diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 350feb1..cb8b3d6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -9,33 +9,10 @@ on: - main pull_request: -jobs: - build: - runs-on: ubuntu-24.04 - - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: go.mod - - - name: Install Task - uses: arduino/setup-task@v2 - with: - version: 3.x +permissions: + contents: read - - name: task generate - run: | - task generate --verbose - git diff --exit-code - - - name: task validate - run: task validate --verbose - - - name: task test - run: task test --verbose +jobs: + build_validate_test: + uses: openmcp-project/build/.github/workflows/ci.lib.yaml@main + secrets: inherit diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 156975b..fdcd53c 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -9,79 +9,7 @@ on: permissions: packages: write -env: - OCI_URL: ghcr.io/openmcp-project - jobs: - release_tag: - name: Release version - runs-on: ubuntu-24.04 - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - ssh-key: ${{ secrets.PUSH_KEY }} - fetch-tags: true - fetch-depth: 0 - submodules: recursive - - - name: Install Task - uses: arduino/setup-task@v2 - with: - version: 3.x - - - name: Read and validate VERSION - id: version - run: | - VERSION=$(task version) - if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-dev(-[0-9a-f]*)?)?$ ]]; then - echo "Invalid version format: $VERSION" - exit 1 - fi - echo "New version: $VERSION" - echo "version=$VERSION" >> $GITHUB_ENV - - - name: Skip release if version is a dev version - if: contains(env.version, '-dev') - run: | - echo "Skipping development version release: ${{ env.version }}" - echo "SKIP=true" >> $GITHUB_ENV - exit 0 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Context for Buildx - id: buildx-context - run: | - docker context create builders - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - timeout-minutes: 5 - uses: docker/setup-buildx-action@v3 - with: - version: latest - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: go.mod - - - name: Build and Push Images - run: | - task build:img:all --verbose - - - name: Package and Push Helm Charts - run: | - task build:helm:all --verbose - - - name: Build and Push OCM Component - run: | - task build:ocm:all --verbose + release_publish: + uses: openmcp-project/build/.github/workflows/publish.lib.yaml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4d99cba..bbdc43f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -11,134 +11,5 @@ permissions: jobs: release_tag: - name: Release version - runs-on: ubuntu-24.04 - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - ssh-key: ${{ secrets.PUSH_KEY }} - fetch-tags: true - fetch-depth: 0 - submodules: recursive - - - name: Install Task - uses: arduino/setup-task@v2 - with: - version: 3.x - - - name: Read and validate VERSION - id: version - run: | - VERSION=$(task version) - if [[ ! "$VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-dev(-[0-9a-f]*)?)?$ ]]; then - echo "Invalid version format: $VERSION" - exit 1 - fi - echo "New version: $VERSION" - echo "version=$VERSION" >> $GITHUB_ENV - - - name: Skip release if version is a dev version - if: contains(env.version, '-dev') - run: | - echo "Skipping development version release: ${{ env.version }}" - echo "SKIP=true" >> $GITHUB_ENV - exit 0 - - - name: Check if VERSION is already tagged - id: check_tag - run: | - if git rev-parse "refs/tags/${{ env.version }}" >/dev/null 2>&1; then - echo "Tag ${{ env.version }} already exists. Skipping release." - echo "SKIP=true" >> $GITHUB_ENV - exit 0 - fi - echo "Tag ${{ env.version }} doesn't exists. Proceeding with release." - - - name: Create Git tag - if: ${{ env.SKIP != 'true' }} - run: | - AUTHOR_NAME=$(git log -1 --pretty=format:'%an') - AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae') - echo "Tagging as $AUTHOR_NAME <$AUTHOR_EMAIL>" - - echo "AUTHOR_NAME=$AUTHOR_NAME" >> $GITHUB_ENV - echo "AUTHOR_EMAIL=$AUTHOR_EMAIL" >> $GITHUB_ENV - - git config user.name "$AUTHOR_NAME" - git config user.email "$AUTHOR_EMAIL" - - git tag -a "${{ env.version }}" -m "Release ${{ env.version }}" - git push origin "${{ env.version }}" - - - name: Create Git tag for api submodule - if: ${{ env.SKIP != 'true' }} - run: | - AUTHOR_NAME=$(git log -1 --pretty=format:'%an') - AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae') - echo "Tagging as $AUTHOR_NAME <$AUTHOR_EMAIL>" - - echo "AUTHOR_NAME=$AUTHOR_NAME" >> $GITHUB_ENV - echo "AUTHOR_EMAIL=$AUTHOR_EMAIL" >> $GITHUB_ENV - - git config user.name "$AUTHOR_NAME" - git config user.email "$AUTHOR_EMAIL" - - git tag -a "api/${{ env.version }}" -m "Release ${{ env.version }}" - git push origin "api/${{ env.version }}" - - - name: Build Changelog - id: github_release - uses: mikepenz/release-changelog-builder-action@v5 - with: - mode: "PR" - configurationJson: | - { - "template": "#{{CHANGELOG}}", - "pr_template": "- #{{TITLE}}: ##{{NUMBER}}", - "categories": [ - { - "title": "## Feature", - "labels": ["feat", "feature"] - }, - { - "title": "## Fix", - "labels": ["fix", "bug"] - }, - { - "title": "## Other", - "labels": [] - } - ], - "label_extractor": [ - { - "pattern": "^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test){1}(\\([\\w\\-\\.]+\\))?(!)?: ([\\w ])+([\\s\\S]*)", - "on_property": "title", - "target": "$1" - } - ] - } - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Create GitHub release - if: ${{ env.SKIP != 'true' }} - uses: softprops/action-gh-release@v2 - with: - tag_name: ${{ env.version }} - name: Release ${{ env.version }} - body: ${{steps.github_release.outputs.changelog}} - draft: true - prerelease: false - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Push dev VERSION - if: ${{ env.SKIP != 'true' }} - run: | - task release:set-version --verbose -- "${{ env.version }}-dev" - git config user.name "${{ env.AUTHOR_NAME }}" - git config user.email "${{ env.AUTHOR_EMAIL }}" - git add VERSION - git commit -m "Update VERSION to ${{ env.version }}-dev" - git push origin main + uses: openmcp-project/build/.github/workflows/release.lib.yaml@main + secrets: inherit diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index 328ee5b..aa0ba49 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -2,10 +2,10 @@ name: REUSE Compliance Check on: [push, pull_request] +permissions: + contents: read + jobs: - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: REUSE Compliance Check - uses: fsfe/reuse-action@v5 + run_reuse: + uses: openmcp-project/build/.github/workflows/reuse.lib.yaml@main + secrets: inherit diff --git a/.github/workflows/validate-pr-content.yaml b/.github/workflows/validate-pr-content.yaml new file mode 100644 index 0000000..52a07c0 --- /dev/null +++ b/.github/workflows/validate-pr-content.yaml @@ -0,0 +1,15 @@ +name: Validate Pull Request Content + +on: + pull_request: + types: + - opened + - edited + +permissions: + contents: read + +jobs: + validate_pr_content: + uses: openmcp-project/build/.github/workflows/validate-pr-content.lib.yaml@main + secrets: inherit \ No newline at end of file