ci: initial semantic release with actionlint (#7)

* ci: initial semantic release with actionlint

* fix linter feedback

* Update .releaserc

Co-authored-by: Sergi Philipsen <philipsen.sergi@gmail.com>

---------

Co-authored-by: Sergi Philipsen <philipsen.sergi@gmail.com>

.github/workflows/ci.yml

@@ -0,0 +1,24 @@
+name: Continuous Integration
+
+on:
+  pull_request:
+    branches:
+      - main
+      - master
+
+jobs:
+  actionlinter:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1
+
+      - name: Lint GitHub Actions
+        uses: docker://rhysd/actionlint:latest
+        with:
+          options: -v $(pwd):/repo --workdir /repo
+          args: -color

.github/workflows/docker-release-generic.yml

@@ -88,7 +88,7 @@ jobs:
       uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #3.0.0
 
     - name: Login to Container Registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # 3.2.0
       with:
         username: ${{ secrets.dockerhub-username }}
         password: ${{ secrets.dockerhub-token }}

.github/workflows/ff-version-auto-bumper.yml

@@ -81,12 +81,12 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
       with: 
         fetch-depth: 0
 
     - name: Login to Container Registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # 3.2.0
       with:
         username: ${{ secrets.dockerhub-username }}
         password: ${{ secrets.dockerhub-token }}
@@ -103,53 +103,53 @@ jobs:
       run: |
         ff_image_inspect=$(docker inspect frankframework/frankframework:${{ inputs.ff-version-tag }})
         requested_image_version_tag=$(echo "$ff_image_inspect" | jq -r '.[0].Config.Labels."org.opencontainers.image.version"')
-        echo "REQUESTED_IMAGE_VERSION_TAG=${requested_image_version_tag}" >> $GITHUB_ENV
+        echo "REQUESTED_IMAGE_VERSION_TAG=${requested_image_version_tag}" >> "$GITHUB_ENV"
         echo "Requested Image Version: ${requested_image_version_tag}"
 
         current_image_version_tag=$(awk -F'=' '/${{ inputs.regex-for-dockerfile }}/ {print $2}' ${{ inputs.dockerfile-path }})
-        echo "CURRENT_IMAGE_VERSION_TAG=${current_image_version_tag}" >> $GITHUB_ENV
+        echo "CURRENT_IMAGE_VERSION_TAG=${current_image_version_tag}" >> "$GITHUB_ENV"
         echo "Current Image Version: ${current_image_version_tag}"
       
     - name: Check if requested F!F version is different than current F!F version
       run: |
         if [ "${{ env.REQUESTED_IMAGE_VERSION_TAG }}" != "${{ env.CURRENT_IMAGE_VERSION_TAG }}" ]
           then
             echo "Requested F!F version is different than current F!F version. Applying it to ${{ github.event.repository.name }} project."
-            echo "VERSION_CHANGED=true" >> $GITHUB_ENV
+            echo "VERSION_CHANGED=true" >> "$GITHUB_ENV"
         else
           echo "Requested F!F version is same as current F!F version. No action needed."
-          echo "VERSION_CHANGED=false" >> $GITHUB_ENV
+          echo "VERSION_CHANGED=false" >> "$GITHUB_ENV"
         fi
 
     - name: Checkout the new branch
-      if: ${{ env.VERSION_CHANGED }} == 'true'
+      if: ${{ env.VERSION_CHANGED }}
       run: |
         git checkout ${{ github.event.repository.default_branch }}
         git checkout -b bump-f!f-version-to-${{ env.REQUESTED_IMAGE_VERSION_TAG }}
     
     - name: Update F!F version in Dockerfile
-      if: ${{ env.VERSION_CHANGED }} == 'true' && ${{ inputs.update-dockerfile-enabled }}
+      if: ${{ env.VERSION_CHANGED && inputs.update-dockerfile-enabled }}
       run: |
         sed -i "s/${{ inputs.regex-for-dockerfile }}/${{ inputs.replacement-for-dockerfile }}${{ env.REQUESTED_IMAGE_VERSION_TAG }}/" ${{ inputs.dockerfile-path }}
         git add ${{ inputs.dockerfile-path }}
       continue-on-error: true
 
     - name: Update F!F version in frankrunner.properties
-      if: ${{ env.VERSION_CHANGED }} == 'true' && ${{ inputs.update-frankrunnerproperties-enabled }}
+      if: ${{ env.VERSION_CHANGED && inputs.update-frankrunnerproperties-enabled }}
       run: |
         sed -i "s/${{ inputs.regex-for-frankrunnerproperties }}/${{inputs.replacement-for-frankrunnerproperties}}${{ env.REQUESTED_IMAGE_VERSION_TAG }}/" ${{ inputs.frankrunnerproperties-path }}
         git add ${{ inputs.frankrunnerproperties-path }}
       continue-on-error: true
 
     - name: Update F!F version in docker-compose file
-      if: ${{ env.VERSION_CHANGED }} == 'true' && ${{ inputs.update-dockercompose-enabled }}
+      if: ${{ env.VERSION_CHANGED && inputs.update-dockercompose-enabled }}
       run: |
         sed -i "s/${{inputs.regex-for-dockercompose}}/${{inputs.replacement-for-dockercompose}}${{ env.REQUESTED_IMAGE_VERSION_TAG }}}/" ${{ inputs.dockercompose-path }}
         git add ${{ inputs.dockercompose-path }}
       continue-on-error: true
 
     - name: Update FrankConfig.xsd files
-      if: ${{ env.VERSION_CHANGED }} == 'true' && ${{ inputs.update-frankconfig-enabled }}
+      if: ${{ env.VERSION_CHANGED && inputs.update-frankconfig-enabled }}
       run: |
         wget -O parent.jar "https://repo1.maven.org/maven2/org/frankframework/frankframework-parent/${{ env.REQUESTED_IMAGE_VERSION_TAG }}/frankframework-parent-${{ env.REQUESTED_IMAGE_VERSION_TAG }}-frankdoc.jar" || \
         wget -O parent.jar "https://nexus.frankframework.org/repository/releases/org/frankframework/frankframework-parent/${{ env.REQUESTED_IMAGE_VERSION_TAG }}/frankframework-parent-${{ env.REQUESTED_IMAGE_VERSION_TAG }}-frankdoc.jar"
@@ -164,7 +164,7 @@ jobs:
         ' sh {} +
     
     - name: Update Parameter.java-orig file
-      if: ${{ env.VERSION_CHANGED }} == 'true' && ${{ inputs.update-customcode-enabled }}
+      if: ${{ env.VERSION_CHANGED && inputs.update-customcode-enabled }}
       run: |
         wget -O source.jar "https://repo1.maven.org/maven2/org/frankframework/frankframework-core/${{ env.REQUESTED_IMAGE_VERSION_TAG }}/frankframework-core-${{ env.REQUESTED_IMAGE_VERSION_TAG }}-sources.jar" || \
         wget -O source.jar "https://nexus.frankframework.org/repository/releases/org/frankframework/frankframework-core/${{ env.REQUESTED_IMAGE_VERSION_TAG }}/frankframework-core-${{ env.REQUESTED_IMAGE_VERSION_TAG }}-sources.jar"
@@ -181,14 +181,14 @@ jobs:
       continue-on-error: true
 
     - name: Commit and push updated files
-      if: ${{ env.VERSION_CHANGED }} == 'true'
+      if: ${{ env.VERSION_CHANGED }}
       run: |
         git commit -m 'build(dependencies): bump f!f version to ${{ env.REQUESTED_IMAGE_VERSION_TAG }}'
         git push origin bump-f!f-version-to-${{ env.REQUESTED_IMAGE_VERSION_TAG }}
       continue-on-error: true
 
     - name: Docker Scout
-      if: ${{ env.VERSION_CHANGED }} == 'true'
+      if: ${{ env.VERSION_CHANGED }}
       id: docker-scout
       uses: docker/scout-action@v1
       with:
@@ -201,7 +201,7 @@ jobs:
         github-token: ${{ secrets.token }}
 
     - name: Create Pull Request
-      if: ${{ env.VERSION_CHANGED }} == 'true'
+      if: ${{ env.VERSION_CHANGED }}
       env: 
         GH_TOKEN: ${{ secrets.token }}
       run: |

.github/workflows/release.yml

@@ -0,0 +1,51 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  actionlinter:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1
+
+      - name: Lint GitHub Actions
+        uses: docker://rhysd/actionlint:1.7.1
+        with:
+          options: -v $(pwd):/repo --workdir /repo
+          args: -color
+
+  release:
+    runs-on: ubuntu-latest
+    needs: 
+      - actionlinter
+    steps:
+      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1
+        with:
+          token: ${{ secrets.WEAREFRANK_BOT_PAT }}
+
+      - name: Setup Node
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 #4.0.2
+        with:
+          node-version: 20.x
+
+      - name: Install dependencies
+        run: yarn global add semantic-release @semantic-release/changelog @semantic-release/git @semantic-release/github @semantic-release/exec @semantic-release/release-notes-generator @semantic-release/commit-analyzer conventional-changelog-conventionalcommits
+
+      - name: Semantic Release
+        run: semantic-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.WEAREFRANK_BOT_PAT }}
+          GH_TOKEN: ${{ secrets.WEAREFRANK_BOT_PAT }}

.releaserc

@@ -0,0 +1,85 @@
+{
+  "branches": ["main", "1.0.x"],
+  "plugins": [
+    [
+      "@semantic-release/commit-analyzer",
+      {
+        "preset": "conventionalcommits",
+        "releaseRules": [
+          {"breaking": true, "release": "major"},
+          {"type": "feat", "release": "minor"},
+          {"type": "fix", "release": "patch"},
+          {"type": "perf", "release": "patch"},
+          {"type": "revert", "release": "patch"},
+          {"type": "docs", "release": "patch"},
+          {"type": "style", "release": "patch"},
+          {"type": "refactor", "release": "patch"},
+          {"type": "test", "release": "patch"},
+          {"type": "build", "release": "patch"},
+          {"type": "ci", "release": "patch"},
+          {"type": "chore", "release": false}
+        ],
+        "parserOpts": {
+          "noteKeywords": [
+            "BREAKING CHANGE",
+            "BREAKING CHANGES",
+            "BREAKING"
+          ]
+        }
+      }
+    ],
+    [
+      "@semantic-release/release-notes-generator",
+      {
+        "preset": "conventionalcommits",
+        "parserOpts": {
+          "noteKeywords": [
+            "BREAKING CHANGE",
+            "BREAKING CHANGES",
+            "BREAKING"
+          ]
+        },
+        "writerOpts": {
+          "commitsSort": ["subject", "scope"]
+        },
+        "presetConfig": {
+          "types": [
+            {"type": "feat", "section": "🍕 Features"},
+            {"type": "feature", "section": "🍕 Features"},
+            {"type": "fix", "section": "🐛 Bug Fixes"},
+            {"type": "perf", "section": "🔥 Performance Improvements"},
+            {"type": "revert", "section": "⏩ Reverts"},
+            {"type": "docs", "section": "📝 Documentation"},
+            {"type": "style", "section": "🎨 Styles"},
+            {"type": "refactor", "section": "🧑‍💻 Code Refactoring"},
+            {"type": "test", "section": "✅ Tests"},
+            {"type": "build", "section": "🤖 Build System"},
+            {"type": "ci", "section": "🔁 Continuous Integration"}
+          ]
+        }
+      }
+    ],
+    [
+      "@semantic-release/exec", {
+        "verifyReleaseCmd": "echo \"release-tag=v${nextRelease.version}\" >> $GITHUB_OUTPUT; echo \"release-version=${nextRelease.version}\" >> $GITHUB_OUTPUT; echo \"release-type=${nextRelease.type}\" >> $GITHUB_OUTPUT"
+      }
+    ],
+    [
+      "@semantic-release/changelog",
+      {
+        "changelogFile": "CHANGELOG.md",
+        "changelogTitle": "[![conventional commits](https://img.shields.io/badge/conventional%20commits-1.0.0-yellow.svg)](https://conventionalcommits.org) [![semantic versioning](https://img.shields.io/badge/semantic%20versioning-2.0.0-green.svg)](https://semver.org)"
+      }
+    ],
+    [
+      "@semantic-release/git",
+      {
+        "assets": [
+          "CHANGELOG.md"
+        ],
+        "message": "chore(<%= nextRelease.type %>): release <%= nextRelease.version %> <%= nextRelease.channel !== null ? `on ${nextRelease.channel} channel ` : '' %>[skip ci]\n\n<%= nextRelease.notes %>"
+      }
+    ],
+    "@semantic-release/github"
+  ]
+}