chore(ci): move to reusable workflows
This commit is contained in:
		
							
								
								
									
										168
									
								
								.gitea/workflows-disabled/release.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										168
									
								
								.gitea/workflows-disabled/release.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,168 @@ | |||||||
|  | name: Release | ||||||
|  | on: | ||||||
|  |   schedule: | ||||||
|  |     - cron: "0 9 * * 0" | ||||||
|  |   issue_comment: | ||||||
|  |     types: [created] | ||||||
|  |  | ||||||
|  | jobs: | ||||||
|  |   manual_trigger: | ||||||
|  |     name: Manual Trigger Cleanup | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     if: ${{ gitea.event_name == 'issue_comment' }} | ||||||
|  |     steps: | ||||||
|  |       - name: Log event metadata | ||||||
|  |         run: | | ||||||
|  |           echo "Issue: ${{ gitea.event.issue.number }}" | ||||||
|  |           echo "Comment: ${{ gitea.event.comment.body }}" | ||||||
|  |           echo "User: ${{ gitea.event.comment.user.login }}" | ||||||
|  |  | ||||||
|  |       - name: Stop workflow if required conditions are not met | ||||||
|  |         if: ${{ !contains(gitea.event.issue.number, '329') || !contains(gitea.event.comment.body, '/trigger-release') || !contains(gitea.event.comment.user.login, 'luke') }} | ||||||
|  |         run: exit 1 | ||||||
|  |  | ||||||
|  |       - name: Delete issue comment | ||||||
|  |         run: | | ||||||
|  |           curl -X DELETE \ | ||||||
|  |             -H "Authorization: token ${{ gitea.token }}" \ | ||||||
|  |             "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/comments/${{ gitea.event.comment.id }}" | ||||||
|  |  | ||||||
|  |   # test: | ||||||
|  |   #   name: Unit Test | ||||||
|  |   #   uses: https://git.tainton.uk/public/roboluke-tasks/.gitea/workflows/ci.yml@main | ||||||
|  |   #   continue-on-error: true | ||||||
|  |  | ||||||
|  |   create_release: | ||||||
|  |     name: Create Release | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     # needs: test | ||||||
|  |     outputs: | ||||||
|  |       release_name: ${{ steps.get_next_version.outputs.tag }} | ||||||
|  |     steps: | ||||||
|  |       - name: Check out repository | ||||||
|  |         uses: actions/checkout@v4.2.2 | ||||||
|  |         with: | ||||||
|  |           fetch-depth: 0 | ||||||
|  |  | ||||||
|  |       - name: Changes since last tag | ||||||
|  |         id: changes | ||||||
|  |         run: | | ||||||
|  |           rm -f .changes | ||||||
|  |           git log $(git describe --tags --abbrev=0)..HEAD --no-merges --oneline >> .changes | ||||||
|  |           cat .changes | ||||||
|  |  | ||||||
|  |       - name: Check for changes | ||||||
|  |         run: | | ||||||
|  |           if [[ -z $(grep '[^[:space:]]' .changes) ]] ; then | ||||||
|  |             echo "changes=false" | ||||||
|  |             echo "changes=false" >> "$GITEA_OUTPUT" | ||||||
|  |           else | ||||||
|  |             echo "changes=true" | ||||||
|  |             echo "changes=true" >> "$GITEA_OUTPUT" | ||||||
|  |           fi | ||||||
|  |  | ||||||
|  |       - name: Cancel if no changes | ||||||
|  |         if: steps.changes.outputs.changes == 'false' | ||||||
|  |         run: exit 1 | ||||||
|  |  | ||||||
|  |       - name: Set server URL | ||||||
|  |         id: set_srvurl | ||||||
|  |         run: | | ||||||
|  |           SRVURL=$(echo "${{ gitea.server_url }}" | sed 's/https:\/\/\(.*\)/\1/') | ||||||
|  |           echo "srvurl=$SRVURL" >> "$GITEA_OUTPUT" | ||||||
|  |  | ||||||
|  |       - name: Get next version | ||||||
|  |         uses: TriPSs/conventional-changelog-action@v6 | ||||||
|  |         id: get_next_version | ||||||
|  |         with: | ||||||
|  |           git-url: ${{ steps.set_srvurl.outputs.srvurl }} | ||||||
|  |           github-token: ${{ gitea.token }} | ||||||
|  |           preset: "conventionalcommits" | ||||||
|  |           # preset: "angular"  # This is the default | ||||||
|  |           skip-commit: true | ||||||
|  |           release-count: 1 | ||||||
|  |           output-file: false | ||||||
|  |           create-summary: true | ||||||
|  |           skip-on-empty: true | ||||||
|  |           skip-version-file: true | ||||||
|  |           skip-tag: true | ||||||
|  |  | ||||||
|  |       - name: Create release | ||||||
|  |         run: | | ||||||
|  |           curl -s -X POST \ | ||||||
|  |             -H "Authorization: token ${{ secrets.ACTIONS_TOKEN }}" \ | ||||||
|  |             -H "accept: application/json" \ | ||||||
|  |             -H "Content-Type: application/json" \ | ||||||
|  |             -d "{\"tag_name\": \"${{ steps.get_next_version.outputs.tag }}\", \"name\": \"${{ steps.get_next_version.outputs.tag }}\", \"body\": \"${{ steps.get_next_version.outputs.changelog }}\"}" \ | ||||||
|  |             "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases" | ||||||
|  |  | ||||||
|  |   build_docker: | ||||||
|  |     name: Build Docker Images | ||||||
|  |     needs: create_release | ||||||
|  |     steps: | ||||||
|  |       - name: Update Docker configuration | ||||||
|  |         continue-on-error: true | ||||||
|  |         run: | | ||||||
|  |           mkdir -p /etc/default | ||||||
|  |           mkdir -p /etc/docker | ||||||
|  |           touch -a /etc/default/docker | ||||||
|  |           touch -a /etc/docker/daemon.json | ||||||
|  |           echo "DOCKER_OPTS=\"--insecure-registry ${{ vars.PACKAGES_REGISTRY_URL }}\"" >> /etc/default/docker | ||||||
|  |           echo "{\"insecure-registries\": [\"${{ vars.PACKAGES_REGISTRY_URL }}\"]}" > /etc/docker/daemon.json | ||||||
|  |  | ||||||
|  |       - name: Check out repository | ||||||
|  |         uses: actions/checkout@v4 | ||||||
|  |         with: | ||||||
|  |           fetch-depth: 0 | ||||||
|  |           ref: ${{ needs.create_release.outputs.release_name }} | ||||||
|  |  | ||||||
|  |       - name: Set up Docker Buildx | ||||||
|  |         uses: docker/setup-buildx-action@v3 | ||||||
|  |  | ||||||
|  |       - name: Log in to Gitea Container Registry | ||||||
|  |         uses: docker/login-action@v3 | ||||||
|  |         with: | ||||||
|  |           registry: ${{ vars.PACKAGES_REGISTRY_URL }} | ||||||
|  |           username: ${{ vars.ACTIONS_USERNAME }} | ||||||
|  |           password: ${{ secrets.ACTIONS_TOKEN }} | ||||||
|  |  | ||||||
|  |       - name: Log in to GitHub Container Registry | ||||||
|  |         uses: docker/login-action@v3 | ||||||
|  |         with: | ||||||
|  |           registry: ghcr.io | ||||||
|  |           username: ${{ vars.GHCR_USERNAME }} | ||||||
|  |           password: ${{ secrets.GHCR_TOKEN }} | ||||||
|  |  | ||||||
|  |       - name: Extract metadata (tags, labels) for Docker | ||||||
|  |         id: meta | ||||||
|  |         uses: docker/metadata-action@v5 | ||||||
|  |         with: | ||||||
|  |           images: | | ||||||
|  |             ghcr.io/${{ vars.GHCR_USERNAME }}/roboluke-tasks | ||||||
|  |             ${{ vars.PACKAGES_REGISTRY_URL }}/${{ gitea.repository }} | ||||||
|  |           tags: type=semver,pattern=v{{version}},value=${{ needs.create_release.outputs.release_name }} | ||||||
|  |  | ||||||
|  |       - name: Print metadata | ||||||
|  |         run: | | ||||||
|  |           printf "Annotations:\n${{ steps.meta.outputs.annotations }}" | ||||||
|  |           echo "" | ||||||
|  |           printf "Labels:\n${{ steps.meta.outputs.labels }}" | ||||||
|  |           echo "" | ||||||
|  |           printf "Tags:\n${{ steps.meta.outputs.tags }}" | ||||||
|  |  | ||||||
|  |       - name: Build images | ||||||
|  |         uses: docker/build-push-action@v6 | ||||||
|  |         with: | ||||||
|  |           context: . | ||||||
|  |           push: false | ||||||
|  |           load: true | ||||||
|  |           annotations: ${{ steps.meta.outputs.annotations }} | ||||||
|  |           labels: ${{ steps.meta.outputs.labels }} | ||||||
|  |           tags: ${{ steps.meta.outputs.tags }} | ||||||
|  |  | ||||||
|  |       - name: Push images | ||||||
|  |         run: | | ||||||
|  |           strtags="${{ steps.meta.outputs.tags }}" | ||||||
|  |           readarray -t lines <<<"$strtags" | ||||||
|  |           for element in "${lines[@]}"; do docker push "$element"; done | ||||||
|  |           unset strtags lines | ||||||
| @@ -2,72 +2,12 @@ name: CI | |||||||
| on: | on: | ||||||
|   pull_request: |   pull_request: | ||||||
|     types: [opened, synchronize, reopened] |     types: [opened, synchronize, reopened] | ||||||
|     paths-ignore: |  | ||||||
|       - "README.md" |  | ||||||
|       - "LICENSE.md" |  | ||||||
|       - ".gitignore" |  | ||||||
|       - "renovate.json" |  | ||||||
|       - ".gitea/CODEOWNERS" |  | ||||||
|       - ".archive" |  | ||||||
|  |  | ||||||
| jobs: | jobs: | ||||||
|   ci: |   ci: | ||||||
|     runs-on: ubuntu-latest |     uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/ci-python-uv-with-docker.yml | ||||||
|     steps: |  | ||||||
|       - name: Check out repository code |  | ||||||
|         uses: actions/checkout@v4.2.2 |  | ||||||
|     with: |     with: | ||||||
|           fetch-depth: 0 |       python-version: 3.13 | ||||||
|  |     secrets: | ||||||
|       - name: Run Hadolint |  | ||||||
|         uses: hadolint/hadolint-action@v3.1.0 |  | ||||||
|         with: |  | ||||||
|           dockerfile: Dockerfile |  | ||||||
|           output-file: hadolint.out |  | ||||||
|           format: sonarqube |  | ||||||
|           no-fail: true |  | ||||||
|  |  | ||||||
|       - name: Setup Python |  | ||||||
|         uses: actions/setup-python@v5 |  | ||||||
|         with: |  | ||||||
|           python-version: "${{ vars.PYTHON_VERSION }}" |  | ||||||
|  |  | ||||||
|       - name: uv cache |  | ||||||
|         uses: actions/cache@v4 |  | ||||||
|         with: |  | ||||||
|           path: /tmp/.uv-cache |  | ||||||
|           key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} |  | ||||||
|           restore-keys: | |  | ||||||
|             uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} |  | ||||||
|             uv-${{ runner.os }} |  | ||||||
|  |  | ||||||
|       - name: Install dependencies |  | ||||||
|         run: uv sync |  | ||||||
|  |  | ||||||
|       - name: Lint |  | ||||||
|         run: | |  | ||||||
|           uv run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/ |  | ||||||
|           cat lintreport.txt |  | ||||||
|  |  | ||||||
|       - name: Unit Test |  | ||||||
|         run: | |  | ||||||
|           uv run coverage run -m pytest -v --junitxml=testresults.xml |  | ||||||
|           uv run coverage xml |  | ||||||
|           sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml |  | ||||||
|  |  | ||||||
|       - name: Minimize uv cache |  | ||||||
|         run: uv cache prune --ci |  | ||||||
|  |  | ||||||
|       - name: SonarQube Cloud Scan |  | ||||||
|         uses: SonarSource/sonarqube-scan-action@v4.2.1 |  | ||||||
|         env: |  | ||||||
|       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||||||
|  |  | ||||||
|       - name: Snyk Vulnerability Scan |  | ||||||
|         uses: snyk/actions/python@master |  | ||||||
|         continue-on-error: true # Sometimes vulns aren't immediately fixable |  | ||||||
|         env: |  | ||||||
|       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} |       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | ||||||
|         with: |  | ||||||
|           command: snyk |  | ||||||
|           args: test --all-projects |  | ||||||
|   | |||||||
| @@ -1,168 +1,26 @@ | |||||||
| name: Release | name: Release | ||||||
| on: | on: | ||||||
|  |   workflow_dispatch: | ||||||
|   schedule: |   schedule: | ||||||
|     - cron: "0 9 * * 0" |     - cron: "0 9 * * 0" | ||||||
|   issue_comment: |  | ||||||
|     types: [created] |  | ||||||
|  |  | ||||||
| jobs: | jobs: | ||||||
|   manual_trigger: |   test: | ||||||
|     name: Manual Trigger Cleanup |     uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/ci-python-uv-with-docker.yml | ||||||
|     runs-on: ubuntu-latest |     with: | ||||||
|     if: ${{ gitea.event_name == 'issue_comment' }} |       python-version: 3.13 | ||||||
|     steps: |     secrets: | ||||||
|       - name: Log event metadata |       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||||||
|         run: | |       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | ||||||
|           echo "Issue: ${{ gitea.event.issue.number }}" |  | ||||||
|           echo "Comment: ${{ gitea.event.comment.body }}" |  | ||||||
|           echo "User: ${{ gitea.event.comment.user.login }}" |  | ||||||
|  |  | ||||||
|       - name: Stop workflow if required conditions are not met |  | ||||||
|         if: ${{ !contains(gitea.event.issue.number, '329') || !contains(gitea.event.comment.body, '/trigger-release') || !contains(gitea.event.comment.user.login, 'luke') }} |  | ||||||
|         run: exit 1 |  | ||||||
|  |  | ||||||
|       - name: Delete issue comment |  | ||||||
|         run: | |  | ||||||
|           curl -X DELETE \ |  | ||||||
|             -H "Authorization: token ${{ gitea.token }}" \ |  | ||||||
|             "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/comments/${{ gitea.event.comment.id }}" |  | ||||||
|  |  | ||||||
|   # test: |  | ||||||
|   #   name: Unit Test |  | ||||||
|   #   uses: https://git.tainton.uk/public/roboluke-tasks/.gitea/workflows/ci.yml@main |  | ||||||
|   #   continue-on-error: true |  | ||||||
|  |  | ||||||
|   create_release: |   create_release: | ||||||
|     name: Create Release |     name: Create Release | ||||||
|     runs-on: ubuntu-latest |     uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/create-release.yml | ||||||
|     # needs: test |  | ||||||
|     outputs: |  | ||||||
|       release_name: ${{ steps.get_next_version.outputs.tag }} |  | ||||||
|     steps: |  | ||||||
|       - name: Check out repository |  | ||||||
|         uses: actions/checkout@v4.2.2 |  | ||||||
|         with: |  | ||||||
|           fetch-depth: 0 |  | ||||||
|  |  | ||||||
|       - name: Changes since last tag |   create_docker: | ||||||
|         id: changes |     name: Create Docker Image | ||||||
|         run: | |  | ||||||
|           rm -f .changes |  | ||||||
|           git log $(git describe --tags --abbrev=0)..HEAD --no-merges --oneline >> .changes |  | ||||||
|           cat .changes |  | ||||||
|  |  | ||||||
|       - name: Check for changes |  | ||||||
|         run: | |  | ||||||
|           if [[ -z $(grep '[^[:space:]]' .changes) ]] ; then |  | ||||||
|             echo "changes=false" |  | ||||||
|             echo "changes=false" >> "$GITEA_OUTPUT" |  | ||||||
|           else |  | ||||||
|             echo "changes=true" |  | ||||||
|             echo "changes=true" >> "$GITEA_OUTPUT" |  | ||||||
|           fi |  | ||||||
|  |  | ||||||
|       - name: Cancel if no changes |  | ||||||
|         if: steps.changes.outputs.changes == 'false' |  | ||||||
|         run: exit 1 |  | ||||||
|  |  | ||||||
|       - name: Set server URL |  | ||||||
|         id: set_srvurl |  | ||||||
|         run: | |  | ||||||
|           SRVURL=$(echo "${{ gitea.server_url }}" | sed 's/https:\/\/\(.*\)/\1/') |  | ||||||
|           echo "srvurl=$SRVURL" >> "$GITEA_OUTPUT" |  | ||||||
|  |  | ||||||
|       - name: Get next version |  | ||||||
|         uses: TriPSs/conventional-changelog-action@v6 |  | ||||||
|         id: get_next_version |  | ||||||
|         with: |  | ||||||
|           git-url: ${{ steps.set_srvurl.outputs.srvurl }} |  | ||||||
|           github-token: ${{ gitea.token }} |  | ||||||
|           preset: "conventionalcommits" |  | ||||||
|           # preset: "angular"  # This is the default |  | ||||||
|           skip-commit: true |  | ||||||
|           release-count: 1 |  | ||||||
|           output-file: false |  | ||||||
|           create-summary: true |  | ||||||
|           skip-on-empty: true |  | ||||||
|           skip-version-file: true |  | ||||||
|           skip-tag: true |  | ||||||
|  |  | ||||||
|       - name: Create release |  | ||||||
|         run: | |  | ||||||
|           curl -s -X POST \ |  | ||||||
|             -H "Authorization: token ${{ secrets.ACTIONS_TOKEN }}" \ |  | ||||||
|             -H "accept: application/json" \ |  | ||||||
|             -H "Content-Type: application/json" \ |  | ||||||
|             -d "{\"tag_name\": \"${{ steps.get_next_version.outputs.tag }}\", \"name\": \"${{ steps.get_next_version.outputs.tag }}\", \"body\": \"${{ steps.get_next_version.outputs.changelog }}\"}" \ |  | ||||||
|             "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases" |  | ||||||
|  |  | ||||||
|   build_docker: |  | ||||||
|     name: Build Docker Images |  | ||||||
|     needs: create_release |     needs: create_release | ||||||
|     steps: |     if: ${{ needs.create_release.outputs.success == 'true' }} | ||||||
|       - name: Update Docker configuration |     uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/build-push-docker.yml | ||||||
|         continue-on-error: true |  | ||||||
|         run: | |  | ||||||
|           mkdir -p /etc/default |  | ||||||
|           mkdir -p /etc/docker |  | ||||||
|           touch -a /etc/default/docker |  | ||||||
|           touch -a /etc/docker/daemon.json |  | ||||||
|           echo "DOCKER_OPTS=\"--insecure-registry ${{ vars.PACKAGES_REGISTRY_URL }}\"" >> /etc/default/docker |  | ||||||
|           echo "{\"insecure-registries\": [\"${{ vars.PACKAGES_REGISTRY_URL }}\"]}" > /etc/docker/daemon.json |  | ||||||
|  |  | ||||||
|       - name: Check out repository |  | ||||||
|         uses: actions/checkout@v4 |  | ||||||
|     with: |     with: | ||||||
|           fetch-depth: 0 |       release: ${{ needs.create_release.outputs.release_name }} | ||||||
|           ref: ${{ needs.create_release.outputs.release_name }} |  | ||||||
|  |  | ||||||
|       - name: Set up Docker Buildx |  | ||||||
|         uses: docker/setup-buildx-action@v3 |  | ||||||
|  |  | ||||||
|       - name: Log in to Gitea Container Registry |  | ||||||
|         uses: docker/login-action@v3 |  | ||||||
|         with: |  | ||||||
|           registry: ${{ vars.PACKAGES_REGISTRY_URL }} |  | ||||||
|           username: ${{ vars.ACTIONS_USERNAME }} |  | ||||||
|           password: ${{ secrets.ACTIONS_TOKEN }} |  | ||||||
|  |  | ||||||
|       - name: Log in to GitHub Container Registry |  | ||||||
|         uses: docker/login-action@v3 |  | ||||||
|         with: |  | ||||||
|           registry: ghcr.io |  | ||||||
|           username: ${{ vars.GHCR_USERNAME }} |  | ||||||
|           password: ${{ secrets.GHCR_TOKEN }} |  | ||||||
|  |  | ||||||
|       - name: Extract metadata (tags, labels) for Docker |  | ||||||
|         id: meta |  | ||||||
|         uses: docker/metadata-action@v5 |  | ||||||
|         with: |  | ||||||
|           images: | |  | ||||||
|             ghcr.io/${{ vars.GHCR_USERNAME }}/roboluke-tasks |  | ||||||
|             ${{ vars.PACKAGES_REGISTRY_URL }}/${{ gitea.repository }} |  | ||||||
|           tags: type=semver,pattern=v{{version}},value=${{ needs.create_release.outputs.release_name }} |  | ||||||
|  |  | ||||||
|       - name: Print metadata |  | ||||||
|         run: | |  | ||||||
|           printf "Annotations:\n${{ steps.meta.outputs.annotations }}" |  | ||||||
|           echo "" |  | ||||||
|           printf "Labels:\n${{ steps.meta.outputs.labels }}" |  | ||||||
|           echo "" |  | ||||||
|           printf "Tags:\n${{ steps.meta.outputs.tags }}" |  | ||||||
|  |  | ||||||
|       - name: Build images |  | ||||||
|         uses: docker/build-push-action@v6 |  | ||||||
|         with: |  | ||||||
|           context: . |  | ||||||
|           push: false |  | ||||||
|           load: true |  | ||||||
|           annotations: ${{ steps.meta.outputs.annotations }} |  | ||||||
|           labels: ${{ steps.meta.outputs.labels }} |  | ||||||
|           tags: ${{ steps.meta.outputs.tags }} |  | ||||||
|  |  | ||||||
|       - name: Push images |  | ||||||
|         run: | |  | ||||||
|           strtags="${{ steps.meta.outputs.tags }}" |  | ||||||
|           readarray -t lines <<<"$strtags" |  | ||||||
|           for element in "${lines[@]}"; do docker push "$element"; done |  | ||||||
|           unset strtags lines |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user