ARCH-1916 - Refactor workflows

- Update the workflows so they utilize the reusable workflows which have been refactored to work better in multiple scenarios.
im-open · Aug 24, 2023 · efd2f5a · efd2f5a
1 parent ca1d509
commit efd2f5a
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 90 deletions.
diff --git a/.github/workflows/auto-update-readme.yml b/.github/workflows/auto-update-readme.yml
@@ -1,62 +1,24 @@
-name: Auto update readme for code changes
+name: Review PR
 on:
-  # This workflow uses the pull_request trigger which prevents write permissions and secrets
-  # access to the target repository from public forks.  This should remain as a pull_request
-  # trigger because checkout, build, format and checking for changes do not need elevated
-  # permissions to the repository.  The reduced permissions for public forks is adequate.
-  # Since this will commit readme/recompile changes back to the branch, special attention 
-  # should be paid to changes made to this workflow when reviewing the PR and granting 
-  # permission to first time contributors to run the workflow.
+  # This workflow uses the pull_request trigger which prevents write permissions on the
+  # GH_TOKEN and secrets access from public forks.  This should remain as a pull_request
+  # trigger to protect org-level secrets which are utilized when the workflow automatically
+  # updates the readme with the latest version changes in branches.  The reduced permissions
+  # for public forks is adequate but does mean re-compiles and readme changes will have to
+  # be made manually when the PR comes from a fork.
   pull_request:
   # Don't include any specific paths here so we always get a build that produces a status
   # check that our Branch Protection Rules can use.  Having a status check also allows us
   # to require that branches be up to date before they are merged.
 
 jobs:
-  update-readme:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          ref: ${{ github.head_ref }}
-          fetch-depth: 0
-
-      - name: Check for code changes to the action
-        id: action-code
-        uses: im-open/did-custom-action-code-change@v1.0.1
-        with:
-          files-with-code: 'action.yml' # TODO:  Verify this comma separated list contains each of the files that contains code the action uses
-          folders-with-code: '' # TODO:  Add a comma separated list of folders that contain code the action uses
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Get the next version for the readme if there are code changes to the action
-        if: steps.action-code.outputs.HAS_CHANGES == 'true'
-        id: version
-        uses: im-open/git-version-lite@v2.1.2
-        with:
-          create-ref: false
-          default-release-type: major
-
-      - name: Update readme with next version if there are code changes to the action
-        if: steps.action-code.outputs.HAS_CHANGES == 'true'
-        uses: im-open/update-action-version-in-file@v1.0.0
-        with:
-          file-to-update: './README.md'
-          action-name:  ${{ github.repository }}
-          updated-version: ${{ steps.version.outputs.NEXT_VERSION }}
-
-      - name: Commit unstaged readme changes if there are code changes to the action
-        if: steps.action-code.outputs.HAS_CHANGES == 'true'
-        run: |
-          if [[ "$(git status --porcelain)" != "" ]]; then
-            echo "There are changes to commit"
-            git config user.name github-actions
-            git config user.email github-actions@github.com
-            git add .
-            git commit -m "Update readme with next version."
-            git push origin HEAD:${{ github.head_ref }}
-          else
-            echo "There were no changes to commit"
-          fi
+  ci:
+    uses: im-open/.github/.github/workflows/reusable-javascript-build.yml@v1
+    with:
+      action-name: ${{ github.repository }}
+      default-branch: main
+      readme-location: './README.md'
+      files-with-code: 'action.yml' # TODO:  Update if there are additional files or scripts that contain source code for the action
+      folders-with-code: 'src'      # TODO:  Update if there are additional directories that contain source code for the action
+    secrets:
+      PIPELINE_BOT_PAT: ${{ secrets.PIPELINE_BOT_PAT }}
diff --git a/.github/workflows/increment-version-on-merge.yml b/.github/workflows/increment-version-on-merge.yml
@@ -8,7 +8,6 @@ on:
   #   target repository so PRs from forks have write permission to the target repo and have
   #   secrets access (which we need in order to push a new tag in this workflow).
   # - For this workflow, the elevated permissions should not be a problem because:
-  #    - Our im-open repositories do not contain secrets, they are dumb actions
   #    - Require approval for all outside collaborators' is set at the org level so someone
   #      with Write access has a chance to review code before allowing any workflow runs
   #    - This workflow with elevated Write permissions will only run once the code has been
@@ -23,37 +22,6 @@ on:
 
 jobs:
   increment-version:
-    if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main'
-
-    runs-on: ubuntu-latest
-
-    steps:
-      # Generally speaking, when the PR contents are treated as passive data, i.e. not in a
-      # position  of influence over the build/testing process, it is safe to checkout the code
-      # on a pull_request_target.  But we need to be extra careful not to trigger any script
-      # that may operate on PR controlled contents like in the case of npm install.
-      - name: Checkout Repository
-        uses: actions/checkout@v3
-        with:
-          ref: main
-          fetch-depth: 0
-
-      # See https://github.com/im-open/git-version-lite for more details around how to increment
-      # major/minor/patch through commit messages
-      - name: Increment the version
-        id: version
-        uses: im-open/git-version-lite@v2
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          default-release-type: major
-
-      - name: Create version tag, create or update major, and minor tags
-        run: |
-          git config user.name github-actions
-          git config user.email github-actions@github.com
-          git tag ${{ steps.version.outputs.NEXT_VERSION }} ${{ github.sha }}
-          git tag -f ${{ steps.version.outputs.NEXT_MAJOR_VERSION }} ${{ github.sha }}
-          git tag -f ${{ steps.version.outputs.NEXT_MINOR_VERSION }} ${{ github.sha }}
-          git push origin ${{ steps.version.outputs.NEXT_VERSION }}
-          git push origin ${{ steps.version.outputs.NEXT_MAJOR_VERSION }} -f
-          git push origin ${{ steps.version.outputs.NEXT_MINOR_VERSION }} -f
+    uses: im-open/.github/.github/workflows/reusable-version-on-merge.yml@v1
+    with:
+      default-branch: main