feat: group GitHub action updates into one PR and update to new workf…

…low (#76) # Description - updates to the new workflow schema - groups GitHub action updates into one PR as all uses the same digest and are always updated together # Checklist - [x] My code follows the style guidelines of the project - [x] I have performed a self-review of my own code - [x] I have made corresponding changes to the documentation
Hapag-Lloyd · Mar 29, 2024 · de52f74 · de52f74
1 parent 8668bf8
commit de52f74
Show file tree

Hide file tree

Showing 23 changed files with 129 additions and 368 deletions.
diff --git a/.config/cspell.json b/.config/cspell.json
@@ -15,9 +15,10 @@
     "amannn",
     "autodiscover",
     "automerge",
+    "automerged",
     "codeowners",
     "codeql",
-				"conventionalcommits",
+    "conventionalcommits",
     "datasource",
     "datasources",
     "Dockerfiles",
@@ -28,6 +29,7 @@
     "ludeeus",
     "markdownlint",
     "mktemp",
+    "pascalfrenz",
     "renovatebot",
     "rhysd",
     "ruleset",

diff --git a/.config/yamllint.yml b/.config/yamllint.yml
@@ -4,3 +4,5 @@ extends: default
 rules:
   line-length:
     max: 132
+  comments:
+    min-spaces-from-content: 1 # Renovate uses 1 space only
diff --git a/CODEOWNERS → .github/CODEOWNERS b/CODEOWNERS → .github/CODEOWNERS
@@ -1,4 +1,4 @@
-*       @kayman-mk
+*       @kayman-mk @pascalfrenz
 
 # license file shouldn't be changed and needs to be reviewed by lawyers
 LICENSE @kayman-mk
diff --git a/CONTRIBUTING.md → .github/CONTRIBUTING.md b/CONTRIBUTING.md → .github/CONTRIBUTING.md
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -0,0 +1,4 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  extends: ["github>Hapag-Lloyd/Renovate-Global-Configuration"]
+}
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -6,122 +6,16 @@ on:
   pull_request:
 
 jobs:
-  find-changes:
-    runs-on: ubuntu-latest
-    steps:
-      # yamllint disable-line rule:comments
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        id: changes
-        with:
-          filters: |
-            json:
-              - '**/*.json'
-
-            markdown:
-              - '**/*.md'
-
-            renovate-config:
-              - 'renovate.json'
-              - 'default.json'
-
-            workflow:
-              - '.github/workflows/*.yml'
-              - '.github/workflows/*.yaml'
-
-            yaml:
-              - '**/*.yaml'
-              - '**/*.yml'
-    outputs:
-      json: ${{ steps.changes.outputs.json }}
-      markdown: ${{ steps.changes.outputs.markdown }}
-      renovate-config: ${{ steps.changes.outputs.renovate-config }}
-      workflow: ${{ steps.changes.outputs.workflow }}
-      yaml: ${{ steps.changes.outputs.yaml }}
-
-  lint-json:
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    if: needs.find-changes.outputs.json == 'true'
-    needs: find-changes
-    steps:
-      # yamllint disable-line rule:comments
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
-
-      - name: Run JSON Lint
-        run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/json-lint/master/pipeline.sh)
+  default:
+    uses: Hapag-Lloyd/Repository-Templates/.github/workflows/default_linter_callable.yml@e87de55f19cc1e069426c42120094e7e2446dad4
+    secrets: inherit
 
-  lint-markdown:
+  lint-renovate-defaults:
     runs-on: ubuntu-latest
-    continue-on-error: true
-    if: needs.find-changes.outputs.markdown == 'true'
-    needs: find-changes
     steps:
-      # yamllint disable-line rule:comments
       - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
 
-      - name: Validate Markdown file
-        run: |
-          npm install -g markdownlint-cli
-          markdownlint -c .config/markdownlint.yml -i CHANGELOG.md "**/*.md"
-
-  lint-renovate:
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    if: needs.find-changes.outputs.renovate-config == 'true'
-    needs: find-changes
-    steps:
-      # yamllint disable-line rule:comments
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
-
-      # yamllint disable-line rule:comments
+      # a special check for the defaults
       - uses: suzuki-shunsuke/github-action-renovate-config-validator@b54483862375f51910a60c4f498e927d4f3df466 # v1.0.1
-
-      # validates the default configuration included by all projects
-      # yamllint disable-line rule:comments
-      - uses: suzuki-shunsuke/github-action-renovate-config-validator@b54483862375f51910a60c4f498e927d4f3df466 # v1.0.1
-        with:
-          config_file_path: default.json
-
-  lint-shell:
-    name: Check shell scripts
-    runs-on: ubuntu-latest
-    steps:
-      # yamllint disable-line rule:comments
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
-
-      - name: ShellCheck
-        # yamllint disable-line rule:comments
-        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
-
-  lint-workflow:
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    needs: find-changes
-    if: needs.find-changes.outputs.workflow == 'true'
-    container:
-      image: rhysd/actionlint:1.6.27@sha256:d84eca815fc24f72546ec1f2f416d9500ad3349ce7db098cf7a52256f5fd4384
-      options: --cpus 1 --user root
-    steps:
-      # yamllint disable-line rule:comments
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
-
-      - name: Validate Github workflows
-        run: |
-          mkdir .git
-          actionlint -color
-
-  lint-yaml:
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    needs: find-changes
-    if: needs.find-changes.outputs.yaml == 'true'
-    steps:
-      # yamllint disable-line rule:comments
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
-
-      - name: yaml-lint
-        # yamllint disable-line rule:comments
-        uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
         with:
-          config_file: .config/yamllint.yml
-          strict: true
+          config_file_path: "default.json"
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -0,0 +1,18 @@
+---
+name: "Pull Request"
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+    branches-ignore:
+      - "release-please--branches--*"
+
+jobs:
+  default:
+    # yamllint disable-line rule:line-length
+    uses: Hapag-Lloyd/Repository-Templates/.github/workflows/default_pull_request_callable.yml@e87de55f19cc1e069426c42120094e7e2446dad4
+    secrets: inherit
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,22 +8,6 @@ on:
       - main
 
 jobs:
-  release:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-    steps:
-      - uses: actions/create-github-app-token@e8e39f73bb84fdf315a015fa3104f314c0a258b4  # v1
-        id: app-token
-        with:
-          app-id: ${{ vars.GET_TOKEN_APP_ID }}
-          private-key: ${{ secrets.GET_TOKEN_APP_PRIVATE_KEY }}
-      # bootstrap-sha and release-as needs to be removed after first release
-      - name: Release
-        # yamllint disable-line rule:line-length
-        uses: google-github-actions/release-please-action@a2d8d683f209466ee8c695cd994ae2cf08b1642d  # ratchet:google-github-actions/release-please-action@v3
-        with:
-          release-type: python
-          token: ${{ steps.app-token.outputs.token }}
-          pull-request-header: ''
+  default:
+    uses: Hapag-Lloyd/Repository-Templates/.github/workflows/default_release_callable.yml@e87de55f19cc1e069426c42120094e7e2446dad4
+    secrets: inherit
diff --git a/.github/workflows/release_dry_run.yml b/.github/workflows/release_dry_run.yml
@@ -0,0 +1,14 @@
+---
+name: Try a release
+
+# yamllint disable-line rule:truthy
+on:
+  push:
+    branches:
+      - release-dry-run
+
+jobs:
+  default:
+    # yamllint disable-line rule:line-length
+    uses: Hapag-Lloyd/Repository-Templates/.github/workflows/default_release_dry_run_callable.yml@e87de55f19cc1e069426c42120094e7e2446dad4
+    secrets: inherit
diff --git a/.github/workflows/renovate-auto-approve.yml b/.github/workflows/renovate-auto-approve.yml
diff --git a/.github/workflows/renovate_auto_approve.yml b/.github/workflows/renovate_auto_approve.yml
@@ -0,0 +1,11 @@
+---
+name: Approve all Renovate PRs automatically
+
+# yamllint disable-line rule:truthy
+on: pull_request_target
+
+jobs:
+  default:
+    # yamllint disable-line rule:line-length
+    uses: Hapag-Lloyd/Repository-Templates/.github/workflows/default_renovate_auto_approve_callable.yml@e87de55f19cc1e069426c42120094e7e2446dad4
+    secrets: inherit
diff --git a/.github/workflows/slash-ops-command-help.yml b/.github/workflows/slash-ops-command-help.yml
diff --git a/.github/workflows/slash-ops-comment-dispatch.yml b/.github/workflows/slash-ops-comment-dispatch.yml
diff --git a/.github/workflows/slash_ops_command_help.yml b/.github/workflows/slash_ops_command_help.yml
@@ -0,0 +1,14 @@
+---
+name: Execute ChatOps command
+
+# yamllint disable-line rule:truthy
+on:
+  repository_dispatch:
+    types:
+      - help-command
+
+jobs:
+  default:
+    # yamllint disable-line rule:line-length
+    uses: Hapag-Lloyd/Repository-Templates/.github/workflows/default_slash_ops_command_help_callable.yml@e87de55f19cc1e069426c42120094e7e2446dad4
+    secrets: inherit
diff --git a/.github/workflows/slash_ops_comment_dispatch.yml b/.github/workflows/slash_ops_comment_dispatch.yml
@@ -0,0 +1,14 @@
+---
+name: PR commented
+
+# yamllint disable-line rule:truthy
+on:
+  issue_comment:
+    types:
+      - created
+
+jobs:
+  default:
+    # yamllint disable-line rule:line-length
+    uses: Hapag-Lloyd/Repository-Templates/.github/workflows/default_slash_ops_comment_dispatch_callable.yml@e87de55f19cc1e069426c42120094e7e2446dad4
+    secrets: inherit