diff --git a/.github/auto-release.yml b/.github/auto-release.yml index 17cd39c..cc9bf05 100644 --- a/.github/auto-release.yml +++ b/.github/auto-release.yml @@ -18,6 +18,7 @@ version-resolver: - 'bug' - 'hotfix' default: 'minor' +filter-by-commitish: true categories: - title: '🚀 Enhancements' diff --git a/.github/mergify.yml b/.github/mergify.yml index ef15545..148d85c 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -4,13 +4,17 @@ pull_request_rules: - name: "approve automated PRs that have passed checks" conditions: - "author~=^(cloudpossebot|renovate\\[bot\\])$" - - "base=master" - "-closed" - "head~=^(auto-update|renovate)/.*" - "check-success=test/bats" - "check-success=test/readme" - "check-success=test/terratest" - "check-success=validate-codeowners" + - or: + - "base=master" + - "base=main" + - "base~=^release/v\\d{1,2}$" + actions: review: type: "APPROVE" @@ -20,7 +24,6 @@ pull_request_rules: - name: "merge automated PRs when approved and tests pass" conditions: - "author~=^(cloudpossebot|renovate\\[bot\\])$" - - "base=master" - "-closed" - "head~=^(auto-update|renovate)/.*" - "check-success=test/bats" @@ -30,6 +33,11 @@ pull_request_rules: - "#approved-reviews-by>=1" - "#changes-requested-reviews-by=0" - "#commented-reviews-by=0" + - or: + - "base=master" + - "base=main" + - "base~=^release/v\\d{1,2}$" + actions: merge: method: "squash" @@ -50,7 +58,10 @@ pull_request_rules: - name: "remove outdated reviews" conditions: - - "base=master" + - or: + - "base=master" + - "base=main" + - "base~=^release/v\\d{1,2}$" actions: dismiss_reviews: changes_requested: true diff --git a/.github/renovate.json b/.github/renovate.json index a780298..b61ed24 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -3,6 +3,7 @@ "config:base", ":preserveSemverRanges" ], + "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"], "labels": ["auto-update"], "dependencyDashboardAutoclose": true, "enabledManagers": ["terraform"], diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml deleted file mode 100644 index 831e7fa..0000000 --- a/.github/workflows/auto-context.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: "auto-context" -on: - schedule: - # Update context.tf nightly - - cron: '0 3 * * *' - -jobs: - update: - if: github.event_name == 'schedule' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Update context.tf - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - if [[ -f context.tf ]]; then - echo "Discovered existing context.tf! Fetching most recent version to see if there is an update." - curl -o context.tf -fsSL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf - if git diff --no-patch --exit-code context.tf; then - echo "No changes detected! Exiting the job..." - else - echo "context.tf file has changed. Update examples and rebuild README.md." - make init - make github/init/context.tf - make readme/build - echo "create_pull_request=true" >> "$GITHUB_OUTPUT" - fi - else - echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." - fi - - - name: Create Pull Request - if: steps.update.outputs.create_pull_request == 'true' - uses: cloudposse/actions/github/create-pull-request@0.30.0 - with: - token: ${{ secrets.REPO_ACCESS_TOKEN }} - committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' - author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' - commit-message: Update context.tf from origin source - title: Update context.tf - body: |- - ## what - This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` - - ## why - To support all the features of the `context` interface. - - branch: auto-update/context.tf - base: master - delete-branch: true - labels: | - auto-update - context diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml deleted file mode 100644 index b8c2064..0000000 --- a/.github/workflows/auto-format.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: Auto Format -on: - pull_request_target: - types: [opened, synchronize] - -jobs: - auto-format: - runs-on: ubuntu-latest - container: cloudposse/build-harness:latest - steps: - # Checkout the pull request branch - # "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using - # the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains - # a workflow configured to run when push events occur." - # However, using a personal access token will cause events to be triggered. - # We need that to ensure a status gets posted after the auto-format commit. - # We also want to trigger tests if the auto-format made no changes. - - uses: actions/checkout@v2 - if: github.event.pull_request.state == 'open' - name: Privileged Checkout - with: - token: ${{ secrets.REPO_ACCESS_TOKEN }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - # Check out the PR commit, not the merge commit - # Use `ref` instead of `sha` to enable pushing back to `ref` - ref: ${{ github.event.pull_request.head.ref }} - - # Do all the formatting stuff - - name: Auto Format - if: github.event.pull_request.state == 'open' - shell: bash - env: - GITHUB_TOKEN: "${{ secrets.REPO_ACCESS_TOKEN }}" - run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host - - # Commit changes (if any) to the PR branch - - name: Commit changes to the PR branch - if: github.event.pull_request.state == 'open' - shell: bash - id: commit - env: - SENDER: ${{ github.event.sender.login }} - run: | - set -x - output=$(git diff --name-only) - - if [ -n "$output" ]; then - echo "Changes detected. Pushing to the PR branch" - git config --global user.name 'cloudpossebot' - git config --global user.email '11232728+cloudpossebot@users.noreply.github.com' - git add -A - git commit -m "Auto Format" - # Prevent looping by not pushing changes in response to changes from cloudpossebot - [[ $SENDER == "cloudpossebot" ]] || git push - # Set status to fail, because the push should trigger another status check, - # and we use success to indicate the checks are finished. - echo "changed=true" >> "$GITHUB_OUTPUT" - exit 1 - else - echo "changed=false" >> "$GITHUB_OUTPUT" - echo "No changes detected" - fi - - - name: Auto Test - uses: cloudposse/actions/github/repository-dispatch@0.30.0 - # match users by ID because logins (user names) are inconsistent, - # for example in the REST API Renovate Bot is `renovate[bot]` but - # in GraphQL it is just `renovate`, plus there is a non-bot - # user `renovate` with ID 1832810. - # Mergify bot: 37929162 - # Renovate bot: 29139614 - # Cloudpossebot: 11232728 - # Need to use space separators to prevent "21" from matching "112144" - if: > - contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id)) - && steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open' - with: - token: ${{ secrets.REPO_ACCESS_TOKEN }} - repository: cloudposse/actions - event-type: test-command - client-payload: |- - { "slash_command":{"args": {"unnamed": {"all": "all", "arg1": "all"}}}, - "pull_request": ${{ toJSON(github.event.pull_request) }}, - "github":{"payload":{"repository": ${{ toJSON(github.event.repository) }}, - "comment": {"id": ""} - } - } - } diff --git a/.github/workflows/auto-readme.yml b/.github/workflows/auto-readme.yml deleted file mode 100644 index b2db520..0000000 --- a/.github/workflows/auto-readme.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: "auto-readme" -on: - workflow_dispatch: - - schedule: - # Example of job definition: - # .---------------- minute (0 - 59) - # | .------------- hour (0 - 23) - # | | .---------- day of month (1 - 31) - # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... - # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat - # | | | | | - # * * * * * user-name command to be executed - - # Update README.md nightly at 4am UTC - - cron: '0 4 * * *' - -jobs: - update: - if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Find default branch name - id: defaultBranch - shell: bash - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name) - echo "defaultBranch=${default_branch}" >> "$GITHUB_OUTPUT" - printf "defaultBranchRef.name=%s\n" "${default_branch}" - - - name: Update readme - shell: bash - id: update - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - DEF: "${{ steps.defaultBranch.outputs.defaultBranch }}" - run: | - make init - make readme/build - # Ignore changes if they are only whitespace - if ! git diff --quiet README.md && git diff --ignore-all-space --ignore-blank-lines --quiet README.md; then - git restore README.md - echo Ignoring whitespace-only changes in README - fi - - - name: Create Pull Request - # This action will not create or change a pull request if there are no changes to make. - # If a PR of the auto-update/readme branch is open, this action will just update it, not create a new PR. - uses: cloudposse/actions/github/create-pull-request@0.30.0 - with: - token: ${{ secrets.REPO_ACCESS_TOKEN }} - commit-message: Update README.md and docs - title: Update README.md and docs - body: |- - ## what - This is an auto-generated PR that updates the README.md and docs - - ## why - To have most recent changes of README.md and doc from origin templates - - branch: auto-update/readme - base: ${{ steps.defaultBranch.outputs.defaultBranch }} - delete-branch: true - labels: | - auto-update - no-release - readme diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml deleted file mode 100644 index 17d6cab..0000000 --- a/.github/workflows/auto-release.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: auto-release - -on: - push: - branches: - - main - - master - - production - -jobs: - publish: - runs-on: ubuntu-latest - steps: - # Get PR from merged commit to master - - uses: actions-ecosystem/action-get-merged-pull-request@v1 - id: get-merged-pull-request - with: - github_token: ${{ secrets.REPO_ACCESS_TOKEN }} - # Drafts your next Release notes as Pull Requests are merged into "main" - - uses: release-drafter/release-drafter@v5 - with: - publish: ${{ !contains(steps.get-merged-pull-request.outputs.labels, 'no-release') }} - prerelease: false - config-name: auto-release.yml - env: - GITHUB_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml deleted file mode 100644 index 0f64574..0000000 --- a/.github/workflows/chatops.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: chatops -on: - issue_comment: - types: [created] - -jobs: - default: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: "Handle common commands" - uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 - with: - token: ${{ secrets.REPO_ACCESS_TOKEN }} - reaction-token: ${{ secrets.GITHUB_TOKEN }} - repository: cloudposse/actions - commands: rebuild-readme, terraform-fmt - permission: triage - issue-type: pull-request - - test: - runs-on: ubuntu-latest - steps: - - name: "Checkout commit" - uses: actions/checkout@v2 - - name: "Run tests" - uses: cloudposse/actions/github/slash-command-dispatch@0.30.0 - with: - token: ${{ secrets.REPO_ACCESS_TOKEN }} - reaction-token: ${{ secrets.GITHUB_TOKEN }} - repository: cloudposse/actions - commands: test - permission: triage - issue-type: pull-request - reactions: false - - diff --git a/.github/workflows/feature-branch-chatops.yml b/.github/workflows/feature-branch-chatops.yml new file mode 100644 index 0000000..9abfc61 --- /dev/null +++ b/.github/workflows/feature-branch-chatops.yml @@ -0,0 +1,16 @@ +--- +name: feature-branch-chatops +on: + issue_comment: + types: [created] + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch-chatops.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml new file mode 100644 index 0000000..8faa955 --- /dev/null +++ b/.github/workflows/feature-branch.yml @@ -0,0 +1,19 @@ +--- +name: feature-branch +on: + pull_request: + branches: + - main + - release/** + types: [opened, synchronize, reopened, labeled, unlabeled] + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/feature-branch.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml new file mode 100644 index 0000000..3f8fe62 --- /dev/null +++ b/.github/workflows/release-branch.yml @@ -0,0 +1,22 @@ +--- +name: release-branch +on: + push: + branches: + - main + - release/** + paths-ignore: + - '.github/**' + - 'docs/**' + - 'examples/**' + - 'test/**' + +permissions: + contents: write + id-token: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-branch.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml new file mode 100644 index 0000000..f86352b --- /dev/null +++ b/.github/workflows/release-published.yml @@ -0,0 +1,14 @@ +--- +name: release-published +on: + release: + types: + - published + +permissions: + contents: write + id-token: write + +jobs: + terraform-module: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml new file mode 100644 index 0000000..163be0b --- /dev/null +++ b/.github/workflows/scheduled.yml @@ -0,0 +1,17 @@ +--- +name: scheduled +on: + workflow_dispatch: { } # Allows manually trigger this workflow + schedule: + - cron: "0 3 * * *" + +permissions: + pull-requests: write + id-token: write + contents: write + +jobs: + scheduled: + uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/scheduled.yml@main + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml deleted file mode 100644 index b3f7c32..0000000 --- a/.github/workflows/validate-codeowners.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Validate Codeowners -on: - workflow_dispatch: - - pull_request: - -jobs: - validate-codeowners: - runs-on: ubuntu-latest - steps: - - name: "Checkout source code at current commit" - uses: actions/checkout@v2 - # Leave pinned at 0.7.1 until https://github.com/mszostok/codeowners-validator/issues/173 is resolved - - uses: mszostok/codeowners-validator@v0.7.1 - if: github.event.pull_request.head.repo.full_name == github.repository - name: "Full check of CODEOWNERS" - with: - # For now, remove "files" check to allow CODEOWNERS to specify non-existent - # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos - # checks: "files,syntax,owners,duppatterns" - checks: "syntax,owners,duppatterns" - owner_checker_allow_unowned_patterns: "false" - # GitHub access token is required only if the `owners` check is enabled - github_access_token: "${{ secrets.REPO_ACCESS_TOKEN }}" - - uses: mszostok/codeowners-validator@v0.7.1 - if: github.event.pull_request.head.repo.full_name != github.repository - name: "Syntax check of CODEOWNERS" - with: - checks: "syntax,duppatterns" - owner_checker_allow_unowned_patterns: "false"