Merge pull request #13 from defenseunicorns/upgrade-tests-and-renovat…

…e-config chore: update to uds-common v0.3.9 and add upgrade-tests
defenseunicorns · Mar 29, 2024 · d2e5bf7 · d2e5bf7
2 parents ed7206b + 37e3401
commit d2e5bf7
Show file tree

Hide file tree

Showing 14 changed files with 216 additions and 211 deletions.
diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
@@ -0,0 +1,20 @@
+name: CI Docs Shim
+
+on:
+ pull_request:
+ branches: [main]
+ types: [milestoned, opened, synchronize]
+
+jobs:
+ run-test:
+ name: ${{ matrix.type }} ${{ matrix.flavor }}
+ runs-on: ubuntu-latest
+ timeout-minutes: 20
+ strategy:
+ matrix:
+ flavor: [upstream, registry1]
+ type: [install, upgrade]
+ steps:
+ - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }}
+ run: |
+ echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful."
diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
@@ -8,4 +8,4 @@ on:
 jobs:
  validate:
  name: Validate
- uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@417b9c2bc088f664c616c9929a2b3ce448d251f7
+ uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -0,0 +1,35 @@
+name: Scan
+
+on:
+ # This workflow is triggered on pull requests to the main branch.
+ pull_request:
+ branches: [main]
+ types: [milestoned, opened, synchronize]
+
+jobs:
+ validate:
+ runs-on: ubuntu-latest
+ name: Lint
+ permissions:
+ contents: read # Allows reading the repo contents
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ with:
+ fetch-depth: 0
+
+ - name: Environment setup
+ uses: defenseunicorns/uds-common/.github/actions/setup@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
+ with:
+ registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+ registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+ ghToken: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Install lint deps
+ run: |
+ uds run lint:deps
+
+ - name: Lint the repository
+ run: |
+ uds run lint:yaml
diff --git a/.github/workflows/pull-requests.yaml b/.github/workflows/pull-requests.yaml
diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml
@@ -5,6 +5,10 @@ on:
  branches:
  - main
 
+permissions:
+ contents: read
+ packages: write
+
 jobs:
  tag-new-version:
  name: Tag New Version
@@ -15,18 +19,18 @@ jobs:
  steps:
  - name: Create release tag
  id: tag
- uses: google-github-actions/release-please-action@cc61a07e2da466bebbc19b3a7dd01d6aecb20d1e # v4
+ uses: google-github-actions/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4.1.0
  - id: release-flag
  run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
 
  publish-package:
- strategy:
- matrix:
- flavor: [upstream, registry1]
  needs: tag-new-version
  if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
  runs-on: ubuntu-latest
- name: Publish package
+ name: Publish ${{ matrix.flavor }}
+ strategy:
+ matrix:
+ flavor: [upstream, registry1]
 
  permissions:
  contents: read
@@ -36,23 +40,17 @@ jobs:
  - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
  - name: Environment setup
- uses: defenseunicorns/uds-common/.github/actions/setup@417b9c2bc088f664c616c9929a2b3ce448d251f7
-
- - name: Iron Bank Login
- run: uds zarf tools registry login -u "${{secrets.IRON_BANK_ROBOT_USERNAME}}" -p "${{secrets.IRON_BANK_ROBOT_PASSWORD}}" registry1.dso.mil
-
- - name: Login to GHCR
- uses: docker/login-action@v3
+ uses: defenseunicorns/uds-common/.github/actions/setup@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
  with:
- registry: ghcr.io
- username: dummy
- password: ${{ secrets.GITHUB_TOKEN }}
+ registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+ registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+ ghToken: ${{ secrets.GITHUB_TOKEN }}
 
  - name: Publish Package
  run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }}
 
  - name: Save logs
  if: always()
- uses: defenseunicorns/uds-common/.github/actions/save-logs@417b9c2bc088f664c616c9929a2b3ce448d251f7
+ uses: defenseunicorns/uds-common/.github/actions/save-logs@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
  with:
- suffix: '${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}'
+ suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -0,0 +1,64 @@
+name: Test
+
+on:
+ pull_request:
+ branches: [main]
+ types: [milestoned, opened, synchronize]
+ paths-ignore:
+ - "**.md"
+ - "**.jpg"
+ - "**.png"
+ - "**.gif"
+ - "**.svg"
+ - "adr/**"
+ - "docs/**"
+ - ".gitignore"
+ - "renovate.json"
+ - ".release-please-config.json"
+ - "release-please-config.json"
+ - "oscal-component.yaml"
+ - "CODEOWNERS"
+ - "LICENSE"
+ - "CONTRIBUTING.md"
+ - "SECURITY.md"
+
+
+# Abort prior jobs in the same workflow / PR
+concurrency:
+ group: test-${{ github.ref }}-${{ inputs.package }}
+ cancel-in-progress: true
+
+permissions:
+ contents: read
+
+jobs:
+ test:
+ name: ${{ matrix.type }} ${{ matrix.flavor }}
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ flavor: [upstream, registry1]
+ type: [install, upgrade]
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+ - name: Environment setup
+ uses: defenseunicorns/uds-common/.github/actions/setup@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
+ with:
+ registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+ registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+ ghToken: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Test
+ uses: defenseunicorns/uds-common/.github/actions/test@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
+ with:
+ flavor: ${{ matrix.flavor }}
+ type: ${{ matrix.type }}
+
+ - name: Save logs
+ if: always()
+ uses: defenseunicorns/uds-common/.github/actions/save-logs@264ec430c4079129870820e70c4439f3f3d57cbc # v0.3.9
+ with:
+ suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml
@@ -22,6 +22,3 @@ packages:
  - name: POSTGRESQL
  description: "Configure postgres using CRs via the uds-postgres-config chart"
  path: postgresql
- - name: postgres-test
- path: ../
- ref: 0.1.0
diff --git a/renovate.json b/renovate.json
@@ -7,19 +7,19 @@
  ":semanticCommits",
  ":semanticCommitTypeAll(chore)"
  ],
- "branchConcurrentLimit": 0,
- "prConcurrentLimit": 0,
- "prHourlyLimit": 0,
- "separateMajorMinor": false,
- "regexManagers":[
- ],
  "packageRules": [
- { 
- "matchFileNames": [".github/**"],
- "excludePackageNames": ["defenseunicorns/uds-cli"],
- "groupName": "githubactions",
- "commitMessageTopic": "githubactions",
- "pinDigests": true
+ {
+ "groupName": "Postgres Support Dependencies",
+ "labels": ["support-deps"],
+ "commitMessageTopic": "support-deps",
+ "packagePatterns": ["*"]
+ },
+ {
+ "groupName": "Postgres Package Dependencies",
+ "labels": ["package-deps"],
+ "commitMessageTopic": "package-deps",
+ "registryUrls": ["https://registry1.dso.mil"],
+ "matchDatasources": ["docker", "helm", "git-tags"]
  }
  ]
  }