Merge pull request #956 from sbrunner/test

New Release
sbrunner · Feb 9, 2023 · 176daab · 176daab
2 parents 10b3bc6 + b104815
commit 176daab
Show file tree

Hide file tree

Showing 25 changed files with 3,051 additions and 2,820 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -10,7 +10,7 @@ trim_trailing_whitespace = true
 max_line_length = 110
 quote_type = single
 
-[*.{yaml,json,json5,md}]
+[*.{yaml,json,json5,md,whitesource}]
 indent_size = 2
 
 [{Makefile, *.mk}]

diff --git a/.github/changelog-config.yaml b/.github/changelog-config.yaml
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -1,13 +1,25 @@
 {
   extends: ['config:base'],
   timezone: 'Europe/Zurich',
-  schedule: 'after 1am on Saturday',
+  schedule: 'after 5pm on the first day of the month',
   labels: ['dependencies'],
   separateMajorMinor: true,
   separateMinorPatch: true,
   prHourlyLimit: 0,
   prConcurrentLimit: 0,
-  lockFileMaintenance: { enabled: true, automerge: true },
+  lockFileMaintenance: {
+    enabled: true,
+    automerge: true,
+    schedule: 'after 5pm on the first day of the month',
+  },
+  baseBranches: ['master', 'test'],
+  'pre-commit': { enabled: true },
+  regexManagers: [
+    {
+      fileMatch: ['^.pre-commit-config.yaml'],
+      matchStrings: [" +- '?(?<depName>[^' @=]+)(@|==)(?<currentValue>[^' @=]+)'? # (?<datasource>.+)"],
+    },
+  ],
   packageRules: [
     /** Automerge the patch, the minor and the dev dependency */
     {
@@ -37,7 +49,8 @@
     },
     /** Group Poetry packages */
     {
-      matchPackageNames: ['poetry', 'poetry-core'],
+      matchPackageNames: ['poetry', 'pip'],
+      matchPackagePrefixes: ['poetry-'],
       groupName: 'Poetry',
       automerge: true,
       separateMajorMinor: false,
@@ -49,5 +62,11 @@
       matchPackageNames: ['c2cciutils'],
       enabled: false,
     },
+    /** Accept only the patch on stabilization branches */
+    {
+      matchBaseBranches: ['master'],
+      matchUpdateTypes: ['major', 'minor', 'pin', 'digest', 'lockFileMaintenance', 'rollback', 'bump'],
+      enabled: false,
+    },
   ],
 }
diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
@@ -0,0 +1,35 @@
+name: Audit
+
+on:
+  schedule:
+    - cron: '30 2 * * *'
+
+jobs:
+  audit:
+    runs-on: ubuntu-22.04
+    name: Audit
+    timeout-minutes: 10
+
+    strategy:
+      fail-fast: false
+      matrix:
+        branch:
+          - master
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ matrix.branch }}
+
+      - run: git config --global user.email "sbrunner@ci.org"
+      - run: git config --global user.name "Snyk autofix"
+
+      - run: python3 -m venv ~/.venv
+      - run: ~/.venv/bin/pip install --pre c2cciutils[audit]
+      - run: python3 -m pip install --pre c2cciutils[audit]
+
+      - name: Audit
+        run: ~/.venv/bin/c2cciutils-audit --branch=${{ matrix.branch }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.TOKEN }}
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/.github/workflows/changelog.yaml b/.github/workflows/changelog.yaml
@@ -1,59 +1,45 @@
 name: Changelog Generator
 
 on:
+  schedule:
+    - cron: '0 0 * * 1'
   push:
-    branches:
-      - test
     tags:
-      - '*'
+      - '*.*.*'
 
 jobs:
   changelog:
     name: Changelog Generator
-    runs-on: ubuntu-20.04
-    timeout-minutes: 10
+    runs-on: ubuntu-22.04
+    timeout-minutes: 30
 
     steps:
-      - uses: actions/checkout@v3
-
-      - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
-      - run: python3 -m pip install --user --requirement=ci/requirements.txt
+      - name: Create release
+        run: |
+          if [[ ${{ env.GITHUB_REF_NAME }} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            gh release create ${{ env.GITHUB_REF_NAME }}
+          fi
+        if: env.GITHUB_REF_TYPE == 'tag'
 
       - name: Get Date
         id: get-date
         run: |
-          echo "::set-output name=date::$(/bin/date -u "+%Y%m%d%H%M%S")"
+          echo "date=$(/bin/date -u "+%Y%m%d%H%M%S")" >> $GITHUB_OUTPUT
       - uses: actions/cache@v3
         with:
-          path: |
-            .github/changelog-generator-cache
-          key: changelog-${{ steps.get-date.outputs.date }}
+          path: .cache
+          key: automation-${{ steps.get-date.outputs.date }}
           restore-keys: |
-            changelog-
+            automation-
 
-      - name: Get config
-        id: config
-        run: echo ::set-output name=config::$(python -c 'print(__import__("json").dumps(__import__("yaml").load(open(".github/changelog-config.yaml"), Loader=__import__("yaml").SafeLoader)))')
+      - run: docker pull aeonphp/automation
       - name: Generate changelog
-        id: changelog
-        uses: heinrichreimer/github-changelog-generator-action@v2.3
-        with:
-          token: ${{ secrets.TOKEN }}
-          configureSections: ${{ steps.config.outputs.config }}
-          cacheFile: .github/changelog-generator-cache
-          unreleased: false
-
-      - run: c2cciutils-checks --fix --check=prettier
-      - id: status
-        run: echo ::set-output name=status::$(git status --short)
-      - run: |
-          git add CHANGELOG.md
-          git config --global user.email "ci@example.com"
-          git config --global user.name "CI"
-          git commit -m "Update the changelog"
-          git checkout -b changelog-update
-          git push origin changelog-update -f
-          gh pr create --base=master --fill --label=chore || true
+        run: >
+          docker run --env=AEON_AUTOMATION_GH_TOKEN --rm --volume=$(pwd)/.cache:/cache aeonphp/automation
+          changelog:generate:all
+          ${{ github.repository }}
+          --github-release-update
+          --cache-path=/cache
+          -v
         env:
-          GITHUB_TOKEN: ${{ secrets.TOKEN }}
-        if: steps.status.outputs.status != ''
+          AEON_AUTOMATION_GH_TOKEN: ${{ secrets.TOKEN }}
diff --git a/.github/workflows/delete-old-workflows-run.yaml b/.github/workflows/delete-old-workflows-run.yaml
@@ -0,0 +1,23 @@
+name: Delete old workflow runs
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+env:
+  HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+    timeout-minutes: 25
+    name: Delete old workflow runs
+
+    steps:
+      - name: Delete old workflow runs
+        uses: MajorScruffy/delete-old-workflow-runs@v0.3.0
+        with:
+          repository: ${{ github.repository }}
+          older-than-seconds: 43200000 # 500 days
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -32,14 +32,23 @@ jobs:
       - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
       - run: python3 -m pip install --user --requirement=ci/requirements.txt
 
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache/pre-commit
+          key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-"
+      - run: pre-commit run --all-files
       - name: Checks
         run: c2cciutils-checks
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
       - name: GitHub event
         run: echo ${GITHUB_EVENT} | python3 -m json.tool
         env:
           GITHUB_EVENT: ${{ toJson(github) }}
 
-        # the if the generated files are up to date
+          # the if the generated files are up to date
       - run: make jsonschema
       - run: git diff --quiet
       - run: git diff
@@ -87,10 +96,16 @@ jobs:
       - name: Publish
         run: c2cciutils-publish
         if: env.HAS_SECRETS == 'HAS_SECRETS'
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.TOKEN_NEW }}
 
       - run: make build-all
 
       - name: Publish Docker all
         run: |
           c2cciutils-publish --group=docker-all
         if: env.HAS_SECRETS == 'HAS_SECRETS'
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.TOKEN_NEW }}
diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml
@@ -26,3 +26,4 @@ jobs:
         run: c2cciutils-pull-request-checks
         env:
           GITHUB_EVENT: ${{ toJson(github) }}
+          GITHUB_TOKEN: ${{ secrets.TOKEN }}
diff --git a/.github/workflows/rebuild.yaml b/.github/workflows/rebuild.yaml
@@ -29,6 +29,8 @@ jobs:
 
       - name: Checks
         run: c2cciutils-checks
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
         # the if the generated files are up to date
       - run: make jsonschema
@@ -74,10 +76,16 @@ jobs:
 
       - name: Publish
         run: c2cciutils-publish --group=docker --type=rebuild --branch=${{ matrix.branch }}
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.TOKEN_NEW }}
 
       - run: make build-all
 
       - name: Publish Docker all
         run: |
           c2cciutils-publish --group=docker-all
         if: env.HAS_SECRETS == 'HAS_SECRETS'
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.TOKEN_NEW }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,12 +1,57 @@
-ci:
-  skip:
-    - copyright
-
 repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: detect-private-key
+      - id: check-merge-conflict
+      - id: check-ast
+      - id: debug-statements
+      - id: check-toml
+      - id: check-yaml
+      - id: check-json
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: mixed-line-ending
   - repo: https://github.com/sbrunner/pre-commit-copyright
     rev: 0.2.3
     hooks:
       - id: copyright
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.2.2
+    hooks:
+      - id: codespell
+        exclude: ^(.*/)?poetry\.lock$
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v2.7.1
+    hooks:
+      - id: prettier
+        additional_dependencies:
+          - prettier@2.8.3 # npm
+          - prettier-plugin-sh@0.12.8 # npm
+          - prettier-plugin-toml@0.3.1 # npm
+          - '@prettier/plugin-xml@0.12.0' # npm
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.9.0.2
+    hooks:
+      - id: shellcheck
+  - repo: https://github.com/jumanjihouse/pre-commit-hooks
+    rev: 3.0.0
+    hooks:
+      - id: git-check
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.21.0
+    hooks:
+      - id: check-github-workflows
+      - id: check-renovate
+        additional_dependencies:
+          - pyjson5==1.6.2 # pypi
+  - repo: https://github.com/sirwart/ripsecrets
+    rev: v0.1.5
+    hooks:
+      - id: ripsecrets
+        exclude: "(^\
+          thepaperlessproject-paperless-webserver.json\
+          |thepaperlessproject-paperless-consumer.json)"
   - repo: https://github.com/psf/black
     rev: 23.1.0
     hooks:
@@ -15,3 +60,20 @@ repos:
     rev: 5.12.0
     hooks:
       - id: isort
+  - repo: https://github.com/PyCQA/autoflake
+    rev: v2.0.1
+    hooks:
+      - id: autoflake
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.3.1
+    hooks:
+      - id: pyupgrade
+        args:
+          - --py38-plus
+  - repo: https://github.com/PyCQA/prospector
+    rev: v1.8.4
+    hooks:
+      - id: prospector
+        args:
+          - --tool=pydocstyle
+          - --die-on-tool-error
diff --git a/.whitesource b/.whitesource
@@ -0,0 +1,14 @@
+{
+  "scanSettings": {
+    "baseBranches": []
+  },
+  "checkRunSettings": {
+    "vulnerableCheckRunConclusionLevel": "failure",
+    "displayMode": "diff",
+    "useMendCheckNames": true
+  },
+  "issueSettings": {
+    "minSeverityLevel": "LOW",
+    "issueType": "DEPENDENCY"
+  }
+}