Add CI

.github/changelog-config.yaml

@@ -0,0 +1,24 @@
+enhancements:
+  prefix: '#### :sparkles: Enhancements'
+  labels:
+    - enhancement
+bugs:
+  prefix: '#### :bug: Bug Fixes'
+  labels:
+    - bug
+refactor:
+  prefix: '#### :hammer: Refactor'
+  labels:
+    - refactor
+books:
+  prefix: '#### :books: Documentation'
+  labels:
+    - documentation
+chore:
+  prefix: '#### :wrench: Build, CI, Tests, Code style'
+  labels:
+    - chore
+dependencies:
+  prefix: '#### :package: Dependencies update'
+  labels:
+    - dependencies

.github/renovate.json5

@@ -0,0 +1,32 @@
+{
+  extends: ['config:base'],
+  timezone: 'Europe/Zurich',
+  schedule: 'on the first day of the month',
+  labels: ['dependencies'],
+  separateMajorMinor: true,
+  separateMinorPatch: true,
+  prHourlyLimit: 0,
+  prConcurrentLimit: 0,
+  lockFileMaintenance: { enabled: true, automerge: true, schedule: 'on the first day of the month' },
+  kubernetes: {
+    fileMatch: ['templates/.+\\.yaml$', 'tests/.*expected\\.yaml$'],
+  },
+  packageRules: [
+    /** Automerge the patch, the minor and the dev dependency */
+    {
+      matchDepTypes: ['devDependencies'],
+      automerge: true,
+    },
+    /** Group the patch and the minor */
+    {
+      matchUpdateTypes: ['patch'],
+      groupName: 'all patch versions',
+      automerge: true,
+    },
+    {
+      matchUpdateTypes: ['minor'],
+      groupName: 'all minor versions',
+      automerge: true,
+    },
+  ],
+}

.github/workflows/auto-review.yaml

@@ -0,0 +1,21 @@
+name: Auto reviews updates
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+jobs:
+  auto-merge:
+    name: Auto reviews updates
+    runs-on: ubuntu-20.04
+    timeout-minutes: 5
+
+    steps:
+      - name: Auto reviews updates
+        uses: golfzaptw/action-auto-reviews-from-branches@master
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AUTHOR: renovate[bot]

.github/workflows/changelog.yaml

@@ -0,0 +1,59 @@
+name: Changelog Generator
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - '*'
+
+jobs:
+  changelog:
+    name: Changelog Generator
+    runs-on: ubuntu-20.04
+    timeout-minutes: 10
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
+      - run: python3 -m pip install --user --requirement=ci/requirements.txt
+
+      - name: Get Date
+        id: get-date
+        run: |
+          echo "date=$(/bin/date -u "+%Y%m%d%H%M%S")" >> $GITHUB_OUTPUT
+      - uses: actions/cache@v3
+        with:
+          path: |
+            .github/changelog-generator-cache
+          key: changelog-${{ steps.get-date.outputs.date }}
+          restore-keys: |
+            changelog-
+
+      - name: Get config
+        id: config
+        run: echo "config=$(python -c 'print(__import__("json").dumps(__import__("yaml").load(open(".github/changelog-config.yaml"), Loader=__import__("yaml").SafeLoader)))')" >> $GITHUB_OUTPUT
+      - name: Generate changelog
+        id: changelog
+        uses: heinrichreimer/github-changelog-generator-action@v2.3
+        with:
+          token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
+          configureSections: ${{ steps.config.outputs.config }}
+          cacheFile: .github/changelog-generator-cache
+          unreleased: false
+
+      - run: c2cciutils-checks --fix --check=prettier
+      - id: status
+        run: echo "status=$(git status --short)" >> $GITHUB_OUTPUT
+      - run: |
+          git add CHANGELOG.md
+          git config --global user.email "ci@example.com"
+          git config --global user.name "CI"
+          git commit -m "Update the changelog"
+          git checkout -b changelog-update
+          git push origin changelog-update -f
+          gh pr create --base=master --fill --label=chore || true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
+        if: steps.status.outputs.status != ''

.github/workflows/delete-old-workflows-run.yaml

@@ -0,0 +1,23 @@
+name: Delete old workflow runs
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+env:
+  HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 25
+    name: Delete old workflow runs
+
+    steps:
+      - name: Delete old workflow runs
+        uses: MajorScruffy/delete-old-workflow-runs@v0.3.0
+        with:
+          repository: ${{ github.repository }}
+          older-than-seconds: 43200000 # 500 days
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/main.yaml

@@ -0,0 +1,64 @@
+name: Continuous integration
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - '*'
+  pull_request:
+
+env:
+  HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
+
+jobs:
+  main:
+    runs-on: ubuntu-20.04
+    name: Continuous integration
+    timeout-minutes: 20
+    if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
+
+    strategy:
+      fail-fast: true
+      matrix:
+        helm:
+          - latest
+          - 3.5.1
+
+    steps:
+      - run: docker system prune --all --force
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - uses: camptocamp/initialise-gopass-summon-action@v2
+        with:
+          ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
+          github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
+        if: env.HAS_SECRETS == 'HAS_SECRETS'
+
+      - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
+      - run: python3 -m pip install --user --requirement=ci/requirements.txt
+
+      - name: Checks
+        run: c2cciutils-checks
+
+      - name: Install helm
+        uses: azure/setup-helm@v3
+        with:
+          version: ${{ matrix.helm }}
+      - run: helm dependency update .
+      - run: helm lint .
+      - run: helm lint --values=tests/values.yaml .
+      - run: helm template --namespace=default --values=values.yaml qwc . > tests/actual.yaml
+      - run: diff --ignore-trailing-space tests/actual.yaml tests/expected.yaml
+        if: matrix.helm == 'master'
+
+      - name: Setup k3s/k3d
+        run: c2cciutils-k8s-install
+
+      - name: Apply
+        run: kubectl apply -f tests/expected.yaml
+
+      - name: Publish
+        run: c2cciutils-publish

.github/workflows/pr-checks.yaml

@@ -0,0 +1,29 @@
+name: Pull request check
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - labeled
+      - unlabeled
+      - edit
+      - synchronize
+
+jobs:
+  build:
+    name: Pull request check
+    runs-on: ubuntu-20.04
+    timeout-minutes: 5
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
+      - run: python3 -m pip install --user --pre c2cciutils[pr_checks]
+
+      - name: Check pull request
+        run: c2cciutils-pull-request-checks
+        env:
+          GITHUB_EVENT: ${{ toJson(github) }}
+          GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}

Makefile

@@ -1,8 +1,8 @@
 HELM ?= helm
 
 gen-expected:
-	${HELM} template --namespace=default test . > tests/expected.yaml || \
-		${HELM} template --debug --namespace=default test .
+	${HELM} template --namespace=default qwc . > tests/expected.yaml || \
+		${HELM} template --debug --namespace=default qwc .
 	sed -i 's/[[:blank:]]\+$$//g'  tests/expected.yaml
 
 #start-local:

ci/config.yaml

@@ -0,0 +1,11 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/camptocamp/c2cciutils/master/c2cciutils/schema.json
+
+checks:
+  required_workflows:
+    clean.yaml: false
+    audit.yaml: false
+    backport.yaml: false
+    codeql.yaml: false
+  black:
+    ignore_patterns_re:
+      - .*\.yaml

ci/requirements.txt

@@ -0,0 +1 @@
+c2cciutils[checks,publish]==1.3.12