diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..f197970 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,24 @@ +name: Continuous Integration + +on: + pull_request: + branches: + - main + - master + +jobs: + actionlinter: + runs-on: ubuntu-latest + steps: + - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1 + + - name: Lint GitHub Actions + uses: docker://rhysd/actionlint:latest + with: + options: -v $(pwd):/repo --workdir /repo + args: -color diff --git a/.github/workflows/docker-release-generic.yml b/.github/workflows/docker-release-generic.yml index 8ef68f4..a53a023 100644 --- a/.github/workflows/docker-release-generic.yml +++ b/.github/workflows/docker-release-generic.yml @@ -88,7 +88,7 @@ jobs: uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #3.0.0 - name: Login to Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # 3.2.0 with: username: ${{ secrets.dockerhub-username }} password: ${{ secrets.dockerhub-token }} diff --git a/.github/workflows/ff-version-auto-bumper.yml b/.github/workflows/ff-version-auto-bumper.yml index 892dbf3..74afb35 100644 --- a/.github/workflows/ff-version-auto-bumper.yml +++ b/.github/workflows/ff-version-auto-bumper.yml @@ -81,12 +81,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1 with: fetch-depth: 0 - name: Login to Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # 3.2.0 with: username: ${{ secrets.dockerhub-username }} password: ${{ secrets.dockerhub-token }} @@ -103,11 +103,11 @@ jobs: run: | ff_image_inspect=$(docker inspect frankframework/frankframework:${{ inputs.ff-version-tag }}) requested_image_version_tag=$(echo "$ff_image_inspect" | jq -r '.[0].Config.Labels."org.opencontainers.image.version"') - echo "REQUESTED_IMAGE_VERSION_TAG=${requested_image_version_tag}" >> $GITHUB_ENV + echo "REQUESTED_IMAGE_VERSION_TAG=${requested_image_version_tag}" >> "$GITHUB_ENV" echo "Requested Image Version: ${requested_image_version_tag}" current_image_version_tag=$(awk -F'=' '/${{ inputs.regex-for-dockerfile }}/ {print $2}' ${{ inputs.dockerfile-path }}) - echo "CURRENT_IMAGE_VERSION_TAG=${current_image_version_tag}" >> $GITHUB_ENV + echo "CURRENT_IMAGE_VERSION_TAG=${current_image_version_tag}" >> "$GITHUB_ENV" echo "Current Image Version: ${current_image_version_tag}" - name: Check if requested F!F version is different than current F!F version @@ -115,41 +115,41 @@ jobs: if [ "${{ env.REQUESTED_IMAGE_VERSION_TAG }}" != "${{ env.CURRENT_IMAGE_VERSION_TAG }}" ] then echo "Requested F!F version is different than current F!F version. Applying it to ${{ github.event.repository.name }} project." - echo "VERSION_CHANGED=true" >> $GITHUB_ENV + echo "VERSION_CHANGED=true" >> "$GITHUB_ENV" else echo "Requested F!F version is same as current F!F version. No action needed." - echo "VERSION_CHANGED=false" >> $GITHUB_ENV + echo "VERSION_CHANGED=false" >> "$GITHUB_ENV" fi - name: Checkout the new branch - if: ${{ env.VERSION_CHANGED }} == 'true' + if: ${{ env.VERSION_CHANGED }} run: | git checkout ${{ github.event.repository.default_branch }} git checkout -b bump-f!f-version-to-${{ env.REQUESTED_IMAGE_VERSION_TAG }} - name: Update F!F version in Dockerfile - if: ${{ env.VERSION_CHANGED }} == 'true' && ${{ inputs.update-dockerfile-enabled }} + if: ${{ env.VERSION_CHANGED && inputs.update-dockerfile-enabled }} run: | sed -i "s/${{ inputs.regex-for-dockerfile }}/${{ inputs.replacement-for-dockerfile }}${{ env.REQUESTED_IMAGE_VERSION_TAG }}/" ${{ inputs.dockerfile-path }} git add ${{ inputs.dockerfile-path }} continue-on-error: true - name: Update F!F version in frankrunner.properties - if: ${{ env.VERSION_CHANGED }} == 'true' && ${{ inputs.update-frankrunnerproperties-enabled }} + if: ${{ env.VERSION_CHANGED && inputs.update-frankrunnerproperties-enabled }} run: | sed -i "s/${{ inputs.regex-for-frankrunnerproperties }}/${{inputs.replacement-for-frankrunnerproperties}}${{ env.REQUESTED_IMAGE_VERSION_TAG }}/" ${{ inputs.frankrunnerproperties-path }} git add ${{ inputs.frankrunnerproperties-path }} continue-on-error: true - name: Update F!F version in docker-compose file - if: ${{ env.VERSION_CHANGED }} == 'true' && ${{ inputs.update-dockercompose-enabled }} + if: ${{ env.VERSION_CHANGED && inputs.update-dockercompose-enabled }} run: | sed -i "s/${{inputs.regex-for-dockercompose}}/${{inputs.replacement-for-dockercompose}}${{ env.REQUESTED_IMAGE_VERSION_TAG }}}/" ${{ inputs.dockercompose-path }} git add ${{ inputs.dockercompose-path }} continue-on-error: true - name: Update FrankConfig.xsd files - if: ${{ env.VERSION_CHANGED }} == 'true' && ${{ inputs.update-frankconfig-enabled }} + if: ${{ env.VERSION_CHANGED && inputs.update-frankconfig-enabled }} run: | wget -O parent.jar "https://repo1.maven.org/maven2/org/frankframework/frankframework-parent/${{ env.REQUESTED_IMAGE_VERSION_TAG }}/frankframework-parent-${{ env.REQUESTED_IMAGE_VERSION_TAG }}-frankdoc.jar" || \ wget -O parent.jar "https://nexus.frankframework.org/repository/releases/org/frankframework/frankframework-parent/${{ env.REQUESTED_IMAGE_VERSION_TAG }}/frankframework-parent-${{ env.REQUESTED_IMAGE_VERSION_TAG }}-frankdoc.jar" @@ -164,7 +164,7 @@ jobs: ' sh {} + - name: Update Parameter.java-orig file - if: ${{ env.VERSION_CHANGED }} == 'true' && ${{ inputs.update-customcode-enabled }} + if: ${{ env.VERSION_CHANGED && inputs.update-customcode-enabled }} run: | wget -O source.jar "https://repo1.maven.org/maven2/org/frankframework/frankframework-core/${{ env.REQUESTED_IMAGE_VERSION_TAG }}/frankframework-core-${{ env.REQUESTED_IMAGE_VERSION_TAG }}-sources.jar" || \ wget -O source.jar "https://nexus.frankframework.org/repository/releases/org/frankframework/frankframework-core/${{ env.REQUESTED_IMAGE_VERSION_TAG }}/frankframework-core-${{ env.REQUESTED_IMAGE_VERSION_TAG }}-sources.jar" @@ -181,14 +181,14 @@ jobs: continue-on-error: true - name: Commit and push updated files - if: ${{ env.VERSION_CHANGED }} == 'true' + if: ${{ env.VERSION_CHANGED }} run: | git commit -m 'build(dependencies): bump f!f version to ${{ env.REQUESTED_IMAGE_VERSION_TAG }}' git push origin bump-f!f-version-to-${{ env.REQUESTED_IMAGE_VERSION_TAG }} continue-on-error: true - name: Docker Scout - if: ${{ env.VERSION_CHANGED }} == 'true' + if: ${{ env.VERSION_CHANGED }} id: docker-scout uses: docker/scout-action@v1 with: @@ -201,7 +201,7 @@ jobs: github-token: ${{ secrets.token }} - name: Create Pull Request - if: ${{ env.VERSION_CHANGED }} == 'true' + if: ${{ env.VERSION_CHANGED }} env: GH_TOKEN: ${{ secrets.token }} run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..91746e0 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,51 @@ +name: Release + +on: + push: + branches: + - main + +jobs: + actionlinter: + runs-on: ubuntu-latest + steps: + - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1 + + - name: Lint GitHub Actions + uses: docker://rhysd/actionlint:1.7.1 + with: + options: -v $(pwd):/repo --workdir /repo + args: -color + + release: + runs-on: ubuntu-latest + needs: + - actionlinter + steps: + - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1 + with: + token: ${{ secrets.WEAREFRANK_BOT_PAT }} + + - name: Setup Node + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 #4.0.2 + with: + node-version: 20.x + + - name: Install dependencies + run: yarn global add semantic-release @semantic-release/changelog @semantic-release/git @semantic-release/github @semantic-release/exec @semantic-release/release-notes-generator @semantic-release/commit-analyzer conventional-changelog-conventionalcommits + + - name: Semantic Release + run: semantic-release + env: + GITHUB_TOKEN: ${{ secrets.WEAREFRANK_BOT_PAT }} + GH_TOKEN: ${{ secrets.WEAREFRANK_BOT_PAT }} diff --git a/.releaserc b/.releaserc new file mode 100644 index 0000000..cb38763 --- /dev/null +++ b/.releaserc @@ -0,0 +1,85 @@ +{ + "branches": ["main", "1.0.x"], + "plugins": [ + [ + "@semantic-release/commit-analyzer", + { + "preset": "conventionalcommits", + "releaseRules": [ + {"breaking": true, "release": "major"}, + {"type": "feat", "release": "minor"}, + {"type": "fix", "release": "patch"}, + {"type": "perf", "release": "patch"}, + {"type": "revert", "release": "patch"}, + {"type": "docs", "release": "patch"}, + {"type": "style", "release": "patch"}, + {"type": "refactor", "release": "patch"}, + {"type": "test", "release": "patch"}, + {"type": "build", "release": "patch"}, + {"type": "ci", "release": "patch"}, + {"type": "chore", "release": false} + ], + "parserOpts": { + "noteKeywords": [ + "BREAKING CHANGE", + "BREAKING CHANGES", + "BREAKING" + ] + } + } + ], + [ + "@semantic-release/release-notes-generator", + { + "preset": "conventionalcommits", + "parserOpts": { + "noteKeywords": [ + "BREAKING CHANGE", + "BREAKING CHANGES", + "BREAKING" + ] + }, + "writerOpts": { + "commitsSort": ["subject", "scope"] + }, + "presetConfig": { + "types": [ + {"type": "feat", "section": "🍕 Features"}, + {"type": "feature", "section": "🍕 Features"}, + {"type": "fix", "section": "🐛 Bug Fixes"}, + {"type": "perf", "section": "🔥 Performance Improvements"}, + {"type": "revert", "section": "⏩ Reverts"}, + {"type": "docs", "section": "📝 Documentation"}, + {"type": "style", "section": "🎨 Styles"}, + {"type": "refactor", "section": "🧑‍💻 Code Refactoring"}, + {"type": "test", "section": "✅ Tests"}, + {"type": "build", "section": "🤖 Build System"}, + {"type": "ci", "section": "🔁 Continuous Integration"} + ] + } + } + ], + [ + "@semantic-release/exec", { + "verifyReleaseCmd": "echo \"release-tag=v${nextRelease.version}\" >> $GITHUB_OUTPUT; echo \"release-version=${nextRelease.version}\" >> $GITHUB_OUTPUT; echo \"release-type=${nextRelease.type}\" >> $GITHUB_OUTPUT" + } + ], + [ + "@semantic-release/changelog", + { + "changelogFile": "CHANGELOG.md", + "changelogTitle": "[![conventional commits](https://img.shields.io/badge/conventional%20commits-1.0.0-yellow.svg)](https://conventionalcommits.org) [![semantic versioning](https://img.shields.io/badge/semantic%20versioning-2.0.0-green.svg)](https://semver.org)" + } + ], + [ + "@semantic-release/git", + { + "assets": [ + "CHANGELOG.md" + ], + "message": "chore(<%= nextRelease.type %>): release <%= nextRelease.version %> <%= nextRelease.channel !== null ? `on ${nextRelease.channel} channel ` : '' %>[skip ci]\n\n<%= nextRelease.notes %>" + } + ], + "@semantic-release/github" + ] +}