diff --git a/.flake8 b/.github/.flake8 similarity index 100% rename from .flake8 rename to .github/.flake8 diff --git a/.github/commitlint.config.mjs b/.github/commitlint.config.mjs new file mode 100644 index 0000000..bbc324e --- /dev/null +++ b/.github/commitlint.config.mjs @@ -0,0 +1,15 @@ +import { RuleConfigSeverity } from '@commitlint/types'; + +export default { + extends: ['@commitlint/config-conventional'], + parserPreset: 'conventional-changelog-conventionalcommits', + rules: { + 'scope-enum': [RuleConfigSeverity.Error, 'always', [ + '', + 'deps', + 'controller-container', + 'guacamole-chart', + 'guacamole-crds-chart' + ]] + } +}; diff --git a/.github/labeler.yaml b/.github/labeler.yaml new file mode 100644 index 0000000..a9d110e --- /dev/null +++ b/.github/labeler.yaml @@ -0,0 +1,32 @@ +# Release branches where trunk branches are merge-committed to trigger releases + +release: +- base-branch: + - 'main' + - 'maintenance/.+/[0-9]+\.([0-9]+|x)\.x' + +# Label any maintenance branch, trunk and release + +maintenance: +- base-branch: + - 'maintenance/.+/[0-9]+\.([0-9]+|x)\.x' + +# Label PRs into the main branch + +main: +- base-branch: + - 'main' + +# Labels for PRs on asset specific branches + +controller-container: +- base-branch: + - '.+/controller-container(/.+)?' + +guacamole-chart: +- base-branch: + - '.+/guacamole-chart(/.+)?' + +guacamole-crds-chart: +- base-branch: + - '.+/guacamole-crds-chart(/.+)?' diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..ef876fa --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,14 @@ +## :construction: Suggest a change + +A clear and concise description of what you are changing. + +## :memo: Pre-merge checklist + +Ready to merge? Do not merge until all checks are satisfied. +- [ ] :chart: Have all `required` CI checks passed on the most recent commit? +- [ ] :black_nib: Is the PR title a valid and meaningful conventional-commit message? ie. `type(scope): summary` +- [ ] :boom: Are `breaking changes` declared in the PR title in conventional-commit style? ie. `type!(scope): summary` +- [ ] :art: Does new code follow the code style of this project? +- [ ] :mag: Has new code been spellchecked and linted? +- [ ] :book: Have docs been updated where necessary? +- [ ] :poop: Have commits been checked for accidental file inclusions? diff --git a/.github/workflows/controller-container.yaml b/.github/workflows/controller-container.yaml index 1b37eb6..1bedb44 100644 --- a/.github/workflows/controller-container.yaml +++ b/.github/workflows/controller-container.yaml @@ -2,12 +2,28 @@ name: Controller Container on: pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/guacamole-chart*' + - '*/guacamole-crds-chart*' + # Only consider PRs that change files for this asset, including ci scripts paths: + - '.github/workflows/flake8.yaml' + - '.github/workflows/controller-container.yaml' - 'containers/controller/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. push: + # Only release off of release and maintenance branches for this asset branches: - - main + - 'maintenance/controller-container/[0-9]+.x.x' + - 'maintenance/controller-container/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts paths: + - '.github/workflows/controller-container.yaml' - 'containers/controller/**' permissions: @@ -17,17 +33,25 @@ permissions: concurrency: group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely cancel-in-progress: false jobs: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! controller-container: - uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.4.2-containers + uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.6.0-containers with: job-name: controller-container registry: ${{ vars.HARBOR_REGISTRY }} registry-user: ${{ vars.HARBOR_USER }} registry-repo: ${{ vars.HARBOR_PROJECT }}/controller release-tag-format: 'controller-container-${version}' + release-branches: | + [ + 'maintenance/controller-container/[0-9]+\.([0-9]+|x)\.x', + 'main' + ] cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} slack-channel: ${{ vars.SLACK_CHANNEL }} build-file: containers/controller/Dockerfile diff --git a/.github/workflows/controller-flake8.yaml b/.github/workflows/controller-flake8.yaml new file mode 100644 index 0000000..9432ac3 --- /dev/null +++ b/.github/workflows/controller-flake8.yaml @@ -0,0 +1,42 @@ +name: Controller Flake8 + +on: + pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/guacamole-chart*' + - '*/guacamole-crds-chart*' + # Only consider PRs that change files for this asset, including ci scripts + paths: + - '.github/workflows/flake8.yaml' + - '.github/workflows/controller-container.yaml' + - 'containers/controller/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + # This linting can be cancelled if there is a newer commit to lint + cancel-in-progress: true + +jobs: + controller-flake8: + runs-on: + labels: [self-hosted, linux, x64] + group: light + + steps: + - name: clone repo + uses: actions/checkout@v4 + + - name: install flake8 + run: pip install flake8 + + - name: install flake8 annotations + uses: rbialon/flake8-annotations@v1 + + - name: run flake8 + run: | + flake8 --config=".github/.flake8" containers/controller/src diff --git a/.github/workflows/flake8.yaml b/.github/workflows/flake8.yaml deleted file mode 100644 index 82b08a5..0000000 --- a/.github/workflows/flake8.yaml +++ /dev/null @@ -1,31 +0,0 @@ -name: Flake8 - -on: - pull_request: - paths: - - '.flake8' - - 'containers/controller/src/**.py' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - flake8: - runs-on: - labels: [self-hosted, linux, x64] - group: light - - steps: - - name: clone repo - uses: actions/checkout@v4 - - - name: install flake8 - run: pip install flake8 - - - name: install flake8 annotations - uses: rbialon/flake8-annotations@v1 - - - name: run flake8 - run: | - flake8 containers/controller/src diff --git a/.github/workflows/guacamole-chart.yaml b/.github/workflows/guacamole-chart.yaml index 0d6c153..e8db0b5 100644 --- a/.github/workflows/guacamole-chart.yaml +++ b/.github/workflows/guacamole-chart.yaml @@ -2,12 +2,27 @@ name: Guacamole Chart on: pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/controller-container*' + - '*/guacamole-crds-chart*' + # Only consider PRs that change files for this asset, including ci scripts paths: + - '.github/workflows/guacamole-chart.yaml' - 'charts/guacamole/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. push: + # Only release off of release and maintenance branches for this asset branches: - - main + - 'maintenance/guacamole-chart/[0-9]+.x.x' + - 'maintenance/guacamole-chart/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts paths: + - '.github/workflows/guacamole-chart.yaml' - 'charts/guacamole/**' permissions: @@ -17,11 +32,14 @@ permissions: concurrency: group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely cancel-in-progress: false jobs: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! guacamole-chart: - uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v1.2.0-charts + uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v1.3.0-charts with: job-name: guacamole-chart registry: ${{ vars.HARBOR_REGISTRY }} @@ -29,6 +47,11 @@ jobs: registry-project: ${{ vars.HARBOR_PROJECT }} registry-repo: guacamole release-tag-format: 'guacamole-chart-${version}' + release-branches: | + [ + 'maintenance/guacamole-chart/[0-9]+\.([0-9]+|x)\.x', + 'main' + ] cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} slack-channel: ${{ vars.SLACK_CHANNEL }} chart: charts/guacamole diff --git a/.github/workflows/guacamole-crds-chart.yaml b/.github/workflows/guacamole-crds-chart.yaml index 8e7038b..9f562c1 100644 --- a/.github/workflows/guacamole-crds-chart.yaml +++ b/.github/workflows/guacamole-crds-chart.yaml @@ -1,13 +1,28 @@ -name: Guacamole Chart +name: Guacamole CRDs Chart on: pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/controller-container*' + - '*/guacamole-chart*' + # Only consider PRs that change files for this asset, including cQi scripts paths: + - '.github/workflows/guacamole-crds-chart.yaml' - 'charts/guacamole-crds/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. push: + # Only release off of release and maintenance branches for this asset branches: - - main + - 'maintenance/guacamole-crds-chart/[0-9]+.x.x' + - 'maintenance/guacamole-crds-chart/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts paths: + - '.github/workflows/guacamole-crds-chart.yaml' - 'charts/guacamole-crds/**' permissions: @@ -17,11 +32,14 @@ permissions: concurrency: group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely cancel-in-progress: false jobs: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! guacamole-crds-chart: - uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v1.2.0-charts + uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v1.3.0-charts with: job-name: guacamole-crds-chart registry: ${{ vars.HARBOR_REGISTRY }} @@ -29,6 +47,11 @@ jobs: registry-project: ${{ vars.HARBOR_PROJECT }} registry-repo: guacamole-crds release-tag-format: 'guacamole-crds-chart-${version}' + release-branches: | + [ + 'maintenance/guacamole-crds-chart/[0-9]+\.([0-9]+|x)\.x', + 'main' + ] cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} slack-channel: ${{ vars.SLACK_CHANNEL }} chart: charts/guacamole-crds diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml new file mode 100644 index 0000000..45609d2 --- /dev/null +++ b/.github/workflows/pr-labeler.yaml @@ -0,0 +1,17 @@ +name: Label PR + +on: + pull_request: + # Run on all PRs whenever they are opened + types: + - opened + - reopened + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + # This labelling can be cancelled if there is a newer run + cancel-in-progress: true + +jobs: + pr-labeler: + uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-labeler.yaml@v1.0.0-pr-labeler diff --git a/.github/workflows/pr-title-commitlint.yaml b/.github/workflows/pr-title-commitlint.yaml new file mode 100644 index 0000000..0e01d19 --- /dev/null +++ b/.github/workflows/pr-title-commitlint.yaml @@ -0,0 +1,18 @@ +name: Commit Lint PR Title + +on: + pull_request: + # Run on all PRs whenever the title could have changed + types: + - opened + - reopened + - edited + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + # This linting can be cancelled if there is a newer commit to lint + cancel-in-progress: true + +jobs: + pr-title-commitlint: + uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-title-commitlint.yaml@v1.0.0-pr-title-commitlint