Merge pull request #119 from linkorb/generated-workflows-cleanup-9358

Generated workflows and devcontainer cleanup #9358
linkorb · Jan 21, 2025 · 9528db5 · 9528db5
2 parents 573f25e + 17fdcf5
commit 9528db5
Show file tree

Hide file tree

Showing 14 changed files with 79 additions and 168 deletions.
diff --git a/tasks/generate-files.yaml b/tasks/generate-files.yaml
@@ -24,14 +24,18 @@
     state: directory
 
 - name: Generate repo-ansible workflow
-  ansible.builtin.copy:
-    src: ./templates/.github/workflows/repo-ansible.yaml
-    dest: "{{ repo_path }}/.github/workflows/repo-ansible.yaml"
+  ansible.builtin.template:
+    src: ./templates/.github/workflows/auto-run-repo-ansible.yaml.j2
+    dest: "{{ repo_path }}/.github/workflows/auto-run-repo-ansible.yaml"
+    variable_start_string: '[['
+    variable_end_string: ']]'
 
 - name: Generate dependabot automerge workflow
-  ansible.builtin.copy:
-    src: ./templates/.github/workflows/dependabot-auto-merge.yaml
-    dest: "{{ repo_path }}/.github/workflows/dependabot-auto-merge.yaml"
+  ansible.builtin.template:
+    src: ./templates/.github/workflows/auto-merge-dependabot-prs.yaml.j2
+    dest: "{{ repo_path }}/.github/workflows/auto-merge-dependabot-prs.yaml"
+    variable_start_string: '[['
+    variable_end_string: ']]'
   when: repo.github.features.dependabot_auto_merge
 
 - name: Generate CODEOWNERS file

diff --git a/tasks/migrations/migration-v0.10.2.yaml b/tasks/migrations/migration-v0.10.2.yaml
@@ -0,0 +1,10 @@
+- name: remove renamed or repo-ansible dropped files
+  ansible.builtin.file:
+    path: "{{ repo_path }}/{{ item }}"
+    state: absent
+  loop:
+    - .devcontainer/git/hooks/pre-push
+    - .github/workflows/00-start.yaml
+    - .github/workflows/dependabot-auto-merge.yaml
+    - .github/workflows/repo-ansible.yaml
+    - .releaserc
diff --git a/tasks/other-dev-generated-files.yaml b/tasks/other-dev-generated-files.yaml
@@ -1,9 +1,9 @@
 - when: repo.github.features.sdlc_workflows
   block:
-  - name: copy semantic-release .releaserc file
-    ansible.builtin.copy:
-      src: ./templates/.releaserc
-      dest: "{{ repo_path }}/.releaserc"
+  - name: generate semantic-release config file
+    ansible.builtin.template:
+      src: ./templates/release.config.mjs.j2
+      dest: "{{ repo_path }}/release.config.mjs"
 
   - name: find workflow extensions
     ansible.builtin.command: "./library/list_extension_workflows.py '{{ repo_path }}'"
@@ -23,8 +23,6 @@
     vars:
       workflow_group: "{{ item.workflow_group }}"
     loop:
-      - target: 00-start.yaml
-        workflow_group: ""
       - target: 10-review.yaml
         workflow_group: "10"
       - target: 30-release-and-build.yaml

diff --git a/templates/.devcontainer/git/hooks/pre-push b/templates/.devcontainer/git/hooks/pre-push
diff --git a/templates/.github/workflows/00-start.yaml.j2 b/templates/.github/workflows/00-start.yaml.j2
diff --git a/templates/.github/workflows/10-review.yaml.j2 b/templates/.github/workflows/10-review.yaml.j2
@@ -12,12 +12,10 @@ jobs:
     # Don't enforce commit conventions checks for Dependabot
     if: github.actor != 'dependabot[bot]'
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
       # interesting alternative: https://github.com/cocogitto/cocogitto
-      - name: Conventional commit checker
-        uses: webiny/[email protected]
+      - uses: webiny/[email protected]
         # XXX: normal action versioning syntax (`@v1`) doesn't work with this action,
         # possibly because not published on the GitHub marketplace
 

diff --git a/templates/.github/workflows/30-release-and-build.yaml.j2 b/templates/.github/workflows/30-release-and-build.yaml.j2
@@ -3,14 +3,6 @@ name: Release
 
 on:
   workflow_dispatch:
-  workflow_call:
-    outputs:
-      new-release-published:
-        description: "Whether or not a new release was published."
-        value: ${{ jobs.build.outputs.new-release-published }}
-      release-version:
-        description: "The version string of the newly published release"
-        value: ${{ jobs.build.outputs.release-version }}
   push:
     branches:
       - [[ repo.github.default_branch ]]
@@ -23,59 +15,34 @@ permissions:
 jobs:
   build:
     runs-on: ubuntu-latest
-    outputs:
-      new-release-published: ${{ steps.semantic-release.outputs.new-release-published }}
-      release-version: ${{ steps.semantic-release.outputs.release-version }}
 
     steps:
-    - name: GitHub Environment Variables Action
-      uses: FranzDiebold/github-env-vars-action@v2
+    - uses: FranzDiebold/github-env-vars-action@v2
 
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
+    - uses: docker/setup-qemu-action@v3
 
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+    - uses: docker/setup-buildx-action@v3
       with:
         # moby/buildkit v0.11.0 causes untagged images to appear in github
         # packages and the workaround does not seem to have any effect
         # (set provenance=false in docker/build-push-action@v4)
         driver-opts: network=host,image=moby/buildkit:v0.10.5
 
-    - name: Create release
-      id: semantic-release
+    - id: semantic-release
       uses: codfish/semantic-release-action@v3
       with:
-        # support releasing the "main" branch
-        # whilst preserving the action defaults
-        branches: |
-          [
-            '+([0-9])?(.{+([0-9]),x}).x',
-            '[[ repo.github.default_branch ]]',
-            'next',
-            'next-major',
-            {
-              name: 'beta',
-              prerelease: true
-            },
-            {
-              name: 'alpha',
-              prerelease: true
-            }
-          ]
         additional-packages: |
           ['@semantic-release/changelog', '@semantic-release/git', '@semantic-release/exec']
         repository-url: 'https://github.com/${{ github.repository_owner }}/${{ env.CI_REPOSITORY_NAME }}.git'
         tag-format: 'v${version}'
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-    - name: Docker meta
-      id: meta
+    - id: meta
       uses: docker/metadata-action@v5
       with:
         images: |
@@ -85,15 +52,13 @@ jobs:
           type=raw,value=latest,enable={{is_default_branch}}
           type=raw,value=${{ steps.semantic-release.outputs.release-version }}
 
-    - name: Login to Container Registry ghcr.io
-      uses: docker/login-action@v3
+    - uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
-    - name: Build and push
-      uses: docker/build-push-action@v6
+    - uses: docker/build-push-action@v6
       with:
         context: .
         provenance: false

diff --git a/templates/.github/workflows/40-helm.yaml.j2 b/templates/.github/workflows/40-helm.yaml.j2
@@ -3,14 +3,6 @@ name: Helm Publish
 
 on:
   workflow_dispatch:
-  workflow_call:
-    inputs:
-      new-release-published:
-        required: true
-        type: string
-      release-version:
-        required: true
-        type: string
 
 jobs:
   helm:

diff --git a/templates/.github/workflows/50-security.yaml.j2 b/templates/.github/workflows/50-security.yaml.j2
@@ -9,21 +9,17 @@ jobs:
     name: security
     runs-on: ubuntu-latest
     steps:
-    - name: GitHub Environment Variables Action
-      uses: FranzDiebold/github-env-vars-action@v2
+    - uses: FranzDiebold/github-env-vars-action@v2
 
-    - name: Login to Docker Hub
-      uses: docker/login-action@v3
+    - uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
-    - name: Docker pull
-      run: docker pull ghcr.io/linkorb/${{ env.CI_REPOSITORY_NAME }}:latest
+    - run: docker pull ghcr.io/linkorb/${{ env.CI_REPOSITORY_NAME }}:latest
 
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
+    - uses: aquasecurity/trivy-action@master
       with:
         image-ref: ghcr.io/linkorb/${{ env.CI_REPOSITORY_NAME }}:latest
         format: 'table'

diff --git a/templates/.github/workflows/90-cleanup.yaml.j2 b/templates/.github/workflows/90-cleanup.yaml.j2
@@ -1,11 +1,10 @@
 # [[ repo_managed ]]
-name: Cleanup
+name: Scheduled Cleanup
 
 on:
   schedule:
   - cron: 0 13 * * 2
   workflow_dispatch:
-  workflow_call:
 
 jobs:
   cleanup:
@@ -15,10 +14,9 @@ jobs:
       packages: write
 
     steps:
-    - name: GitHub Environment Variables Action
-      uses: FranzDiebold/github-env-vars-action@v2
+    - uses: FranzDiebold/github-env-vars-action@v2
 
-    - name: Delete an old version of the package, keeping a few of the newest
+    - name: Keep last 5 published container images
       uses: actions/delete-package-versions@v5
       with:
         package-name: "${{ env.CI_REPOSITORY_NAME }}"

diff --git a/...thub/workflows/dependabot-auto-merge.yaml → ...rkflows/auto-merge-dependabot-prs.yaml.j2 b/...thub/workflows/dependabot-auto-merge.yaml → ...rkflows/auto-merge-dependabot-prs.yaml.j2
@@ -1,3 +1,4 @@
+# [[ repo_managed ]]
 name: Auto-merge Dependabot PRs
 on: pull_request_target
 
@@ -10,12 +11,10 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
     steps:
-      - name: Dependabot metadata
-        id: metadata
+      - id: metadata
         uses: dependabot/fetch-metadata@v2
 
-      - name: Enable auto-merge for Dependabot PRs
-        if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'
+      - if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'
         run: gh pr merge --merge "$PR_URL"
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}

diff --git a/...lates/.github/workflows/repo-ansible.yaml → ...b/workflows/auto-run-repo-ansible.yaml.j2 b/...lates/.github/workflows/repo-ansible.yaml → ...b/workflows/auto-run-repo-ansible.yaml.j2
@@ -1,3 +1,4 @@
+# [[ repo_managed ]]
 name: Auto-run repo-ansible
 
 on:
@@ -6,12 +7,13 @@ on:
   pull_request_target:
     paths:
       - 'repo.yaml'
+      - 'docs/partials/*.md'
   push:
     branches:
-      - main
-      - master
+      - [[ repo.github.default_branch ]]
     paths:
       - 'repo.yaml'
+      - 'docs/partials/*.md'
 
 permissions:
   contents: write # allow git commits & push
@@ -61,7 +63,7 @@ jobs:
 
 
       - if: ${{ env.IS_PULL_REQUEST == '1' && env.REPOSITORY_CHANGED == '1' }}
-        name: comment with changes
+        name: bot comment about repo-ansible detected changes
         uses: actions/github-script@v7
         with:
           script: |
@@ -70,7 +72,7 @@ jobs:
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
-              body: `Following repo-ansible changes will be applied when merged to main/master branch
+              body: `Once PR is merged, repo-ansible will run on [[ repo.github.default_branch ]] and the following changes will apply
 
               \`\`\`shell
               ${changes}

diff --git a/templates/.releaserc b/templates/.releaserc