diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6b50e8d6..baf01293 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,21 +8,6 @@ env: BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }} jobs: - quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.3 - secrets: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - get_commit_id: - runs-on: ubuntu-22.04 - outputs: - commit_id: ${{ steps.commit_id.outputs.commit_id }} - steps: - - name: Get Commit ID - id: commit_id - run: | - echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" - get_asdf_version: runs-on: ubuntu-22.04 outputs: @@ -41,9 +26,27 @@ jobs: TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" + quality_checks: + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@2eb8f078b68454b53e83a62b4a6422c0f7aae6b3 + needs: [get_asdf_version] + with: + asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + get_commit_id: + runs-on: ubuntu-22.04 + outputs: + commit_id: ${{ steps.commit_id.outputs.commit_id }} + steps: + - name: Get Commit ID + id: commit_id + run: | + echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" + tag_release: needs: [quality_checks, get_commit_id, get_asdf_version] - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@dfe382696a37973eeb78ada43e3117fde9f1b875 + uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@361957c147279f5f0f68b64fde9927833363d5f7 with: dry_run: true asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} diff --git a/.github/workflows/dependabot_auto_approve_and_merge.yml b/.github/workflows/dependabot_auto_approve_and_merge.yml deleted file mode 100644 index 152af500..00000000 --- a/.github/workflows/dependabot_auto_approve_and_merge.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Dependabot auto-approve -on: pull_request - -permissions: - pull-requests: write - contents: write - -jobs: - dependabot: - runs-on: ubuntu-22.04 - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Get token from Github App - id: get_app_token - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ secrets.AUTOMERGE_APP_ID }} - private-key: ${{ secrets.AUTOMERGE_PEM }} - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@v2 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Approve patch and minor updates - if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}} - run: gh pr review "$PR_URL" --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - - name: Approve major updates of development dependencies - if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}} - run: gh pr review "$PR_URL" --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - - name: Comment on major updates of non-development dependencies - if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}} - run: | - gh pr comment "$PR_URL" --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**" - gh pr edit "$PR_URL" --add-label "requires-manual-qa" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - # enable auto merge on all dependabot prs - - name: Enable auto-merge for Dependabot PRs - run: gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml deleted file mode 100644 index 34f5dd4c..00000000 --- a/.github/workflows/pr-link.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: PR Link ticket -on: - pull_request: - types: [opened] -jobs: - link-ticket: - runs-on: ubuntu-22.04 - env: - REF: ${{ github.event.pull_request.head.ref }} - steps: - - name: Check ticket name conforms to requirements - run: echo "$REF" | grep -i -E -q "(aea-[0-9]+)|(apm-[0-9]+)|(apmspii-[0-9]+)|(adz-[0-9]+)|(amb-[0-9]+)|(dependabot\/)" - continue-on-error: true - - - name: Grab ticket name - if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - run: echo name=TICKET_NAME::"$(echo "$REF" | grep -i -o '\(aea-[0-9]\+\)\|\(apm-[0-9]\+\)\|\(apmspii-[0-9]\+\)\|\(adz-[0-9]\+\)|\(amb-[0-9]\+\)' | tr '[:lower:]' '[:upper:]')" >> "$GITHUB_ENV" - continue-on-error: true - env: - ACTIONS_ALLOW_UNSECURE_COMMANDS: true - - - name: Comment on PR with link to JIRA ticket - if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - continue-on-error: true - uses: unsplash/comment-on-pr@b5610c6125a7197eaec80072ea35ef53e1fc6035 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - msg: | - This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket: - # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }}) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index cb2a4917..27cdab31 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -8,13 +8,39 @@ env: BRANCH_NAME: ${{ github.event.pull_request.head.ref }} jobs: + dependabot-auto-approve-and-merge: + uses: NHSDigital/eps-workflow-dependabot/.github/workflows/dependabot-auto-approve-and-merge.yml@7bc662bb5f6528a429920af5ba74bda99f1f5d2e + secrets: + AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }} + AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }} + get_asdf_version: + runs-on: ubuntu-22.04 + outputs: + asdf_version: ${{ steps.asdf-version.outputs.version }} + tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} + steps: + - name: Checkout code + uses: actions/checkout@v5 + + - name: Get asdf version + id: asdf-version + run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT" + - name: Load config value + id: load-config + run: | + TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) + echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" + quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.3 + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@2eb8f078b68454b53e83a62b4a6422c0f7aae6b3 + needs: [get_asdf_version] + with: + asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} pr_title_format_check: - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/pr_title_check.yml@dfe382696a37973eeb78ada43e3117fde9f1b875 + uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/pr_title_check.yml@361957c147279f5f0f68b64fde9927833363d5f7 get_issue_number: runs-on: ubuntu-22.04 @@ -41,27 +67,10 @@ jobs: ).data[0].number; } result-encoding: string - get_asdf_version: - runs-on: ubuntu-22.04 - outputs: - asdf_version: ${{ steps.asdf-version.outputs.version }} - tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} - steps: - - name: Checkout code - uses: actions/checkout@v5 - - - name: Get asdf version - id: asdf-version - run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT" - - name: Load config value - id: load-config - run: | - TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) - echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" tag_release: needs: [get_asdf_version] - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@dfe382696a37973eeb78ada43e3117fde9f1b875 + uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@361957c147279f5f0f68b64fde9927833363d5f7 with: dry_run: true asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c2f8b123..e0ea3c20 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,21 +7,6 @@ env: BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }} jobs: - quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.1.3 - secrets: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - get_commit_id: - runs-on: ubuntu-22.04 - outputs: - commit_id: ${{ steps.commit_id.outputs.commit_id }} - steps: - - name: Get Commit ID - id: commit_id - run: | - echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" - get_asdf_version: runs-on: ubuntu-22.04 outputs: @@ -40,9 +25,27 @@ jobs: TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" + quality_checks: + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@2eb8f078b68454b53e83a62b4a6422c0f7aae6b3 + needs: [get_asdf_version] + with: + asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + get_commit_id: + runs-on: ubuntu-22.04 + outputs: + commit_id: ${{ steps.commit_id.outputs.commit_id }} + steps: + - name: Get Commit ID + id: commit_id + run: | + echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" + tag_release: needs: [quality_checks, get_commit_id, get_asdf_version] - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@dfe382696a37973eeb78ada43e3117fde9f1b875 + uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@361957c147279f5f0f68b64fde9927833363d5f7 with: dry_run: false asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}