feat: ✨ add test and update-from-template workflows

martonvago · martonvago · commit e6bbf88e942b · 2025-08-11T12:23:40.000+01:00
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,36 @@
+name: Test template creation
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+# Least privilege permissions
+permissions: read-all
+
+jobs:
+  test-copier:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@bd01e18f51369d5a26f1651c3cb451d3417e3bba
+        with:
+          enable-cache: true
+
+      - name: Set up Quarto
+        uses: quarto-dev/quarto-actions/setup@9e48da27e184aa238fcb49f5db75469626d43adb # v2.1.9
+
+      - name: Install justfile
+        run: sudo apt install -y just
+
+      - name: Set Git user
+        run: |
+          git config --global user.name "GitHub Actions"
+          git config --global user.email "fake@example.com"
+
+      - name: Test and check template creation
+        run: just _tests
diff --git a/template/.github/workflows/update-from-template.yml b/template/.github/workflows/update-from-template.yml
@@ -0,0 +1,55 @@
+name: Update from template
+
+on:
+  workflow_dispatch:
+  schedule:
+    # Every day at 3:30 at night.
+    - cron: '30 3 * * *'
+
+# Limit token permissions for security
+permissions: read-all
+
+jobs:
+  update-from-template:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Check out repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Install Python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        with:
+          python-version: "3.13"
+
+      - name: Install dependencies
+        run: |
+          sudo apt install pipx
+          pipx ensurepath
+          pipx install uv rust-just copier
+
+      - name: Set User
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+
+      - name: Pull request with updates from template
+        run: |
+          copier update --trust --defaults --overwrite
+          any_changes=$(git status --porcelain=v1 2>/dev/null | wc -l)
+          if [ "$any_changes" -eq 0 ]; then
+            echo "No updates from the template detected, and no changes found. Stopping and exiting."
+            exit 0
+          fi
+          git checkout -b chore/update-from-template
+          git add .
+          git commit -m "chore(sync): :hammer: update changes from template"
+          gh pr create \
+            --title "chore(sync): :hammer: update changes from template" \
+            --body "This PR is automatically generated by the 'update-from-template' workflow. It syncs the latest changes from the template repository with this repository."
