From c37c786e436d56ee54b789097a4b3d709496bbb3 Mon Sep 17 00:00:00 2001 From: Ahmad Nassri Date: Mon, 31 Jul 2023 10:24:42 -0400 Subject: [PATCH] ci: updated workflows --- .github/workflows/pull_request_target.yml | 5 +- .github/workflows/push.yml | 192 +--------------------- 2 files changed, 9 insertions(+), 188 deletions(-) diff --git a/.github/workflows/pull_request_target.yml b/.github/workflows/pull_request_target.yml index 736e767..cc152d1 100644 --- a/.github/workflows/pull_request_target.yml +++ b/.github/workflows/pull_request_target.yml @@ -10,9 +10,8 @@ permissions: read-all jobs: main: - uses: ahmadnassri/actions/.github/workflows/pull-request-target-template.yml@master - secrets: - github-token: ${{ secrets.GH_TOKEN }} + uses: ahmadnassri/actions/.github/workflows/pull-request-target.yml@master + secrets: inherit permissions: contents: write pull-requests: write diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 9b00c7c..245ec52 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -2,198 +2,20 @@ # Note: this file originates in template-action-docker # # ---------------------------------------------------- # +name: push + on: - push - workflow_dispatch -name: push - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - permissions: read-all jobs: - metadata: - runs-on: ubuntu-latest - - outputs: - image-name: ${{ steps.image.outputs.name }} - repository_is_template: ${{ steps.metadata.outputs.repository_is_template }} - repository_default_branch: ${{ steps.metadata.outputs.repository_default_branch }} - - steps: - - uses: actions/checkout@v3.5.3 - - - id: metadata - uses: ahmadnassri/action-metadata@v2.1.2 - - - id: image - run: echo "name=$(basename "${GITHUB_REPOSITORY/docker-//}")" >> "$GITHUB_OUTPUT" - - commit-lint: - timeout-minutes: 5 - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3.5.3 - - - uses: ahmadnassri/action-commit-lint@v2.1.9 - with: - config: .github/linters/.commit-lint.yml - - mega-linter: - timeout-minutes: 5 - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3.5.3 - - - uses: oxsecurity/megalinter/flavors/javascript@v7.2.1 - env: - GITHUB_TOKEN: ${{ github.token }} - MEGALINTER_CONFIG: .github/linters/.mega-linter.yml - GITHUB_COMMENT_REPORTER: true - GITHUB_STATUS_REPORTER: true - - - uses: actions/upload-artifact@v3 - if: ${{ success() }} || ${{ failure() }} - with: - name: mega-linter-reports - path: | - megalinter-reports - mega-linter.log - - release: - needs: - - metadata - - commit-lint - - mega-linter - - # only runs on main branch for non template repos - if: | - needs.metadata.outputs.repository_is_template == 'false' && - needs.metadata.outputs.repository_default_branch == github.ref_name - - timeout-minutes: 5 - - runs-on: ubuntu-latest - - permissions: - contents: write - packages: write - - outputs: - published: ${{ steps.release.outputs.published }} - version: ${{ steps.release.outputs.release-version }} - version-major: ${{ steps.release.outputs.release-version-major }} - version-minor: ${{ steps.release.outputs.release-version-minor }} - - steps: - - uses: actions/checkout@v3.5.3 - with: - submodules: true - - - id: release - uses: ahmadnassri/action-semantic-release@v2.2.3 - with: - config: ${{ github.workspace }}/.semantic.json - env: - GITHUB_TOKEN: ${{ github.token }} - - publish-docker: - needs: - - release - - metadata - - timeout-minutes: 5 - - if: ${{ needs.release.outputs.published == 'true' }} - - name: publish to ghcr.io - - runs-on: ubuntu-latest - - permissions: - contents: read - packages: write - - steps: - - uses: actions/checkout@v3.5.3 - - uses: docker/setup-qemu-action@v2 - - uses: docker/setup-buildx-action@v2 - - # login to registry - - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ github.token }} - - # publish - - uses: docker/build-push-action@v4 - with: - push: true - cache-from: type=gha - cache-to: type=gha,mode=max - platforms: linux/amd64,linux/arm64 - tags: | - ghcr.io/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:latest - ghcr.io/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:${{ needs.release.outputs.version-major }} - ghcr.io/${{ github.repository_owner }}/${{ needs.metadata.outputs.image-name }}:${{ needs.release.outputs.version }} - labels: | - org.opencontainers.image.title=${{ needs.metadata.outputs.image-name }} - org.opencontainers.image.url=${{ github.event.repository.html_url }} - org.opencontainers.image.version=${{ needs.release.outputs.version }} - org.opencontainers.image.source=${{ github.event.repository.html_url }} - org.opencontainers.image.revision=${{ github.sha }} - - alias: - needs: release - - if: ${{ needs.release.outputs.published == 'true' }} - - runs-on: ubuntu-latest - + main: + uses: ahmadnassri/actions/.github/workflows/push-action-docker.yml@master + secrets: inherit permissions: contents: write + statuses: write packages: write - - strategy: - matrix: - release: [ "v${{ needs.release.outputs.version }}" ] - alias: - - "v${{ needs.release.outputs.version-major }}" - - "v${{ needs.release.outputs.version-major }}.${{ needs.release.outputs.version-minor }}" - - steps: - - uses: actions/github-script@v6 - with: - script: | - const { data: { object: { sha } } } = await github.rest.git.getRef({ ...context.repo, ref: 'tags/${{ matrix.release }}' }) - await github.rest.git.deleteRef({ ...context.repo, ref: 'tags/${{ matrix.alias }}' }).catch(() => {}) - await github.rest.git.createRef({ ...context.repo, ref: 'refs/tags/${{ matrix.alias }}', sha }) - - template-sync: - timeout-minutes: 5 - - needs: - - metadata - - commit-lint - - mega-linter - - # only runs on main branch for template repos - if: | - needs.metadata.outputs.repository_is_template == 'true' && - needs.metadata.outputs.repository_default_branch == github.ref_name - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3.5.3 - - - uses: ahmadnassri/action-template-repository-sync@v2.4.6 - with: - github-token: ${{ secrets.GH_TOKEN }} + pull-requests: write