build(release): create workflow (#23)

Co-authored-by: Lucas Rodriguez <[email protected]>
Co-authored-by: razzle <[email protected]>

.github/actions/release/action.yaml

@@ -0,0 +1,38 @@
+name: release
+description: Given a module name, bump the version based upon the commit(s) since last release, generate release notes, tag with the bumped version, and trigger a GitHub release.
+inputs:
+  module:
+    description: "The module to be released"
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: bump module version
+      id: module-tag
+      run: |
+        cd internal/release
+        echo "new-version=$(go run main.go ${{ inputs.module }})" >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: install git cliffs
+      env:
+        # renovate: datasource=github-tags depName=orhun/git-cliff versioning=semver
+        VERSION: 2.1.2
+      run: |
+        curl --location --output /tmp/git-cliffs.tar.gz https://github.com/orhun/git-cliff/releases/download/v${VERSION}/git-cliff-${VERSION}-x86_64-unknown-linux-gnu.tar.gz
+        tar -xvzf /tmp/git-cliffs.tar.gz -C /tmp
+        mv /tmp/git-cliff-${VERSION}/git-cliff /usr/local/bin/
+      shell: bash
+
+    - name: generate release notes
+      run: |
+        git cliff --config cliff.toml --unreleased --tag ${{ steps.module-tag.outputs.new-version }} --include-path "${{ inputs.module }}/*" | tee notes.md
+      shell: bash
+
+    - name: Release
+      env:
+        GH_TOKEN: ${{ github.token }}
+      run: |
+        gh release create ${{ steps.module-tag.outputs.new-version }} --notes-file notes.md
+      shell: bash

.github/pull_request_template.md

@@ -7,14 +7,3 @@
 Fixes #
 <!-- or -->
 Relates to #
-
-## Type of change
-
-- [ ] Bug fix (non-breaking change which fixes an issue)
-- [ ] New feature (non-breaking change which adds functionality)
-- [ ] Other (security config, docs update, etc)
-
-## Checklist before merging
-
-- [ ] Test, docs, adr added or updated as needed
-- [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/pkg/blob/main/CONTRIBUTING.md) followed

.github/workflows/release-helpers.yaml

@@ -0,0 +1,22 @@
+name: Release Helpers
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'helpers/**'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Release
+        uses: ./.github/actions/release
+        with:
+          module: "helpers"

.github/workflows/scan-cves.yml → .github/workflows/scan-cves.yaml

@@ -24,4 +24,4 @@ jobs:
 
       - name: Check for CVEs in Dependencies
         # TODO: if this fails we should look at Zarf's .grype.yaml as there may be the same false positive
-        run: "make scan-cves"
+        run: "make scan"

.gitignore

@@ -1,2 +1,3 @@
 go.work
 cover.out
+internal/release/release

Makefile

@@ -1,43 +1,40 @@
-MODULES=$(shell find . -type f -name 'go.mod' -exec dirname {} \; | cut -c 3-)
+MODULES=$(shell find . -mindepth 2 -maxdepth 4 -type f -name 'go.mod' | cut -c 3- | sed 's|/[^/]*$$||' | sort -u | tr / :)
 
 build:
 	$(MAKE) $(addprefix build-, $(MODULES))
 
 build-%:
-	cd $*; go build .
+	cd $(subst :,/,$*); go build .
 
 tidy:
 	$(MAKE) $(addprefix tidy-, $(MODULES))
 
 tidy-%:
-	cd $*; go mod tidy
+	cd $(subst :,/,$*); go mod tidy
 
 fmt:
 	$(MAKE) $(addprefix fmt-, $(MODULES))
 
 fmt-%:
-	cd $*; go fmt ./...
+	cd $(subst :,/,$*); go fmt ./...
 
 vet:
 	$(MAKE) $(addprefix vet-, $(MODULES))
 
 vet-%:
-	cd $*; go vet ./... ;\
+	cd $(subst :,/,$*); go vet ./... ;\
 
 test:
 	$(MAKE) $(addprefix test-, $(MODULES))
 
 test-%:
-	cd $*; go test ./... -coverprofile cover.out ;
+	cd $(subst :,/,$*); go test ./... -coverprofile cover.out ;
 
 lint:
-	$(MAKE) $(addprefix lint-, $(MODULES))
-
-lint-%:
-	cd $*; revive -config ../revive.toml ./...
+	revive -config revive.toml ./..
 
 scan:
 	$(MAKE) $(addprefix scan-, $(MODULES))
 
 scan-%:
-	cd $*; syft scan . -o json | grype --fail-on low
+	cd $(subst :,/,$*); syft scan . -o json | grype --fail-on low

cliff.toml

@@ -0,0 +1,96 @@
+# git-cliff ~ default configuration file
+# https://git-cliff.org/docs/configuration
+
+[remote.github]
+owner = "defenseunicorns"
+repo = "pkg"
+
+[changelog]
+# changelog header
+header = """"""
+# template for the changelog body
+# https://keats.github.io/tera/docs/#introduction
+body = """
+{% for group, commits in commits | group_by(attribute="group") %}
+    ### {{ group | striptags | trim | upper_first }}
+    {% for commit in commits %}
+      {% if commit.github.pr_title -%}
+        {%- set commit_message = commit.github.pr_title -%}
+      {%- else -%}
+       {%- set commit_message = commit.message -%}
+      {%- endif -%}
+        - {% if commit.scope %}*({{ commit.scope }})* {% endif %}\
+            {% if commit.breaking %}[**breaking**] {% endif %}\
+            {{ commit_message | split(pat="\n") | first | trim }}\
+            {% if commit.github.username %} by @{{ commit.github.username }}{%- endif -%}
+            {% if commit.github.pr_number %} in \
+              [#{{ commit.github.pr_number }}]({{ self::remote_url() }}/pull/{{ commit.github.pr_number }}) \
+            {%- endif -%}
+    {% endfor %}
+{% endfor -%}
+{% if github.contributors | filter(attribute="is_first_time", value=true) | length > 0 %}
+## First Time Contributors
+{%- endif %}
+{% for contributor in github.contributors | filter(attribute="is_first_time", value=true) %}
+  - @{{ contributor.username }} made their first contribution in #{{ contributor.pr_number }}
+{%- endfor -%}
+
+{% if version %}
+    {% if previous.version %}
+      **Full Changelog**: {{ self::remote_url() }}/compare/{{ previous.version }}...{{ version }}
+    {% endif %}
+{% else -%}
+  {% raw %}\n{% endraw %}
+{% endif %}
+
+{%- macro remote_url() -%}
+  https://github.com/{{ remote.github.owner }}/{{ remote.github.repo }}
+{%- endmacro -%}
+"""
+# template for the changelog footer
+footer = """"""
+# remove the leading and trailing s
+trim = true
+# postprocessors
+postprocessors = [
+  # { pattern = '<REPO>', replace = "https://github.com/orhun/git-cliff" }, # replace repository URL
+]
+
+[git]
+# parse the commits based on https://www.conventionalcommits.org
+conventional_commits = true
+# filter out the commits that are not conventional
+filter_unconventional = false
+# process each line of a commit as an individual commit
+split_commits = false
+# regex for preprocessing the commit messages
+commit_preprocessors = [
+  # Replace issue numbers
+  #{ pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](<REPO>/issues/${2}))"},
+  # Check spelling of the commit with https://github.com/crate-ci/typos
+  # If the spelling is incorrect, it will be automatically fixed.
+  #{ pattern = '.*', replace_command = 'typos --write-changes -' },
+]
+# regex for parsing and grouping commits
+commit_parsers = [
+  { message = "^feat", group = "<!-- 0 -->🚀 Features" },
+  { message = "^fix", group = "<!-- 1 -->🐛 Bug Fixes" },
+  { message = "^doc", group = "<!-- 3 -->📚 Documentation" },
+  { message = "^perf", group = "<!-- 4 -->⚡ Performance" },
+  { message = "^refactor", group = "<!-- 2 -->🚜 Refactor" },
+  { message = "^style", group = "<!-- 5 -->🎨 Styling" },
+  { message = "^test", group = "<!-- 6 -->🧪 Testing" },
+  { message = "^chore\\(release\\): prepare for", skip = true },
+  { message = "^chore\\(deps.*\\)", skip = true },
+  { message = "^chore|^ci", group = "<!-- 7 -->⚙️ Miscellaneous Tasks" },
+  { body = ".*security", group = "<!-- 8 -->🛡️ Security" },
+  { message = "^revert", group = "<!-- 9 -->◀️ Revert" },
+]
+# protect breaking changes from being skipped due to matching a skipping commit_parser
+protect_breaking_commits = false
+# filter out the commits that are not matched by commit parsers
+filter_commits = false
+# sort the tags topologically
+topo_order = false
+# sort the commits inside sections by oldest/newest order
+sort_commits = "oldest"

internal/release/go.mod

@@ -0,0 +1,36 @@
+module github.com/defenseunicorns/pkg/internal/release
+
+go 1.22.1
+
+require (
+	github.com/Masterminds/semver v1.5.0
+	github.com/go-git/go-billy/v5 v5.5.0
+	github.com/go-git/go-git/v5 v5.11.0
+	github.com/stretchr/testify v1.8.4
+	golang.org/x/mod v0.16.0
+)
+
+require (
+	dario.cat/mergo v1.0.0 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/kevinburke/ssh_config v1.2.0 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/skeema/knownhosts v1.2.1 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	golang.org/x/crypto v0.19.0 // indirect
+	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/tools v0.13.0 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)