From 703ea72bb92c214b226ecb1484df21a23f835c8d Mon Sep 17 00:00:00 2001 From: Viacheslav Turovskyi Date: Mon, 18 Mar 2024 10:21:21 +0200 Subject: [PATCH 1/2] ci: add workflow for the Bounty Program commands (#277) --- .github/workflows/bounty-program-commands.yml | 90 +++++++++++++++++++ .github/workflows/global-replicator.yml | 2 +- 2 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/bounty-program-commands.yml diff --git a/.github/workflows/bounty-program-commands.yml b/.github/workflows/bounty-program-commands.yml new file mode 100644 index 00000000..433f7d95 --- /dev/null +++ b/.github/workflows/bounty-program-commands.yml @@ -0,0 +1,90 @@ +# This workflow is centrally managed at https://github.com/asyncapi/.github/ +# Don't make changes to this file in this repository, as they will be overwritten with +# changes made to the same file in the abovementioned repository. + +# The purpose of this workflow is to allow Bounty Team members +# (https://github.com/orgs/asyncapi/teams/bounty_team) to issue commands to the +# organization's global AsyncAPI bot related to the Bounty Program, while at the +# same time preventing unauthorized users from misusing them. + +name: Bounty Program commands + +on: + issue_comment: + types: + - created + +jobs: + guard-against-unauthorized-use: + if: > + github.actor != ('aeworxet' || 'thulieblack') && + ( + contains(github.event.comment.body, '/bounty' ) + ) + + runs-on: ubuntu-latest + + steps: + - name: ❌ @${{github.actor}} made an unauthorized attempt to use a Bounty Program's command + uses: actions/github-script@v6 + + with: + github-token: ${{ secrets.GH_TOKEN }} + script: | + const commentText = `❌ @${{github.actor}} is not authorized to use the Bounty Program's commands. + These commands can only be used by members of the [Bounty Team](https://github.com/orgs/asyncapi/teams/bounty_team).`; + + console.log(`❌ @${{github.actor}} made an unauthorized attempt to use a Bounty Program's command.`); + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: commentText + }) + + add-label-bounty: + if: > + github.actor == ('aeworxet' || 'thulieblack') && + ( + contains(github.event.comment.body, '/bounty' ) + ) + + runs-on: ubuntu-latest + env: + BOUNTY_PROGRAM_LABELS_JSON: | + [ + {"name": "bounty", "color": "0e8a16", "description": "Participation in the Bounty Program"} + ] + + steps: + - name: Add label `bounty` + uses: actions/github-script@v6 + + with: + github-token: ${{ secrets.GH_TOKEN }} + script: | + const BOUNTY_PROGRAM_LABELS = JSON.parse(process.env.BOUNTY_PROGRAM_LABELS_JSON); + let LIST_OF_LABELS_FOR_REPO = await github.rest.issues.listLabelsForRepo({ + owner: context.repo.owner, + repo: context.repo.repo, + }); + + LIST_OF_LABELS_FOR_REPO = LIST_OF_LABELS_FOR_REPO.data.map(key => key.name); + + if (!LIST_OF_LABELS_FOR_REPO.includes(BOUNTY_PROGRAM_LABELS[0].name)) { + await github.rest.issues.createLabel({ + owner: context.repo.owner, + repo: context.repo.repo, + name: BOUNTY_PROGRAM_LABELS[0].name, + color: BOUNTY_PROGRAM_LABELS[0].color, + description: BOUNTY_PROGRAM_LABELS[0].description + }); + } + + console.log('Adding label `bounty`...'); + github.rest.issues.addLabels({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + labels: [BOUNTY_PROGRAM_LABELS[0].name] + }) diff --git a/.github/workflows/global-replicator.yml b/.github/workflows/global-replicator.yml index 0bd430fb..e61741c2 100644 --- a/.github/workflows/global-replicator.yml +++ b/.github/workflows/global-replicator.yml @@ -138,7 +138,7 @@ jobs: uses: derberg/manage-files-in-multiple-repositories@beecbe897cf5ed7f3de5a791a3f2d70102fe7c25 with: github_token: ${{ secrets.GH_TOKEN }} - patterns_to_include: .github/workflows/scripts,.github/workflows/automerge-for-humans-add-ready-to-merge-or-do-not-merge-label.yml,.github/workflows/add-good-first-issue-labels.yml,.github/workflows/automerge-for-humans-merging.yml,.github/workflows/automerge-for-humans-remove-ready-to-merge-label-on-edit.yml,.github/workflows/automerge-orphans.yml,.github/workflows/automerge.yml,.github/workflows/autoupdate.yml,.github/workflows/help-command.yml,.github/workflows/issues-prs-notifications.yml,.github/workflows/lint-pr-title.yml,.github/workflows/notify-tsc-members-mention.yml,.github/workflows/stale-issues-prs.yml,.github/workflows/welcome-first-time-contrib.yml,.github/workflows/release-announcements.yml + patterns_to_include: .github/workflows/scripts,.github/workflows/automerge-for-humans-add-ready-to-merge-or-do-not-merge-label.yml,.github/workflows/add-good-first-issue-labels.yml,.github/workflows/automerge-for-humans-merging.yml,.github/workflows/automerge-for-humans-remove-ready-to-merge-label-on-edit.yml,.github/workflows/automerge-orphans.yml,.github/workflows/automerge.yml,.github/workflows/autoupdate.yml,.github/workflows/help-command.yml,.github/workflows/issues-prs-notifications.yml,.github/workflows/lint-pr-title.yml,.github/workflows/notify-tsc-members-mention.yml,.github/workflows/stale-issues-prs.yml,.github/workflows/welcome-first-time-contrib.yml,.github/workflows/release-announcements.yml,.github/workflows/bounty-program-commands.yml committer_username: asyncapi-bot committer_email: info@asyncapi.io commit_message: "ci: update of files from global .github repo" From f9776eda158147edbfd7e59512b3df9d68aa35c3 Mon Sep 17 00:00:00 2001 From: Lukasz Gornicki Date: Tue, 2 Apr 2024 20:42:08 +0200 Subject: [PATCH 2/2] ci: fix windows issues in few workflows (#280) --- .github/workflows/if-go-pr-testing.yml | 2 ++ .github/workflows/if-nodejs-pr-testing.yml | 5 +++-- .github/workflows/if-nodejs-release.yml | 10 +++++++++- .github/workflows/if-nodejs-version-bump.yml | 2 +- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/workflows/if-go-pr-testing.yml b/.github/workflows/if-go-pr-testing.yml index 58e3b2b7..ca29021f 100644 --- a/.github/workflows/if-go-pr-testing.yml +++ b/.github/workflows/if-go-pr-testing.yml @@ -30,6 +30,7 @@ jobs: id: should_run name: Should Run run: echo "shouldrun=true" >> $GITHUB_OUTPUT + shell: bash - if: steps.should_run.outputs.shouldrun == 'true' name: Checkout repository uses: actions/checkout@v3 @@ -74,6 +75,7 @@ jobs: id: should_run name: Should Run run: echo "shouldrun=true" >> $GITHUB_OUTPUT + shell: bash - if: steps.should_run.outputs.shouldrun == 'true' name: Checkout repository uses: actions/checkout@v3 diff --git a/.github/workflows/if-nodejs-pr-testing.yml b/.github/workflows/if-nodejs-pr-testing.yml index 9ce9f9a1..75eaaac7 100644 --- a/.github/workflows/if-nodejs-pr-testing.yml +++ b/.github/workflows/if-nodejs-pr-testing.yml @@ -33,6 +33,7 @@ jobs: id: should_run name: Should Run run: echo "shouldrun=true" >> $GITHUB_OUTPUT + shell: bash - if: steps.should_run.outputs.shouldrun == 'true' name: Set git to use LF #to once and for all finish neverending fight between Unix and Windows run: | @@ -60,13 +61,13 @@ jobs: - if: steps.packagejson.outputs.exists == 'true' name: Install dependencies id: first-installation - run: npm install --loglevel verbose + run: npm ci continue-on-error: true - if: steps.first-installation.outputs.status == 'failure' && steps.packagejson.outputs.exists == 'true' name: Clear NPM cache and install deps again run: | npm cache clean --force - npm install --loglevel verbose + npm ci - if: steps.packagejson.outputs.exists == 'true' name: Test run: npm test --if-present diff --git a/.github/workflows/if-nodejs-release.yml b/.github/workflows/if-nodejs-release.yml index 4938a37d..fbad21df 100644 --- a/.github/workflows/if-nodejs-release.yml +++ b/.github/workflows/if-nodejs-release.yml @@ -85,6 +85,7 @@ jobs: - name: Check if Node.js project and has package.json id: packagejson run: test -e ./package.json && echo "exists=true" >> $GITHUB_OUTPUT || echo "exists=false" >> $GITHUB_OUTPUT + shell: bash - if: steps.packagejson.outputs.exists == 'true' name: Check package-lock version uses: asyncapi/.github/.github/actions/get-node-version-from-package-lock@master @@ -98,7 +99,14 @@ jobs: cache-dependency-path: '**/package-lock.json' - if: steps.packagejson.outputs.exists == 'true' name: Install dependencies - run: npm install + id: first-installation + run: npm ci + continue-on-error: true + - if: steps.first-installation.outputs.status == 'failure' && steps.packagejson.outputs.exists == 'true' + name: Clear NPM cache and install deps again + run: | + npm cache clean --force + npm ci - if: steps.packagejson.outputs.exists == 'true' name: Add plugin for conventional commits for semantic-release run: npm install --save-dev conventional-changelog-conventionalcommits@5.0.0 diff --git a/.github/workflows/if-nodejs-version-bump.yml b/.github/workflows/if-nodejs-version-bump.yml index 7e27f90b..36847d80 100644 --- a/.github/workflows/if-nodejs-version-bump.yml +++ b/.github/workflows/if-nodejs-version-bump.yml @@ -37,7 +37,7 @@ jobs: cache-dependency-path: '**/package-lock.json' - if: steps.packagejson.outputs.exists == 'true' name: Install dependencies - run: npm install + run: npm ci - if: steps.packagejson.outputs.exists == 'true' name: Assets generation run: npm run generate:assets --if-present