' - - steps: - - run: pip install --upgrade attrs - - uses: actions/checkout@v3 - - - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} - - run: python3 -m pip install --user --pre c2cciutils[pr_checks] - - - name: Check pull request - run: c2cciutils-pull-request-checks - env: - GITHUB_EVENT: ${{ toJson(github) }} - GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} diff --git a/.github/workflows/pull-request-automation.yaml b/.github/workflows/pull-request-automation.yaml index 14746f289441..0fab6027207e 100644 --- a/.github/workflows/pull-request-automation.yaml +++ b/.github/workflows/pull-request-automation.yaml @@ -26,7 +26,7 @@ jobs: with: script: |- console.log(context); - - name: Auto reviews Renovate updates + - name: Auto reviews GHCI updates uses: actions/github-script@v7 with: script: |- @@ -37,10 +37,13 @@ jobs: event: 'APPROVE', }) if: |- - github.event.pull_request.user.login == 'renovate[bot]' + startsWith(github.head_ref, 'ghci/audit/') + && (github.event.pull_request.user.login == 'ghci-test[bot]' + || github.event.pull_request.user.login == 'ghci-int[bot]' + || github.event.pull_request.user.login == 'ghci[bot]') && (github.event.action == 'opened' || github.event.action == 'reopened') - - name: Auto review and merge snyk auto fix + - name: Auto reviews Renovate updates uses: actions/github-script@v7 with: script: |- @@ -49,62 +52,8 @@ jobs: repo: context.repo.repo, pull_number: context.payload.pull_request.number, event: 'APPROVE', - }); - github.graphql(` - mutation { - enablePullRequestAutoMerge(input: { - pullRequestId: "${context.payload.pull_request.node_id}", - mergeMethod: SQUASH, - }) { - pullRequest { - autoMergeRequest { - enabledAt - } - } - } - } - `) - if: |- - github.event.pull_request.user.login == 'c2c-bot-gis-ci-2' - && startsWith(github.head_ref, 'snyk-fix/') - && (github.event.action == 'opened' - || github.event.action == 'reopened') - - name: Restart audit workflow - uses: actions/github-script@v7 - with: - script: |- - let runs = await github.rest.actions.listWorkflowRuns({ - owner: context.repo.owner, - repo: context.repo.repo, - workflow_id: 'audit.yaml', - per_page: 1, - }); - runs = runs.data.workflow_runs; - if (runs.length == 1 && runs[0].status != 'success') { - console.log(`Rerun workflow ${runs[0].id} ${runs[0].status}`); - github.rest.actions.reRunWorkflowFailedJobs({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: runs[0].id, - }); - } - if: |- - github.event.pull_request.user.login == 'c2c-bot-gis-ci-2' - && (startsWith(github.head_ref, 'snyk-fix/') - || startsWith(github.head_ref, 'dpkg-update/')) - && github.event.action == 'closed' - && github.event.pull_request.merged == true - - name: Auto close pre-commit.ci autoupdate - uses: actions/github-script@v7 - with: - script: |- - github.rest.pulls.update({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.payload.pull_request.number, - state: 'closed', - }); + }) if: |- - github.event.pull_request.user.login == 'pre-commit-ci' + github.event.pull_request.user.login == 'renovate[bot]' && (github.event.action == 'opened' || github.event.action == 'reopened') diff --git a/.github/workflows/test_url.yaml b/.github/workflows/test_url.yaml deleted file mode 100644 index 12f2aa67c1c1..000000000000 --- a/.github/workflows/test_url.yaml +++ /dev/null @@ -1,71 +0,0 @@ ---- -name: Add message on pull requests with the related examples - -on: - pull_request_target: - types: - - opened - -jobs: - all: - name: Add message on pull requests with the related examples - runs-on: ubuntu-22.04 - timeout-minutes: 2 - - steps: - - run: npm install --production @actions/github - - - run: | - echo " - const github = require('@actions/github'); - - async function run() { - // Get client and context - const client = new github.getOctokit(process.env.GITHUB_TOKEN); - - await client.rest.pulls.createReview({ - owner: github.context.issue.owner, - repo: github.context.issue.repo, - pull_number: github.context.issue.number, - body: [ - \`Examples: https://camptocamp.github.io/ngeo/\${process.env.GITHUB_HEAD_REF}/examples/\`, - \`Storybook: https://camptocamp.github.io/ngeo/\${process.env.GITHUB_HEAD_REF}/storybook/\`, - \`API help: https://camptocamp.github.io/ngeo/\${process.env.GITHUB_HEAD_REF}/api/apihelp/apihelp.html\`, - \`API documentation: https://camptocamp.github.io/ngeo/\${process.env.GITHUB_HEAD_REF}/apidoc/\`, - ].join('\n'), - event: 'COMMENT' - }); - } - - run(); - " > pr-message.js - if: github.actor != 'dependabot[bot]' - - - run: | - echo " - const github = require('@actions/github'); - - async function run() { - // Get client and context - const client = new github.getOctokit(process.env.GITHUB_TOKEN); - - await client.rest.pulls.createReview({ - owner: github.context.issue.owner, - repo: github.context.issue.repo, - pull_number: github.context.issue.number, - body: [ - \"This build can't have the Chromatic status because the secrets are missing.\", - \"To get the Chromatic status check you should assign one label, e.-g. \`get-chromatic-on-dependabot\`.\", - \"You can also check the status on https://www.chromatic.com/pullrequests?appId=612f928164063b003a629e5b.\" - ].join('\n'), - event: 'COMMENT' - }); - } - - run(); - " > pr-message.js - if: github.actor == 'dependabot[bot]' - - - run: node pr-message.js - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}