From b276e08064529119f22b5d5da2243e25293e404f Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sun, 17 Dec 2023 09:23:43 +0100 Subject: [PATCH] GitHub: add workflows from vyos-1x --- .github/PULL_REQUEST_TEMPLATE.md | 60 +++++++++++++++ .github/labeler.yml | 12 +++ .github/reviewers.yml | 3 + .github/workflows/auto-author-assign.yml | 27 +++++++ .github/workflows/codeql.yml | 74 +++++++++++++++++++ .github/workflows/mergifyio_backport.yml | 22 ++++++ .github/workflows/pr-conflicts.yml | 18 +++++ .github/workflows/pull-request-labels.yml | 20 +++++ .github/workflows/pull-request-management.yml | 25 +++++++ .../workflows/pull-request-message-check.yml | 23 ++++++ .github/workflows/stale.yml | 22 ++++++ 11 files changed, 306 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/labeler.yml create mode 100644 .github/reviewers.yml create mode 100644 .github/workflows/auto-author-assign.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/mergifyio_backport.yml create mode 100644 .github/workflows/pr-conflicts.yml create mode 100644 .github/workflows/pull-request-labels.yml create mode 100644 .github/workflows/pull-request-management.yml create mode 100644 .github/workflows/pull-request-message-check.yml create mode 100644 .github/workflows/stale.yml diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..93389444 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,60 @@ + + + +## Change Summary + + +## Types of changes + +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Code style update (formatting, renaming) +- [ ] Refactoring (no functional changes) +- [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component +- [ ] Other (please describe): + +## Related Task(s) + +* https://vyos.dev/Txxxx + +## Related PR(s) + + +## Component(s) name + + +## Proposed changes + + +## How to test + + +## Smoketest result + + +## Checklist: + + + +- [ ] I have read the [**CONTRIBUTING**](https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md) document +- [ ] I have linked this PR to one or more Phabricator Task(s) +- [ ] I have run the components [**SMOKETESTS**](https://github.com/vyos/vyos-1x/tree/current/smoketest/scripts/cli) if applicable +- [ ] My commit headlines contain a valid Task id +- [ ] My change requires a change to the documentation +- [ ] I have updated the documentation accordingly diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 00000000..e0b9ee43 --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,12 @@ +equuleus: + - any: + - base-branch: 'equuleus' +current: + - any: + - base-branch: 'current' +crux: + - any: + - base-branch: 'crux' +sagitta: + - any: + - base-branch: 'sagitta' diff --git a/.github/reviewers.yml b/.github/reviewers.yml new file mode 100644 index 00000000..a1647d20 --- /dev/null +++ b/.github/reviewers.yml @@ -0,0 +1,3 @@ +--- +"**/*": + - team: reviewers diff --git a/.github/workflows/auto-author-assign.yml b/.github/workflows/auto-author-assign.yml new file mode 100644 index 00000000..1a7f8ef0 --- /dev/null +++ b/.github/workflows/auto-author-assign.yml @@ -0,0 +1,27 @@ +name: "PR Triage" +on: + pull_request_target: + types: [opened, reopened, ready_for_review, locked] + +permissions: + pull-requests: write + +jobs: + # https://github.com/marketplace/actions/auto-author-assign + assign-author: + runs-on: ubuntu-latest + steps: + - name: "Assign Author to PR" + uses: toshimaru/auto-author-assign@v1.6.2 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + + # https://github.com/shufo/auto-assign-reviewer-by-files + assign_reviewer: + runs-on: ubuntu-latest + steps: + - name: Request review based on files changes and/or groups the author belongs to + uses: shufo/auto-assign-reviewer-by-files@v1.1.4 + with: + token: ${{ secrets.PR_ACTION_ASSIGN_REVIEWERS }} + config: .github/reviewers.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..c39800ac --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,74 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "current", crux, equuleus ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "current" ] + schedule: + - cron: '22 10 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/mergifyio_backport.yml b/.github/workflows/mergifyio_backport.yml new file mode 100644 index 00000000..e8d98757 --- /dev/null +++ b/.github/workflows/mergifyio_backport.yml @@ -0,0 +1,22 @@ +name: Mergifyio backport + +on: [issue_comment] + +jobs: + mergifyio_backport: + if: github.repository == 'vyos/vyatta-op' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: actions-ecosystem/action-regex-match@v2 + id: regex-match + with: + text: ${{ github.event.comment.body }} + regex: '[Mm]ergifyio backport ' + + - uses: actions-ecosystem/action-add-labels@v1 + if: ${{ steps.regex-match.outputs.match != '' }} + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + labels: backport diff --git a/.github/workflows/pr-conflicts.yml b/.github/workflows/pr-conflicts.yml new file mode 100644 index 00000000..96040cd6 --- /dev/null +++ b/.github/workflows/pr-conflicts.yml @@ -0,0 +1,18 @@ +name: "PR Conflicts checker" +on: + pull_request_target: + types: [synchronize] + +jobs: + Conflict_Check: + name: 'Check PR status: conflicts and resolution' + runs-on: ubuntu-22.04 + steps: + - name: check if PRs are dirty + uses: eps1lon/actions-label-merge-conflict@releases/2.x + with: + dirtyLabel: "state: conflict" + removeOnDirtyLabel: "state: conflict resolved" + repoToken: "${{ secrets.GITHUB_TOKEN }}" + commentOnDirty: "This pull request has conflicts, please resolve those before we can evaluate the pull request." + commentOnClean: "Conflicts have been resolved. A maintainer will review the pull request shortly." diff --git a/.github/workflows/pull-request-labels.yml b/.github/workflows/pull-request-labels.yml new file mode 100644 index 00000000..778daae3 --- /dev/null +++ b/.github/workflows/pull-request-labels.yml @@ -0,0 +1,20 @@ +--- +name: Add pull request labels + +on: + pull_request_target: + branches: + - current + - crux + - equuleus + - sagitta + +jobs: + add-pr-label: + name: Add PR Labels + runs-on: ubuntu-20.04 + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/labeler@v5.0.0-alpha.1 diff --git a/.github/workflows/pull-request-management.yml b/.github/workflows/pull-request-management.yml new file mode 100644 index 00000000..3a855c10 --- /dev/null +++ b/.github/workflows/pull-request-management.yml @@ -0,0 +1,25 @@ +--- +name: Build Pull Request Package + +on: + pull_request: + branches: + - current + - crux + - equuleus + +jobs: + j2lint: + name: Validate j2 files + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + timeout-minutes: 2 + - name: Setup J2Lint + timeout-minutes: 2 + run: | + sudo pip install git+https://github.com/aristanetworks/j2lint.git@341b5d5db86e095b622f09770cb6367a1583620e + - name: Run J2lint + timeout-minutes: 2 + run: | + j2lint $GITHUB_WORKSPACE/data diff --git a/.github/workflows/pull-request-message-check.yml b/.github/workflows/pull-request-message-check.yml new file mode 100644 index 00000000..8c206a5a --- /dev/null +++ b/.github/workflows/pull-request-message-check.yml @@ -0,0 +1,23 @@ +--- +name: Check pull request message format + +on: + pull_request: + branches: + - current + - crux + - equuleus + +jobs: + check-pr-title: + name: Check pull request title + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + timeout-minutes: 2 + - name: Install the requests library + run: pip3 install requests + - name: Check the PR title + timeout-minutes: 2 + run: | + ./scripts/check-pr-title-and-commit-messages.py '${{ github.event.pull_request.url }}' diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 00000000..2ff9ef0d --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,22 @@ +name: "Issue and PR stale management" +on: + schedule: + - cron: "0 0 * * *" + +jobs: + stale: + runs-on: ubuntu-latest + if: github.repository == 'vyos/vyatta-op' + steps: + # Issue stale management + - uses: actions/stale@v6 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + days-before-stale: 90 + days-before-close: -1 + stale-issue-message: 'This issue is stale because it has been open 90 days with no activity. The issue will be reviewed by a maintainer and may be closed' + stale-issue-label: 'state: stale' + exempt-issue-labels: 'state: accepted, state: in-progress' + stale-pr-message: 'This PR is stale because it has been open 30 days with no activity. The PR will be reviewed by a maintainer and may be closed' + stale-pr-label: 'state: stale' + exempt-pr-labels: 'state: accepted, state: in-progress'