Skip to content
This repository has been archived by the owner on Oct 13, 2024. It is now read-only.

Commit

Permalink
ci: update global workflows (#320)
Browse files Browse the repository at this point in the history
  • Loading branch information
@LizardByte-bot
LizardByte-bot authored Oct 5, 2023
1 parent 5a8d347 commit 62b35f7
Show file tree
Hide file tree
Showing 8 changed files with 170 additions and 27 deletions.
6 changes: 0 additions & 6 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,45 +10,39 @@ updates:
schedule:
interval: "daily"
time: "08:00"
target-branch: "nightly"
open-pull-requests-limit: 10

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
time: "08:30"
target-branch: "nightly"
open-pull-requests-limit: 10

- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
time: "09:00"
target-branch: "nightly"
open-pull-requests-limit: 10

- package-ecosystem: "nuget"
directory: "/"
schedule:
interval: "daily"
time: "09:30"
target-branch: "nightly"
open-pull-requests-limit: 10

- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "daily"
time: "10:00"
target-branch: "nightly"
open-pull-requests-limit: 10

- package-ecosystem: "gitsubmodule"
directory: "/"
schedule:
interval: "daily"
time: "10:30"
target-branch: "nightly"
open-pull-requests-limit: 10
2 changes: 1 addition & 1 deletion .github/workflows/auto-create-pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Create Pull Request
uses: repo-sync/pull-request@v2
Expand Down
30 changes: 20 additions & 10 deletions .github/workflows/ci-docker.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Find dockerfiles
id: find
Expand Down Expand Up @@ -86,7 +86,7 @@ jobs:
steps:
- name: Checkout
if: ${{ github.ref == 'refs/heads/master' || github.base_ref == 'master' }}
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Verify Changelog
id: verify_changelog
Expand Down Expand Up @@ -162,7 +162,7 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Hadolint
id: hadolint
Expand Down Expand Up @@ -192,8 +192,18 @@ jobs:
name: Docker${{ matrix.tag }}

steps:
- name: Maximize build space
uses: easimon/maximize-build-space@v8
with:
root-reserve-mb: 30720 # https://github.com/easimon/maximize-build-space#caveats
remove-dotnet: 'true'
remove-android: 'true'
remove-haskell: 'true'
remove-codeql: 'true'
remove-docker-images: 'true'

- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
submodules: recursive

Expand Down Expand Up @@ -299,10 +309,10 @@ jobs:
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
- name: Set Up QEMU
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
id: buildx

- name: Cache Docker Layers
Expand All @@ -315,14 +325,14 @@ jobs:
- name: Log in to Docker Hub
if: ${{ steps.prepare.outputs.push == 'true' }} # PRs do not have access to secrets
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

- name: Log in to the Container registry
if: ${{ steps.prepare.outputs.push == 'true' }} # PRs do not have access to secrets
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ secrets.GH_BOT_NAME }}
Expand All @@ -331,7 +341,7 @@ jobs:
- name: Build artifacts
if: ${{ steps.prepare.outputs.artifacts == 'true' }}
id: build_artifacts
uses: docker/build-push-action@v4
uses: docker/build-push-action@v5
with:
context: ./
file: ${{ matrix.dockerfile }}
Expand All @@ -353,7 +363,7 @@ jobs:

- name: Build and push
id: build
uses: docker/build-push-action@v4
uses: docker/build-push-action@v5
with:
context: ./
file: ${{ matrix.dockerfile }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/ci-qodana.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Prepare
id: prepare
Expand Down Expand Up @@ -165,7 +165,7 @@ jobs:
continue-on-error: true
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
submodules: recursive

Expand Down Expand Up @@ -214,7 +214,7 @@ jobs:
- name: Qodana
id: qodana
continue-on-error: true # ensure dispatch-qodana job is run
uses: JetBrains/qodana-action@v2022.3.4
uses: JetBrains/qodana-action@v2023.2.6
with:
additional-cache-hash: ${{ github.ref }}-${{ matrix.language }}
artifact-name: qodana-${{ matrix.language }} # yamllint disable-line rule:line-length
Expand Down
137 changes: 137 additions & 0 deletions .github/workflows/codeql.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
---
# This action is centrally managed in https://github.com/<organization>/.github/
# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in
# the above-mentioned repo.

# This workflow will analyze all supported languages in the repository using CodeQL Analysis.

name: "CodeQL"

on:
push:
branches: ["master", "nightly"]
pull_request:
branches: ["master", "nightly"]
schedule:
- cron: '00 12 * * 0' # every Sunday at 12:00 UTC

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
languages:
name: Get language matrix
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.lang.outputs.result }}
continue: ${{ steps.continue.outputs.result }}
steps:
- name: Get repo languages
uses: actions/github-script@v6
id: lang
with:
script: |
// CodeQL supports ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift']
// Use only 'java' to analyze code written in Java, Kotlin or both
// Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
// Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
const supported_languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift']
const remap_languages = {
'c++': 'cpp',
'c#': 'csharp',
'kotlin': 'java',
'typescript': 'javascript',
}
const repo = context.repo
const response = await github.rest.repos.listLanguages(repo)
let matrix = {
"include": []
}
for (let [key, value] of Object.entries(response.data)) {
// remap language
if (remap_languages[key.toLowerCase()]) {
console.log(`Remapping language: ${key} to ${remap_languages[key.toLowerCase()]}`)
key = remap_languages[key.toLowerCase()]
}
if (supported_languages.includes(key.toLowerCase()) &&
!matrix['include'].includes({"language": key.toLowerCase()})) {
console.log(`Found supported language: ${key}`)
matrix['include'].push({"language": key.toLowerCase()})
}
}
// print languages
console.log(`matrix: ${JSON.stringify(matrix)}`)
return matrix
- name: Continue
uses: actions/github-script@v6
id: continue
with:
script: |
// if matrix['include'] is an empty list return false, otherwise true
const matrix = ${{ steps.lang.outputs.result }} // this is already json encoded
if (matrix['include'].length == 0) {
return false
} else {
return true
}
analyze:
name: Analyze
if: ${{ needs.languages.outputs.continue == 'true' }}
needs: [languages]
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix: ${{ fromJson(needs.languages.outputs.matrix) }}

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: recursive

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# yamllint disable-line rule:line-length
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality

# Pre autobuild
# create a file named .codeql-prebuild-${{ matrix.language }}.sh in the root of your repository
- name: Prebuild
run: |
# check if .qodeql-prebuild-${{ matrix.language }}.sh exists
if [ -f "./.codeql-prebuild-${{ matrix.language }}.sh" ]; then
echo "Running .codeql-prebuild-${{ matrix.language }}.sh"
./.codeql-prebuild-${{ matrix.language }}.sh
fi
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
- name: Autobuild
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
12 changes: 7 additions & 5 deletions .github/workflows/issues-stale.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,15 @@ jobs:
exempt-pr-labels: 'dependencies,l10n'
stale-issue-label: 'stale'
stale-issue-message: >
This issue is stale because it has been open for 90 days with no activity.
Comment or remove the stale label, otherwise this will be closed in 10 days.
:wave: @{issue-author}, It seems this issue hasn't had any activity in the past 90 days.
If it's still something you'd like addressed, please let us know by leaving a comment.
Otherwise, to help keep our backlog tidy, we'll be closing this issue in 10 days. Thanks!
stale-pr-label: 'stale'
stale-pr-message: >
This PR is stale because it has been open for 90 days with no activity.
Comment or remove the stale label, otherwise this will be closed in 10 days.
:wave: @{issue-author}, It looks like this PR has been idle for 90 days.
If it's still something you're working on or would like to pursue,
please leave a comment or update your branch.
Otherwise, we'll be closing this PR in 10 days to reduce our backlog. Thanks!
repo-token: ${{ secrets.GH_BOT_TOKEN }}

- name: Invalid Template
Expand All @@ -48,7 +51,6 @@ jobs:
This PR was closed because the the template was not completed after 5 days.
days-before-stale: 0
days-before-close: 5
exempt-pr-labels: 'dependencies,l10n'
only-labels: 'invalid:template-incomplete'
stale-issue-label: 'invalid:template-incomplete'
stale-issue-message: >
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/python-flake8.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v4 # https://github.com/actions/setup-python
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/yaml-lint.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Find additional files
id: find-files
Expand Down

0 comments on commit 62b35f7

Please sign in to comment.