diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b89581cd..2421aff2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,7 +6,7 @@ updates: # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/dependabot/README.md # See: https://docs.github.com/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot - package-ecosystem: github-actions - directory: / # Check the repository's workflows under /.github/workflows/ + directory: /.github/workflows/ schedule: interval: daily labels: @@ -16,12 +16,9 @@ updates: # Configure check for outdated GitHub Actions actions in workflow templates. - package-ecosystem: github-actions - # The workflows under the .github/workflows/ subfolder of this path will be checked. - directory: /workflow-templates/dependabot/workflow-template-copies/ + directory: /workflow-templates/ schedule: interval: daily - commit-message: - prefix: (DO NOT MERGE) labels: - "topic: infrastructure" assignees: diff --git a/.github/workflows/check-dependabot-sync.yml b/.github/workflows/check-dependabot-sync.yml deleted file mode 100644 index 7ef572a8..00000000 --- a/.github/workflows/check-dependabot-sync.yml +++ /dev/null @@ -1,49 +0,0 @@ -# This repository contains intentionally duplicated copies of template workflows under -# workflow-templates/dependabot/workflow-template-copies used for Dependabot checks. -# -# This workflow checks that the copies are in sync. -# If the workflow fails, run `task fix` and commit. - -name: Check Workflow Duplicates Sync - -on: - push: - paths: - - ".github/workflows/check-dependabot-sync.ya?ml" - - "Taskfile.yml" - - "workflow-templates/*.ya?ml" - - "workflow-templates/dependabot/workflow-template-copies/.github/workflows/*" - pull_request: - paths: - - ".github/workflows/check-dependabot-sync.ya?ml" - - "Taskfile.yml" - - "workflow-templates/*.ya?ml" - - "workflow-templates/dependabot/workflow-template-copies/.github/workflows/*" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 16 * * WED" - -jobs: - check-sync: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Sync workflows - run: task --silent dependabot:sync - - - name: Check workflow duplicates sync - run: | - git add . - if ! git diff --color --exit-code HEAD; then - echo "::error::Workflow duplicates are out of sync. Please run \"task fix\"" - exit 1 - fi diff --git a/README.md b/README.md index 3d828014..569ee921 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,6 @@ [![Check npm status](https://github.com/arduino/tooling-project-assets/actions/workflows/check-npm-task.yml/badge.svg)](https://github.com/arduino/tooling-project-assets/actions/workflows/check-npm-task.yml) [![Check General Formatting status](https://github.com/arduino/tooling-project-assets/actions/workflows/check-general-formatting-task.yml/badge.svg)](https://github.com/arduino/tooling-project-assets/actions/workflows/check-general-formatting-task.yml) [![Check License status](https://github.com/arduino/tooling-project-assets/actions/workflows/check-license.yml/badge.svg)](https://github.com/arduino/tooling-project-assets/actions/workflows/check-license.yml) -[![Check Workflow Duplicates Sync status](https://github.com/arduino/tooling-project-assets/actions/workflows/check-dependabot-sync.yml/badge.svg)](https://github.com/arduino/tooling-project-assets/actions/workflows/check-dependabot-sync.yml) [![Check CI Workflows Sync status](https://github.com/arduino/tooling-project-assets/actions/workflows/check-ci-sync.yml/badge.svg)](https://github.com/arduino/tooling-project-assets/actions/workflows/check-ci-sync.yml) [![Check Community Health Files Sync status](https://github.com/arduino/tooling-project-assets/actions/workflows/check-community-health-sync.yml/badge.svg)](https://github.com/arduino/tooling-project-assets/actions/workflows/check-community-health-sync.yml) [![Check Configuration Files Sync status](https://github.com/arduino/tooling-project-assets/actions/workflows/check-config-sync.yml/badge.svg)](https://github.com/arduino/tooling-project-assets/actions/workflows/check-config-sync.yml) diff --git a/Taskfile.yml b/Taskfile.yml index f01e298d..cb4bdd5b 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -42,7 +42,6 @@ tasks: deps: - task: ci:sync - task: config:sync - - task: dependabot:sync - task: general:correct-spelling - task: general:format-prettier - task: github:sync @@ -371,22 +370,6 @@ tasks: -s "{{.SCHEMA_PATH}}" \ -d "{{.PROJECT_FOLDER}}/{{.DATA_PATH}}" - dependabot:sync: - desc: Sync workflow duplicates for dependabot checks - vars: - WORKFLOW_TEMPLATES_PATH: "./workflow-templates" - WORKFLOW_TEMPLATE_COPIES_PATH: "./workflow-templates/dependabot/workflow-template-copies/.github/workflows" - cmds: - # Sync workflow templates with the copies in the folder where Dependabot can check them for updates. - - mkdir --parents "{{.WORKFLOW_TEMPLATE_COPIES_PATH}}" - - rm --force "{{.WORKFLOW_TEMPLATE_COPIES_PATH}}"/* - - | - find "{{.WORKFLOW_TEMPLATES_PATH}}" \ - -maxdepth 1 \ - -type f \ - -regex '.*\.ya?ml' \ - -exec cp '{}' "{{.WORKFLOW_TEMPLATE_COPIES_PATH}}" \; - docs:generate: desc: Create all generated documentation content # This is an "umbrella" task used to call any documentation generation processes the project has. diff --git a/workflow-templates/README.md b/workflow-templates/README.md index 6725266d..76e04954 100644 --- a/workflow-templates/README.md +++ b/workflow-templates/README.md @@ -23,6 +23,10 @@ Addition of, or requests for, any additional workflows that can be reusable betw ## Dependabot -Dependabot is used to check for outdated action versions used in the workflow templates. Details about that are [here](dependabot/README.md). +Dependabot is used to [check for outdated action versions](https://docs.github.com/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot) used in the template workflows. + +Dependabot's PRs will occasionally try to pin to the patch version of the action (e.g., updating `uses: foo/bar@v1` to `uses: foo/bar@v2.3.4`). When the action author has [provided a major version ref](https://docs.github.com/actions/creating-actions/about-custom-actions#using-release-management-for-actions), use that instead (e.g., `uses: foo/bar@v2`). Once the major version has been updated in the workflow, Dependabot should not submit an update PR again until the next major version bump. + +--- The same can be done for the workflows of any repository. See the instructions [here](assets/dependabot/README.md). diff --git a/workflow-templates/assets/dependabot/dependabot.yml b/workflow-templates/assets/dependabot/dependabot.yml index fd7388a9..03b0e93f 100644 --- a/workflow-templates/assets/dependabot/dependabot.yml +++ b/workflow-templates/assets/dependabot/dependabot.yml @@ -6,7 +6,7 @@ updates: # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/dependabot/README.md # See: https://docs.github.com/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot - package-ecosystem: github-actions - directory: / # Check the repository's workflows under /.github/workflows/ + directory: /.github/workflows/ schedule: interval: daily labels: diff --git a/workflow-templates/dependabot/README.md b/workflow-templates/dependabot/README.md deleted file mode 100644 index dd221f04..00000000 --- a/workflow-templates/dependabot/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# Outdated GitHub Actions action version check - -Dependabot is used to [check for outdated action versions](https://docs.github.com/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot) used in the template workflows. - -The files under `workflow-templates/dependabot/workflow-template-copies/.github/workflows/` are duplicates of the files under `workflow-templates/`. This is done as a workaround for the lack of support for defining exact workflow folders in the Dependabot configuration (it always checks the YAML files in the `.github/workflows/` subfolder of the path specified via the `updates[].directory` configuration key of [`dependabot.yml`](https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#about-the-dependabotyml-file). - -So do not merge the PRs from Dependabot for the files under `workflow-templates/dependabot-copies/.github/workflows/`. The equivalent workflow templates directly under `workflow-templates/` must be updated instead. The Dependabot PRs for these files are used only as notifications of available action updates. - -Dependabot's PRs will occasionally try to pin to the patch version of the action (e.g., updating `uses: foo/bar@v1` to `uses: foo/bar@v2.3.4`). When the action author has [provided a major version ref](https://docs.github.com/actions/creating-actions/about-custom-actions#using-release-management-for-actions), use that instead (e.g., `uses: foo/bar@v2`). Once the major version has been updated in the workflow, Dependabot should not submit an update PR again until the next major version bump. - -Dependabot will automatically close its PR once the workflow has been updated. - -Run `task fix` after making any changes to the workflow templates under `workflow-templates/`. That script will synchronize the copies. The repository has a CI workflow to check the sync. diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-action-metadata-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-action-metadata-task.yml deleted file mode 100644 index 8b44975d..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-action-metadata-task.yml +++ /dev/null @@ -1,50 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-action-metadata-task.md -name: Check Action Metadata - -env: - # See: https://github.com/actions/setup-node/#readme - NODE_VERSION: 16.x - -# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows -on: - push: - paths: - - ".github/workflows/check-action-metadata-task.ya?ml" - - "action.ya?ml" - - "package.json" - - "package-lock.json" - - "Taskfile.ya?ml" - pull_request: - paths: - - ".github/workflows/check-action-metadata-task.ya?ml" - - "action.ya?ml" - - "package.json" - - "package-lock.json" - - "Taskfile.ya?ml" - schedule: - # Run every Tuesday at 8 AM UTC to catch breakage from changes to the JSON schema. - - cron: "0 8 * * TUE" - workflow_dispatch: - repository_dispatch: - -jobs: - validate: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Validate action.yml - run: task --silent action:validate diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-certificates.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-certificates.yml deleted file mode 100644 index 7547fb90..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-certificates.yml +++ /dev/null @@ -1,168 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-certificates.md -name: Check Certificates - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/check-certificates.ya?ml" - pull_request: - paths: - - ".github/workflows/check-certificates.ya?ml" - schedule: - # Run every 10 hours. - - cron: "0 */10 * * *" - workflow_dispatch: - repository_dispatch: - -env: - # Begin notifications when there are less than this many days remaining before expiration. - EXPIRATION_WARNING_PERIOD: 30 - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # TODO: Update repository name. - REPO_SLUG="TODO_REPO_OWNER/TODO_REPO_NAME" - if [[ - ( - # Only run on branch creation when it is a release branch. - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ) && - ( - # Only run when the workflow will have access to the certificate secrets. - # This could be done via a GitHub Actions workflow conditional, but makes more sense to do it here as well. - ( - "${{ github.event_name }}" != "pull_request" && - "${{ github.repository }}" == "$REPO_SLUG" - ) || - ( - "${{ github.event_name }}" == "pull_request" && - "${{ github.event.pull_request.head.repo.full_name }}" == "$REPO_SLUG" - ) - ) - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - check-certificates: - name: ${{ matrix.certificate.identifier }} - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - strategy: - fail-fast: false - - matrix: - certificate: - # Additional certificate definitions can be added to this list. - - identifier: macOS signing certificate # Text used to identify certificate in notifications. - certificate-secret: INSTALLER_CERT_MAC_P12 # Name of the secret that contains the certificate. - password-secret: INSTALLER_CERT_MAC_PASSWORD # Name of the secret that contains the certificate password. - - steps: - - name: Set certificate path environment variable - run: | - # See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable - echo "CERTIFICATE_PATH=${{ runner.temp }}/certificate.p12" >> "$GITHUB_ENV" - - - name: Decode certificate - env: - CERTIFICATE: ${{ secrets[matrix.certificate.certificate-secret] }} - run: | - echo "${{ env.CERTIFICATE }}" | base64 --decode > "${{ env.CERTIFICATE_PATH }}" - - - name: Verify certificate - env: - CERTIFICATE_PASSWORD: ${{ secrets[matrix.certificate.password-secret] }} - run: | - ( - openssl pkcs12 \ - -in "${{ env.CERTIFICATE_PATH }}" \ - -noout -passin env:CERTIFICATE_PASSWORD - ) || ( - echo "::error::Verification of ${{ matrix.certificate.identifier }} failed!!!" - exit 1 - ) - - - name: Slack notification of certificate verification failure - if: failure() - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} - SLACK_MESSAGE: | - :warning::warning::warning::warning: - WARNING: ${{ github.repository }} ${{ matrix.certificate.identifier }} verification failed!!! - :warning::warning::warning::warning: - SLACK_COLOR: danger - MSG_MINIMAL: true - uses: rtCamp/action-slack-notify@v2 - - - name: Get days remaining before certificate expiration date - env: - CERTIFICATE_PASSWORD: ${{ secrets[matrix.certificate.password-secret] }} - id: get-days-before-expiration - run: | - EXPIRATION_DATE="$( - ( - openssl pkcs12 \ - -in "${{ env.CERTIFICATE_PATH }}" \ - -clcerts \ - -nodes \ - -passin env:CERTIFICATE_PASSWORD - ) | ( - openssl x509 \ - -noout \ - -enddate - ) | ( - grep \ - --max-count=1 \ - --only-matching \ - --perl-regexp \ - 'notAfter=(\K.*)' - ) - )" - - DAYS_BEFORE_EXPIRATION="$((($(date --utc --date="$EXPIRATION_DATE" +%s) - $(date --utc +%s)) / 60 / 60 / 24))" - - # Display the expiration information in the log. - echo "Certificate expiration date: $EXPIRATION_DATE" - echo "Days remaining before expiration: $DAYS_BEFORE_EXPIRATION" - - echo "days=$DAYS_BEFORE_EXPIRATION" >> $GITHUB_OUTPUT - - - name: Check if expiration notification period has been reached - id: check-expiration - run: | - if [[ ${{ steps.get-days-before-expiration.outputs.days }} -lt ${{ env.EXPIRATION_WARNING_PERIOD }} ]]; then - echo "::error::${{ matrix.certificate.identifier }} will expire in ${{ steps.get-days-before-expiration.outputs.days }} days!!!" - exit 1 - fi - - - name: Slack notification of pending certificate expiration - # Don't send spurious expiration notification if verification fails. - if: failure() && steps.check-expiration.outcome == 'failure' - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} - SLACK_MESSAGE: | - :warning::warning::warning::warning: - WARNING: ${{ github.repository }} ${{ matrix.certificate.identifier }} will expire in ${{ steps.get-days-before-expiration.outputs.days }} days!!! - :warning::warning::warning::warning: - SLACK_COLOR: danger - MSG_MINIMAL: true - uses: rtCamp/action-slack-notify@v2 diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-general-formatting-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-general-formatting-task.yml deleted file mode 100644 index feaceb00..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-general-formatting-task.yml +++ /dev/null @@ -1,53 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-general-formatting-task.md -name: Check General Formatting - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - push: - pull_request: - schedule: - # Run every Tuesday at 8 AM UTC to catch breakage caused by changes to tools. - - cron: "0 8 * * TUE" - workflow_dispatch: - repository_dispatch: - -jobs: - check: - runs-on: ubuntu-latest - - steps: - - name: Set environment variables - run: | - # See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable - echo "EC_INSTALL_PATH=${{ runner.temp }}/editorconfig-checker" >> "$GITHUB_ENV" - - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Download latest editorconfig-checker release binary package - id: download - uses: MrOctopus/download-asset-action@1.0 - with: - repository: editorconfig-checker/editorconfig-checker - excludes: prerelease, draft - asset: linux-amd64.tar.gz - target: ${{ env.EC_INSTALL_PATH }} - - - name: Install editorconfig-checker - run: | - cd "${{ env.EC_INSTALL_PATH }}" - tar --extract --file="${{ steps.download.outputs.name }}" - # Give the binary a standard name - mv "${{ env.EC_INSTALL_PATH }}/bin/ec-linux-amd64" "${{ env.EC_INSTALL_PATH }}/bin/ec" - # Add installation to PATH: - # See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-system-path - echo "${{ env.EC_INSTALL_PATH }}/bin" >> "$GITHUB_PATH" - - - name: Check formatting - run: task --silent general:check-formatting diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-dependencies-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-dependencies-task.yml deleted file mode 100644 index 322f6a76..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-dependencies-task.yml +++ /dev/null @@ -1,140 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-go-dependencies-task.md -name: Check Go Dependencies - -env: - # See: https://github.com/actions/setup-go/tree/main#supported-version-syntax - GO_VERSION: "1.17" - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/check-go-dependencies-task.ya?ml" - - ".licenses/**" - - ".licensed.json" - - ".licensed.ya?ml" - - "Taskfile.ya?ml" - - "**/.gitmodules" - - "**/go.mod" - - "**/go.sum" - pull_request: - paths: - - ".github/workflows/check-go-dependencies-task.ya?ml" - - ".licenses/**" - - ".licensed.json" - - ".licensed.ya?ml" - - "Taskfile.ya?ml" - - "**/.gitmodules" - - "**/go.mod" - - "**/go.sum" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 8 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - check-cache: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: Install licensed - uses: jonabc/setup-licensed@v1 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Update dependencies license metadata cache - run: task --silent general:cache-dep-licenses - - - name: Check for outdated cache - id: diff - run: | - git add . - if ! git diff --cached --color --exit-code; then - echo - echo "::error::Dependency license metadata out of sync. See: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-go-dependencies-task.md#metadata-cache" - exit 1 - fi - - # Some might find it convenient to have CI generate the cache rather than setting up for it locally - - name: Upload cache to workflow artifact - if: failure() && steps.diff.outcome == 'failure' - uses: actions/upload-artifact@v3 - with: - if-no-files-found: error - name: dep-licenses-cache - path: .licenses/ - - check-deps: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: Install licensed - uses: jonabc/setup-licensed@v1 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Check for dependencies with unapproved licenses - run: task --silent general:check-dep-licenses diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-task.yml deleted file mode 100644 index 5334f15a..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-task.yml +++ /dev/null @@ -1,228 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-go-task.md -name: Check Go - -env: - # See: https://github.com/actions/setup-go/tree/main#supported-version-syntax - GO_VERSION: "1.17" - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/check-go-task.ya?ml" - - "Taskfile.ya?ml" - - "**/go.mod" - - "**/go.sum" - - "**.go" - pull_request: - paths: - - ".github/workflows/check-go-task.ya?ml" - - "Taskfile.ya?ml" - - "**/go.mod" - - "**/go.sum" - - "**.go" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 7 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - check-errors: - name: check-errors (${{ matrix.module.path }}) - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - strategy: - fail-fast: false - - matrix: - module: - # TODO: add paths of all Go modules here - - path: ./ - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Check for errors - env: - GO_MODULE_PATH: ${{ matrix.module.path }} - run: task go:vet - - check-outdated: - name: check-outdated (${{ matrix.module.path }}) - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - strategy: - fail-fast: false - - matrix: - module: - # TODO: add paths of all Go modules here - - path: ./ - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Modernize usages of outdated APIs - env: - GO_MODULE_PATH: ${{ matrix.module.path }} - run: task go:fix - - - name: Check if any fixes were needed - run: git diff --color --exit-code - - check-style: - name: check-style (${{ matrix.module.path }}) - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - strategy: - fail-fast: false - - matrix: - module: - # TODO: add paths of all Go modules here - - path: ./ - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Install golint - run: go install golang.org/x/lint/golint@latest - - - name: Check style - env: - GO_MODULE_PATH: ${{ matrix.module.path }} - run: task --silent go:lint - - check-formatting: - name: check-formatting (${{ matrix.module.path }}) - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - strategy: - fail-fast: false - - matrix: - module: - # TODO: add paths of all Go modules here - - path: ./ - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Format code - env: - GO_MODULE_PATH: ${{ matrix.module.path }} - run: task go:format - - - name: Check formatting - run: git diff --color --exit-code - - check-config: - name: check-config (${{ matrix.module.path }}) - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - strategy: - fail-fast: false - - matrix: - module: - # TODO: add paths of all Go modules here - - path: ./ - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Run go mod tidy - working-directory: ${{ matrix.module.path }} - run: go mod tidy - - - name: Check whether any tidying was needed - run: git diff --color --exit-code diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-javascript-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-javascript-task.yml deleted file mode 100644 index 851259a5..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-javascript-task.yml +++ /dev/null @@ -1,54 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-javascript-task.md -name: Check JavaScript - -env: - # See: https://github.com/actions/setup-node/#readme - NODE_VERSION: 16.x - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - push: - paths: - - ".github/workflows/check-javascript-task.ya?ml" - - ".eslintignore" - - "**/.eslintrc*" - - "package.json" - - "package-lock.json" - - "Taskfile.ya?ml" - - "**.jsx?" - pull_request: - paths: - - ".github/workflows/check-javascript-task.ya?ml" - - ".eslintignore" - - "**/.eslintrc*" - - "package.json" - - "package-lock.json" - - "Taskfile.ya?ml" - - "**.jsx?" - workflow_dispatch: - repository_dispatch: - -permissions: - contents: read - -jobs: - check: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Lint - run: task js:lint diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-license.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-license.yml deleted file mode 100644 index 7e262055..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-license.yml +++ /dev/null @@ -1,98 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-license.md -name: Check License - -env: - # TODO: Define the project's license file name here: - EXPECTED_LICENSE_FILENAME: LICENSE.txt - # SPDX identifier: https://spdx.org/licenses/ - # TODO: Define the project's license type here - EXPECTED_LICENSE_TYPE: AGPL-3.0 - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/check-license.ya?ml" - # See: https://github.com/licensee/licensee/blob/master/docs/what-we-look-at.md#detecting-the-license-file - - "[cC][oO][pP][yY][iI][nN][gG]*" - - "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*" - - "[lL][iI][cC][eE][nN][cCsS][eE]*" - - "[oO][fF][lL]*" - - "[pP][aA][tT][eE][nN][tT][sS]*" - pull_request: - paths: - - ".github/workflows/check-license.ya?ml" - - "[cC][oO][pP][yY][iI][nN][gG]*" - - "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*" - - "[lL][iI][cC][eE][nN][cCsS][eE]*" - - "[oO][fF][lL]*" - - "[pP][aA][tT][eE][nN][tT][sS]*" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 6 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - check-license: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: ruby # Install latest version - - - name: Install licensee - run: gem install licensee - - - name: Check license file - run: | - EXIT_STATUS=0 - # See: https://github.com/licensee/licensee - LICENSEE_OUTPUT="$(licensee detect --json --confidence=100)" - - DETECTED_LICENSE_FILE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].filename | tr --delete '\r')" - echo "Detected license file: $DETECTED_LICENSE_FILE" - if [ "$DETECTED_LICENSE_FILE" != "\"${EXPECTED_LICENSE_FILENAME}\"" ]; then - echo "::error file=${DETECTED_LICENSE_FILE}::detected license file $DETECTED_LICENSE_FILE doesn't match expected: $EXPECTED_LICENSE_FILENAME" - EXIT_STATUS=1 - fi - - DETECTED_LICENSE_TYPE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].matched_license | tr --delete '\r')" - echo "Detected license type: $DETECTED_LICENSE_TYPE" - if [ "$DETECTED_LICENSE_TYPE" != "\"${EXPECTED_LICENSE_TYPE}\"" ]; then - echo "::error file=${DETECTED_LICENSE_FILE}::detected license type $DETECTED_LICENSE_TYPE doesn't match expected \"${EXPECTED_LICENSE_TYPE}\"" - EXIT_STATUS=1 - fi - - exit $EXIT_STATUS diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-markdown-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-markdown-task.yml deleted file mode 100644 index a2001a8e..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-markdown-task.yml +++ /dev/null @@ -1,112 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-markdown-task.md -name: Check Markdown - -env: - # See: https://github.com/actions/setup-node/#readme - NODE_VERSION: 16.x - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/check-markdown-task.ya?ml" - - ".markdown-link-check.json" - - "package.json" - - "package-lock.json" - - "Taskfile.ya?ml" - - "**/.markdownlint*" - - "**.mdx?" - - "**.mkdn" - - "**.mdown" - - "**.markdown" - pull_request: - paths: - - ".github/workflows/check-markdown-task.ya?ml" - - ".markdown-link-check.json" - - "package.json" - - "package-lock.json" - - "Taskfile.ya?ml" - - "**/.markdownlint*" - - "**.mdx?" - - "**.mkdn" - - "**.mdown" - - "**.markdown" - schedule: - # Run every Tuesday at 8 AM UTC to catch breakage caused by external changes. - - cron: "0 8 * * TUE" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - lint: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Initialize markdownlint-cli problem matcher - uses: xt0rted/markdownlint-problem-matcher@v2 - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Lint - run: task markdown:lint - - links: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Check links - run: task --silent markdown:check-links diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-mkdocs-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-mkdocs-task.yml deleted file mode 100644 index 05606854..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-mkdocs-task.yml +++ /dev/null @@ -1,81 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-mkdocs-task.md -name: Check Website - -env: - # See: https://github.com/actions/setup-python/tree/main#available-versions-of-python - PYTHON_VERSION: "3.9" - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/check-mkdocs-task.ya?ml" - - "Taskfile.ya?ml" - - "mkdocs.ya?ml" - - "poetry.lock" - - "pyproject.toml" - - "docs/**" - pull_request: - paths: - - ".github/workflows/check-mkdocs-task.ya?ml" - - "Taskfile.ya?ml" - - "mkdocs.ya?ml" - - "poetry.lock" - - "pyproject.toml" - - "docs/**" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 5 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - check: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Install Poetry - run: pip install poetry - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Build website - run: task website:check diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-npm-dependencies-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-npm-dependencies-task.yml deleted file mode 100644 index 21d830e2..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-npm-dependencies-task.yml +++ /dev/null @@ -1,140 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-npm-dependencies-task.md -name: Check npm Dependencies - -env: - # See: https://github.com/actions/setup-node/#readme - NODE_VERSION: 16.x - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/check-npm-dependencies-task.ya?ml" - - ".licenses/**" - - ".licensed.json" - - ".licensed.ya?ml" - - "Taskfile.ya?ml" - - "**/.gitmodules" - - "**/package.json" - - "**/package-lock.json" - pull_request: - paths: - - ".github/workflows/check-npm-dependencies-task.ya?ml" - - ".licenses/**" - - ".licensed.json" - - ".licensed.ya?ml" - - "Taskfile.ya?ml" - - "**/.gitmodules" - - "**/package.json" - - "**/package-lock.json" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 8 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - check-cache: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: Install licensed - uses: jonabc/setup-licensed@v1 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Update dependencies license metadata cache - run: task --silent general:cache-dep-licenses - - - name: Check for outdated cache - id: diff - run: | - git add . - if ! git diff --cached --color --exit-code; then - echo - echo "::error::Dependency license metadata out of sync. See: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-go-dependencies-task.md#metadata-cache" - exit 1 - fi - - # Some might find it convenient to have CI generate the cache rather than setting up for it locally - - name: Upload cache to workflow artifact - if: failure() && steps.diff.outcome == 'failure' - uses: actions/upload-artifact@v3 - with: - if-no-files-found: error - name: dep-licenses-cache - path: .licenses/ - - check-deps: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: Install licensed - uses: jonabc/setup-licensed@v1 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Check for dependencies with unapproved licenses - run: task --silent general:check-dep-licenses diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-npm-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-npm-task.yml deleted file mode 100644 index d546a89a..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-npm-task.yml +++ /dev/null @@ -1,75 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-npm-task.md -name: Check npm - -env: - # See: https://github.com/actions/setup-node/#readme - NODE_VERSION: 16.x - -# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows -on: - push: - paths: - - ".github/workflows/check-npm-task.ya?ml" - - "**/package.json" - - "**/package-lock.json" - - "Taskfile.ya?ml" - pull_request: - paths: - - ".github/workflows/check-npm-task.ya?ml" - - "**/package.json" - - "**/package-lock.json" - - "Taskfile.ya?ml" - schedule: - # Run every Tuesday at 8 AM UTC to catch breakage resulting from changes to the JSON schema. - - cron: "0 8 * * TUE" - workflow_dispatch: - repository_dispatch: - -permissions: - contents: read - -jobs: - validate: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Validate package.json - run: task --silent npm:validate - - check-sync: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Install npm dependencies - run: task npm:install-deps - - - name: Check package-lock.json - run: git diff --color --exit-code package-lock.json diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-prettier-formatting-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-prettier-formatting-task.yml deleted file mode 100644 index e4841afa..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-prettier-formatting-task.yml +++ /dev/null @@ -1,231 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-prettier-formatting-task.md -name: Check Prettier Formatting - -env: - # See: https://github.com/actions/setup-node/#readme - NODE_VERSION: 16.x - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - push: - paths: - - ".github/workflows/check-prettier-formatting-task.ya?ml" - - "Taskfile.ya?ml" - - "**/.prettierignore" - - "**/.prettierrc*" - # CSS - - "**.css" - - "**.wxss" - # PostCSS - - "**.pcss" - - "**.postcss" - # Less - - "**.less" - # SCSS - - "**.scss" - # GraphQL - - "**.graphqls?" - - "**.gql" - # handlebars - - "**.handlebars" - - "**.hbs" - # HTML - - "**.mjml" - - "**.html?" - - "**.html.hl" - - "**.st" - - "**.xht" - - "**.xhtml" - # Vue - - "**.vue" - # JavaScript - - "**.flow" - - "**._?jsb?" - - "**.bones" - - "**.cjs" - - "**.es6?" - - "**.frag" - - "**.gs" - - "**.jake" - - "**.jscad" - - "**.jsfl" - - "**.js[ms]" - - "**.[mn]js" - - "**.pac" - - "**.wxs" - - "**.[xs]s?js" - - "**.xsjslib" - # JSX - - "**.jsx" - # TypeScript - - "**.ts" - # TSX - - "**.tsx" - # JSON - - "**/.eslintrc" - - "**.json" - - "**.avsc" - - "**.geojson" - - "**.gltf" - - "**.har" - - "**.ice" - - "**.JSON-tmLanguage" - - "**.mcmeta" - - "**.tfstate" - - "**.topojson" - - "**.webapp" - - "**.webmanifest" - - "**.yyp?" - # JSONC - - "**/.babelrc" - - "**/.jscsrc" - - "**/.js[hl]intrc" - - "**.jsonc" - - "**.sublime-*" - # JSON5 - - "**.json5" - # Markdown - - "**.mdx?" - - "**.markdown" - - "**.mk?down" - - "**.mdwn" - - "**.mkdn?" - - "**.ronn" - - "**.workbook" - # YAML - - "**/.clang-format" - - "**/.clang-tidy" - - "**/.gemrc" - - "**/glide.lock" - - "**.ya?ml*" - - "**.mir" - - "**.reek" - - "**.rviz" - - "**.sublime-syntax" - - "**.syntax" - pull_request: - paths: - - ".github/workflows/check-prettier-formatting-task.ya?ml" - - "Taskfile.ya?ml" - - "**/.prettierignore" - - "**/.prettierrc*" - # CSS - - "**.css" - - "**.wxss" - # PostCSS - - "**.pcss" - - "**.postcss" - # Less - - "**.less" - # SCSS - - "**.scss" - # GraphQL - - "**.graphqls?" - - "**.gql" - # handlebars - - "**.handlebars" - - "**.hbs" - # HTML - - "**.mjml" - - "**.html?" - - "**.html.hl" - - "**.st" - - "**.xht" - - "**.xhtml" - # Vue - - "**.vue" - # JavaScript - - "**.flow" - - "**._?jsb?" - - "**.bones" - - "**.cjs" - - "**.es6?" - - "**.frag" - - "**.gs" - - "**.jake" - - "**.jscad" - - "**.jsfl" - - "**.js[ms]" - - "**.[mn]js" - - "**.pac" - - "**.wxs" - - "**.[xs]s?js" - - "**.xsjslib" - # JSX - - "**.jsx" - # TypeScript - - "**.ts" - # TSX - - "**.tsx" - # JSON - - "**/.eslintrc" - - "**.json" - - "**.avsc" - - "**.geojson" - - "**.gltf" - - "**.har" - - "**.ice" - - "**.JSON-tmLanguage" - - "**.mcmeta" - - "**.tfstate" - - "**.topojson" - - "**.webapp" - - "**.webmanifest" - - "**.yyp?" - # JSONC - - "**/.babelrc" - - "**/.jscsrc" - - "**/.js[hl]intrc" - - "**.jsonc" - - "**.sublime-*" - # JSON5 - - "**.json5" - # Markdown - - "**.mdx?" - - "**.markdown" - - "**.mk?down" - - "**.mdwn" - - "**.mkdn?" - - "**.ronn" - - "**.workbook" - # YAML - - "**/.clang-format" - - "**/.clang-tidy" - - "**/.gemrc" - - "**/glide.lock" - - "**.ya?ml*" - - "**.mir" - - "**.reek" - - "**.rviz" - - "**.sublime-syntax" - - "**.syntax" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 4 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - check: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Format with Prettier - run: task general:format-prettier - - - name: Check formatting - run: git diff --color --exit-code diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-python-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-python-task.yml deleted file mode 100644 index e3e3addb..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-python-task.yml +++ /dev/null @@ -1,117 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-python-task.md -name: Check Python - -env: - # See: https://github.com/actions/setup-python/tree/main#available-versions-of-python - PYTHON_VERSION: "3.9" - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/check-python-task.ya?ml" - - "**/.flake8" - - "**/poetry.lock" - - "**/pyproject.toml" - - "**/setup.cfg" - - "Taskfile.ya?ml" - - "**/tox.ini" - - "**.py" - pull_request: - paths: - - ".github/workflows/check-python-task.ya?ml" - - "**/.flake8" - - "**/poetry.lock" - - "**/pyproject.toml" - - "**/setup.cfg" - - "Taskfile.ya?ml" - - "**/tox.ini" - - "**.py" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 8 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - lint: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Install Poetry - run: pip install poetry - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Run flake8 - uses: liskin/gh-problem-matcher-wrap@v2 - with: - linters: flake8 - run: task python:lint - - formatting: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Install Poetry - run: pip install poetry - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Format Python code - run: task python:format - - - name: Check formatting - run: git diff --color --exit-code diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-shell-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-shell-task.yml deleted file mode 100644 index 5a105a03..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-shell-task.yml +++ /dev/null @@ -1,177 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-shell-task.md -name: Check Shell Scripts - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/check-shell-task.ya?ml" - - "Taskfile.ya?ml" - - "**/.editorconfig" - - "**.bash" - - "**.sh" - pull_request: - paths: - - ".github/workflows/check-shell-task.ya?ml" - - "Taskfile.ya?ml" - - "**/.editorconfig" - - "**.bash" - - "**.sh" - schedule: - # Run every Tuesday at 8 AM UTC to catch breakage caused by tool changes. - - cron: "0 8 * * TUE" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - lint: - name: ${{ matrix.configuration.name }} - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - env: - # See: https://github.com/koalaman/shellcheck/releases/latest - SHELLCHECK_RELEASE_ASSET_SUFFIX: .linux.x86_64.tar.xz - - strategy: - fail-fast: false - - matrix: - configuration: - - name: Generate problem matcher output - # ShellCheck's "gcc" output format is required for annotated diffs, but inferior for humans reading the log. - format: gcc - # The other matrix job is used to set the result, so this job is configured to always pass. - continue-on-error: true - - name: ShellCheck - # ShellCheck's "tty" output format is most suitable for humans reading the log. - format: tty - continue-on-error: false - - steps: - - name: Set environment variables - run: | - # See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable - echo "INSTALL_PATH=${{ runner.temp }}/shellcheck" >> "$GITHUB_ENV" - - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Download latest ShellCheck release binary package - id: download - uses: MrOctopus/download-asset-action@1.0 - with: - repository: koalaman/shellcheck - excludes: prerelease, draft - asset: ${{ env.SHELLCHECK_RELEASE_ASSET_SUFFIX }} - target: ${{ env.INSTALL_PATH }} - - - name: Install ShellCheck - run: | - cd "${{ env.INSTALL_PATH }}" - tar --extract --file="${{ steps.download.outputs.name }}" - EXTRACTION_FOLDER="$(basename "${{ steps.download.outputs.name }}" "${{ env.SHELLCHECK_RELEASE_ASSET_SUFFIX }}")" - # Add installation to PATH: - # See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-system-path - echo "${{ env.INSTALL_PATH }}/$EXTRACTION_FOLDER" >> "$GITHUB_PATH" - - - name: Run ShellCheck - uses: liskin/gh-problem-matcher-wrap@v2 - continue-on-error: ${{ matrix.configuration.continue-on-error }} - with: - linters: gcc - run: task --silent shell:check SHELLCHECK_FORMAT=${{ matrix.configuration.format }} - - formatting: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Set environment variables - run: | - # See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable - echo "SHFMT_INSTALL_PATH=${{ runner.temp }}/shfmt" >> "$GITHUB_ENV" - - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Download shfmt - id: download - uses: MrOctopus/download-asset-action@1.0 - with: - repository: mvdan/sh - excludes: prerelease, draft - asset: _linux_amd64 - target: ${{ env.SHFMT_INSTALL_PATH }} - - - name: Install shfmt - run: | - # Executable permissions of release assets are lost - chmod +x "${{ env.SHFMT_INSTALL_PATH }}/${{ steps.download.outputs.name }}" - # Standardize binary name - mv "${{ env.SHFMT_INSTALL_PATH }}/${{ steps.download.outputs.name }}" "${{ env.SHFMT_INSTALL_PATH }}/shfmt" - # Add installation to PATH: - # See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-system-path - echo "${{ env.SHFMT_INSTALL_PATH }}" >> "$GITHUB_PATH" - - - name: Format shell scripts - run: task --silent shell:format - - - name: Check formatting - run: git diff --color --exit-code - - executable: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Check for non-executable scripts - run: task --silent shell:check-mode diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-taskfiles.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-taskfiles.yml deleted file mode 100644 index e1b29030..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-taskfiles.yml +++ /dev/null @@ -1,72 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-taskfiles.md -name: Check Taskfiles - -env: - # See: https://github.com/actions/setup-node/#readme - NODE_VERSION: 16.x - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - push: - paths: - - ".github/workflows/check-taskfiles.ya?ml" - - "package.json" - - "package-lock.json" - - "**/Taskfile.ya?ml" - pull_request: - paths: - - ".github/workflows/check-taskfiles.ya?ml" - - "package.json" - - "package-lock.json" - - "**/Taskfile.ya?ml" - schedule: - # Run every Tuesday at 8 AM UTC to catch breakage resulting from changes to the JSON schema. - - cron: "0 8 * * TUE" - workflow_dispatch: - repository_dispatch: - -jobs: - validate: - name: Validate ${{ matrix.file }} - runs-on: ubuntu-latest - - strategy: - fail-fast: false - - matrix: - file: - # TODO: add paths to any additional Taskfiles here - - ./**/Taskfile.yml - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Download JSON schema for Taskfiles - id: download-schema - uses: carlosperate/download-file-action@v2 - with: - # Source: https://github.com/SchemaStore/schemastore/blob/master/src/schemas/json/taskfile.json - file-url: https://taskfile.dev/schema.json - location: ${{ runner.temp }}/taskfile-schema - - - name: Install JSON schema validator - run: npm install - - - name: Validate ${{ matrix.file }} - run: | - # See: https://github.com/ajv-validator/ajv-cli#readme - npx \ - --package=ajv-cli \ - --package=ajv-formats \ - ajv validate \ - --all-errors \ - --strict=false \ - -c ajv-formats \ - -s "${{ steps.download-schema.outputs.file-path }}" \ - -d "${{ matrix.file }}" diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-toc-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-toc-task.yml deleted file mode 100644 index ce783014..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-toc-task.yml +++ /dev/null @@ -1,67 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-toc-task.md -name: Check ToC - -env: - # See: https://github.com/actions/setup-node/#readme - NODE_VERSION: 16.x - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - push: - paths: - - ".github/workflows/check-toc-task.ya?ml" - - "package.json" - - "package-lock.json" - # TODO: Update this if ToC of any other files should be checked. - - "README.md" - pull_request: - paths: - - ".github/workflows/check-toc-task.ya?ml" - - "package.json" - - "package-lock.json" - # TODO: Update this if ToC of any other files should be checked. - - "README.md" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 3 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - check: - name: ${{ matrix.file.name }} - runs-on: ubuntu-latest - - strategy: - fail-fast: false - - matrix: - file: - # TODO: Update this if any other files should be checked. - - name: README.md - # Max ToC depth, for use with the markdown-toc --maxdepth flag. - maxdepth: 3 - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Rebuild ToC - run: | - task markdown:toc \ - FILE_PATH="${{ github.workspace }}/${{ matrix.file.name }}" \ - MAX_DEPTH=${{ matrix.file.maxdepth }} - - - name: Check ToC - run: git diff --color --exit-code diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-workflows-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-workflows-task.yml deleted file mode 100644 index b73584e1..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-workflows-task.yml +++ /dev/null @@ -1,48 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/master/workflow-templates/check-workflows-task.md -name: Check Workflows - -env: - # See: https://github.com/actions/setup-node/#readme - NODE_VERSION: 16.x - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - push: - paths: - - ".github/workflows/*.ya?ml" - - "package.json" - - "package-lock.json" - - "Taskfile.ya?ml" - pull_request: - paths: - - ".github/workflows/*.ya?ml" - - "package.json" - - "package-lock.json" - - "Taskfile.ya?ml" - schedule: - # Run every Tuesday at 8 AM UTC to catch breakage resulting from changes to the JSON schema. - - cron: "0 8 * * TUE" - workflow_dispatch: - repository_dispatch: - -jobs: - validate: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Validate workflows - run: task --silent ci:validate diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-yaml-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-yaml-task.yml deleted file mode 100644 index 8234b9a6..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-yaml-task.yml +++ /dev/null @@ -1,114 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-yaml-task.md -name: Check YAML - -env: - # See: https://github.com/actions/setup-python/tree/main#available-versions-of-python - PYTHON_VERSION: "3.9" - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".yamllint*" - - "poetry.lock" - - "pyproject.toml" - # Source: https://github.com/ikatyang/linguist-languages/blob/master/data/YAML.json (used by Prettier) - - "**/.clang-format" - - "**/.clang-tidy" - - "**/.gemrc" - - "**/glide.lock" - - "**.ya?ml*" - - "**.mir" - - "**.reek" - - "**.rviz" - - "**.sublime-syntax" - - "**.syntax" - pull_request: - paths: - - ".yamllint*" - - "poetry.lock" - - "pyproject.toml" - # Source: https://github.com/ikatyang/linguist-languages/blob/master/data/YAML.json (used by Prettier) - - "**/.clang-format" - - "**/.clang-tidy" - - "**/.gemrc" - - "**/glide.lock" - - "**.ya?ml*" - - "**.mir" - - "**.reek" - - "**.rviz" - - "**.sublime-syntax" - - "**.syntax" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 9 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - check: - name: ${{ matrix.configuration.name }} - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - strategy: - fail-fast: false - - matrix: - configuration: - - name: Generate problem matcher output - # yamllint's "github" output type produces annotated diffs, but is not useful to humans reading the log. - format: github - # The other matrix job is used to set the result, so this job is configured to always pass. - continue-on-error: true - - name: Check formatting - # yamllint's "colored" output type is most suitable for humans reading the log. - format: colored - continue-on-error: false - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Install Poetry - run: pip install poetry - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Check YAML - continue-on-error: ${{ matrix.configuration.continue-on-error }} - run: task yaml:lint YAMLLINT_FORMAT=${{ matrix.configuration.format }} diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml deleted file mode 100644 index 22688c68..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml +++ /dev/null @@ -1,94 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/deploy-cobra-mkdocs-versioned-poetry.md -name: Deploy Website - -env: - # See: https://github.com/actions/setup-python/tree/main#available-versions-of-python - PYTHON_VERSION: "3.9" - -on: - push: - branches: - # Branch to base "dev" website on. Set in siteversion.py also. - - main - # Release branches have names like 0.8.x, 0.9.x, ... - - "[0-9]+.[0-9]+.x" - paths: - - "docs/**" - - ".github/workflows/deploy-cobra-mkdocs-versioned-poetry.ya?ml" - - "go.mod" - - "go.sum" - - "Taskfile.ya?ml" - - "**.go" - - "docsgen/**" - - "mkdocs.ya?ml" - - "poetry.lock" - - "pyproject.toml" - # Run on branch or tag creation (will be filtered by the publish-determination job). - create: - -jobs: - publish-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if documentation should be published on this workflow run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - if [[ "${{ github.event_name }}" == "push" || ( "${{ github.event_name }}" == "create" && "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ) ]]; then - RESULT="true" - else - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - publish: - runs-on: ubuntu-latest - needs: publish-determination - if: needs.publish-determination.outputs.result == 'true' - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Install Poetry - run: | - python -m pip install --upgrade pip - python -m pip install poetry - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Create all generated documentation content - run: task docs:generate - - - name: Install Python dependencies - run: poetry install --no-root - - - name: Determine versioning parameters - id: determine-versioning - run: echo "data=$(poetry run python docs/siteversion/siteversion.py)" >> $GITHUB_OUTPUT - - - name: Publish documentation - if: fromJson(steps.determine-versioning.outputs.data).version != null - run: | - # Publishing implies creating a git commit on the gh-pages branch, we let @ArduinoBot own these commits. - git config --global user.email "bot@arduino.cc" - git config --global user.name "ArduinoBot" - git fetch --no-tags --prune --depth=1 origin +refs/heads/gh-pages:refs/remotes/origin/gh-pages - poetry run mike deploy \ - --update-aliases \ - --push \ - --remote origin \ - ${{ fromJson(steps.determine-versioning.outputs.data).version }} \ - ${{ fromJson(steps.determine-versioning.outputs.data).alias }} diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/deploy-mkdocs-poetry.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/deploy-mkdocs-poetry.yml deleted file mode 100644 index f01eb9aa..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/deploy-mkdocs-poetry.yml +++ /dev/null @@ -1,43 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/deploy-mkdocs-poetry.md -name: Deploy Website - -env: - # See: https://github.com/actions/setup-python/tree/main#available-versions-of-python - PYTHON_VERSION: "3.9" - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - push: - branches: - # TODO: Replace "main" below with default branch name if different. - - main - paths: - - ".github/workflows/deploy-mkdocs-poetry.ya?ml" - - "mkdocs.ya?ml" - - "poetry.lock" - - "pyproject.toml" - - "docs/**" - workflow_dispatch: - repository_dispatch: - -jobs: - publish: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Install Poetry - run: pip install poetry - - - name: Install Dependencies - run: poetry install --no-root - - - name: Deploy website - run: poetry run mkdocs gh-deploy diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/deploy-mkdocs-versioned-poetry.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/deploy-mkdocs-versioned-poetry.yml deleted file mode 100644 index 17838425..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/deploy-mkdocs-versioned-poetry.yml +++ /dev/null @@ -1,80 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/deploy-mkdocs-versioned-poetry.md -name: Deploy Website - -env: - # See: https://github.com/actions/setup-python/tree/main#available-versions-of-python - PYTHON_VERSION: "3.9" - -on: - push: - branches: - # Branch to base "dev" website on. Set in siteversion.py also. - - main - # Release branches have names like 0.8.x, 0.9.x, ... - - "[0-9]+.[0-9]+.x" - paths: - - "docs/**" - - ".github/workflows/deploy-mkdocs-versioned-poetry.ya?ml" - - "mkdocs.ya?ml" - - "poetry.lock" - - "pyproject.toml" - # Run on branch or tag creation (will be filtered by the publish-determination job). - create: - -jobs: - publish-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if documentation should be published on this workflow run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - if [[ "${{ github.event_name }}" == "push" || ( "${{ github.event_name }}" == "create" && "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ) ]]; then - RESULT="true" - else - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - publish: - runs-on: ubuntu-latest - needs: publish-determination - if: needs.publish-determination.outputs.result == 'true' - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Install Poetry - run: | - python -m pip install --upgrade pip - python -m pip install poetry - - - name: Install Python dependencies - run: poetry install --no-root - - - name: Determine versioning parameters - id: determine-versioning - run: echo "data=$(poetry run python docs/siteversion/siteversion.py)" >> $GITHUB_OUTPUT - - - name: Publish documentation - if: fromJson(steps.determine-versioning.outputs.data).version != null - run: | - # Publishing implies creating a git commit on the gh-pages branch, we let @ArduinoBot own these commits. - git config --global user.email "bot@arduino.cc" - git config --global user.name "ArduinoBot" - git fetch --no-tags --prune --depth=1 origin +refs/heads/gh-pages:refs/remotes/origin/gh-pages - poetry run mike deploy \ - --update-aliases \ - --push \ - --remote origin \ - ${{ fromJson(steps.determine-versioning.outputs.data).version }} \ - ${{ fromJson(steps.determine-versioning.outputs.data).alias }} diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/publish-go-nightly-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/publish-go-nightly-task.yml deleted file mode 100644 index da07246d..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/publish-go-nightly-task.yml +++ /dev/null @@ -1,210 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/publish-go-nightly-task.md -name: Publish Nightly Build - -env: - # As defined by the Taskfile's PROJECT_NAME variable - PROJECT_NAME: TODO_PROJECT_NAME - # As defined by the Taskfile's DIST_DIR variable - DIST_DIR: dist - # The project's folder on Arduino's download server for uploading builds - AWS_PLUGIN_TARGET: TODO_AWS_PLUGIN_TARGET - ARTIFACT_NAME: dist - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - schedule: - # run every day at 1AM - - cron: "0 1 * * *" - workflow_dispatch: - repository_dispatch: - -jobs: - create-nightly-artifacts: - runs-on: ubuntu-latest - - strategy: - matrix: - os: - - Windows_32bit - - Windows_64bit - - Linux_32bit - - Linux_64bit - - Linux_ARMv6 - - Linux_ARMv7 - - Linux_ARM64 - - macOS_64bit - - macOS_ARM64 - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Build - env: - NIGHTLY: true - run: task dist:${{ matrix.os }} - - - name: Upload artifacts - uses: actions/upload-artifact@v3 - with: - if-no-files-found: error - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }} - - notarize-macos: - name: Notarize ${{ matrix.artifact.name }} - runs-on: macos-latest - needs: create-nightly-artifacts - - outputs: - checksum-darwin_amd64: ${{ steps.re-package.outputs.checksum-darwin_amd64 }} - checksum-darwin_arm64: ${{ steps.re-package.outputs.checksum-darwin_arm64 }} - - env: - GON_CONFIG_PATH: gon.config.hcl - - strategy: - matrix: - artifact: - - name: darwin_amd64 - path: "macOS_64bit.tar.gz" - - name: darwin_arm64 - path: "macOS_ARM64.tar.gz" - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Download artifacts - uses: actions/download-artifact@v3 - with: - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }} - - - name: Import Code-Signing Certificates - env: - KEYCHAIN: "sign.keychain" - INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" - KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret - run: | - echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}" - security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" - security default-keychain -s "${{ env.KEYCHAIN }}" - security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" - security import \ - "${{ env.INSTALLER_CERT_MAC_PATH }}" \ - -k "${{ env.KEYCHAIN }}" \ - -f pkcs12 \ - -A \ - -T /usr/bin/codesign \ - -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}" - security set-key-partition-list \ - -S apple-tool:,apple: \ - -s \ - -k "${{ env.KEYCHAIN_PASSWORD }}" \ - "${{ env.KEYCHAIN }}" - - - name: Install gon for code signing and app notarization - run: | - wget -q https://github.com/mitchellh/gon/releases/download/v0.2.3/gon_macos.zip - unzip gon_macos.zip -d /usr/local/bin - - - name: Write gon config to file - # gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20) - run: | - cat > "${{ env.GON_CONFIG_PATH }}" <> $GITHUB_ENV - - - name: Upload artifact - uses: actions/upload-artifact@v3 - with: - if-no-files-found: error - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }}/${{ env.PACKAGE_FILENAME }} - - publish-nightly: - runs-on: ubuntu-latest - needs: notarize-macos - - steps: - - name: Download artifact - uses: actions/download-artifact@v3 - with: - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }} - - - name: Create checksum file - working-directory: ${{ env.DIST_DIR}} - run: | - TAG="nightly-$(date -u +"%Y%m%d")" - sha256sum ${{ env.PROJECT_NAME }}_${TAG}* > ${TAG}-checksums.txt - - - name: Upload release files on Arduino downloads servers - uses: docker://plugins/s3 - env: - PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" - PLUGIN_TARGET: "${{ env.AWS_PLUGIN_TARGET }}nightly" - PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" - PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - - report: - runs-on: ubuntu-latest - needs: publish-nightly - if: failure() # Run if publish-nightly or any of its job dependencies failed - - steps: - - name: Report failure - uses: masci/datadog@v1 - with: - api-key: ${{ secrets.DD_API_KEY }} - events: | - - title: "${{ env.PROJECT_NAME }} nightly build failed" - text: "Nightly build workflow has failed" - alert_type: "error" - host: ${{ github.repository }} - tags: - - "project:${{ env.PROJECT_NAME }}" - - "workflow:${{ github.workflow }}" diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/publish-go-tester-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/publish-go-tester-task.yml deleted file mode 100644 index 92d720fa..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/publish-go-tester-task.yml +++ /dev/null @@ -1,159 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/publish-go-tester-task.md -name: Publish Tester Build - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/publish-go-tester-task.ya?ml" - - "go.mod" - - "go.sum" - - "Taskfile.ya?ml" - - "DistTasks.ya?ml" - - "**.go" - pull_request: - paths: - - ".github/workflows/publish-go-tester-task.ya?ml" - - "go.mod" - - "go.sum" - - "Taskfile.ya?ml" - - "DistTasks.ya?ml" - - "**.go" - workflow_dispatch: - repository_dispatch: - -env: - # As defined by the Taskfile's PROJECT_NAME variable - PROJECT_NAME: TODO_PROJECT_NAME - # As defined by the Taskfile's DIST_DIR variable - DIST_DIR: dist - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - package-name-prefix: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - outputs: - prefix: ${{ steps.calculation.outputs.prefix }} - steps: - - name: package name prefix calculation - id: calculation - run: | - PACKAGE_NAME_PREFIX="test" - if [ "${{ github.event_name }}" = "pull_request" ]; then - PACKAGE_NAME_PREFIX="$PACKAGE_NAME_PREFIX-${{ github.event.number }}" - fi - PACKAGE_NAME_PREFIX="$PACKAGE_NAME_PREFIX-${{ github.sha }}-" - - echo "prefix=$PACKAGE_NAME_PREFIX" >> $GITHUB_OUTPUT - - build: - needs: package-name-prefix - name: Build ${{ matrix.os.name }} - runs-on: ubuntu-latest - - strategy: - matrix: - os: - - task: Windows_32bit - path: "*Windows_32bit.zip" - name: Windows_X86-32 - - task: Windows_64bit - path: "*Windows_64bit.zip" - name: Windows_X86-64 - - task: Linux_32bit - path: "*Linux_32bit.tar.gz" - name: Linux_X86-32 - - task: Linux_64bit - path: "*Linux_64bit.tar.gz" - name: Linux_X86-64 - - task: Linux_ARMv6 - path: "*Linux_ARMv6.tar.gz" - name: Linux_ARMv6 - - task: Linux_ARMv7 - path: "*Linux_ARMv7.tar.gz" - name: Linux_ARMv7 - - task: Linux_ARM64 - path: "*Linux_ARM64.tar.gz" - name: Linux_ARM64 - - task: macOS_64bit - path: "*macOS_64bit.tar.gz" - name: macOS_64 - - task: macOS_ARM64 - path: "*macOS_ARM64.tar.gz" - name: macOS_ARM64 - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Build - run: | - PACKAGE_NAME_PREFIX=${{ needs.package-name-prefix.outputs.prefix }} - export PACKAGE_NAME_PREFIX - task dist:${{ matrix.os.task }} - - # Transfer builds to artifacts job - - name: Upload build artifact - uses: actions/upload-artifact@v3 - with: - path: ${{ env.DIST_DIR }}/${{ matrix.os.path }} - name: ${{ matrix.os.name }} - - checksums: - needs: - - build - - package-name-prefix - runs-on: ubuntu-latest - - steps: - - name: Download build artifacts - uses: actions/download-artifact@v3 - - - name: Create checksum file - run: | - TAG="${{ needs.package-name-prefix.outputs.prefix }}git-snapshot" - declare -a artifacts=($(ls -d */)) - for artifact in ${artifacts[@]} - do - cd $artifact - checksum=$(sha256sum ${{ env.PROJECT_NAME }}_${TAG}*) - cd .. - echo $checksum >> ${TAG}-checksums.txt - done - - - name: Upload checksum artifact - uses: actions/upload-artifact@v3 - with: - path: ./*checksums.txt - name: checksums diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/release-go-crosscompile-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/release-go-crosscompile-task.yml deleted file mode 100644 index 1ee05d3a..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/release-go-crosscompile-task.yml +++ /dev/null @@ -1,219 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/release-go-crosscompile-task.md -name: Release - -env: - # As defined by the Taskfile's PROJECT_NAME variable - PROJECT_NAME: TODO_PROJECT_NAME - # As defined by the Taskfile's DIST_DIR variable - DIST_DIR: dist - # The project's folder on Arduino's download server for uploading builds - AWS_PLUGIN_TARGET: TODO_AWS_PLUGIN_TARGET - ARTIFACT_NAME: dist - # See: https://github.com/actions/setup-go/tree/main#supported-version-syntax - GO_VERSION: "1.17" - -on: - push: - tags: - - "[0-9]+.[0-9]+.[0-9]+*" - -jobs: - create-release-artifacts: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Create changelog - uses: arduino/create-changelog@v1 - with: - tag-regex: '^[0-9]+\.[0-9]+\.[0-9]+.*$' - filter-regex: '^\[(skip|changelog)[ ,-](skip|changelog)\].*' - case-insensitive-regex: true - changelog-file-path: "${{ env.DIST_DIR }}/CHANGELOG.md" - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Build - run: task dist:all - - - name: Upload artifacts - uses: actions/upload-artifact@v3 - with: - if-no-files-found: error - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }} - - notarize-macos: - name: Notarize ${{ matrix.artifact.name }} - runs-on: macos-latest - needs: create-release-artifacts - outputs: - checksum-darwin_amd64: ${{ steps.re-package.outputs.checksum-darwin_amd64 }} - checksum-darwin_arm64: ${{ steps.re-package.outputs.checksum-darwin_arm64 }} - - env: - GON_CONFIG_PATH: gon.config.hcl - - strategy: - matrix: - artifact: - - name: darwin_amd64 - path: "macOS_64bit.tar.gz" - - name: darwin_arm64 - path: "macOS_ARM64.tar.gz" - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Download artifacts - uses: actions/download-artifact@v3 - with: - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }} - - - name: Import Code-Signing Certificates - env: - KEYCHAIN: "sign.keychain" - INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" - KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret - run: | - echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}" - security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" - security default-keychain -s "${{ env.KEYCHAIN }}" - security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" - security import \ - "${{ env.INSTALLER_CERT_MAC_PATH }}" \ - -k "${{ env.KEYCHAIN }}" \ - -f pkcs12 \ - -A \ - -T "/usr/bin/codesign" \ - -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}" - security set-key-partition-list \ - -S apple-tool:,apple: \ - -s \ - -k "${{ env.KEYCHAIN_PASSWORD }}" \ - "${{ env.KEYCHAIN }}" - - - name: Install gon for code signing and app notarization - run: | - wget -q https://github.com/mitchellh/gon/releases/download/v0.2.3/gon_macos.zip - unzip gon_macos.zip -d /usr/local/bin - - - name: Write gon config to file - # gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20) - run: | - cat > "${{ env.GON_CONFIG_PATH }}" <> $GITHUB_ENV - echo "checksum-${{ matrix.artifact.name }}=$CHECKSUM_LINE" >> $GITHUB_OUTPUT - - - name: Upload artifacts - uses: actions/upload-artifact@v3 - with: - if-no-files-found: error - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }}/${{ env.PACKAGE_FILENAME }} - - create-release: - runs-on: ubuntu-latest - needs: notarize-macos - - steps: - - name: Download artifact - uses: actions/download-artifact@v3 - with: - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }} - - - name: Update checksum - run: | - declare -a checksum_lines=("${{ needs.notarize-macos.outputs.checksum-darwin_amd64 }}" "${{ needs.notarize-macos.outputs.checksum-darwin_arm64 }}") - for checksum_line in "${checksum_lines[@]}" - do - CHECKSUM=$(echo ${checksum_line} | cut -d " " -f 1) - PACKAGE_FILENAME=$(echo ${checksum_line} | cut -d " " -f 2) - perl -pi -w -e "s/.*${PACKAGE_FILENAME}/${CHECKSUM} ${PACKAGE_FILENAME}/g;" ${{ env.DIST_DIR }}/*-checksums.txt - done - - - name: Identify Prerelease - # This is a workaround while waiting for create-release action - # to implement auto pre-release based on tag - id: prerelease - run: | - wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.2.0.zip - unzip -p /tmp/3.2.0.zip semver-tool-3.2.0/src/semver >/tmp/semver && chmod +x /tmp/semver - if [[ "$(/tmp/semver get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then echo "IS_PRE=true" >> $GITHUB_OUTPUT; fi - - - name: Create Github Release and upload artifacts - uses: ncipollo/release-action@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - bodyFile: ${{ env.DIST_DIR }}/CHANGELOG.md - draft: false - prerelease: ${{ steps.prerelease.outputs.IS_PRE }} - # NOTE: "Artifact is a directory" warnings are expected and don't indicate a problem - # (all the files we need are in the DIST_DIR root) - artifacts: ${{ env.DIST_DIR }}/* - - - name: Upload release files on Arduino downloads servers - uses: docker://plugins/s3 - env: - PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" - PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }} - PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" - PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/release-go-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/release-go-task.yml deleted file mode 100644 index 4e3e4655..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/release-go-task.yml +++ /dev/null @@ -1,217 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/release-go-task.md -name: Release - -env: - # As defined by the Taskfile's PROJECT_NAME variable - PROJECT_NAME: TODO_PROJECT_NAME - # As defined by the Taskfile's DIST_DIR variable - DIST_DIR: dist - # The project's folder on Arduino's download server for uploading builds - AWS_PLUGIN_TARGET: TODO_AWS_PLUGIN_TARGET - ARTIFACT_NAME: dist - -on: - push: - tags: - - "[0-9]+.[0-9]+.[0-9]+*" - -jobs: - create-release-artifacts: - runs-on: ubuntu-latest - - strategy: - matrix: - os: - - Windows_32bit - - Windows_64bit - - Linux_32bit - - Linux_64bit - - Linux_ARMv6 - - Linux_ARMv7 - - Linux_ARM64 - - macOS_64bit - - macOS_ARM64 - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Create changelog - # Avoid creating the same changelog for each os - if: matrix.os == 'Windows_32bit' - uses: arduino/create-changelog@v1 - with: - tag-regex: '^[0-9]+\.[0-9]+\.[0-9]+.*$' - filter-regex: '^\[(skip|changelog)[ ,-](skip|changelog)\].*' - case-insensitive-regex: true - changelog-file-path: "${{ env.DIST_DIR }}/CHANGELOG.md" - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Build - run: task dist:${{ matrix.os }} - - - name: Upload artifacts - uses: actions/upload-artifact@v3 - with: - if-no-files-found: error - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }} - - notarize-macos: - name: Notarize ${{ matrix.artifact.name }} - runs-on: macos-latest - needs: create-release-artifacts - outputs: - checksum-darwin_amd64: ${{ steps.re-package.outputs.checksum-darwin_amd64 }} - checksum-darwin_arm64: ${{ steps.re-package.outputs.checksum-darwin_arm64 }} - - env: - GON_CONFIG_PATH: gon.config.hcl - - strategy: - matrix: - artifact: - - name: darwin_amd64 - path: "macOS_64bit.tar.gz" - - name: darwin_arm64 - path: "macOS_ARM64.tar.gz" - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Download artifacts - uses: actions/download-artifact@v3 - with: - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }} - - - name: Import Code-Signing Certificates - env: - KEYCHAIN: "sign.keychain" - INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" - KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret - run: | - echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}" - security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" - security default-keychain -s "${{ env.KEYCHAIN }}" - security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" - security import \ - "${{ env.INSTALLER_CERT_MAC_PATH }}" \ - -k "${{ env.KEYCHAIN }}" \ - -f pkcs12 \ - -A \ - -T "/usr/bin/codesign" \ - -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}" - security set-key-partition-list \ - -S apple-tool:,apple: \ - -s \ - -k "${{ env.KEYCHAIN_PASSWORD }}" \ - "${{ env.KEYCHAIN }}" - - - name: Install gon for code signing and app notarization - run: | - wget -q https://github.com/mitchellh/gon/releases/download/v0.2.3/gon_macos.zip - unzip gon_macos.zip -d /usr/local/bin - - - name: Write gon config to file - # gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20) - run: | - cat > "${{ env.GON_CONFIG_PATH }}" <> $GITHUB_ENV - - - name: Upload artifact - uses: actions/upload-artifact@v3 - with: - if-no-files-found: error - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }}/${{ env.PACKAGE_FILENAME }} - - create-release: - runs-on: ubuntu-latest - needs: notarize-macos - - steps: - - name: Download artifact - uses: actions/download-artifact@v3 - with: - name: ${{ env.ARTIFACT_NAME }} - path: ${{ env.DIST_DIR }} - - - name: Create checksum file - working-directory: ${{ env.DIST_DIR}} - run: | - TAG="${GITHUB_REF/refs\/tags\//}" - sha256sum ${{ env.PROJECT_NAME }}_${TAG}* > ${TAG}-checksums.txt - - - name: Identify Prerelease - # This is a workaround while waiting for create-release action - # to implement auto pre-release based on tag - id: prerelease - run: | - wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.2.0.zip - unzip -p /tmp/3.2.0.zip semver-tool-3.2.0/src/semver >/tmp/semver && chmod +x /tmp/semver - if [[ "$(/tmp/semver get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then echo "IS_PRE=true" >> $GITHUB_OUTPUT; fi - - - name: Create Github Release and upload artifacts - uses: ncipollo/release-action@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - bodyFile: ${{ env.DIST_DIR }}/CHANGELOG.md - draft: false - prerelease: ${{ steps.prerelease.outputs.IS_PRE }} - # NOTE: "Artifact is a directory" warnings are expected and don't indicate a problem - # (all the files we need are in the DIST_DIR root) - artifacts: ${{ env.DIST_DIR }}/* - - - name: Upload release files on Arduino downloads servers - uses: docker://plugins/s3 - env: - PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" - PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }} - PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" - PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/release-tag.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/release-tag.yml deleted file mode 100644 index 24f4f31e..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/release-tag.yml +++ /dev/null @@ -1,64 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/release-tag.md -name: Release - -on: - push: - tags: - - "v?[0-9]+.[0-9]+.[0-9]+*" - -jobs: - release: - runs-on: ubuntu-latest - - env: - # See: https://github.com/fsaintjacques/semver-tool/releases - SEMVER_TOOL_VERSION: 3.2.0 - - steps: - - name: Set environment variables - run: | - # See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable - echo "CHANGELOG_PATH=${{ runner.temp }}/CHANGELOG.md" >> "$GITHUB_ENV" - echo "SEMVER_TOOL_PATH=${{ runner.temp }}/semver" >> "$GITHUB_ENV" - - - name: Checkout repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Create changelog - uses: arduino/create-changelog@v1 - with: - tag-regex: '^v?[0-9]+\.[0-9]+\.[0-9]+.*$' - filter-regex: '^\[(skip|changelog)[ ,-](skip|changelog)\].*' - case-insensitive-regex: true - changelog-file-path: ${{ env.CHANGELOG_PATH }} - - - name: Download semver tool - id: download-semver-tool - uses: carlosperate/download-file-action@v2 - with: - file-url: https://github.com/fsaintjacques/semver-tool/archive/${{ env.SEMVER_TOOL_VERSION }}.zip - location: ${{ runner.temp }}/semver-tool - - - name: Install semver tool - run: | - unzip \ - -p \ - "${{ steps.download-semver-tool.outputs.file-path }}" \ - semver-tool-${{ env.SEMVER_TOOL_VERSION }}/src/semver > \ - "${{ env.SEMVER_TOOL_PATH }}" - chmod +x "${{ env.SEMVER_TOOL_PATH }}" - - - name: Identify Prerelease - id: prerelease - run: | - if [[ "$("${{ env.SEMVER_TOOL_PATH }}" get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then echo "IS_PRE=true" >> $GITHUB_OUTPUT"; fi - - - name: Create Github release - uses: ncipollo/release-action@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - bodyFile: ${{ env.CHANGELOG_PATH }} - draft: false - prerelease: ${{ steps.prerelease.outputs.IS_PRE }} diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/spell-check-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/spell-check-task.yml deleted file mode 100644 index 54beb986..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/spell-check-task.yml +++ /dev/null @@ -1,41 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/spell-check-task.md -name: Spell Check - -env: - # See: https://github.com/actions/setup-python/tree/main#available-versions-of-python - PYTHON_VERSION: "3.9" - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - push: - pull_request: - schedule: - # Run every Tuesday at 8 AM UTC to catch new misspelling detections resulting from dictionary updates. - - cron: "0 8 * * TUE" - workflow_dispatch: - repository_dispatch: - -jobs: - spellcheck: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Install Poetry - run: pip install poetry - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Spell check - run: task general:check-spelling diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/sync-labels-npm.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/sync-labels-npm.yml deleted file mode 100644 index 79cef012..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/sync-labels-npm.yml +++ /dev/null @@ -1,154 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/sync-labels-npm.md -name: Sync Labels - -env: - # See: https://github.com/actions/setup-node/#readme - NODE_VERSION: 16.x - CONFIGURATIONS_FOLDER: .github/label-configuration-files - CONFIGURATIONS_ARTIFACT: label-configuration-files - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - push: - paths: - - ".github/workflows/sync-labels-npm.ya?ml" - - ".github/label-configuration-files/*.ya?ml" - - "package.json" - - "package-lock.json" - pull_request: - paths: - - ".github/workflows/sync-labels-npm.ya?ml" - - ".github/label-configuration-files/*.ya?ml" - - "package.json" - - "package-lock.json" - schedule: - # Run daily at 8 AM UTC to sync with changes to shared label configurations. - - cron: "0 8 * * *" - workflow_dispatch: - repository_dispatch: - -jobs: - check: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Download JSON schema for labels configuration file - id: download-schema - uses: carlosperate/download-file-action@v2 - with: - file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/arduino-tooling-gh-label-configuration-schema.json - location: ${{ runner.temp }}/label-configuration-schema - - - name: Install JSON schema validator - run: npm install - - - name: Validate local labels configuration - run: | - # See: https://github.com/ajv-validator/ajv-cli#readme - npx \ - --package=ajv-cli \ - --package=ajv-formats \ - ajv validate \ - --all-errors \ - -c ajv-formats \ - -s "${{ steps.download-schema.outputs.file-path }}" \ - -d "${{ env.CONFIGURATIONS_FOLDER }}/*.{yml,yaml}" - - download: - needs: check - runs-on: ubuntu-latest - - strategy: - matrix: - filename: - # Filenames of the shared configurations to apply to the repository in addition to the local configuration. - # https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/sync-labels - - universal.yml - - steps: - - name: Download - uses: carlosperate/download-file-action@v2 - with: - file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/${{ matrix.filename }} - - - name: Pass configuration files to next job via workflow artifact - uses: actions/upload-artifact@v3 - with: - path: | - *.yaml - *.yml - if-no-files-found: error - name: ${{ env.CONFIGURATIONS_ARTIFACT }} - - sync: - needs: download - runs-on: ubuntu-latest - - steps: - - name: Set environment variables - run: | - # See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable - echo "MERGED_CONFIGURATION_PATH=${{ runner.temp }}/labels.yml" >> "$GITHUB_ENV" - - - name: Determine whether to dry run - id: dry-run - if: > - github.event_name == 'pull_request' || - ( - ( - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' - ) && - github.ref != format('refs/heads/{0}', github.event.repository.default_branch) - ) - run: | - # Use of this flag in the github-label-sync command will cause it to only check the validity of the - # configuration. - echo "flag=--dry-run" >> $GITHUB_OUTPUT - - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Download configuration files artifact - uses: actions/download-artifact@v3 - with: - name: ${{ env.CONFIGURATIONS_ARTIFACT }} - path: ${{ env.CONFIGURATIONS_FOLDER }} - - - name: Remove unneeded artifact - uses: geekyeggo/delete-artifact@v2 - with: - name: ${{ env.CONFIGURATIONS_ARTIFACT }} - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Merge label configuration files - run: | - # Merge all configuration files - shopt -s extglob - cat "${{ env.CONFIGURATIONS_FOLDER }}"/*.@(yml|yaml) > "${{ env.MERGED_CONFIGURATION_PATH }}" - - - name: Install github-label-sync - run: npm install - - - name: Sync labels - env: - GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - # See: https://github.com/Financial-Times/github-label-sync - npx \ - github-label-sync \ - --labels "${{ env.MERGED_CONFIGURATION_PATH }}" \ - ${{ steps.dry-run.outputs.flag }} \ - ${{ github.repository }} diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/sync-labels.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/sync-labels.yml deleted file mode 100644 index 63c5b72a..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/sync-labels.yml +++ /dev/null @@ -1,138 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/sync-labels.md -name: Sync Labels - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - push: - paths: - - ".github/workflows/sync-labels.ya?ml" - - ".github/label-configuration-files/*.ya?ml" - pull_request: - paths: - - ".github/workflows/sync-labels.ya?ml" - - ".github/label-configuration-files/*.ya?ml" - schedule: - # Run daily at 8 AM UTC to sync with changes to shared label configurations. - - cron: "0 8 * * *" - workflow_dispatch: - repository_dispatch: - -env: - CONFIGURATIONS_FOLDER: .github/label-configuration-files - CONFIGURATIONS_ARTIFACT: label-configuration-files - -jobs: - check: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Download JSON schema for labels configuration file - id: download-schema - uses: carlosperate/download-file-action@v2 - with: - file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/arduino-tooling-gh-label-configuration-schema.json - location: ${{ runner.temp }}/label-configuration-schema - - - name: Install JSON schema validator - run: | - sudo npm install \ - --global \ - ajv-cli \ - ajv-formats - - - name: Validate local labels configuration - run: | - # See: https://github.com/ajv-validator/ajv-cli#readme - ajv validate \ - --all-errors \ - -c ajv-formats \ - -s "${{ steps.download-schema.outputs.file-path }}" \ - -d "${{ env.CONFIGURATIONS_FOLDER }}/*.{yml,yaml}" - - download: - needs: check - runs-on: ubuntu-latest - - strategy: - matrix: - filename: - # Filenames of the shared configurations to apply to the repository in addition to the local configuration. - # https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/sync-labels - - universal.yml - - steps: - - name: Download - uses: carlosperate/download-file-action@v2 - with: - file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/${{ matrix.filename }} - - - name: Pass configuration files to next job via workflow artifact - uses: actions/upload-artifact@v3 - with: - path: | - *.yaml - *.yml - if-no-files-found: error - name: ${{ env.CONFIGURATIONS_ARTIFACT }} - - sync: - needs: download - runs-on: ubuntu-latest - - steps: - - name: Set environment variables - run: | - # See: https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable - echo "MERGED_CONFIGURATION_PATH=${{ runner.temp }}/labels.yml" >> "$GITHUB_ENV" - - - name: Determine whether to dry run - id: dry-run - if: > - github.event_name == 'pull_request' || - ( - ( - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' - ) && - github.ref != format('refs/heads/{0}', github.event.repository.default_branch) - ) - run: | - # Use of this flag in the github-label-sync command will cause it to only check the validity of the - # configuration. - echo "flag=--dry-run" >> $GITHUB_OUTPUT - - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Download configuration files artifact - uses: actions/download-artifact@v3 - with: - name: ${{ env.CONFIGURATIONS_ARTIFACT }} - path: ${{ env.CONFIGURATIONS_FOLDER }} - - - name: Remove unneeded artifact - uses: geekyeggo/delete-artifact@v2 - with: - name: ${{ env.CONFIGURATIONS_ARTIFACT }} - - - name: Merge label configuration files - run: | - # Merge all configuration files - shopt -s extglob - cat "${{ env.CONFIGURATIONS_FOLDER }}"/*.@(yml|yaml) > "${{ env.MERGED_CONFIGURATION_PATH }}" - - - name: Install github-label-sync - run: sudo npm install --global github-label-sync - - - name: Sync labels - env: - GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - # See: https://github.com/Financial-Times/github-label-sync - github-label-sync \ - --labels "${{ env.MERGED_CONFIGURATION_PATH }}" \ - ${{ steps.dry-run.outputs.flag }} \ - ${{ github.repository }} diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-integration-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-integration-task.yml deleted file mode 100644 index 447ce4b0..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-integration-task.yml +++ /dev/null @@ -1,100 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/test-go-integration-task.md -name: Test Integration - -env: - # See: https://github.com/actions/setup-go/tree/main#supported-version-syntax - GO_VERSION: "1.17" - # See: https://github.com/actions/setup-python/tree/main#available-versions-of-python - PYTHON_VERSION: "3.9" - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/test-go-integration-task.ya?ml" - - "Taskfile.ya?ml" - - "**.go" - - "go.mod" - - "go.sum" - - "poetry.lock" - - "pyproject.toml" - - "tests/**" - pull_request: - paths: - - ".github/workflows/test-go-integration-task.ya?ml" - - "Taskfile.ya?ml" - - "**.go" - - "go.mod" - - "go.sum" - - "poetry.lock" - - "pyproject.toml" - - "tests/**" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 10 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - test: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - - strategy: - matrix: - operating-system: - - ubuntu-latest - - windows-latest - - macos-latest - - runs-on: ${{ matrix.operating-system }} - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Install Poetry - run: pip install poetry - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Run integration tests - run: task go:test-integration diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-task.yml deleted file mode 100644 index a2aa1750..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-task.yml +++ /dev/null @@ -1,109 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/test-go-task.md -name: Test Go - -env: - # See: https://github.com/actions/setup-go/tree/main#supported-version-syntax - GO_VERSION: "1.17" - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/test-go-task.ya?ml" - - ".github/.?codecov.ya?ml" - - "dev/.?codecov.ya?ml" - - ".?codecov.ya?ml" - - "**/go.mod" - - "**/go.sum" - - "Taskfile.ya?ml" - - "**.go" - - "**/testdata/**" - pull_request: - paths: - - ".github/workflows/test-go-task.ya?ml" - - ".github/.?codecov.ya?ml" - - "dev/.?codecov.ya?ml" - - ".?codecov.ya?ml" - - "**/go.mod" - - "**/go.sum" - - "Taskfile.ya?ml" - - "**.go" - - "**/testdata/**" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 11 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - test: - name: test (${{ matrix.module.path }} - ${{ matrix.operating-system }}) - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - - strategy: - fail-fast: false - - matrix: - operating-system: - - ubuntu-latest - - windows-latest - - macos-latest - module: - # TODO: add paths of all Go modules here - - path: ./ - codecov-flags: unit - - runs-on: ${{ matrix.operating-system }} - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Run tests - env: - GO_MODULE_PATH: ${{ matrix.module.path }} - run: task go:test - - - name: Send unit tests coverage to Codecov - if: runner.os == 'Linux' - uses: codecov/codecov-action@v3 - with: - file: ${{ matrix.module.path }}coverage_unit.txt - flags: ${{ matrix.module.codecov-flags }} - fail_ci_if_error: ${{ github.repository == 'TODO_REPO_OWNER/TODO_REPO_NAME' }} diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-python-poetry-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-python-poetry-task.yml deleted file mode 100644 index 96e9ee79..00000000 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-python-poetry-task.yml +++ /dev/null @@ -1,84 +0,0 @@ -# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/test-python-poetry-task.md -name: Test Python - -env: - # See: https://github.com/actions/setup-python/tree/main#available-versions-of-python - PYTHON_VERSION: "3.9" - -# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows -on: - create: - push: - paths: - - ".github/workflows/test-python-poetry-task.ya?ml" - - "Taskfile.ya?ml" - - "poetry.lock" - - "pyproject.toml" - - "tests/**" - - "**.py" - pull_request: - paths: - - ".github/workflows/test-python-poetry-task.ya?ml" - - "Taskfile.ya?ml" - - "poetry.lock" - - "pyproject.toml" - - "tests/**" - - "**.py" - schedule: - # Run periodically to catch breakage caused by external changes. - - cron: "0 12 * * WED" - workflow_dispatch: - repository_dispatch: - -jobs: - run-determination: - runs-on: ubuntu-latest - outputs: - result: ${{ steps.determination.outputs.result }} - steps: - - name: Determine if the rest of the workflow should run - id: determination - run: | - RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" - # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ - "${{ github.event_name }}" != "create" || - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX - ]]; then - # Run the other jobs. - RESULT="true" - else - # There is no need to run the other jobs. - RESULT="false" - fi - - echo "result=$RESULT" >> $GITHUB_OUTPUT - - test: - needs: run-determination - if: needs.run-determination.outputs.result == 'true' - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: ${{ env.PYTHON_VERSION }} - - - name: Install Poetry - run: pip install poetry - - - name: Install Task - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - - name: Run tests - uses: liskin/gh-problem-matcher-wrap@v2 - with: - linters: pytest - run: task python:test