feat: added lock-file-maintenance and docs for semantic-pull-request

anolilab · Jun 17, 2024 · 6870c81 · 6870c81
1 parent b5d1d9d
commit 6870c81
Show file tree

Hide file tree

Showing 3 changed files with 133 additions and 0 deletions.
diff --git a/.github/workflows/lock-file-maintenance.md b/.github/workflows/lock-file-maintenance.md
@@ -0,0 +1,23 @@
+# lock-file-maintenance
+
+This action is used to maintain lock files in a repository. It will ensure that lock files are up-to-date with their corresponding manifest files.
+
+# Inputs
+
+The action has the following inputs:
+
+### Required inputs
+
+#### target-repo
+
+Specify the target repository this action should run on. This is used to prevent actions from running on repositories other than the target repository. For example, specifying a `target-repo` of `anolilab/workflows` will prevent the action from running on forks of `anolilab/workflows`.
+
+-   This `input` is required. (`type:string`)
+
+### Optional inputs
+
+#### node-version
+
+This is used to ensure that the correct version of node.js is used when running the action.
+
+-   This `input` is optional. (`type:string`, `default:18.x`)
diff --git a/.github/workflows/lock-file-maintenance.yml b/.github/workflows/lock-file-maintenance.yml
@@ -0,0 +1,66 @@
+# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
+
+name: "Lock File Maintenance"
+
+on: # yamllint disable-line rule:truthy
+    workflow_call:
+        inputs:
+            target-repo:
+                description: "The repo to run this action on. This is to prevent actions from running on forks unless intended."
+                required: true
+                type: "string"
+            node-version:
+                description: "The node.js version to use"
+                required: false
+                type: string
+                default: "18.x"
+
+permissions:
+    contents: "read" # for checkout
+
+jobs:
+    lock-file:
+        name: "Lock File Maintenance"
+        if: "github.repository == inputs.target-repo"
+        runs-on: "ubuntu-latest"
+        permissions:
+            contents: "write" # to be able to publish a GitHub release
+            issues: "write" # to be able to comment on released issues
+            pull-requests: "write" # to be able to comment on released pull requests
+            id-token: "write" # to enable use of OIDC for npm provenance
+
+        steps:
+            - name: "Harden Runner"
+              uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
+              with:
+                  egress-policy: "audit"
+
+            - name: "Git checkout"
+              uses: "actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29" # v4.1.6
+              with:
+                  token: "${{ secrets.LOCK_MAINTENANCE_GITHUBG_TOKEN }}"
+              env:
+                  GIT_COMMITTER_NAME: "GitHub Actions Shell"
+                  GIT_AUTHOR_NAME: "GitHub Actions Shell"
+                  EMAIL: "github-actions[bot]@users.noreply.github.com"
+
+            - name: "Setup resources and environment"
+              id: "setup"
+              uses: "anolilab/workflows/step/setup@main"
+              with:
+                  node-version: "${{ inputs.node-version }}"
+                  cache-prefix: "lock-file"
+
+            - name: "Update lock file"
+              if: "success()"
+              run: "pnpm install --lockfile-only"
+
+            - name: "Commit lock file"
+              if: "success()"
+              uses: "stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842" # v5.0.1
+              with:
+                  file_pattern: "pnpm-lock.yaml"
+                  commit_message: "chore: update lock file [ci skip]"
+                  commit_user_name: "github-actions-shell"
+                  commit_user_email: "github-actions[bot]@users.noreply.github.com"
+                  commit_author: "github-actions-shell <github-actions[bot]@users.noreply.github.com>"
diff --git a/.github/workflows/semantic-pull-request.md b/.github/workflows/semantic-pull-request.md
@@ -0,0 +1,44 @@
+# semantic-pull-request
+
+This action will check if the pull request title follows the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification. If the title does not follow the specification, the action will fail and the pull request will not be merged.
+
+This reusable action depends on the following actions:
+
+-   [checkout](https://github.com/marketplace/actions/checkout)
+-   [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request)
+-   [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment)
+
+# Inputs
+
+The action has the following inputs:
+
+### Required inputs
+
+#### target-repo
+
+Specify the target repository this action should run on. This is used to prevent actions from running on repositories other than the target repository. For example, specifying a `target-repo` of `anolilab/workflows` will prevent the action from running on forks of `anolilab/workflows`.
+
+-   This `input` is required. (`type:string`)
+
+## Usage
+
+In the repository that will call this action, you will need to create a workflow file. You can name the file `workflows/semantic-pull-request.yml` and add the following content:
+
+```yml
+name: "Semantic Pull Request"
+
+on: # yamllint disable-line rule:truthy
+    pull_request_target:
+        types:
+            - "opened"
+            - "reopened"
+            - "edited"
+            - "synchronize"
+    merge_group: # yamllint disable-line rule:empty-values
+
+jobs:
+    stale-issues:
+        uses: "anolilab/workflows/.github/workflows/semantic-pull-request.yml@main"
+        with:
+            target-repo: "visulima/visulima"
+```