From 885529ba3ff36755c11ec507cb06e6b96cd28885 Mon Sep 17 00:00:00 2001 From: skarpenko Date: Thu, 2 Nov 2023 11:08:19 +0200 Subject: [PATCH] Update Github Workflow --- .github/dependabot.yml | 45 ++++++++++----------- .github/labeler.yml | 2 + .github/release-drafter.yml | 5 ++- .github/workflows/codeql-analysis.yml | 4 +- .github/workflows/labeler.yml | 14 +++++++ .github/workflows/maven.yml | 15 ++++--- .github/workflows/release.yml | 56 +++++++++------------------ .github/workflows/renovate.yml | 39 +++++++++++++++++++ .github/workflows/required-labels.yml | 4 +- 9 files changed, 108 insertions(+), 76 deletions(-) create mode 100644 .github/labeler.yml create mode 100644 .github/workflows/labeler.yml create mode 100644 .github/workflows/renovate.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9a93bcbd..24e39783 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,27 +1,22 @@ version: 2 updates: -- package-ecosystem: maven - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 - ignore: - - dependency-name: io.projectreactor.tools:blockhound - versions: - - 1.0.5.RELEASE - - dependency-name: org.springframework.boot:spring-boot-dependencies - versions: - - 2.4.2 - - 2.4.3 - - 2.4.4 - - dependency-name: org.openjdk.jmh:jmh-generator-annprocess - versions: - - "1.27" - - "1.28" - - dependency-name: org.openjdk.jmh:jmh-core - versions: - - "1.27" - - "1.28" - - dependency-name: org.springframework.cloud:spring-cloud-dependencies - versions: - - Hoxton.SR10 + - package-ecosystem: "maven" + directory: "/" + target-branch: "develop" + schedule: + interval: "weekly" + open-pull-requests-limit: 50 + ignore: + - dependency-name: "com.amazonaws:*" + update-types: ["version-update:semver-patch"] + - package-ecosystem: "github-actions" + directory: "/" + target-branch: "develop" + labels: + - "housekeeping" + schedule: + interval: "monthly" + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 00000000..23f44c4e --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,2 @@ +"documentation": + - /**/*.adoc \ No newline at end of file diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index ea044ed3..c4810a76 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -20,9 +20,12 @@ categories: - title: 🐞 Fixes label: bug - - title: 📁 Dependencies updates + - title: 📁 Java Dependencies updates label: dependencies + - title: 📁 Docker images updates + label: docker-update-images + - title: 📖 Documentation label: documentation diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 54e05578..40cc30de 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -7,10 +7,10 @@ on: jobs: build: name: Trivy vulnerability scanner - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@master diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml new file mode 100644 index 00000000..3807d5af --- /dev/null +++ b/.github/workflows/labeler.yml @@ -0,0 +1,14 @@ +name: "Pull Request Auto Labeler" +on: + - pull_request_target + +jobs: + triage: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-latest + steps: + - uses: actions/labeler@v4 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 01a4573b..2835a245 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -5,9 +5,11 @@ name: Java CI with Maven on: push: - branches: [ develop ] + branches: + - develop pull_request: - branches: [ develop ] + branches: + - develop jobs: build-jdk17: @@ -18,8 +20,8 @@ jobs: group: ${{ github.event_name == 'pull_request' && github.head_ref || github.sha}} cancel-in-progress: true steps: - - uses: actions/checkout@v3 - #needed for gitflow-incremental-builder + - name: Checkout repository + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Cache Maven packages @@ -32,8 +34,5 @@ jobs: uses: actions/setup-java@v3 with: java-version: '17' - distribution: 'corretto' - server-id: github # Value of the distributionManagement/repository/id field of the pom.xml - settings-path: ${{ github.workspace }} # location for the settings.xml file - name: Build with Maven - run: ./mvnw -version && whoami && ./mvnw clean verify --batch-mode --no-transfer-progress + run: ./mvnw -version && whoami && umask -S && umask a+rw && umask -S && ./mvnw clean verify -P docker-clean -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.count=3 --no-snapshot-updates --batch-mode --no-transfer-progress \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a9a79c8c..c318d828 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,67 +1,47 @@ name: Publish to the Maven Central Repository on: - workflow_dispatch: - inputs: - version: - description: Version to be released - required: true + release: + types: [ published ] jobs: publish: runs-on: ubuntu-latest steps: - - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v4 with: + ref: ${{github.event.release.target_commitish}} token: ${{ secrets.RELEASE_PERSONAL_ACCESS_TOKEN }} - - name: Validate ${{ github.event.inputs.version }} release exists - uses: actions/github-script@v6 - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - const response = await github.rest.repos.listReleases({ - owner: context.repo.owner, - repo: context.repo.repo - }); - if (!response) { - throw new Error(`There are no available releases`); - } - for (const release of response.data) { - if (release.name === "${{ github.event.inputs.version }}") { - return - } - } - throw new Error(`Release ${{ github.event.inputs.version }} is not available`); - - name: Set up JDK uses: actions/setup-java@v3 with: + distribution: 'zulu' java-version: '17' - distribution: 'corretto' server-id: ossrh server-username: MAVEN_USERNAME server-password: MAVEN_PASSWORD gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} gpg-passphrase: MAVEN_GPG_PASSPHRASE + cache: 'maven' + - name: Update version - run: | - ./mvnw --batch-mode --no-transfer-progress versions:set -DnewVersion=${{ github.event.inputs.version }} versions:commit - git config user.name "jenkins" - git config user.email "jenkins@playtika.com" - git commit -m "Release ${{ github.event.inputs.version }}" -a - git push + if: ${{ success() }} + run: ./mvnw --batch-mode --no-transfer-progress versions:set -DnewVersion=${{github.event.release.tag_name}} versions:commit - name: Publish to the Maven Central Repository - run: ./mvnw --batch-mode --no-transfer-progress -Dgib.disable=true -Ddocker.cleanup.skip=true -P ossrh -DskipTests deploy + if: ${{ success() }} + run: ./mvnw --batch-mode --no-transfer-progress -Dgib.disable=true -P ossrh -DskipTests deploy env: MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - - name: Publish release on GitHub - uses: test-room-7/action-publish-release-drafts@v0 + - name: Commit & Push changes + if: ${{ success() }} + uses: actions-js/push@master with: - github-token: ${{ secrets.GITHUB_TOKEN }} - tag-name: ${{ github.event.inputs.version }} + github_token: ${{ secrets.GITHUB_TOKEN }} + message: 'Release ${{github.event.release.tag_name}}' + branch: ${{ github.event.release.target_commitish }} diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml new file mode 100644 index 00000000..e31de9ea --- /dev/null +++ b/.github/workflows/renovate.yml @@ -0,0 +1,39 @@ +name: Renovate for update docker images + +on: + workflow_dispatch: + inputs: + dryRun: + description: "Dry-Run" + default: false + required: false + type: boolean + logLevel: + description: "Log-Level" + required: false + default: 'debug' + type: choice + options: + - info + - warn + - debug + - error + - fatal + schedule: + - cron: '0 8 * * *' + +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Self-hosted Renovate + uses: renovatebot/github-action@v39.0.5 + with: + configurationFile: .github/renovate/renovate.json + token: ${{ secrets.RELEASE_PERSONAL_ACCESS_TOKEN }} + env: + DRY_RUN: ${{ inputs.dryRun || 'false' }} + LOG_LEVEL: ${{ inputs.logLevel || 'debug' }} \ No newline at end of file diff --git a/.github/workflows/required-labels.yml b/.github/workflows/required-labels.yml index ecfef869..96110b22 100644 --- a/.github/workflows/required-labels.yml +++ b/.github/workflows/required-labels.yml @@ -9,8 +9,8 @@ jobs: runs-on: ubuntu-latest name: Verify Pull Request has labels steps: - - uses: mheap/github-action-required-labels@v3 + - uses: mheap/github-action-required-labels@v5 with: mode: minimum count: 1 - labels: "breaking-change, feature, enhancement, bug, dependencies, documentation, housekeeping" \ No newline at end of file + labels: "breaking-change, feature, enhancement, bug, dependencies, docker-update-images, documentation, housekeeping" \ No newline at end of file