From 32e1348191cb780ec6a88c24684b265b3f6c9738 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Sch=C3=BCnemann?= Date: Mon, 2 Jun 2025 10:10:17 +0200 Subject: [PATCH 1/9] share workflows --- .github/workflows/lib/ci.yaml | 35 ++++ .github/workflows/lib/publish.yaml | 92 +++++++++++ .github/workflows/lib/release.yaml | 150 ++++++++++++++++++ .github/workflows/lib/reuse.yaml | 12 ++ .../workflows/lib/validate-pr-content.yaml | 23 +++ .github/workflows/reuse.yaml | 8 +- 6 files changed, 314 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/lib/ci.yaml create mode 100644 .github/workflows/lib/publish.yaml create mode 100644 .github/workflows/lib/release.yaml create mode 100644 .github/workflows/lib/reuse.yaml create mode 100644 .github/workflows/lib/validate-pr-content.yaml diff --git a/.github/workflows/lib/ci.yaml b/.github/workflows/lib/ci.yaml new file mode 100644 index 0000000..9856a86 --- /dev/null +++ b/.github/workflows/lib/ci.yaml @@ -0,0 +1,35 @@ +name: CI + +on: + workflow_call: + +jobs: + build: + runs-on: ubuntu-24.04 + + steps: + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + submodules: recursive + + - name: Set up Go + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + with: + go-version-file: go.mod + + - name: Install Task + uses: arduino/setup-task@v2 + with: + version: 3.x + + - name: task generate + run: | + task generate --verbose + git diff --exit-code + + - name: task validate + run: task validate --verbose + + - name: task test + run: task test --verbose diff --git a/.github/workflows/lib/publish.yaml b/.github/workflows/lib/publish.yaml new file mode 100644 index 0000000..6c77a27 --- /dev/null +++ b/.github/workflows/lib/publish.yaml @@ -0,0 +1,92 @@ +name: Publish + +on: + workflow_call: + +permissions: + packages: write + +env: + OCI_URL: ghcr.io/openmcp-project + +jobs: + release_tag: + name: Release version + runs-on: ubuntu-24.04 + steps: + - name: Create GitHub App token + uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2 + id: app-token + with: + # required + app-id: 1312871 + private-key: ${{ secrets.OPENMCP_CI_APP_PRIVATE_KEY }} + + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + token: ${{ steps.app-token.outputs.token }} + fetch-tags: true + fetch-depth: 0 + submodules: recursive + + - name: Install Task + uses: arduino/setup-task@v2 + with: + version: 3.x + + - name: Read and validate VERSION + id: version + run: | + VERSION=$(task version) + if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-dev(-[0-9a-f]*)?)?$ ]]; then + echo "Invalid version format: $VERSION" + exit 1 + fi + echo "New version: $VERSION" + echo "version=$VERSION" >> $GITHUB_ENV + + - name: Skip release if version is a dev version + if: contains(env.version, '-dev') + run: | + echo "Skipping development version release: ${{ env.version }}" + echo "SKIP=true" >> $GITHUB_ENV + exit 0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 + + - name: Set up Docker Context for Buildx + id: buildx-context + run: | + docker context create builders + + - name: Login to GitHub Container Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + timeout-minutes: 5 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 + with: + version: latest + + - name: Set up Go + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + with: + go-version-file: go.mod + + - name: Build and Push Images + run: | + task build:img:all --verbose + + - name: Package and Push Helm Charts + run: | + task build:helm:all --verbose + + - name: Build and Push OCM Component + run: | + task build:ocm:all --verbose diff --git a/.github/workflows/lib/release.yaml b/.github/workflows/lib/release.yaml new file mode 100644 index 0000000..4da30de --- /dev/null +++ b/.github/workflows/lib/release.yaml @@ -0,0 +1,150 @@ +name: Versioned Release + +on: + workflow_call: + +permissions: + contents: write # we need this to be able to push tags + pull-requests: read + +jobs: + release_tag: + name: Release version + runs-on: ubuntu-24.04 + steps: + - name: Create GitHub App token + uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2 + id: app-token + with: + # required + app-id: 1312871 + private-key: ${{ secrets.OPENMCP_CI_APP_PRIVATE_KEY }} + + - name: Checkout code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + token: ${{ steps.app-token.outputs.token }} + fetch-tags: true + fetch-depth: 0 + submodules: recursive + + - name: Install Task + uses: arduino/setup-task@v2 + with: + version: 3.x + + - name: Read and validate VERSION + id: version + run: | + VERSION=$(task version) + if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-dev(-[0-9a-f]*)?)?$ ]]; then + echo "Invalid version format: $VERSION" + exit 1 + fi + echo "New version: $VERSION" + echo "version=$VERSION" >> $GITHUB_ENV + + - name: Skip release if version is a dev version + if: contains(env.version, '-dev') + run: | + echo "Skipping development version release: ${{ env.version }}" + echo "SKIP=true" >> $GITHUB_ENV + exit 0 + + - name: Check if VERSION is already tagged + id: check_tag + run: | + if git rev-parse "refs/tags/${{ env.version }}" >/dev/null 2>&1; then + echo "Tag ${{ env.version }} already exists. Skipping release." + echo "SKIP=true" >> $GITHUB_ENV + exit 0 + fi + echo "Tag ${{ env.version }} doesn't exists. Proceeding with release." + + - name: Create Git tag + if: ${{ env.SKIP != 'true' }} + run: | + AUTHOR_NAME=$(git log -1 --pretty=format:'%an') + AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae') + echo "Tagging as $AUTHOR_NAME <$AUTHOR_EMAIL>" + + echo "AUTHOR_NAME=$AUTHOR_NAME" >> $GITHUB_ENV + echo "AUTHOR_EMAIL=$AUTHOR_EMAIL" >> $GITHUB_ENV + + git config user.name "$AUTHOR_NAME" + git config user.email "$AUTHOR_EMAIL" + + git tag -a "${{ env.version }}" -m "Release ${{ env.version }}" + git push origin "${{ env.version }}" + + - name: Create Git tag for api submodule + if: ${{ env.SKIP != 'true' }} + run: | + AUTHOR_NAME=$(git log -1 --pretty=format:'%an') + AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae') + echo "Tagging as $AUTHOR_NAME <$AUTHOR_EMAIL>" + + echo "AUTHOR_NAME=$AUTHOR_NAME" >> $GITHUB_ENV + echo "AUTHOR_EMAIL=$AUTHOR_EMAIL" >> $GITHUB_ENV + + git config user.name "$AUTHOR_NAME" + git config user.email "$AUTHOR_EMAIL" + + git tag -a "api/${{ env.version }}" -m "Release ${{ env.version }}" + git push origin "api/${{ env.version }}" + + - name: Build Changelog + id: github_release + uses: mikepenz/release-changelog-builder-action@e92187bd633e680ebfdd15961a7c30b2d097e7ad # v5 + with: + mode: "PR" + configurationJson: | + { + "template": "#{{CHANGELOG}}", + "pr_template": "- #{{TITLE}}: ##{{NUMBER}}", + "categories": [ + { + "title": "## Feature", + "labels": ["feat", "feature"] + }, + { + "title": "## Fix", + "labels": ["fix", "bug"] + }, + { + "title": "## Other", + "labels": [] + } + ], + "label_extractor": [ + { + "pattern": "^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test){1}(\\([\\w\\-\\.]+\\))?(!)?: ([\\w ])+([\\s\\S]*)", + "on_property": "title", + "target": "$1" + } + ] + } + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create GitHub release + if: ${{ env.SKIP != 'true' }} + uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2 + with: + tag_name: ${{ env.version }} + name: Release ${{ env.version }} + body: ${{steps.github_release.outputs.changelog}} + draft: true + prerelease: false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Push dev VERSION + if: ${{ env.SKIP != 'true' }} + run: | + task release:set-version --verbose -- "${{ env.version }}-dev" + git config user.name "${{ env.AUTHOR_NAME }}" + git config user.email "${{ env.AUTHOR_EMAIL }}" + git add VERSION + git commit -m "Update VERSION to ${{ env.version }}-dev" + git push origin main diff --git a/.github/workflows/lib/reuse.yaml b/.github/workflows/lib/reuse.yaml new file mode 100644 index 0000000..ba5b99d --- /dev/null +++ b/.github/workflows/lib/reuse.yaml @@ -0,0 +1,12 @@ +name: REUSE Compliance Check + +on: + workflow_call: + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - name: REUSE Compliance Check + uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5 diff --git a/.github/workflows/lib/validate-pr-content.yaml b/.github/workflows/lib/validate-pr-content.yaml new file mode 100644 index 0000000..cd380f6 --- /dev/null +++ b/.github/workflows/lib/validate-pr-content.yaml @@ -0,0 +1,23 @@ +name: Validate Pull Request Content + +on: + workflow_call: + +jobs: + validate-pr-content: + runs-on: ubuntu-latest + + steps: + - name: Validate PR content + run: | + PR_BODY=$(jq -r .pull_request.body "$GITHUB_EVENT_PATH") + echo "DEBUG: PR_BODY content is: $PR_BODY" + REQUIRED_SECTIONS=("\\*\\*What this PR does / why we need it\\*\\*:" "\\*\\*Release note\\*\\*:") + + for SECTION in "${REQUIRED_SECTIONS[@]}"; do + echo "DEBUG: Checking for section: $SECTION" + if ! echo "$PR_BODY" | grep -qE "$SECTION"; then + echo "Pull request message is missing required section: $SECTION" >&2 + exit 1 + fi + done \ No newline at end of file diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index 1cb746e..3187c0c 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -2,10 +2,6 @@ name: REUSE Compliance Check on: [push, pull_request] -jobs: +jobs: test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: REUSE Compliance Check - uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5 \ No newline at end of file + uses: .github/workflows/lib/reuse.yaml@main \ No newline at end of file From a57fdafda0c9054393925c3e0e0c936a09048ff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Sch=C3=BCnemann?= Date: Mon, 2 Jun 2025 10:16:28 +0200 Subject: [PATCH 2/9] move to top level --- .github/workflows/{lib/ci.yaml => ci.lib.yaml} | 0 .github/workflows/{lib/publish.yaml => publish.lib.yaml} | 0 .github/workflows/{lib/release.yaml => release.lib.yaml} | 0 .github/workflows/{lib/reuse.yaml => reuse.lib.yaml} | 0 .github/workflows/reuse.yaml | 2 +- .../validate-pr-content.yaml => validate-pr-content.lib.yaml} | 0 6 files changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{lib/ci.yaml => ci.lib.yaml} (100%) rename .github/workflows/{lib/publish.yaml => publish.lib.yaml} (100%) rename .github/workflows/{lib/release.yaml => release.lib.yaml} (100%) rename .github/workflows/{lib/reuse.yaml => reuse.lib.yaml} (100%) rename .github/workflows/{lib/validate-pr-content.yaml => validate-pr-content.lib.yaml} (100%) diff --git a/.github/workflows/lib/ci.yaml b/.github/workflows/ci.lib.yaml similarity index 100% rename from .github/workflows/lib/ci.yaml rename to .github/workflows/ci.lib.yaml diff --git a/.github/workflows/lib/publish.yaml b/.github/workflows/publish.lib.yaml similarity index 100% rename from .github/workflows/lib/publish.yaml rename to .github/workflows/publish.lib.yaml diff --git a/.github/workflows/lib/release.yaml b/.github/workflows/release.lib.yaml similarity index 100% rename from .github/workflows/lib/release.yaml rename to .github/workflows/release.lib.yaml diff --git a/.github/workflows/lib/reuse.yaml b/.github/workflows/reuse.lib.yaml similarity index 100% rename from .github/workflows/lib/reuse.yaml rename to .github/workflows/reuse.lib.yaml diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index 3187c0c..7f44533 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -4,4 +4,4 @@ on: [push, pull_request] jobs: test: - uses: .github/workflows/lib/reuse.yaml@main \ No newline at end of file + uses: .github/workflows/reuse.lib.yaml@main \ No newline at end of file diff --git a/.github/workflows/lib/validate-pr-content.yaml b/.github/workflows/validate-pr-content.lib.yaml similarity index 100% rename from .github/workflows/lib/validate-pr-content.yaml rename to .github/workflows/validate-pr-content.lib.yaml From e51b30273e99bc386a6abd9b37f78aa62144a89f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Sch=C3=BCnemann?= Date: Mon, 2 Jun 2025 10:17:10 +0200 Subject: [PATCH 3/9] fix --- .github/workflows/reuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index 7f44533..41173aa 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -4,4 +4,4 @@ on: [push, pull_request] jobs: test: - uses: .github/workflows/reuse.lib.yaml@main \ No newline at end of file + uses: ./reuse.yaml \ No newline at end of file From 72e05cd01d2958adf5b7f99fcd7a17e5777c1abe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Sch=C3=BCnemann?= Date: Mon, 2 Jun 2025 10:17:39 +0200 Subject: [PATCH 4/9] fix --- .github/workflows/reuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index 41173aa..00f3421 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -4,4 +4,4 @@ on: [push, pull_request] jobs: test: - uses: ./reuse.yaml \ No newline at end of file + uses: ./reuse.yaml@main \ No newline at end of file From cefa01724317435c1275bdc3c72589bfa97593ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Sch=C3=BCnemann?= Date: Mon, 2 Jun 2025 10:18:12 +0200 Subject: [PATCH 5/9] fix --- .github/workflows/reuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index 00f3421..9f087b7 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -4,4 +4,4 @@ on: [push, pull_request] jobs: test: - uses: ./reuse.yaml@main \ No newline at end of file + uses: ./.github/workflows/reuse.yaml@main \ No newline at end of file From 0a6a7a372c631d3e96890d39d15ea1fe6473f828 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Sch=C3=BCnemann?= Date: Mon, 2 Jun 2025 10:18:31 +0200 Subject: [PATCH 6/9] fix --- .github/workflows/reuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index 9f087b7..0328e74 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -4,4 +4,4 @@ on: [push, pull_request] jobs: test: - uses: ./.github/workflows/reuse.yaml@main \ No newline at end of file + uses: ./.github/workflows/reuse.yaml \ No newline at end of file From a9fcf8a406582f77467c00e9134cbb4f47462006 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Sch=C3=BCnemann?= Date: Mon, 2 Jun 2025 10:18:52 +0200 Subject: [PATCH 7/9] fix --- .github/workflows/reuse.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index 0328e74..a04d398 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -4,4 +4,4 @@ on: [push, pull_request] jobs: test: - uses: ./.github/workflows/reuse.yaml \ No newline at end of file + uses: ./.github/workflows/reuse.lib.yaml \ No newline at end of file From 9352feeb6f1be63e6eae7a41d23b5cf1d8b97993 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Sch=C3=BCnemann?= Date: Mon, 2 Jun 2025 10:24:27 +0200 Subject: [PATCH 8/9] adhere to release message format requirements --- .github/workflows/release.lib.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.lib.yaml b/.github/workflows/release.lib.yaml index 4da30de..06c7e2a 100644 --- a/.github/workflows/release.lib.yaml +++ b/.github/workflows/release.lib.yaml @@ -146,5 +146,5 @@ jobs: git config user.name "${{ env.AUTHOR_NAME }}" git config user.email "${{ env.AUTHOR_EMAIL }}" git add VERSION - git commit -m "Update VERSION to ${{ env.version }}-dev" + git commit -m "release: Update VERSION to ${{ env.version }}-dev" git push origin main From cc2e355381440c93778a6d3ae46c9e1d2c844218 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Sch=C3=BCnemann?= Date: Mon, 2 Jun 2025 10:25:41 +0200 Subject: [PATCH 9/9] change message --- .github/workflows/release.lib.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.lib.yaml b/.github/workflows/release.lib.yaml index 06c7e2a..dbf61a3 100644 --- a/.github/workflows/release.lib.yaml +++ b/.github/workflows/release.lib.yaml @@ -146,5 +146,5 @@ jobs: git config user.name "${{ env.AUTHOR_NAME }}" git config user.email "${{ env.AUTHOR_EMAIL }}" git add VERSION - git commit -m "release: Update VERSION to ${{ env.version }}-dev" + git commit -m "chore(release): Update VERSION to ${{ env.version }}-dev" git push origin main