Skip to content

Commit

Permalink
ci: Updated for GHA best practices (#196)
Browse files Browse the repository at this point in the history
* Updated for GHA best practices

Signed-off-by: Roger Barker <[email protected]>

* Updated code owners file to scope lock root level codeowners file

Signed-off-by: Roger Barker <[email protected]>

---------

Signed-off-by: Roger Barker <[email protected]>
  • Loading branch information
rbarkerSL authored Jun 6, 2024
1 parent 5d48335 commit 6e3d988
Show file tree
Hide file tree
Showing 5 changed files with 72 additions and 10 deletions.
34 changes: 34 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
###################################
##### Global Protection Rule ######
###################################
# NOTE: This rule is overriden by the more specific rules below. This is the catch-all rule for all files not covered by the more specific rules below
* @hashgraph/developer-advocates

#########################
##### Core Files ######
#########################

# NOTE: Must be placed last to ensure enforcement over all other rules

# Protection Rules for Github Configuration Files and Actions Workflows
/.github/ @hashgraph/release-engineering @hashgraph/release-engineering-managers
/.github/workflows/ @hashgraph/release-engineering @hashgraph/release-engineering-managers @hashgraph/developer-advocates

# Self-protection for root CODEOWNERS files (this file should not exist and should definitely require approval)
/CODEOWNERS @hashgraph/release-engineering @hashgraph/release-engineering-managers

# Protect the repository root files
/README.md @hashgraph/release-engineering @hashgraph/release-engineering-managers @hashgraph/developer-advocates
**/LICENSE @hashgraph/release-engineering @hashgraph/release-engineering-managers

# Gradle project files and inline plugins
/gradle/ @hashgraph/release-engineering @hashgraph/release-engineering-managers @hashgraph/developer-advocates
gradlew @hashgraph/release-engineering @hashgraph/release-engineering-managers @hashgraph/developer-advocates
gradlew.bat @hashgraph/release-engineering @hashgraph/release-engineering-managers @hashgraph/developer-advocates
**/build-logic/ @hashgraph/release-engineering @hashgraph/release-engineering-managers @hashgraph/developer-advocates
**/gradle.* @hashgraph/release-engineering @hashgraph/release-engineering-managers @hashgraph/developer-advocates
**/*.gradle.* @hashgraph/release-engineering @hashgraph/release-engineering-managers @hashgraph/developer-advocates

# Git Ignore definitions
**/.gitignore @hashgraph/release-engineering @hashgraph/release-engineering-managers @hashgraph/developer-advocates
**/.gitignore.* @hashgraph/release-engineering @hashgraph/release-engineering-managers @hashgraph/developer-advocates
7 changes: 7 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
open-pull-requests-limit: 10
11 changes: 9 additions & 2 deletions .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,18 @@ on:
- v*
workflow_dispatch:

permissions:
contents: read

defaults:
run:
shell: bash

jobs:
# Push image to GitHub Packages.
# See also https://docs.docker.com/docker-hub/builds/
build_docker_images:
runs-on: ubuntu-latest
runs-on: [self-hosted, Linux, medium, ephemeral]
steps:
- name: Set version
run: echo "VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
Expand All @@ -33,7 +40,7 @@ jobs:
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin

- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5

- name: Build java node image
run: docker build . --file Dockerfile --tag ghcr.io/${{ github.repository }}/hedera_nft_auction_java_node:latest --tag ghcr.io/${{ github.repository }}/hedera_nft_auction_java_node:$VERSION --tag ghcr.io/${{ github.repository }}/hedera_nft_auction_java_node:$DATETIME --label "runnumber=${GITHUB_RUN_ID}"
Expand Down
15 changes: 11 additions & 4 deletions .github/workflows/system-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,21 @@ on:
branches: [ master ]
workflow_dispatch:

permissions:
contents: read

defaults:
run:
shell: bash

jobs:
build:

runs-on: ubuntu-latest
runs-on: [self-hosted, Linux, medium, ephemeral]

steps:
- uses: actions/checkout@v2
- uses: actions/cache@v2
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/hedera-nft-auction-demo-java-node/.gradle/caches
Expand All @@ -24,7 +31,7 @@ jobs:
restore-keys: |
${{ runner.os }}-gradle-`
- name: Set up JDK 14
uses: actions/setup-java@v2
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
java-version: '14'
distribution: 'adopt'
Expand Down
15 changes: 11 additions & 4 deletions .github/workflows/unit-integration-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,22 @@ on:
pull_request:
branches: [ master ]

permissions:
contents: read

defaults:
run:
shell: bash

jobs:
build:

runs-on: ubuntu-latest
runs-on: [self-hosted, Linux, medium, ephemeral]

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5

- uses: actions/cache@v2
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/hedera-nft-auction-demo-java-node/.gradle/caches
Expand All @@ -26,7 +33,7 @@ jobs:
${{ runner.os }}-gradle-`
- name: Set up JDK 14
uses: actions/setup-java@v2
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
java-version: '14'
distribution: 'adopt'
Expand Down

0 comments on commit 6e3d988

Please sign in to comment.