Skip to content

Commit e6ebe25

Browse files
committed
ci: improve workflows and release process
1 parent 782f582 commit e6ebe25

File tree

8 files changed

+192
-61
lines changed

8 files changed

+192
-61
lines changed

.github/renovate.json

Lines changed: 33 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,40 +1,68 @@
11
{
22
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
33
"extends": [
4-
"config:recommended",
4+
"config:best-practices",
5+
":disableRateLimiting",
6+
":prImmediately",
57
":semanticCommits",
68
":semanticCommitType(deps)"
79
],
10+
"dockerfile": {
11+
"pinDigests": true
12+
},
13+
"gomod": {
14+
"postUpdateOptions": [
15+
"gomodUpdateImportPaths",
16+
"gomodTidy"
17+
]
18+
},
819
"packageRules": [
920
{
1021
"description": "Semantic commits for major updates",
1122
"matchUpdateTypes": [
1223
"major"
1324
],
14-
"semanticCommitType": "major",
15-
"semanticCommitScope": "deps",
25+
"semanticCommitType": "deps",
26+
"semanticCommitScope": "major",
1627
"automerge": true
1728
},
1829
{
1930
"description": "Semantic commits for minor updates",
2031
"matchUpdateTypes": [
2132
"minor"
2233
],
23-
"semanticCommitType": "minor",
24-
"semanticCommitScope": "deps",
34+
"semanticCommitType": "deps",
35+
"semanticCommitScope": "minor",
2536
"automerge": true
2637
},
2738
{
2839
"description": "Semantic commits for patch updates",
2940
"matchUpdateTypes": [
3041
"patch"
3142
],
43+
"semanticCommitType": "deps",
44+
"semanticCommitScope": "patch",
45+
"automerge": true
46+
},
47+
{
48+
"description": "Automerge docker digest updates",
49+
"groupName": "docker digests",
50+
"matchDatasources": [
51+
"docker"
52+
],
53+
"matchUpdateTypes": [
54+
"pin",
55+
"pinDigest",
56+
"digest"
57+
],
3258
"semanticCommitType": "patch",
3359
"semanticCommitScope": "deps",
60+
"pinDigests": true,
3461
"automerge": true
3562
},
3663
{
3764
"description": "Build tool version upgrades",
65+
"groupName": "build tools",
3866
"matchManagers": [
3967
"github-actions"
4068
],

.github/semantic.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
---
2+
commitsOnly: true
3+
anyCommit: true
4+
allowMergeCommits: true
5+
allowRevertCommits: true
6+
7+
types:
8+
- feat
9+
- fix
10+
- docs
11+
- style
12+
- refactor
13+
- perf
14+
- test
15+
- build
16+
- ci
17+
- chore
18+
- revert
19+
- major
20+
- minor
21+
- patch
22+
- deps
23+
24+
...

.github/settings.yml

Lines changed: 111 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -6,65 +6,148 @@ repository:
66

77
private: false
88
has_issues: true
9-
has_projects: false
109
has_wiki: false
1110
has_downloads: false
1211

1312
default_branch: master
1413

15-
allow_squash_merge: false
1614
allow_merge_commit: false
15+
allow_squash_merge: true
1716
allow_rebase_merge: true
1817

18+
allow_update_branch: true
19+
allow_auto_merge: true
20+
delete_branch_on_merge: true
21+
enable_automated_security_fixes: true
22+
enable_vulnerability_alerts: true
23+
24+
rulesets:
25+
- name: prevent destruction
26+
target: branch
27+
enforcement: active
28+
conditions:
29+
ref_name:
30+
include:
31+
- "~DEFAULT_BRANCH"
32+
exclude: []
33+
rules:
34+
- type: required_linear_history
35+
- type: deletion
36+
- type: non_fast_forward
37+
38+
- name: check verification
39+
target: branch
40+
enforcement: active
41+
conditions:
42+
ref_name:
43+
include:
44+
- "~DEFAULT_BRANCH"
45+
exclude: []
46+
rules:
47+
- type: required_status_checks
48+
parameters:
49+
strict_required_status_checks_policy: true
50+
required_status_checks:
51+
- context: general
52+
integration_id: 15368
53+
bypass_actors:
54+
- actor_id: 1
55+
actor_type: RepositoryRole
56+
bypass_mode: always
57+
- actor_id: 2
58+
actor_type: RepositoryRole
59+
bypass_mode: always
60+
61+
- name: require reviewing
62+
target: branch
63+
enforcement: active
64+
conditions:
65+
ref_name:
66+
include:
67+
- "~DEFAULT_BRANCH"
68+
exclude: []
69+
rules:
70+
- type: pull_request
71+
parameters:
72+
allowed_merge_methods:
73+
- squash
74+
- rebase
75+
dismiss_stale_reviews_on_push: false
76+
require_code_owner_review: false
77+
require_last_push_approval: false
78+
required_approving_review_count: 0
79+
required_review_thread_resolution: false
80+
bypass_actors:
81+
- actor_id: 1
82+
actor_type: RepositoryRole
83+
bypass_mode: always
84+
- actor_id: 2
85+
actor_type: RepositoryRole
86+
bypass_mode: always
87+
1988
labels:
2089
- name: bug
21-
color: d73a4a
90+
color: fc2929
2291
description: Something isn't working
23-
- name: documentation
24-
color: 0075ca
25-
description: Improvements or additions to documentation
2692
- name: duplicate
27-
color: cfd3d7
93+
color: cccccc
2894
description: This issue or pull request already exists
2995
- name: enhancement
30-
color: a2eeef
96+
color: 84b6eb
3197
description: New feature or request
3298
- name: good first issue
3399
color: 7057ff
34100
description: Good for newcomers
35101
- name: help wanted
36-
color: 008672
102+
color: 159818
37103
description: Extra attention is needed
38104
- name: invalid
39-
color: e4e669
105+
color: e6e6e6
40106
description: This doesn't seem right
41107
- name: question
42-
color: d876e3
108+
color: cc317c
43109
description: Further information is requested
44110
- name: renovate
45111
color: 1d76db
46112
description: Automated action from Renovate
47113
- name: wontfix
48-
color: ffffff
114+
color: 5319e7
49115
description: This will not be worked on
50116
- name: hacktoberfest
51117
color: d4c5f9
52118
description: Contribution at Hacktoberfest appreciated
53-
54-
branches:
55-
- name: master
56-
protection:
57-
required_pull_request_reviews: null
58-
required_status_checks:
59-
strict: true
60-
contexts:
61-
- check
62-
enforce_admins: false
63-
restrictions:
64-
apps:
65-
- renovate
66-
users:
67-
- tboerger
68-
teams: []
119+
- name: ready
120+
color: ededed
121+
description: This is ready to be worked on
122+
- name: in progress
123+
color: ededed
124+
description: This is currently worked on
125+
- name: infra
126+
color: 006b75
127+
description: Related to the infrastructure
128+
- name: lint
129+
color: fbca04
130+
description: Related to linting tools
131+
- name: poc
132+
color: c2e0c6
133+
description: Proof of concept for new feature
134+
- name: rebase
135+
color: ffa8a5
136+
description: Branch requires a rebase
137+
- name: third-party
138+
color: e99695
139+
description: Depends on third-party tool or library
140+
- name: translation
141+
color: b60205
142+
description: Change or issue related to translations
143+
- name: ci
144+
color: b60105
145+
description: Related to Continous Integration
146+
- name: docs
147+
color: b60305
148+
description: Related to documentation
149+
- name: outdated
150+
color: cccccc
151+
description: This is out of scope and outdated
69152

70153
...

.github/workflows/automerge.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
---
2+
# yaml-language-server: $schema=https://www.schemastore.org/github-workflow.json
23
name: automerge
34

45
"on":
@@ -18,19 +19,16 @@ jobs:
1819

1920
steps:
2021
- name: Fetch metadata
21-
id: metadata
2222
uses: dependabot/fetch-metadata@v2
2323
with:
2424
github-token: ${{ secrets.GITHUB_TOKEN }}
2525

2626
- name: Approve request
27-
id: approve
2827
run: gh pr review --approve "${{github.event.pull_request.html_url}}"
2928
env:
3029
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
3130

3231
- name: Enable automerge
33-
id: automerge
3432
run: gh pr merge --rebase --auto "${{github.event.pull_request.html_url}}"
3533
env:
3634
GH_TOKEN: ${{ secrets.PERSONAL_TOKEN }}

.github/workflows/flake.yml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
---
2+
# yaml-language-server: $schema=https://www.schemastore.org/github-workflow.json
23
name: flake
34

45
"on":
@@ -15,21 +16,17 @@ jobs:
1516

1617
steps:
1718
- name: Checkout source
18-
id: source
1919
uses: actions/checkout@v6
2020
with:
2121
token: ${{ secrets.PERSONAL_TOKEN }}
2222

2323
- name: Install nix
24-
id: nix
2524
uses: cachix/install-nix-action@v31
2625

2726
- name: Update flake
28-
id: flake
2927
run: nix flake update
3028

3129
- name: Source rebase
32-
id: rebase
3330
run: git pull --autostash --rebase
3431

3532
- name: Commit changes

.github/workflows/general.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
---
2+
# yaml-language-server: $schema=https://www.schemastore.org/github-workflow.json
23
name: general
34

45
"on":
@@ -7,8 +8,11 @@ name: general
78
branches:
89
- master
910

11+
permissions:
12+
contents: read
13+
1014
jobs:
11-
check:
15+
general:
1216
runs-on: ubuntu-latest
1317

1418
steps:

.github/workflows/release.yml

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
---
2+
# yaml-language-server: $schema=https://www.schemastore.org/github-workflow.json
23
name: release
34

45
"on":
@@ -15,6 +16,11 @@ jobs:
1516
runs-on: ubuntu-latest
1617

1718
steps:
19+
- name: Setup nodejs
20+
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
21+
with:
22+
node-version: lts/*
23+
1824
- name: Checkout source
1925
uses: actions/checkout@v6
2026
with:
@@ -28,10 +34,11 @@ jobs:
2834
- name: Install releaser
2935
run: |
3036
npm install -g \
31-
conventional-changelog-conventionalcommits@6.1.0 \
32-
semantic-release@23.1.1 \
37+
semantic-release@25.0.2 \
3338
@semantic-release/changelog \
34-
@semantic-release/git
39+
@semantic-release/git \
40+
@semantic-release/github \
41+
conventional-changelog-conventionalcommits
3542
3643
- name: Run releaser
3744
env:

0 commit comments

Comments
 (0)