diff --git a/.github/pr_release_template.md b/.github/pr_release_template.md deleted file mode 100644 index b6f6acf..0000000 --- a/.github/pr_release_template.md +++ /dev/null @@ -1,28 +0,0 @@ -## Description - -This PR was created automatically. - - -### Screenshot - - - -### Issues Fixed or Closed - - - - - -## Type of Change -- [ ] Bug fix (non-breaking change which fixes an issue) -- [ ] New feature (non-breaking change which adds functionality) -- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) -- [ ] Dependency update (updates to dependencies) -- [ ] Documentation update (changes to documentation) -- [ ] Repository update (changes to repository files, e.g. `.github/...`) - -## Branch Updates -- [x] I want maintainers to keep my branch updated - -## Changelog Summary - diff --git a/.github/workflows/auto-create-pr.yml b/.github/workflows/auto-create-pr.yml deleted file mode 100644 index 13705dd..0000000 --- a/.github/workflows/auto-create-pr.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# This action is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# This workflow creates a PR automatically when anything is merged/pushed into the `nightly` branch. The PR is created -# against the `master` (default) branch. - -name: Auto create PR - -on: - push: - branches: - - 'nightly' - -jobs: - create_pr: - if: startsWith(github.repository, 'LizardByte/') - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Create Pull Request - uses: repo-sync/pull-request@v2 - with: - source_branch: "" # should be "nightly" as it's the triggering branch - destination_branch: "master" - pr_title: "Pulling ${{ github.ref_name }} into master" - pr_template: ".github/pr_release_template.md" - pr_assignee: "${{ secrets.GH_BOT_NAME }}" - pr_draft: true - pr_allow_empty: false - github_token: ${{ secrets.GH_BOT_TOKEN }} diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml deleted file mode 100644 index 04c9f1a..0000000 --- a/.github/workflows/automerge.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -# This action is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# This workflow will, first, automatically approve PRs created by @LizardByte-bot. Then it will automerge relevant PRs. - -name: Automerge PR - -on: - pull_request: - types: - - opened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - autoapprove: - if: >- - contains(fromJson('["LizardByte-bot"]'), github.event.pull_request.user.login) && - contains(fromJson('["LizardByte-bot"]'), github.actor) && - startsWith(github.repository, 'LizardByte/') - runs-on: ubuntu-latest - steps: - - name: Autoapproving - uses: hmarr/auto-approve-action@v4 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - - name: Label autoapproved - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GH_BOT_TOKEN }} - script: | - github.rest.issues.addLabels({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - labels: ['autoapproved', 'autoupdate'] - }) - - automerge: - if: startsWith(github.repository, 'LizardByte/') - needs: [autoapprove] - runs-on: ubuntu-latest - - steps: - - name: Automerging - uses: pascalgn/automerge-action@v0.16.3 - env: - BASE_BRANCHES: nightly - GITHUB_TOKEN: ${{ secrets.GH_BOT_TOKEN }} - GITHUB_LOGIN: ${{ secrets.GH_BOT_NAME }} - MERGE_LABELS: "!dependencies" - MERGE_METHOD: "squash" - MERGE_COMMIT_MESSAGE: "{pullRequest.title} (#{pullRequest.number})" - MERGE_DELETE_BRANCH: true - MERGE_ERROR_FAIL: true - MERGE_FILTER_AUTHOR: ${{ secrets.GH_BOT_NAME }} - MERGE_RETRIES: "240" # 1 hour - MERGE_RETRY_SLEEP: "15000" # 15 seconds diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml index 03f909c..c7b5980 100644 --- a/.github/workflows/ci-docker.yml +++ b/.github/workflows/ci-docker.yml @@ -22,10 +22,10 @@ name: CI Docker on: pull_request: - branches: [master, nightly] + branches: [master] types: [opened, synchronize, reopened] push: - branches: [master, nightly] + branches: [master] workflow_dispatch: concurrency: @@ -103,8 +103,9 @@ jobs: - check_dockerfiles outputs: publish_release: ${{ steps.setup_release.outputs.publish_release }} - release_build: ${{ steps.setup_release.outputs.release_build }} + release_body: ${{ steps.setup_release.outputs.release_body }} release_commit: ${{ steps.setup_release.outputs.release_commit }} + release_generate_release_notes: ${{ steps.setup_release.outputs.release_generate_release_notes }} release_tag: ${{ steps.setup_release.outputs.release_tag }} release_version: ${{ steps.setup_release.outputs.release_version }} runs-on: ubuntu-latest @@ -114,7 +115,7 @@ jobs: - name: Setup Release id: setup_release - uses: LizardByte/setup-release-action@v2024.520.181643 + uses: LizardByte/setup-release-action@v2024.608.210128 with: dotnet: ${{ needs.check_dockerfiles.outputs.dotnet }} github_token: ${{ secrets.GITHUB_TOKEN }} @@ -211,8 +212,6 @@ jobs: if [[ $GITHUB_REF == refs/heads/master ]]; then TAGS="${TAGS},${BASE_TAG}:latest${{ matrix.tag }},ghcr.io/${BASE_TAG}:latest${{ matrix.tag }}" TAGS="${TAGS},${BASE_TAG}:master${{ matrix.tag }},ghcr.io/${BASE_TAG}:master${{ matrix.tag }}" - elif [[ $GITHUB_REF == refs/heads/nightly ]]; then - TAGS="${TAGS},${BASE_TAG}:nightly${{ matrix.tag }},ghcr.io/${BASE_TAG}:nightly${{ matrix.tag }}" else TAGS="${TAGS},${BASE_TAG}:test${{ matrix.tag }},ghcr.io/${BASE_TAG}:test${{ matrix.tag }}" fi @@ -363,12 +362,13 @@ jobs: - name: Create/Update GitHub Release if: ${{ needs.setup_release.outputs.publish_release == 'true' && steps.prepare.outputs.artifacts == 'true' }} - uses: LizardByte/create-release-action@v2024.520.180003 + uses: LizardByte/create-release-action@v2024.609.5014 with: allowUpdates: true artifacts: "*artifacts/*" + body: ${{ needs.setup_release.outputs.release_body }} discussionCategory: announcements - generateReleaseNotes: true + generateReleaseNotes: ${{ needs.setup_release.outputs.release_generate_release_notes }} name: ${{ needs.setup_release.outputs.release_tag }} prerelease: true tag: ${{ needs.setup_release.outputs.release_tag }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ec4ed25..4ff1502 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -9,9 +9,9 @@ name: "CodeQL" on: push: - branches: ["master", "nightly"] + branches: ["master"] pull_request: - branches: ["master", "nightly"] + branches: ["master"] schedule: - cron: '00 12 * * 0' # every Sunday at 12:00 UTC @@ -140,9 +140,12 @@ jobs: submodules: recursive - name: Setup msys2 - if: runner.os == 'Windows' + if: >- + runner.os == 'Windows' && + matrix.language == 'cpp' uses: msys2/setup-msys2@v2 with: + msystem: ucrt64 update: true # Initializes the CodeQL tools for scanning. @@ -157,6 +160,10 @@ jobs: # yamllint disable-line rule:line-length # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality + config: | + paths-ignore: + - node_modules + - third-party # Pre autobuild # create a file named .codeql-prebuild-${{ matrix.language }}.sh in the root of your repository @@ -180,3 +187,26 @@ jobs: uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" + output: sarif-results + upload: failure-only + + - name: filter-sarif + uses: advanced-security/filter-sarif@v1 + with: + input: sarif-results/${{ matrix.language }}.sarif + output: sarif-results/${{ matrix.language }}.sarif + patterns: | + -node_modules/** + -third\-party/** + + - name: Upload SARIF + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: sarif-results/${{ matrix.language }}.sarif + + - name: Upload loc as a Build Artifact + uses: actions/upload-artifact@v4 + with: + name: sarif-results-${{ matrix.language }}-${{ runner.os }} + path: sarif-results + retention-days: 1 diff --git a/.github/workflows/python-flake8.yml b/.github/workflows/python-flake8.yml index e08ab10..61e23f7 100644 --- a/.github/workflows/python-flake8.yml +++ b/.github/workflows/python-flake8.yml @@ -9,11 +9,11 @@ name: flake8 on: pull_request: - branches: [master, nightly] + branches: [master] types: [opened, synchronize, reopened] concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: true jobs: diff --git a/.github/workflows/release-notifier.yml b/.github/workflows/release-notifier.yml index 5735465..6060839 100644 --- a/.github/workflows/release-notifier.yml +++ b/.github/workflows/release-notifier.yml @@ -9,15 +9,15 @@ name: Release Notifications on: release: - types: [published] - # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onevent_nametypes + types: + - released # this triggers when a release is published, but does not include prereleases or drafts jobs: discord: if: >- startsWith(github.repository, 'LizardByte/') && - not(github.event.release.prerelease) && - not(github.event.release.draft) + !github.event.release.prerelease && + !github.event.release.draft runs-on: ubuntu-latest steps: - name: discord @@ -35,8 +35,8 @@ jobs: facebook_group: if: >- startsWith(github.repository, 'LizardByte/') && - not(github.event.release.prerelease) && - not(github.event.release.draft) + !github.event.release.prerelease && + !github.event.release.draft runs-on: ubuntu-latest steps: - name: facebook-post-action @@ -52,8 +52,8 @@ jobs: facebook_page: if: >- startsWith(github.repository, 'LizardByte/') && - not(github.event.release.prerelease) && - not(github.event.release.draft) + !github.event.release.prerelease && + !github.event.release.draft runs-on: ubuntu-latest steps: - name: facebook-post-action @@ -69,8 +69,8 @@ jobs: reddit: if: >- startsWith(github.repository, 'LizardByte/') && - not(github.event.release.prerelease) && - not(github.event.release.draft) + !github.event.release.prerelease && + !github.event.release.draft runs-on: ubuntu-latest steps: - name: reddit @@ -89,8 +89,8 @@ jobs: twitter: if: >- startsWith(github.repository, 'LizardByte/') && - not(github.event.release.prerelease) && - not(github.event.release.draft) + !github.event.release.prerelease && + !github.event.release.draft runs-on: ubuntu-latest steps: - name: twitter diff --git a/.github/workflows/update-changelog.yml b/.github/workflows/update-changelog.yml index d5bbed6..99d2793 100644 --- a/.github/workflows/update-changelog.yml +++ b/.github/workflows/update-changelog.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Update Changelog - uses: LizardByte/update-changelog-action@v2024.520.183314 + uses: LizardByte/update-changelog-action@v2024.609.4705 with: changelogBranch: changelog changelogFile: CHANGELOG.md diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml new file mode 100644 index 0000000..d1212f6 --- /dev/null +++ b/.github/workflows/update-docs.yml @@ -0,0 +1,89 @@ +--- +# This action is centrally managed in https://github.com//.github/ +# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in +# the above-mentioned repo. + +# Use the `rtd` repository label to identify repositories that should trigger have this workflow. +# If the project slug is not the repository name, add a repository variable named `READTHEDOCS_SLUG` with the value of +# the ReadTheDocs project slug. + +# Update readthedocs on release events. + +name: Update docs + +on: + release: + types: [created, edited, deleted] + +concurrency: + group: "${{ github.workflow }}-${{ github.event.release.tag_name }}" + cancel-in-progress: true + +jobs: + update-docs: + env: + RTD_SLUG: ${{ vars.READTHEDOCS_SLUG }} + RTD_TOKEN: ${{ secrets.READTHEDOCS_TOKEN }} + TAG: ${{ github.event.release.tag_name }} + if: >- + !github.event.release.draft + runs-on: ubuntu-latest + steps: + - name: Get RTD_SLUG + run: | + # if the RTD_SLUG is not set, use the repository name in lowercase + if [ -z "${RTD_SLUG}" ]; then + RTD_SLUG=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]') + fi + echo "RTD_SLUG=${RTD_SLUG}" >> $GITHUB_ENV + + - name: Deactivate deleted release + if: >- + github.event_name == 'release' && + github.event.action == 'deleted' + run: | + json_body=$(jq -n \ + --arg active "false" \ + --arg hidden "false" \ + --arg privacy_level "public" \ + '{active: $active, hidden: $hidden, privacy_level: $privacy_level}') + + curl \ + -X PATCH \ + -H "Authorization: Token ${RTD_TOKEN}" \ + https://readthedocs.org/api/v3/projects/${RTD_SLUG}/versions/${TAG}/ \ + -H "Content-Type: application/json" \ + -d "$json_body" + + - name: Check if edited release is latest GitHub release + id: check + if: >- + github.event_name == 'release' && + github.event.action == 'edited' + uses: actions/github-script@v7 + with: + script: | + const latestRelease = await github.rest.repos.getLatestRelease({ + owner: context.repo.owner, + repo: context.repo.repo + }); + + core.setOutput('isLatestRelease', latestRelease.data.tag_name === context.payload.release.tag_name); + + - name: Update RTD project + # changing the default branch in readthedocs makes "latest" point to that branch/tag + # we can also update other properties like description, etc. + if: >- + steps.check.outputs.isLatestRelease == 'true' + run: | + json_body=$(jq -n \ + --arg default_branch "${TAG}" \ + --arg description "${{ github.event.repository.description }}" \ + '{default_branch: $default_branch}') + + curl \ + -X PATCH \ + -H "Authorization: Token ${RTD_TOKEN}" \ + https://readthedocs.org/api/v3/projects/${RTD_SLUG}/ \ + -H "Content-Type: application/json" \ + -d "$json_body" diff --git a/.github/workflows/yaml-lint.yml b/.github/workflows/yaml-lint.yml index 7e1fd46..023b836 100644 --- a/.github/workflows/yaml-lint.yml +++ b/.github/workflows/yaml-lint.yml @@ -9,11 +9,11 @@ name: yaml lint on: pull_request: - branches: [master, nightly] + branches: [master] types: [opened, synchronize, reopened] concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: true jobs: