DX-880 Update workflows

basiqio-oss · Dec 4, 2024 · 8b192bd · 8b192bd
1 parent aaffa1a
commit 8b192bd
Show file tree

Hide file tree

Showing 6 changed files with 240 additions and 0 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,4 @@
+# This is a CODEOWNERS file
+# It defines individuals or teams that are responsible for code in this repository.
+
+*       @basiqio-oss/developer-experience
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,10 @@
+# Set update schedule for GitHub Actions
+
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"
diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
@@ -0,0 +1,44 @@
+name: Dependabot auto-merge
+
+on:
+  pull_request:
+
+permissions: read-all
+
+jobs:
+  dependabot:
+    permissions:
+      contents: write
+      pull-requests: write
+
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # v2.2.0
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' }}
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.5
+
+      - name: Approve a PR if not already approved
+        if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' }}
+        run: |
+          gh pr checkout "$PR_URL" # sets the upstream metadata for `gh pr status`
+          if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
+          then gh pr review --approve "$PR_URL"
+          else echo "PR already approved, skipping additional approvals to minimize emails/notification noise.";
+          fi
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Enable auto-merge for Dependabot PRs
+        if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch' }}
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
@@ -0,0 +1,115 @@
+name: PR and Branch Linting
+
+on:
+  pull_request:
+    types: ['opened', 'edited']
+  workflow_dispatch: # Allow manual triggering of the workflow
+
+jobs:
+  pr-lint:
+    name: PR Linting
+    runs-on: ubuntu-latest
+    steps:
+      - uses: seferov/pr-lint-action@2f6ccc0e32d53505ab87d1340a8b5c42cb874bd6 # v1.2.0
+        with:
+          title-regex: '^(DX|DSO|Bump).+'
+          title-regex-flags: 'g'
+          error-message: 'Add Jira ID to your title in the correct format'
+
+  branch-naming-rules:
+    name: Branch Linting
+    runs-on: ubuntu-latest
+    needs: pr-lint
+    steps:
+      - uses: deepakputhraya/action-branch-name@master
+        with:
+          regex: '^(DX|DSO|Bump).+'
+          ignore: master,main
+          min_length: 2
+          max_length: 100
+
+  lint:
+    runs-on: ubuntu-latest
+    needs: branch-naming-rules
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install Redocly CLI
+        run: npm install -g @redocly/cli
+
+      - name: Lint Core
+        id: lint-core
+        run: npx @redocly/cli lint core.yml || echo "Warnings or errors in core.yml"
+
+      - name: Lint Data
+        id: lint-data
+        run: npx @redocly/cli lint data.yml || echo "Warnings or errors in data.yml"
+
+      - name: Lint Services
+        id: lint-services
+        run: npx @redocly/cli lint services.yml || echo "Warnings or errors in services.yml"
+
+      - name: Lint Reports
+        id: lint-reports
+        run: npx @redocly/cli lint reports.yml || echo "Warnings or errors in reports.yml"
+
+      - name: Lint Affordability
+        id: lint-affordability
+        run: npx @redocly/cli lint affordability.yml || echo "Warnings or errors in affordability.yml"
+
+      - name: Lint Enrich
+        id: lint-enrich
+        run: npx @redocly/cli lint enrich.yml || echo "Warnings or errors in enrich.yml"
+
+      - name: Lint Identity
+        id: lint-identity
+        run: npx @redocly/cli lint identity.yml || echo "Warnings or errors in identity.yml"
+
+      - name: Lint Webhooks
+        id: lint-webhooks
+        run: npx @redocly/cli lint webhooks.yml || echo "Warnings or errors in webhooks.yml"
+
+      - name: Check for Linting Warnings or Errors
+        id: check-lint-warnings
+        run: |
+          warnings=0
+          for file in core data services reports affordability enrich identity webhooks; do
+            if [[ $(npx @redocly/cli lint $file.yml || echo "fail") == "fail" ]]; then
+              warnings=1
+            fi
+          done
+          echo "warnings=$warnings" >> $GITHUB_ENV
+
+      - name: Send Slack Notification if Warnings Exist
+        if: env.warnings == '1'
+        uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d
+        with:
+          payload: |
+            {
+              "text": "Linting Warnings Detected in GitHub Actions :warning:",
+              "blocks": [
+                {
+                  "type": "header",
+                  "text": {
+                    "type": "plain_text",
+                    "text": "Linting Notification",
+                    "emoji": true
+                  }
+                },
+                {
+                  "type": "section",
+                  "text": {
+                    "type": "mrkdwn",
+                    "text": "*Warnings detected during linting.*\n*Repository:* ${{ github.repository }}\n*Actor:* ${{ github.actor }}\n*Pull Request:* <${{ github.event.pull_request.html_url }}|PR Link>"
+                  }
+                }
+              ]
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,59 @@
+name: Release
+
+# Run workflow for every push to the `main` branch
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - 'README.md'
+
+permissions:
+  id-token: write
+  pull-requests: write
+  contents: write
+
+env:
+  PAT_GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+
+jobs:
+  DeployProd:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout this repo
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.5
+
+      - name: Bump version and push tag
+        id: tag_version
+        uses: mathieudutour/[email protected] # Leverages SemVer as per https://github.com/angular/angular.js/blob/master/DEVELOPERS.md#-git-commit-guidelines
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create a GitHub release
+        uses: ncipollo/[email protected]
+        with:
+          tag: ${{ steps.tag_version.outputs.new_tag }}
+          name: Release ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
+
+      - name: Send custom JSON data to Slack workflow
+        id: slack
+        uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
+        with:
+          webhook-type: 'incoming-webhook' # Explicitly define the webhook type
+          # For posting a rich message using Block Kit
+          payload: |
+            {
+              "text": "GitHub Action build result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}",
+              "blocks": [
+                {
+                  "type": "section",
+                  "text": {
+                    "type": "mrkdwn",
+                    "text": "GitHub Action build result: ${{ job.status }} actor:${{ github.actor }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}"
+                  }
+                }
+              ]
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URLS }}
diff --git a/redocly.yaml b/redocly.yaml
@@ -0,0 +1,8 @@
+extends:
+  - recommended
+
+apis:
+  Reports:
+    root: reports.yml
+    rules:
+      no-ambiguous-paths: off