From fe7ea1460cdf63fac5ea67a4a422d7221e0b43a2 Mon Sep 17 00:00:00 2001
From: William Dutton <william.dutton@qld.gov.au>
Date: Mon, 2 Sep 2024 16:41:37 +1000
Subject: [PATCH] QOLOE-514 github action basics

---
 .github/dependabot.yml           |  28 ++++++++
 .github/release.yml              |  32 +++++++++
 .github/workflows/compile.js.yml |  76 +++++++++++++++++++++
 .github/workflows/release.yml    |  23 +++++++
 .github/workflows/update.yml     | 111 +++++++++++++++++++++++++++++++
 5 files changed, 270 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/release.yml
 create mode 100644 .github/workflows/compile.js.yml
 create mode 100644 .github/workflows/release.yml
 create mode 100644 .github/workflows/update.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..f4df0da
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,28 @@
+version: 2
+updates:
+- package-ecosystem: npm
+  versioning-strategy: increase
+  directory: "/"
+  target-branch: "develop"
+  schedule:
+    interval: daily
+    time: "19:00"
+  groups:
+    storybook:
+      patterns:
+        - "@storybook/*"
+        - storybook
+        - "@chromatic-com/storybook"
+        - "@whitespace/storybook-addon-html"
+        - "chromatic"
+    eslint:
+      patterns:
+        - "eslint*"
+        - "@stylistic/eslint-plugin-js"
+        - "esbuild-plugin-eslint"
+    esbuild:
+      patterns:
+        - "esbuild*"
+  open-pull-requests-limit: 10
+  reviewers:
+  - qld-gov-au/qld-online-dev-team
diff --git a/.github/release.yml b/.github/release.yml
new file mode 100644
index 0000000..d267733
--- /dev/null
+++ b/.github/release.yml
@@ -0,0 +1,32 @@
+# .github/release.yml
+# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
+# https://docs.github.com/en/issues/using-labels-and-milestones-to-track-work/managing-labels
+
+changelog:
+  categories:
+    - title: Breaking Changes 🛠
+      labels:
+        - Semver-Major
+        - breaking-change
+
+    - title: 🏕 Features
+      labels:
+        - '*'
+      exclude:
+        labels:
+          - dependencies
+          - bug
+          - Semver-Major
+          - breaking-change
+        authors:
+          - dependabot[bot]
+
+    - title: 🐛 Bug Fixes
+      labels:
+        - bug
+
+    - title: 👒 Dependencies
+      labels:
+        - dependencies
+      authors:
+        - dependabot[bot]
diff --git a/.github/workflows/compile.js.yml b/.github/workflows/compile.js.yml
new file mode 100644
index 0000000..ba3d2e0
--- /dev/null
+++ b/.github/workflows/compile.js.yml
@@ -0,0 +1,76 @@
+# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
+
+name: Build and Test
+
+on:
+  push:
+  pull_request:
+
+concurrency:
+  group: compile-${{ github.workflow }}-${{ github.ref }} # Recommended if you intend to make multiple deployments in quick succession.
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node: [ '20' ]
+    name: Lint, Test, Build and Deploy on Node ${{ matrix.node }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Cache node modules
+        id: cache-npm
+        uses: actions/cache@v4
+        env:
+          cache-name: cache-node-modules
+        with:
+          # npm cache files are stored in `~/.npm` on Linux/macOS
+          path: ~/.npm
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - if: ${{ steps.cache-npm.outputs.cache-hit != 'true' }}
+        name: List the state of node modules
+        continue-on-error: true
+        run: npm list
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node }}
+          cache: 'npm'
+          registry-url: 'https://registry.npmjs.org'
+      - name: Install #run on lint step (Which is cached)
+        run: | # Install packages
+          npm install --prefer-offline --no-audit --ignore-scripts
+        #env:
+        #  NODE_AUTH_TOKEN: ${{ secrets.NEXUSREADONLY2NPMTOKEN }}
+
+      # `npm rebuild` will run all those post-install scripts for us.
+      - name: rebuild and prepare
+        run: npm rebuild && npm run prepare --if-present
+
+      - name: Lint
+        run: |
+          npm run lint
+
+      - name: Test
+        run: |
+          npm run test
+
+      - name: Build 🔧
+        run: | # build the files
+          npm run build
+
+      - uses: actions/upload-artifact@v4.3.1
+        with:
+          name: Package
+          path: ./dist
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..69c0324
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,23 @@
+name: Publish Github Release Notes
+
+on:
+  push:
+    tags:
+      - v*.*.*
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: write
+  pages: write
+  actions: read
+  id-token: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Release
+        run: gh release create "${GITHUB_REF#refs/tags/}" --generate-notes
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
new file mode 100644
index 0000000..9b7036e
--- /dev/null
+++ b/.github/workflows/update.yml
@@ -0,0 +1,111 @@
+## See https://github.com/marella/material-symbols/blob/main/.github/workflows/update.yml where inspiration for this script came from
+name: Version Increment
+
+on:
+  #schedule:
+  #  - cron: '23 1 * * MON' # Runs at 01:23 UTC on Monday
+  workflow_dispatch:
+    inputs:
+      force:
+        description: Force Update
+        default: '0'
+      dry:
+        description: Dry Run
+        default: '1'
+      bump:
+        type: choice
+        description: Bump Version
+        options:
+          - patch
+          - minor
+          - major
+
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    env:
+      HAVE_GIT_DEPLOY_KEY: ${{ secrets.DEPLOY_KEY != '' }}
+    steps:
+
+      - uses: actions/checkout@v4
+        with:
+          ssh-key: ${{ secrets.DEPLOY_KEY }}
+
+      - uses: git-actions/set-user@v1
+
+      - name: Cache node modules
+        id: cache-npm
+        uses: actions/cache@v4
+        env:
+          cache-name: cache-node-modules
+        with:
+          # npm cache files are stored in `~/.npm` on Linux/macOS
+          path: ~/.npm
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - if: ${{ steps.cache-npm.outputs.cache-hit != 'true' }}
+        name: List the state of node modules
+        continue-on-error: true
+        run: npm list
+
+
+      - uses: actions/setup-node@v4 #setup registry to github package repo
+        with:
+          node-version: 20
+
+      - name: npm ci (don't run prepare)
+        run: npm ci --ignore-scripts
+
+      - name: Update & Push git tags
+        if: ${{ env.HAVE_GIT_DEPLOY_KEY == 'true' }}
+        run: |
+          force="${{ github.event.inputs.force }}"
+          dry="${{ github.event.inputs.dry }}"
+          bump="${{ github.event.inputs.bump }}"
+          if [ "$bump" = "" ]; then
+            bump="patch"
+          fi
+          
+          # Fetch the latest tags
+          git fetch --tags
+          
+          # Get the latest tag
+          LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`)
+          
+          # Get the current commit hash
+          CURRENT_COMMIT=$(git rev-parse HEAD)
+          
+          # Check if there are changes between the latest tag and the current commit
+          if git diff --quiet $LATEST_TAG $CURRENT_COMMIT; then
+            if [ "$force" != "1" ]; then
+              echo "No changes detected between the latest tag ($LATEST_TAG) and the current commit ($CURRENT_COMMIT)."  >> $GITHUB_STEP_SUMMARY
+              exit 0
+            else
+             echo "Force flag set continuing: No changes detected between the latest tag ($LATEST_TAG) and the current commit ($CURRENT_COMMIT)."  >> $GITHUB_STEP_SUMMARY
+            fi
+          else
+            echo "Changes detected between the latest tag ($LATEST_TAG) and the current commit ($CURRENT_COMMIT)."  >> $GITHUB_STEP_SUMMARY
+          fi
+  
+          # Bump Version
+          npm version "$bump"
+
+          dry="${{ github.event.inputs.dry }}"
+          # Push
+          if [ "$dry" = "1" ]; then
+            exit 0
+          fi
+          git push --follow-tags
+
+      - name: Git Commit - Is Skipped
+        if: ${{ env.HAVE_GIT_DEPLOY_KEY != 'true' }}
+        run: |
+          echo "### Deployment config not configured" >> $GITHUB_STEP_SUMMARY
+          echo "secrets.DEPLOY_KEY not existing, npm version can't be pushed" >> $GITHUB_STEP_SUMMARY
+          echo "If this is a fork, please setup your own personal service account to publish to your own repo" >> $GITHUB_STEP_SUMMARY
+          echo "## We recommend using a service account with the least permissions necessary."  >> $GITHUB_STEP_SUMMARY
+          echo "[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)"  >> $GITHUB_STEP_SUMMARY
\ No newline at end of file