diff --git a/.github/workflows/ci.lib.yaml b/.github/workflows/ci.lib.yaml new file mode 100644 index 0000000..9856a86 --- /dev/null +++ b/.github/workflows/ci.lib.yaml @@ -0,0 +1,35 @@ +name: CI + +on: + workflow_call: + +jobs: + build: + runs-on: ubuntu-24.04 + + steps: + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + submodules: recursive + + - name: Set up Go + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + with: + go-version-file: go.mod + + - name: Install Task + uses: arduino/setup-task@v2 + with: + version: 3.x + + - name: task generate + run: | + task generate --verbose + git diff --exit-code + + - name: task validate + run: task validate --verbose + + - name: task test + run: task test --verbose diff --git a/.github/workflows/publish.lib.yaml b/.github/workflows/publish.lib.yaml new file mode 100644 index 0000000..6c77a27 --- /dev/null +++ b/.github/workflows/publish.lib.yaml @@ -0,0 +1,92 @@ +name: Publish + +on: + workflow_call: + +permissions: + packages: write + +env: + OCI_URL: ghcr.io/openmcp-project + +jobs: + release_tag: + name: Release version + runs-on: ubuntu-24.04 + steps: + - name: Create GitHub App token + uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2 + id: app-token + with: + # required + app-id: 1312871 + private-key: ${{ secrets.OPENMCP_CI_APP_PRIVATE_KEY }} + + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + token: ${{ steps.app-token.outputs.token }} + fetch-tags: true + fetch-depth: 0 + submodules: recursive + + - name: Install Task + uses: arduino/setup-task@v2 + with: + version: 3.x + + - name: Read and validate VERSION + id: version + run: | + VERSION=$(task version) + if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-dev(-[0-9a-f]*)?)?$ ]]; then + echo "Invalid version format: $VERSION" + exit 1 + fi + echo "New version: $VERSION" + echo "version=$VERSION" >> $GITHUB_ENV + + - name: Skip release if version is a dev version + if: contains(env.version, '-dev') + run: | + echo "Skipping development version release: ${{ env.version }}" + echo "SKIP=true" >> $GITHUB_ENV + exit 0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 + + - name: Set up Docker Context for Buildx + id: buildx-context + run: | + docker context create builders + + - name: Login to GitHub Container Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + timeout-minutes: 5 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 + with: + version: latest + + - name: Set up Go + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + with: + go-version-file: go.mod + + - name: Build and Push Images + run: | + task build:img:all --verbose + + - name: Package and Push Helm Charts + run: | + task build:helm:all --verbose + + - name: Build and Push OCM Component + run: | + task build:ocm:all --verbose diff --git a/.github/workflows/release.lib.yaml b/.github/workflows/release.lib.yaml new file mode 100644 index 0000000..dbf61a3 --- /dev/null +++ b/.github/workflows/release.lib.yaml @@ -0,0 +1,150 @@ +name: Versioned Release + +on: + workflow_call: + +permissions: + contents: write # we need this to be able to push tags + pull-requests: read + +jobs: + release_tag: + name: Release version + runs-on: ubuntu-24.04 + steps: + - name: Create GitHub App token + uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2 + id: app-token + with: + # required + app-id: 1312871 + private-key: ${{ secrets.OPENMCP_CI_APP_PRIVATE_KEY }} + + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + token: ${{ steps.app-token.outputs.token }} + fetch-tags: true + fetch-depth: 0 + submodules: recursive + + - name: Install Task + uses: arduino/setup-task@v2 + with: + version: 3.x + + - name: Read and validate VERSION + id: version + run: | + VERSION=$(task version) + if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-dev(-[0-9a-f]*)?)?$ ]]; then + echo "Invalid version format: $VERSION" + exit 1 + fi + echo "New version: $VERSION" + echo "version=$VERSION" >> $GITHUB_ENV + + - name: Skip release if version is a dev version + if: contains(env.version, '-dev') + run: | + echo "Skipping development version release: ${{ env.version }}" + echo "SKIP=true" >> $GITHUB_ENV + exit 0 + + - name: Check if VERSION is already tagged + id: check_tag + run: | + if git rev-parse "refs/tags/${{ env.version }}" >/dev/null 2>&1; then + echo "Tag ${{ env.version }} already exists. Skipping release." + echo "SKIP=true" >> $GITHUB_ENV + exit 0 + fi + echo "Tag ${{ env.version }} doesn't exists. Proceeding with release." + + - name: Create Git tag + if: ${{ env.SKIP != 'true' }} + run: | + AUTHOR_NAME=$(git log -1 --pretty=format:'%an') + AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae') + echo "Tagging as $AUTHOR_NAME <$AUTHOR_EMAIL>" + + echo "AUTHOR_NAME=$AUTHOR_NAME" >> $GITHUB_ENV + echo "AUTHOR_EMAIL=$AUTHOR_EMAIL" >> $GITHUB_ENV + + git config user.name "$AUTHOR_NAME" + git config user.email "$AUTHOR_EMAIL" + + git tag -a "${{ env.version }}" -m "Release ${{ env.version }}" + git push origin "${{ env.version }}" + + - name: Create Git tag for api submodule + if: ${{ env.SKIP != 'true' }} + run: | + AUTHOR_NAME=$(git log -1 --pretty=format:'%an') + AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae') + echo "Tagging as $AUTHOR_NAME <$AUTHOR_EMAIL>" + + echo "AUTHOR_NAME=$AUTHOR_NAME" >> $GITHUB_ENV + echo "AUTHOR_EMAIL=$AUTHOR_EMAIL" >> $GITHUB_ENV + + git config user.name "$AUTHOR_NAME" + git config user.email "$AUTHOR_EMAIL" + + git tag -a "api/${{ env.version }}" -m "Release ${{ env.version }}" + git push origin "api/${{ env.version }}" + + - name: Build Changelog + id: github_release + uses: mikepenz/release-changelog-builder-action@e92187bd633e680ebfdd15961a7c30b2d097e7ad # v5 + with: + mode: "PR" + configurationJson: | + { + "template": "#{{CHANGELOG}}", + "pr_template": "- #{{TITLE}}: ##{{NUMBER}}", + "categories": [ + { + "title": "## Feature", + "labels": ["feat", "feature"] + }, + { + "title": "## Fix", + "labels": ["fix", "bug"] + }, + { + "title": "## Other", + "labels": [] + } + ], + "label_extractor": [ + { + "pattern": "^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test){1}(\\([\\w\\-\\.]+\\))?(!)?: ([\\w ])+([\\s\\S]*)", + "on_property": "title", + "target": "$1" + } + ] + } + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create GitHub release + if: ${{ env.SKIP != 'true' }} + uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2 + with: + tag_name: ${{ env.version }} + name: Release ${{ env.version }} + body: ${{steps.github_release.outputs.changelog}} + draft: true + prerelease: false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Push dev VERSION + if: ${{ env.SKIP != 'true' }} + run: | + task release:set-version --verbose -- "${{ env.version }}-dev" + git config user.name "${{ env.AUTHOR_NAME }}" + git config user.email "${{ env.AUTHOR_EMAIL }}" + git add VERSION + git commit -m "chore(release): Update VERSION to ${{ env.version }}-dev" + git push origin main diff --git a/.github/workflows/reuse.lib.yaml b/.github/workflows/reuse.lib.yaml new file mode 100644 index 0000000..ba5b99d --- /dev/null +++ b/.github/workflows/reuse.lib.yaml @@ -0,0 +1,12 @@ +name: REUSE Compliance Check + +on: + workflow_call: + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - name: REUSE Compliance Check + uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5 diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index 1cb746e..a04d398 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -2,10 +2,6 @@ name: REUSE Compliance Check on: [push, pull_request] -jobs: +jobs: test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: REUSE Compliance Check - uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5 \ No newline at end of file + uses: ./.github/workflows/reuse.lib.yaml \ No newline at end of file diff --git a/.github/workflows/validate-pr-content.lib.yaml b/.github/workflows/validate-pr-content.lib.yaml new file mode 100644 index 0000000..cd380f6 --- /dev/null +++ b/.github/workflows/validate-pr-content.lib.yaml @@ -0,0 +1,23 @@ +name: Validate Pull Request Content + +on: + workflow_call: + +jobs: + validate-pr-content: + runs-on: ubuntu-latest + + steps: + - name: Validate PR content + run: | + PR_BODY=$(jq -r .pull_request.body "$GITHUB_EVENT_PATH") + echo "DEBUG: PR_BODY content is: $PR_BODY" + REQUIRED_SECTIONS=("\\*\\*What this PR does / why we need it\\*\\*:" "\\*\\*Release note\\*\\*:") + + for SECTION in "${REQUIRED_SECTIONS[@]}"; do + echo "DEBUG: Checking for section: $SECTION" + if ! echo "$PR_BODY" | grep -qE "$SECTION"; then + echo "Pull request message is missing required section: $SECTION" >&2 + exit 1 + fi + done \ No newline at end of file