diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9d4c796..cb8b3d6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,4 +1,5 @@ -name: ci +name: CI + on: push: tags: @@ -8,34 +9,10 @@ on: - main pull_request: -jobs: - build: - runs-on: ubuntu-24.04 - - steps: - - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - with: - submodules: recursive - - - - name: Set up Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 - with: - go-version-file: go.mod +permissions: + contents: read - - name: Install Task - uses: arduino/setup-task@v2 - with: - version: 3.x - - - name: make generate - run: | - task generate - git diff --exit-code - - - name: task validate - run: task validate - - - name: task test - run: task test +jobs: + build_validate_test: + uses: openmcp-project/build/.github/workflows/ci.lib.yaml@main + secrets: inherit diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index afdbb14..fdcd53c 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -1,86 +1,15 @@ -name: publish +name: Publish + on: push: tags: - v* - workflow_dispatch: + workflow_dispatch: -permissions: +permissions: packages: write -env: - OCI_URL: ghcr.io/openmcp-project - jobs: - release_tag: - name: Release version - runs-on: ubuntu-24.04 - steps: - - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - with: - ssh-key: ${{ secrets.PUSH_KEY }} - fetch-tags: true - fetch-depth: 0 - submodules: recursive - - - name: Install Task - uses: arduino/setup-task@v2 - with: - version: 3.x - - - name: Read and validate VERSION - id: version - run: | - VERSION=$(task version) - if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-dev(-[0-9a-f]*)?)?$ ]]; then - echo "Invalid version format in VERSION file: $VERSION" - exit 1 - fi - echo "New version: $VERSION" - echo "version=$VERSION" >> $GITHUB_ENV - - - name: Skip release if version is a dev version - if: contains(env.version, '-dev') - run: | - echo "Skipping development version release: ${{ env.version }}" - echo "SKIP=true" >> $GITHUB_ENV - exit 0 - - - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - - - name: Set up Docker Context for Buildx - id: buildx-context - run: | - docker context create builders - - - name: Login to GitHub Container Registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - timeout-minutes: 5 - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - with: - version: latest - - - name: Set up Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 - with: - go-version-file: go.mod - - - name: Build and Push Images - run: | - task build:img:all - - - name: Package and Push Helm Charts - run: | - task build:helm:all - - - name: Build and Push OCM Component - run: | - task build:ocm:all + release_publish: + uses: openmcp-project/build/.github/workflows/publish.lib.yaml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b39df9b..bbdc43f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -4,140 +4,12 @@ on: push: branches: - main - + permissions: contents: write # we need this to be able to push tags + pull-requests: read jobs: release_tag: - name: Release version - runs-on: ubuntu-24.04 - steps: - - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - with: - ssh-key: ${{ secrets.PUSH_KEY }} - fetch-tags: true - fetch-depth: 0 - submodules: recursive - - - name: Install Task - uses: arduino/setup-task@v2 - with: - version: 3.x - - - name: Read and validate VERSION - id: version - run: | - VERSION=$(task version) - if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-dev(-[0-9a-f]*)?)?$ ]]; then - echo "Invalid version format in VERSION file: $VERSION" - exit 1 - fi - echo "New version: $VERSION" - echo "version=$VERSION" >> $GITHUB_ENV - - - name: Skip release if version is a dev version - if: contains(env.version, '-dev') - run: | - echo "Skipping development version release: ${{ env.version }}" - echo "SKIP=true" >> $GITHUB_ENV - exit 0 - - - name: Check if VERSION is already tagged - id: check_tag - run: | - if git rev-parse "refs/tags/${{ env.version }}" >/dev/null 2>&1; then - echo "Tag ${{ env.version }} already exists. Skipping release." - echo "SKIP=true" >> $GITHUB_ENV - exit 0 - fi - echo "Tag ${{ env.version }} doesn't exists. Proceeding with release." - - - name: Create Git tag - if: ${{ env.SKIP != 'true' }} - run: | - AUTHOR_NAME=$(git log -1 --pretty=format:'%an') - AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae') - echo "Tagging as $AUTHOR_NAME <$AUTHOR_EMAIL>" - - echo "AUTHOR_NAME=$AUTHOR_NAME" >> $GITHUB_ENV - echo "AUTHOR_EMAIL=$AUTHOR_EMAIL" >> $GITHUB_ENV - - git config user.name "$AUTHOR_NAME" - git config user.email "$AUTHOR_EMAIL" - - git tag -a "${{ env.version }}" -m "Release ${{ env.version }}" - git push origin "${{ env.version }}" - - - name: Build Changelog - id: github_release - uses: mikepenz/release-changelog-builder-action@e92187bd633e680ebfdd15961a7c30b2d097e7ad # v5 - with: - mode: "PR" - configurationJson: | - { - "template": "#{{CHANGELOG}}", - "pr_template": "- #{{TITLE}}: ##{{NUMBER}}", - "categories": [ - { - "title": "## Feature", - "labels": ["feat", "feature"] - }, - { - "title": "## Fix", - "labels": ["fix", "bug"] - }, - { - "title": "## Other", - "labels": [] - } - ], - "label_extractor": [ - { - "pattern": "^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test){1}(\\([\\w\\-\\.]+\\))?(!)?: ([\\w ])+([\\s\\S]*)", - "on_property": "title", - "target": "$1" - } - ] - } - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Create Git tag for api submodule - if: ${{ env.SKIP != 'true' }} - run: | - AUTHOR_NAME=$(git log -1 --pretty=format:'%an') - AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae') - echo "Tagging as $AUTHOR_NAME <$AUTHOR_EMAIL>" - - echo "AUTHOR_NAME=$AUTHOR_NAME" >> $GITHUB_ENV - echo "AUTHOR_EMAIL=$AUTHOR_EMAIL" >> $GITHUB_ENV - - git config user.name "$AUTHOR_NAME" - git config user.email "$AUTHOR_EMAIL" - - git tag -a "api/${{ env.version }}" -m "Release ${{ env.version }}" - git push origin "api/${{ env.version }}" - - - name: Create GitHub release - if: ${{ env.SKIP != 'true' }} - uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2 - with: - tag_name: ${{ env.version }} - name: Release ${{ env.version }} - body: "Automated release for version ${{ env.version }}" - draft: false - prerelease: false - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Push dev VERSION - if: ${{ env.SKIP != 'true' }} - run: | - task release:set-version -- "${{ env.version }}-dev" - git config user.name "${{ env.AUTHOR_NAME }}" - git config user.email "${{ env.AUTHOR_EMAIL }}" - git add VERSION - git commit -m "Update VERSION to ${{ env.version }}-dev" - git push origin main + uses: openmcp-project/build/.github/workflows/release.lib.yaml@main + secrets: inherit diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index e7e87c2..aa0ba49 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -2,10 +2,10 @@ name: REUSE Compliance Check on: [push, pull_request] +permissions: + contents: read + jobs: - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: REUSE Compliance Check - uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5 \ No newline at end of file + run_reuse: + uses: openmcp-project/build/.github/workflows/reuse.lib.yaml@main + secrets: inherit diff --git a/.github/workflows/validate-pr-content.yaml b/.github/workflows/validate-pr-content.yaml new file mode 100644 index 0000000..52a07c0 --- /dev/null +++ b/.github/workflows/validate-pr-content.yaml @@ -0,0 +1,15 @@ +name: Validate Pull Request Content + +on: + pull_request: + types: + - opened + - edited + +permissions: + contents: read + +jobs: + validate_pr_content: + uses: openmcp-project/build/.github/workflows/validate-pr-content.lib.yaml@main + secrets: inherit \ No newline at end of file