From 6cd68cb1885a5b1123bbbac1058163cc79e0eca1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Wed, 5 Jun 2024 17:50:30 +0200 Subject: [PATCH] CI updates This is done by the automated script named upgrade-c2cciutils-to-1.7 --- .github/workflows/changelog.yaml | 51 -------------- .github/workflows/codeql.yaml | 28 -------- .github/workflows/main.yaml | 18 ++++- .github/workflows/pr-checks.yaml | 29 -------- .../workflows/pull-request-automation.yaml | 67 +++---------------- 5 files changed, 24 insertions(+), 169 deletions(-) delete mode 100644 .github/workflows/changelog.yaml delete mode 100644 .github/workflows/codeql.yaml delete mode 100644 .github/workflows/pr-checks.yaml diff --git a/.github/workflows/changelog.yaml b/.github/workflows/changelog.yaml deleted file mode 100644 index cfd5cc44f..000000000 --- a/.github/workflows/changelog.yaml +++ /dev/null @@ -1,51 +0,0 @@ -name: Changelog Generator - -on: - schedule: - - cron: 0 0 * * 1,4 - push: - tags: - - '*.*.*' - -jobs: - changelog: - name: Changelog Generator - runs-on: ubuntu-22.04 - timeout-minutes: 30 - - steps: - - uses: actions/checkout@v4 - if: github.event_name == 'push' && github.ref_type == 'tag' - - name: Create release - run: |- - if [[ ${{ github.ref_name }} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - gh release create ${{ github.ref_name }} --generate-notes || true - fi - if: github.event_name == 'push' && github.ref_type == 'tag' - env: - GH_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} - - - name: Get Date - id: get-date - run: echo "date=$(/bin/date -u "+%Y%m%d%H%M%S")" >> $GITHUB_OUTPUT - - uses: actions/cache@v3 - with: - path: .cache - key: automation-${{ steps.get-date.outputs.date }} - restore-keys: |+ - automation- - - - run: docker pull aeonphp/automation - - name: Generate changelog - run: >- - docker run --env=AEON_AUTOMATION_GH_TOKEN --rm --volume=$(pwd)/.cache:/cache aeonphp/automation - changelog:generate:all - ${{ github.repository }} - --github-release-update - --cache-path=/cache - --skip-from=dependabot-preview[bot] - --skip-from=dependabot[bot] - --skip-from=renovate[bot] - -v - env: - AEON_AUTOMATION_GH_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml deleted file mode 100644 index 89ee984ea..000000000 --- a/.github/workflows/codeql.yaml +++ /dev/null @@ -1,28 +0,0 @@ -name: CodeQL scanning - -on: - push: - -env: - HAS_SECRETS: ${{ secrets.HAS_SECRETS }} - -jobs: - codeql: - name: CodeQL scanning - runs-on: ubuntu-22.04 - timeout-minutes: 30 - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 1 - if: env.HAS_SECRETS == 'HAS_SECRETS' - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - if: env.HAS_SECRETS == 'HAS_SECRETS' - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - if: env.HAS_SECRETS == 'HAS_SECRETS' diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index f8de54464..b3c1ba98b 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -14,8 +14,8 @@ env: jobs: main: - runs-on: ubuntu-22.04 name: Continuous integration + runs-on: ubuntu-22.04 timeout-minutes: 30 if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" @@ -46,7 +46,13 @@ jobs: - run: pre-commit run --all-files env: SKIP: poetry-lock - - run: git diff && false + - run: git diff --exit-code --patch > /tmp/pre-commit.patch || true + if: failure() + - uses: actions/upload-artifact@v4 + with: + name: Apply pre-commit fix.patch + path: /tmp/pre-commit.patch + retention-days: 1 if: failure() - name: Checks run: c2cciutils-checks @@ -73,6 +79,14 @@ jobs: retention-days: 5 if: failure() + - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true + if: failure() + - uses: actions/upload-artifact@v4 + with: + name: Update dpkg versions list.patch + path: /tmp/dpkg-versions.patch + retention-days: 1 + if: failure() - name: Publish run: c2cciutils-publish if: env.HAS_SECRETS == 'HAS_SECRETS' diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml deleted file mode 100644 index b3e991a22..000000000 --- a/.github/workflows/pr-checks.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Pull request check - -on: - pull_request: - types: - - opened - - reopened - - edited - - synchronize - -jobs: - build: - name: Pull request check - runs-on: ubuntu-22.04 - timeout-minutes: 5 - if: github.event.pull_request.user.login != 'renovate[bot]' - - steps: - - run: pip install --upgrade attrs - - uses: actions/checkout@v4 - - - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} - - run: python3 -m pip install --user --pre c2cciutils[pr_checks] - - - name: Check pull request - run: c2cciutils-pull-request-checks - env: - GITHUB_EVENT: ${{ toJson(github) }} - GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} diff --git a/.github/workflows/pull-request-automation.yaml b/.github/workflows/pull-request-automation.yaml index 14746f289..0fab60272 100644 --- a/.github/workflows/pull-request-automation.yaml +++ b/.github/workflows/pull-request-automation.yaml @@ -26,7 +26,7 @@ jobs: with: script: |- console.log(context); - - name: Auto reviews Renovate updates + - name: Auto reviews GHCI updates uses: actions/github-script@v7 with: script: |- @@ -37,10 +37,13 @@ jobs: event: 'APPROVE', }) if: |- - github.event.pull_request.user.login == 'renovate[bot]' + startsWith(github.head_ref, 'ghci/audit/') + && (github.event.pull_request.user.login == 'ghci-test[bot]' + || github.event.pull_request.user.login == 'ghci-int[bot]' + || github.event.pull_request.user.login == 'ghci[bot]') && (github.event.action == 'opened' || github.event.action == 'reopened') - - name: Auto review and merge snyk auto fix + - name: Auto reviews Renovate updates uses: actions/github-script@v7 with: script: |- @@ -49,62 +52,8 @@ jobs: repo: context.repo.repo, pull_number: context.payload.pull_request.number, event: 'APPROVE', - }); - github.graphql(` - mutation { - enablePullRequestAutoMerge(input: { - pullRequestId: "${context.payload.pull_request.node_id}", - mergeMethod: SQUASH, - }) { - pullRequest { - autoMergeRequest { - enabledAt - } - } - } - } - `) - if: |- - github.event.pull_request.user.login == 'c2c-bot-gis-ci-2' - && startsWith(github.head_ref, 'snyk-fix/') - && (github.event.action == 'opened' - || github.event.action == 'reopened') - - name: Restart audit workflow - uses: actions/github-script@v7 - with: - script: |- - let runs = await github.rest.actions.listWorkflowRuns({ - owner: context.repo.owner, - repo: context.repo.repo, - workflow_id: 'audit.yaml', - per_page: 1, - }); - runs = runs.data.workflow_runs; - if (runs.length == 1 && runs[0].status != 'success') { - console.log(`Rerun workflow ${runs[0].id} ${runs[0].status}`); - github.rest.actions.reRunWorkflowFailedJobs({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: runs[0].id, - }); - } - if: |- - github.event.pull_request.user.login == 'c2c-bot-gis-ci-2' - && (startsWith(github.head_ref, 'snyk-fix/') - || startsWith(github.head_ref, 'dpkg-update/')) - && github.event.action == 'closed' - && github.event.pull_request.merged == true - - name: Auto close pre-commit.ci autoupdate - uses: actions/github-script@v7 - with: - script: |- - github.rest.pulls.update({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.payload.pull_request.number, - state: 'closed', - }); + }) if: |- - github.event.pull_request.user.login == 'pre-commit-ci' + github.event.pull_request.user.login == 'renovate[bot]' && (github.event.action == 'opened' || github.event.action == 'reopened')