diff --git a/.devcontainer/cpp-template/.devcontainer/Dockerfile b/.devcontainer/cpp-template/.devcontainer/Dockerfile new file mode 100644 index 00000000..215e95b2 --- /dev/null +++ b/.devcontainer/cpp-template/.devcontainer/Dockerfile @@ -0,0 +1,3 @@ +FROM ghcr.io/philips-software/amp-devcontainer-cpp:${templateOption:imageVersion} + +HEALTHCHECK NONE diff --git a/.devcontainer/cpp-template/.devcontainer/devcontainer.json b/.devcontainer/cpp-template/.devcontainer/devcontainer.json new file mode 100644 index 00000000..601cce0d --- /dev/null +++ b/.devcontainer/cpp-template/.devcontainer/devcontainer.json @@ -0,0 +1,5 @@ +{ + "build": { + "dockerfile": "Dockerfile" + } +} diff --git a/.devcontainer/cpp-template/.github/dependabot.yml b/.devcontainer/cpp-template/.github/dependabot.yml new file mode 100644 index 00000000..1eb0bb3a --- /dev/null +++ b/.devcontainer/cpp-template/.github/dependabot.yml @@ -0,0 +1,10 @@ +--- +version: 2 + +updates: + - package-ecosystem: docker + directory: .devcontainer + schedule: + interval: weekly + cooldown: + default-days: 5 diff --git a/.devcontainer/cpp-template/devcontainer-template.json b/.devcontainer/cpp-template/devcontainer-template.json new file mode 100644 index 00000000..e48d4594 --- /dev/null +++ b/.devcontainer/cpp-template/devcontainer-template.json @@ -0,0 +1,22 @@ +{ + "id": "cpp-template", + "version": "6.5.3", + "name": "amp-devcontainer-cpp", + "description": "A modern, batteries-included software development environment for C++", + "documentationURL": "https://github.com/philips-software/amp-devcontainer/blob/main/README.md", + "licenseURL": "https://github.com/philips-software/amp-devcontainer/blob/main/LICENSE", + "publisher": "philips-software", + "options": { + "imageVersion": { + "type": "string", + "description": "amp-devcontainer version", + "default": "6.5.3" + } + }, + "optionalPaths": [ + ".github/dependabot.yml" + ], + "platforms": [ + "Any" + ] +} diff --git a/.devcontainer/rust-template/.devcontainer/Dockerfile b/.devcontainer/rust-template/.devcontainer/Dockerfile new file mode 100644 index 00000000..06664d31 --- /dev/null +++ b/.devcontainer/rust-template/.devcontainer/Dockerfile @@ -0,0 +1,3 @@ +FROM ghcr.io/philips-software/amp-devcontainer-rust:${templateOption:imageVersion} + +HEALTHCHECK NONE diff --git a/.devcontainer/rust-template/.devcontainer/devcontainer.json b/.devcontainer/rust-template/.devcontainer/devcontainer.json new file mode 100644 index 00000000..601cce0d --- /dev/null +++ b/.devcontainer/rust-template/.devcontainer/devcontainer.json @@ -0,0 +1,5 @@ +{ + "build": { + "dockerfile": "Dockerfile" + } +} diff --git a/.devcontainer/rust-template/.github/dependabot.yml b/.devcontainer/rust-template/.github/dependabot.yml new file mode 100644 index 00000000..1eb0bb3a --- /dev/null +++ b/.devcontainer/rust-template/.github/dependabot.yml @@ -0,0 +1,10 @@ +--- +version: 2 + +updates: + - package-ecosystem: docker + directory: .devcontainer + schedule: + interval: weekly + cooldown: + default-days: 5 diff --git a/.devcontainer/rust-template/devcontainer-template.json b/.devcontainer/rust-template/devcontainer-template.json new file mode 100644 index 00000000..3055d9af --- /dev/null +++ b/.devcontainer/rust-template/devcontainer-template.json @@ -0,0 +1,22 @@ +{ + "id": "rust-template", + "version": "6.5.3", + "name": "amp-devcontainer-rust", + "description": "A modern, batteries-included software development environment for Rust", + "documentationURL": "https://github.com/philips-software/amp-devcontainer/blob/main/README.md", + "licenseURL": "https://github.com/philips-software/amp-devcontainer/blob/main/LICENSE", + "publisher": "philips-software", + "options": { + "imageVersion": { + "type": "string", + "description": "amp-devcontainer version", + "default": "6.5.3" + } + }, + "optionalPaths": [ + ".github/dependabot.yml" + ], + "platforms": [ + "Any" + ] +} diff --git a/.github/workflows/pr-image-cleanup.yml b/.github/workflows/pr-image-cleanup.yml index a751813f..731feb53 100644 --- a/.github/workflows/pr-image-cleanup.yml +++ b/.github/workflows/pr-image-cleanup.yml @@ -22,6 +22,7 @@ jobs: with: delete-tags: pr-${{ github.event.pull_request.number }} packages: amp-devcontainer,amp-devcontainer-cpp,amp-devcontainer-rust + cleanup-cache: name: ๐Ÿงน Cleanup Cache runs-on: ubuntu-latest diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 9ed9faec..1929054e 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -2,10 +2,8 @@ name: Release Build on: - push: - # This workflow should only run on tags, it will trigger when release-please - # kicks-off the release process. - tags: ["v*.*.*"] + release: + types: [published] workflow_dispatch: concurrency: @@ -40,6 +38,7 @@ jobs: integration-test-file: test/${{ matrix.flavor }}/integration-tests.bats acceptance-test-path: ${{ matrix.flavor == 'cpp' && 'test/cpp/features' || '' }} test-devcontainer-file: ${{ matrix.flavor == 'cpp' && '.devcontainer/cpp-test/devcontainer.json' || '' }} + apply-release-notes-template: name: ๐Ÿ“ Apply Release Template runs-on: ubuntu-latest @@ -66,6 +65,7 @@ jobs: env: GH_TOKEN: ${{ github.token }} REF_NAME: ${{ github.ref_name }} + update-release-notes: name: Update Release Notes (๐Ÿจ ${{ matrix.flavor }}) strategy: @@ -117,11 +117,37 @@ jobs: DIGEST: ${{ steps.inspect-manifest.outputs.digest }} GH_REPO: ${{ github.repository }} GH_TOKEN: ${{ github.token }} + + publish-devcontainer-templates: + name: ๐Ÿ“ Publish templates + runs-on: ubuntu-latest + permissions: + packages: write # is needed by devcontainers/action to write templates as OCI artifacts + steps: + - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + with: + disable-sudo: true + egress-policy: audit + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + - uses: devcontainers/action@1082abd5d2bf3a11abccba70eef98df068277772 # v1.4.3 + with: + disable-repo-tagging: true + publish-templates: true + base-path-to-templates: .devcontainer + generate-documents: name: ๐Ÿ“„ Documentation uses: ./.github/workflows/wc-document-generation.yml permissions: contents: read + upload-documents: name: ๐Ÿ“„ Upload Documents runs-on: ubuntu-latest @@ -131,6 +157,10 @@ jobs: contents: write # is needed to modify a release needs: [generate-documents] steps: + - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + with: + disable-sudo: true + egress-policy: audit - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: pattern: documents @@ -142,3 +172,17 @@ jobs: GH_REPO: ${{ github.repository }} GH_TOKEN: ${{ github.token }} REF_NAME: ${{ github.ref_name }} + + comment-released-prs: + name: Comment on released PRs + runs-on: ubuntu-latest + permissions: + pull-requests: write # is needed by rdlf0/comment-released-prs-action to post comments on PRs + steps: + - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 + with: + disable-sudo-and-containers: true + egress-policy: audit + - uses: rdlf0/comment-released-prs-action@a81897eaea04a5faa8779d28607826ddb033321a # v3.1.0 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml deleted file mode 100644 index f12e5412..00000000 --- a/.github/workflows/release-published.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -name: Finalize Release - -on: - release: - types: [published] - -permissions: {} - -jobs: - comment-released-prs: - name: Comment on released PRs - runs-on: ubuntu-latest - permissions: - pull-requests: write # is needed by rdlf0/comment-released-prs-action to post comments on PRs - steps: - - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 - with: - disable-sudo-and-containers: true - egress-policy: audit - - uses: rdlf0/comment-released-prs-action@a81897eaea04a5faa8779d28607826ddb033321a # v3.1.0 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index a202a03d..6851c960 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -45,6 +45,7 @@ jobs: labels: dependencies,apt token: ${{ steps.token.outputs.token }} sign-commits: true + update-vscode-extensions: name: Update VS Code Extensions (๐Ÿจ ${{ matrix.flavor }}, ${{ matrix.file }}) runs-on: ubuntu-latest diff --git a/.mega-linter.yml b/.mega-linter.yml index eea658e7..f62a6f56 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -21,6 +21,7 @@ PRINT_ALPACA: false SHOW_SKIPPED_LINTERS: false SPELL_LYCHEE_FILE_EXTENSIONS: [".feature", ".json", ".md", ".md.j2", ".txt", ".yaml", ".yml"] +DOCKERFILE_HADOLINT_FILTER_REGEX_EXCLUDE: (\.devcontainer/.*-template/.*$) FILTER_REGEX_EXCLUDE: (CHANGELOG.md|package-lock.json) # tasks.json is wrongfully matched against another schema, # and schemas for .vscode/[tasks.json|launch.json] are built diff --git a/release-please-config.json b/release-please-config.json index 8e06b464..84d17cf0 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -24,5 +24,27 @@ "release-type": "simple" } }, - "plugins": ["sentence-case"] + "plugins": ["sentence-case"], + "extra-files": [ + { + "type": "json", + "path": ".devcontainer/cpp-template/devcontainer-template.json", + "jsonpath": "$.version" + }, + { + "type": "json", + "path": ".devcontainer/cpp-template/devcontainer-template.json", + "jsonpath": "$.options.imageVersion.default" + }, + { + "type": "json", + "path": ".devcontainer/rust-template/devcontainer-template.json", + "jsonpath": "$.version" + }, + { + "type": "json", + "path": ".devcontainer/rust-template/devcontainer-template.json", + "jsonpath": "$.options.imageVersion.default" + } + ] }