Marco Ferrari
9d7268fb99
feat: add support for checkov to lint iac files ( #4925 )
...
- Add support to run Checkov against infrastructure as code descriptors
that are in a given (configurable) directory. Defaults to lint the
whole workspace.
- Establish a baseline for our own codebase so we don't have to fix
issues right away with this change.
2023-12-22 13:22:15 +01:00
Marco Ferrari
641c65a8c4
ci: configure release-please dry-run and changelog ( #5039 )
...
- Implement a job to preview the release notes
- Include build, ci, and dependency updates
- Add emoji to section headings to match the existing release notes
- Add documentation about how to run release-please from the CLI
2023-12-21 15:03:14 +01:00
Marco Ferrari
0bb35c3e60
ci: update prefix for dependency updates ( #5035 )
2023-12-20 19:01:01 +01:00
Marco Ferrari
d8ca23519b
build: use a base image ( #5033 )
...
- Refactor Dockerfile to use a base image so that we can reuse the cache
for the standard image and not just the base image.
- Simplify the cd workflow to take into account the Production
environment only for latest images.
2023-12-20 17:45:35 +01:00
Marco Ferrari
43dc36860c
ci: fix build cache in the cd workflow ( #5032 )
2023-12-20 16:39:19 +01:00
Marco Ferrari
238caec66e
ci: set current version to 5.7.2 ( #5031 )
...
- Set the current version to 5.7.2 in release-please manifest
- Enable cache load in cd workflow
2023-12-20 16:33:53 +01:00
Marco Ferrari
9c7046864f
ci: fix release workflow ( #5030 )
...
- Don't run the Release job with a matrix because we don't want to run
release-please and the git tag steps more than once.
- Don't get release metadata if release-please didn't create the release
yet.
- Populate the container image build cache.
- Set the starting version and commit for release-please.
2023-12-20 15:55:53 +01:00
Marco Ferrari
93b5ede1e8
ci: configure release-please ( #5016 )
...
- Configure release-please to automatically create pull requests and
releases.
- Run release-please and tag update in the CD workflow.
- Update Git tags pointing to latest, major.minor, and major versions as
part of the CD workflow.
- Remove workflows (draft-release, release) that are not necessary
anymore, and related configuration files.
- Handle automatic updates to README.md, action.yml, and action.yaml
- Mount .github to /tmp/lint/.github so super-linter finds config files,
and the GitHub Actions to lint.
2023-12-20 14:58:25 +01:00
Marco Ferrari
117318f55c
ci: don't validate dependabot commits ( #5026 )
...
Dependabot doesn't allow configuring the max commit message line length
until https://github.com/dependabot/dependabot-core/issues/2445 is
resolved, so we cannot validate Dependabot commits at this time.
2023-12-20 09:12:02 +01:00
Marco Ferrari
9db632f0e1
ci: configure commitlint ( #5014 )
...
- Check if the PR contains a single commit, and fail otherwise.
- Enable commitlint to check if commits adhere to the
conventialcommits.org spec.
- Update the the pull request template to point to the conventional
commit spec.
- Update the dependabot configuration to add the "build(...)" prefix to
commits.
2023-12-19 19:37:16 +01:00
Marco Ferrari
2d303aab53
Don't update the deployment if we didn't start it ( #4995 )
2023-12-19 11:10:53 +01:00
dependabot[bot]
54d4ca17ed
Bump github/codeql-action from 2 to 3 ( #5013 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 18:19:50 +00:00
Marco Ferrari
22b8624f61
Simplify container image build ( #4962 )
2023-12-15 11:59:36 +01:00
Marco Ferrari
22564fb65c
Switch to tflint image because tflint-bundle is deprecated ( #4990 )
...
* Switch to tflint image because tflint-bundle is deprecated
* Fix version string
* Don't copy plugins
* Don't copy plugins
* Set terraform log vars globally
* Fix tflint error
2023-12-15 09:29:34 +00:00
Marco Ferrari
e6cf8d3845
Move tests to the test directory ( #4985 )
...
* Move tests to the test directory
* Fix linting errors
* Add states back
* Add xml back
2023-12-15 08:50:35 +00:00
Marco Ferrari
e73e1bfdc3
Populate the cache with the latest image ( #4988 )
...
* Pull the latest image and print info
* Pull latest from registry to populate the cache
* Don't pull image
2023-12-15 08:22:13 +00:00
Marco Ferrari
ac4b767bd7
Reduce duplication in CI and CD workflows ( #4982 )
...
* Reduce duplication in CI and CD workflows
* Fix indentation in README
* Load token from file
* Fix instructions
* Ignore test leftovers
2023-12-12 18:53:48 +00:00
Marco Ferrari
2c548620af
Move instructions from the wiki to docs ( #4957 )
...
* Move instructions from the wiki to docs
* Add missing code
* Fix linting errors
* Fix indentation
* Don't add deleted docs back
* Remove slim readme
2023-12-12 08:41:41 +01:00
Marco Ferrari
d465382ed5
Update documentation ( #4981 )
...
* Update documentation
* Fix typos
* Update security policy
* Remove outdated instructions
* Fix list
* Add more info to config load step
* Don't test linter.yml
* Point to the cd workflow in README
* Move badge up
* Add info about Make help
---------
Co-authored-by: Zack Koppert <zkoppert@github.com>
2023-12-11 21:35:20 +00:00
dependabot[bot]
fc0bde088f
Bump actions/stale from 8 to 9 ( #4980 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 8 to 9.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/stale/compare/v8...v9 )
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zack Koppert <zkoppert@github.com>
2023-12-11 18:39:51 +00:00
Marco Ferrari
7a21f934b4
Don't forcefully validate Git repos if not needed ( #4953 )
...
* Fix find when linting non-git repos
* Remove uses
* Move safe.directory config after we set GITHUB_WORKSPACE
* Fix Git validation check
* Move 'find' test runner to makefile
* Validate vars before validating Git repo
* Validate Git repo even when VALIDATE_ALL_CODEBASE=false
* Initialize GITHUB_SHA when running locally
* Initialize safe git dirs
* Check git safe dirs error code
* Fix log level color marker
* Fix linting errors
* Fix change dir command
* Fix linting errors
* Set default branch
2023-12-07 19:07:22 +00:00
Marco Ferrari
9869638131
Validate container image labels ( #4926 )
...
* Validate labels and avoid busting the cache
* Fix validation
* Validate non-empty labels
* Add build date back
* Don't set build date
* Simplify validation script
* Enable build cache
* Setup buildx
* Dynamically set build revision and version
* Remove leftover
* Disable cache
* Add build date back
* Add build date back
* Fix linting errors
* Add checks
* Get head SHA
* Fix linting errors
* Handle merge_group
2023-12-07 14:18:47 +00:00
Marco Ferrari
879672e936
Don't write colors and logs on disk if not necessary ( #4934 )
...
* Don't write colors and logs on disk if not necessary
* Set color markers
* Fix colors
* Fix linting errors
* Fix linting errors
* Use sudo to access logs
2023-12-05 08:04:13 +00:00
Marco Ferrari
5a8805dc4f
Exit on errors when running Git ( #4889 )
...
* Exit on errors when running Git
* Skip pulling changes entirely
* Enable pipefail when generating diffs
* Cleanup
* Shallow repo check
* Echo GITHUB_SHA update
* Check if GITHUB_SHA exists before using it
* Move GITHUB_SHA validation to validation script
* Rely on cat-file return code
* Check if DEFAULT_BRANCH exists
* Change dir when checking DEFAULT_BRANCH
* Show git branches
* Don't switch branches
* Check GITHUB_SHA only when needed
* Ensure we have permissions before interacting with the repo
* Remove the DIFF_CMD variable
* Move TEST_CASE_RUN and RUN_LOCAL init up
* Validate if Git repo and if SHA exists
* Move validation function
* Change dir when getting branch names
* Move debug messages up to be less verbose
* Move branch validation in a function
* Fix linting errors
2023-12-04 09:47:49 +00:00
Marco Ferrari
a8150b40c8
Fix ts-standard configuration ( #4932 )
...
* Fix ts-standard configuration
* Fix default TYPESCRIPT_STANDARD_TSCONFIG_FILE assignment
2023-12-02 08:35:41 +00:00
Marco Ferrari
1551a9b362
Remove empty title from issue templates ( #4931 )
...
* Fix issue templates
* Update wiki link
* Remove empty title from issue forms
* Mark more fields as required
2023-12-02 08:35:25 +00:00
Marco Ferrari
df1420ce9d
Fix issue templates ( #4924 )
...
* Fix issue templates
* Update wiki link
2023-11-30 20:29:09 +00:00
Marco Ferrari
b9142fcb8a
Move dependency updates to a dedicated section ( #4898 )
...
* Move dependency updates to a dedicated section
* Don't mention 'performance' in the PR template
* Fix linting errors
2023-11-30 19:39:36 +00:00
Marco Ferrari
b32d402762
Refactor issue templates to use forms ( #4894 )
2023-11-30 08:42:05 +00:00
Marco Ferrari
3d4a31240f
Automatically handle Java dependencies updates ( #4891 )
...
* Automatically handle Java dependencies updates
* Fix commands
* Fix commands
* Fix paths
* Copy deps
2023-11-30 08:20:19 +00:00
dependabot[bot]
cebb6675c7
Bump actions/github-script from 6 to 7 ( #4879 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6 to 7.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zack Koppert <zkoppert@github.com>
2023-11-22 17:16:57 +00:00
dependabot[bot]
f3279a4414
Bump scalameta/scalafmt from 3.7.15 to v3.7.16 ( #4861 )
...
* Bump scalameta/scalafmt from 3.7.15 to v3.7.16
Bumps scalameta/scalafmt from 3.7.15 to v3.7.16.
---
updated-dependencies:
- dependency-name: scalameta/scalafmt
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
* add write permissions to workflow
* Update scala config version to match version installed
* fix indentation
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zack Koppert <zkoppert@github.com>
Co-authored-by: zkoppert <zkoppert@users.noreply.github.com>
2023-11-15 19:14:06 +00:00
Zack Koppert
071f051633
Update google java format and JDK ( #4848 )
...
* Update google java format and JDK
* update to use non-deprecated function
* update jdk to v18
* update to jdk v18
* try v17 jdk
* try v17 jdk
2023-11-10 22:46:25 -08:00
dependabot[bot]
9ac420a9a6
Bump actions/checkout from 3 to 4 ( #4807 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-31 18:34:25 +00:00
dependabot[bot]
414a5e5ce0
Bump scalameta/scalafmt from 3.7.3 to v3.7.15 ( #4790 )
...
* Bump scalameta/scalafmt from 3.7.3 to v3.7.15
Bumps scalameta/scalafmt from 3.7.3 to v3.7.15.
---
updated-dependencies:
- dependency-name: scalameta/scalafmt
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
* Create sync-scala-version.yaml
* checkout on branch instead of headless
* Update scala config version to match version installed
* Add yaml header
* rm EOL whitespace
* remove useless cat cmds
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zack Koppert <zkoppert@github.com>
Co-authored-by: zkoppert <zkoppert@users.noreply.github.com>
2023-10-28 01:49:31 +00:00
Marco Ferrari
9ee2eed763
Simplify pip requirements files ( #4796 )
2023-10-27 23:07:51 +00:00
Zack Koppert
5b4dd480f4
github-actions automerges are causing merge queue CI jobs not to get triggered. Turning this off for now
2023-10-25 16:18:08 -07:00
Marco Ferrari
fecdc81066
Fix target key in CD workflow ( #4773 )
2023-10-20 23:08:40 +00:00
Marco Ferrari
dfedd306f3
Use the same image tags in CI and CD ( #4778 )
...
* Use the same image tags in CI and CD
* Define image tag once per workflow
* Fix yq tag
* Don't quote yq to avoid literal interpretation
* yq version
* Fix yq tag
* Reduce duplication
* Fix workflow env var
* Don't remove an already removed container
2023-10-19 21:03:14 +00:00
Zack Koppert
fb9b3e2d04
Create thank_contributors.yaml ( #4775 )
...
* Create thank_contributors.yaml
* Update thank_contributors.yaml
2023-10-19 20:53:05 +00:00
Marco Ferrari
f823c56d8c
Run tests against the production image ( #4772 )
...
* Fix target key in CD workflow
* Temporarily reverting the fix, and add tests first
2023-10-19 07:20:15 +00:00
Zack Koppert
df3875c857
Revert exact version pinning ( #4761 )
2023-10-16 22:00:32 -07:00
Zack Koppert
ffa8788acd
Attempt a force push
2023-10-16 12:02:31 -07:00
Zack Koppert
808d53c16a
Check out main on release workflow
2023-10-16 11:34:31 -07:00
Zack Koppert
5f87e94299
remove EOL whitespace
2023-10-16 10:15:51 -07:00
Zack Koppert
94dc95d6a5
Fix automation for release action.yml updates
2023-10-16 09:24:34 -07:00
Zack Koppert
f76e0a23e2
Remove codecov reports ( #4737 )
...
* Remove codecov reports
* Remove Codacy Badge
2023-10-16 10:31:52 +00:00
Zack Koppert
a911653a57
Add exact version number to action.yml on release ( #4733 )
...
* Add exact version number to action.yml on release
Signed-off-by: Zack Koppert <zkoppert@github.com>
* remove trailing whitespace
---------
Signed-off-by: Zack Koppert <zkoppert@github.com>
2023-10-14 21:40:57 -07:00
Zack Koppert
4789dbb291
free up space
2023-10-14 19:07:07 -07:00
Zack Koppert
0be718e6d6
revert to ubuntu-latest runners
2023-10-14 19:04:51 -07:00