Commit graph

413 commits

Author SHA1 Message Date
Marco Ferrari
a86fbaf65e
ci: run a job on test suite success (#5687)
- Run a job after all the jobs in the dynamically built test matrix run
  to completion. This job is useful for branch protection rules that
  that need the whole test suite to run successfully.
- Fix linting issues.

Fix #5686
2024-05-24 23:09:39 +02:00
Marco Ferrari
90f3fef29d
ci: move local action test to a dedicated job (#5629) 2024-05-17 10:39:22 +02:00
Marco Ferrari
e0c8376c3a
ci: remove deployment configuration from ci (#5628)
Simplify the CI workflows by skipping GitHub deployments configuration.
We don't use deployments in any other place at the moment.
2024-05-08 07:52:30 +00:00
dependabot[bot]
2b7fe0e1c7
deps(github-actions): bump actions/upload-artifact from 4.3.2 to 4.3.3 (#5586)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-02 11:45:28 +00:00
dependabot[bot]
5d2a841f25
deps(github-actions): bump actions/download-artifact from 4.1.5 to 4.1.7 (#5587)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.5 to 4.1.7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4.1.5...v4.1.7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-02 11:45:14 +00:00
dependabot[bot]
90554b436d
deps(github-actions): bump actions/download-artifact from 4.1.4 to 4.1.5 (#5553)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-23 14:02:30 +00:00
dependabot[bot]
46a0678d46
deps(github-actions): bump actions/upload-artifact from 4.3.1 to 4.3.2 (#5554)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-23 14:02:20 +00:00
Masaya Suzuki
95fbd33daf
ci: fix a run condition in CI preview-release-notes (#5532) 2024-04-16 07:06:47 +00:00
Masaya Suzuki
a1c890c1f2
ci: do not run by pull request from fork (#5506) 2024-04-15 11:50:35 +00:00
Marco Ferrari
80bb077cfd
ci: free more space on workers (#5481)
- Delete Haskell stuff

Close #5477
2024-04-05 14:12:35 +02:00
dependabot[bot]
fd2c7cc16e
deps(github-actions): bump bobheadxi/deployments from 1.4.0 to 1.5.0 (#5460)
Bumps [bobheadxi/deployments](https://github.com/bobheadxi/deployments) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/bobheadxi/deployments/releases)
- [Commits](https://github.com/bobheadxi/deployments/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: bobheadxi/deployments
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-04 11:40:29 +00:00
dependabot[bot]
b1e59ed1d4
deps(github-actions): bump dependabot/fetch-metadata from 1 to 2 (#5449)
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1 to 2.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](https://github.com/dependabot/fetch-metadata/compare/v1...v2)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-04 11:39:14 +00:00
dependabot[bot]
9ad7a43a7d
deps(github-actions): bump docker/login-action from 3.0.0 to 3.1.0 (#5391)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3.0.0...v3.1.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 09:56:30 +00:00
dependabot[bot]
156d0463d7
deps(github-actions): bump akhilerm/tag-push-action from 2.1.0 to 2.2.0 (#5392)
Bumps [akhilerm/tag-push-action](https://github.com/akhilerm/tag-push-action) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/akhilerm/tag-push-action/releases)
- [Commits](https://github.com/akhilerm/tag-push-action/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: akhilerm/tag-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 09:56:14 +00:00
dependabot[bot]
af522a60bb
deps(github-actions): bump actions/download-artifact from 4.1.2 to 4.1.4 (#5361)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.2 to 4.1.4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4.1.2...v4.1.4)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-04 17:48:52 +00:00
Marco Ferrari
0938895582
ci: dynamically build the test matrix (#5307)
Dynamically build the matrix of tests to run so we can have each test in
its own step without having to manually maintain the test matrix.
2024-02-20 17:36:35 +00:00
Marco Ferrari
ed27c0146d
fix: github actions debug logging (#5288)
Enable debug logging when one (or more) of the following conditions is
true:

- ACTIONS_RUNNER_DEBUG is set to true
- ACTIONS_STEPS_DEBUG is set to true
- RUNNER_DEBUG is set to 1
2024-02-20 17:27:06 +00:00
Marco Ferrari
54514126f2
ci: configure git user and email (#5284)
Set Git user and email in the CD workflow to correctly push new tags.

Fix #5283
2024-02-15 11:14:55 +01:00
Marco Ferrari
6fd6830fb4
fix: initialize GitHub domain variable (#5216)
- Initialize GITHUB_DOMAIN as documented in the README
- Configure other URLs according to GITHUB_DOMAIN
- Automatically fetch SSH key fingerprints for GITHUB_DOMAINS
2024-02-09 18:45:44 +00:00
Marco Ferrari
fe6e29b685
feat: automatically set the default branch (#5242)
Get the default branch from the GitHub Actions event payload when
running on GitHub Actions. Default to 'master', as before, otherwise.
2024-02-08 08:41:07 +00:00
Marco Ferrari
20ded7178b
fix: don't print empty lines with default logging (#5238)
- Check if Stdout and Stderr have elements before printing them.
- Run the super-linter action in a dedicated step using default logging to
  inspect how the output looks during CI.
2024-02-05 18:24:07 +01:00
Marco Ferrari
5c67776f9d
ci: clone the repository before tagging (#5208)
Clone the repository in the release workflow otherwise we cannot create
tags.
2024-01-31 12:28:15 +01:00
Marco Ferrari
bcbc45aa63
ci: ignore changelog and tests when testing action (#5206)
Align FILTER_REGEX_IGNORE configuration when testing the local action to
the one we use in Makefile
2024-01-31 11:26:01 +01:00
Marco Ferrari
99e41ce451
feat: run linters in parallel (#5177) 2024-01-30 19:24:55 +00:00
dependabot[bot]
a090a4cf0e
deps(github-actions): bump peter-evans/create-issue-from-file (#5180)
Bumps [peter-evans/create-issue-from-file](https://github.com/peter-evans/create-issue-from-file) from 4 to 5.
- [Release notes](https://github.com/peter-evans/create-issue-from-file/releases)
- [Commits](https://github.com/peter-evans/create-issue-from-file/compare/v4...v5)

---
updated-dependencies:
- dependency-name: peter-evans/create-issue-from-file
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-29 20:47:29 +00:00
Marco Ferrari
3a5617235c
feat!: deprecate error_on_missing_exec_bit (#5120)
Deprecate the ERROR_ON_MISSING_EXEC_BIT variable to remove a confusing
corner case, and to align the BASH_EXEC check to how super-linter
handles other linters.
2024-01-10 22:54:13 +00:00
Marco Ferrari
2d79d17e6e
ci: fix concurrency group name (#5121)
- Add missing '$' to github.event_name
- Default to github.head_ref (pull_request event) and fall back to github.ref
  (merge_group and push events)
2024-01-10 10:05:41 +01:00
Marco Ferrari
f6bc05453b
ci: add event name to concurrency group (#5097)
In order to avoid unexpected workflow cancellations due to concurrency
configuration, add the event name to the concurrency group.`
2024-01-05 23:39:54 +01:00
Marco Ferrari
1d5ed2c386
fix: fix GITHUB_BEFORE_SHA diff on push events (#5096)
- Fix GITHUB_BEFORE_SHA initialization on push events by setting the
  correct key.
- Add an additional check against setting GITHUB_BEFORE_SHA to null.
- Run the CI workflow on push events to trigger required status checks
  when using the merge queue.
2024-01-04 22:54:47 +01:00
Marco Ferrari
3847309eca
build: remove unneeded Node dependencies (#5093)
- Remove axios, immer, ini, lodash, node-fetch that were installed to
  run Trivy reports. We can remove them because we use the Trivy action.
- Remove the Trivy workflow that was disabled anyway.
2024-01-03 16:54:06 +01:00
Marco Ferrari
59154bf97f
ci: enable auto-merge for dependabot pull requests (#5063)
Enabling auto-merge doesn't actually merge these PRs because we still
require approvals.
2023-12-24 17:20:13 +01:00
Marco Ferrari
9d7268fb99
feat: add support for checkov to lint iac files (#4925)
- Add support to run Checkov against infrastructure as code descriptors
  that are in a given (configurable) directory. Defaults to lint the
  whole workspace.
- Establish a baseline for our own codebase so we don't have to fix
  issues right away with this change.
2023-12-22 13:22:15 +01:00
Marco Ferrari
641c65a8c4
ci: configure release-please dry-run and changelog (#5039)
- Implement a job to preview the release notes
- Include build, ci, and dependency updates
- Add emoji to section headings to match the existing release notes
- Add documentation about how to run release-please from the CLI
2023-12-21 15:03:14 +01:00
Marco Ferrari
d8ca23519b
build: use a base image (#5033)
- Refactor Dockerfile to use a base image so that we can reuse the cache
  for the standard image and not just the base image.
- Simplify the cd workflow to take into account the Production
  environment only for latest images.
2023-12-20 17:45:35 +01:00
Marco Ferrari
43dc36860c
ci: fix build cache in the cd workflow (#5032) 2023-12-20 16:39:19 +01:00
Marco Ferrari
238caec66e
ci: set current version to 5.7.2 (#5031)
- Set the current version to 5.7.2 in release-please manifest
- Enable cache load in cd workflow
2023-12-20 16:33:53 +01:00
Marco Ferrari
9c7046864f
ci: fix release workflow (#5030)
- Don't run the Release job with a matrix because we don't want to run
  release-please and the git tag steps more than once.
- Don't get release metadata if release-please didn't create the release
  yet.
- Populate the container image build cache.
- Set the starting version and commit for release-please.
2023-12-20 15:55:53 +01:00
Marco Ferrari
93b5ede1e8
ci: configure release-please (#5016)
- Configure release-please to automatically create pull requests and
  releases.
- Run release-please and tag update in the CD workflow.
- Update Git tags pointing to latest, major.minor, and major versions as
  part of the CD workflow.
- Remove workflows (draft-release, release) that are not necessary
  anymore, and related configuration files.
- Handle automatic updates to README.md, action.yml, and action.yaml
- Mount .github to /tmp/lint/.github so super-linter finds config files,
  and the GitHub Actions to lint.
2023-12-20 14:58:25 +01:00
Marco Ferrari
9db632f0e1
ci: configure commitlint (#5014)
- Check if the PR contains a single commit, and fail otherwise.
- Enable commitlint to check if commits adhere to the
  conventialcommits.org spec.
- Update the the pull request template to point to the conventional
  commit spec.
- Update the dependabot configuration to add the "build(...)" prefix to
  commits.
2023-12-19 19:37:16 +01:00
Marco Ferrari
2d303aab53
Don't update the deployment if we didn't start it (#4995) 2023-12-19 11:10:53 +01:00
dependabot[bot]
54d4ca17ed
Bump github/codeql-action from 2 to 3 (#5013)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 18:19:50 +00:00
Marco Ferrari
22b8624f61
Simplify container image build (#4962) 2023-12-15 11:59:36 +01:00
Marco Ferrari
e73e1bfdc3
Populate the cache with the latest image (#4988)
* Pull the latest image and print info

* Pull latest from registry to populate the cache

* Don't pull image
2023-12-15 08:22:13 +00:00
Marco Ferrari
ac4b767bd7
Reduce duplication in CI and CD workflows (#4982)
* Reduce duplication in CI and CD workflows

* Fix indentation in README

* Load token from file

* Fix instructions

* Ignore test leftovers
2023-12-12 18:53:48 +00:00
dependabot[bot]
fc0bde088f
Bump actions/stale from 8 to 9 (#4980)
Bumps [actions/stale](https://github.com/actions/stale) from 8 to 9.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v8...v9)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zack Koppert <zkoppert@github.com>
2023-12-11 18:39:51 +00:00
Marco Ferrari
7a21f934b4
Don't forcefully validate Git repos if not needed (#4953)
* Fix find when linting non-git repos

* Remove uses

* Move safe.directory config after we set GITHUB_WORKSPACE

* Fix Git validation check

* Move 'find' test runner to makefile

* Validate vars before validating Git repo

* Validate Git repo even when VALIDATE_ALL_CODEBASE=false

* Initialize GITHUB_SHA when running locally

* Initialize safe git dirs

* Check git safe dirs error code

* Fix log level color marker

* Fix linting errors

* Fix change dir command

* Fix linting errors

* Set default branch
2023-12-07 19:07:22 +00:00
Marco Ferrari
9869638131
Validate container image labels (#4926)
* Validate labels and avoid busting the cache

* Fix validation

* Validate non-empty labels

* Add build date back

* Don't set build date

* Simplify validation script

* Enable build cache

* Setup buildx

* Dynamically set build revision and version

* Remove leftover

* Disable cache

* Add build date back

* Add build date back

* Fix linting errors

* Add checks

* Get head SHA

* Fix linting errors

* Handle merge_group
2023-12-07 14:18:47 +00:00
Marco Ferrari
879672e936
Don't write colors and logs on disk if not necessary (#4934)
* Don't write colors and logs on disk if not necessary

* Set color markers

* Fix colors

* Fix linting errors

* Fix linting errors

* Use sudo to access logs
2023-12-05 08:04:13 +00:00
Marco Ferrari
5a8805dc4f
Exit on errors when running Git (#4889)
* Exit on errors when running Git

* Skip pulling changes entirely

* Enable pipefail when generating diffs

* Cleanup

* Shallow repo check

* Echo GITHUB_SHA update

* Check if GITHUB_SHA exists before using it

* Move GITHUB_SHA validation to validation script

* Rely on cat-file return code

* Check if DEFAULT_BRANCH exists

* Change dir when checking DEFAULT_BRANCH

* Show git branches

* Don't switch branches

* Check GITHUB_SHA only when needed

* Ensure we have permissions before interacting with the repo

* Remove the DIFF_CMD variable

* Move TEST_CASE_RUN and RUN_LOCAL init up

* Validate if Git repo and if SHA exists

* Move validation function

* Change dir when getting branch names

* Move debug messages up to be less verbose

* Move branch validation in a function

* Fix linting errors
2023-12-04 09:47:49 +00:00
Marco Ferrari
a8150b40c8
Fix ts-standard configuration (#4932)
* Fix ts-standard configuration

* Fix default TYPESCRIPT_STANDARD_TSCONFIG_FILE assignment
2023-12-02 08:35:41 +00:00