From 984f4cfa24ee7e421bb1fbdf5907ae60375cf9ef Mon Sep 17 00:00:00 2001 From: seth Date: Mon, 29 Jul 2024 04:53:25 -0400 Subject: use github contents api for image urls + summer cleaning (#253) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * nix: alejandra -> nixfmt-rfc-style * nix: pre-commit-hooks -> treefmt-nix * nix: use corepack * ci: cleanup workflows * ci: use better dependabot scopes * gitignore: extend with github templates * remove teawie-archive submodule * pnpm: 8.8.0 -> 9.6.0 * nix: add nrr to shell * nix: add node lsps to shell * use github contents api for image urls * ci: cleanup workflows * nix: add ci shell * `octokit` -> `fetch` & cache responses * nix: use nixpkgs wrangler * nix: update flake.lock Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d9c0b9d611277e42e6db055636ba0409c59db6d2' (2024-07-05) → 'github:NixOS/nixpkgs/038fb464fcfa79b4f08131b07f2d8c9a6bcc4160' (2024-07-28) * tsconfig: use strictest * adopt openapi * package.json: rename to teawie-api * nix: add treefmt to ci shell * ci: add release gate --- .github/dependabot.yml | 5 +++ .github/workflows/autobot.yaml | 10 +++--- .github/workflows/ci.yaml | 65 ++++++++++++++++++------------------- .github/workflows/codeql.yaml | 9 ++--- .github/workflows/eslint.yaml | 30 ++++++++--------- .github/workflows/update-flake.yaml | 3 +- 6 files changed, 65 insertions(+), 57 deletions(-) (limited to '.github') diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fa9c837..005ad67 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,7 +5,12 @@ updates: directory: "/" schedule: interval: "weekly" + commit-message: + prefix: "ci" + - package-ecosystem: "npm" directory: "/" schedule: interval: "weekly" + commit-message: + prefix: "node_modules" diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml index 450e5d2..4e74d0a 100644 --- a/.github/workflows/autobot.yaml +++ b/.github/workflows/autobot.yaml @@ -4,23 +4,25 @@ on: pull_request jobs: automerge: + name: Check and merge PR + if: github.actor == 'dependabot[bot]' + runs-on: ubuntu-latest permissions: contents: write pull-requests: write - if: github.actor == 'dependabot[bot]' - steps: - - uses: dependabot/fetch-metadata@v2 + - name: Fetch metadata + uses: dependabot/fetch-metadata@v2 id: metadata with: github-token: ${{ github.token }} - name: Enable auto-merge if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' - run: gh pr merge --auto --rebase "$PR" + run: gh pr merge --auto --squash "$PR" env: GH_TOKEN: ${{ github.token }} PR: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ef649d9..b77ed84 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -6,49 +6,48 @@ on: jobs: build: - runs-on: "ubuntu-latest" + name: Build - steps: - - uses: actions/checkout@v4 - with: - submodules: recursive + runs-on: ubuntu-latest - - name: Setup pnpm - uses: pnpm/action-setup@v4 + steps: + - name: Checkout repository + uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: pnpm - cache-dependency-path: pnpm-lock.yaml + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v13 - - name: Install dependencies - run: pnpm install --frozen-lockfile + - name: Install Dependencies + run: nix develop .#ci --command pnpm install --frozen-lockfile - name: Run build - run: pnpm build + run: nix develop .#ci --command nrr build + + treefmt: + name: Treefmt - format: - runs-on: "ubuntu-latest" + runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - with: - submodules: recursive + - name: Checkout repository + uses: actions/checkout@v4 - - name: Setup pnpm - uses: pnpm/action-setup@v4 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v13 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: pnpm - cache-dependency-path: pnpm-lock.yaml + - name: Run checks + run: | + nix develop .#ci --command treefmt --fail-on-change - - name: Install dependencies - run: pnpm install --frozen-lockfile + release-gate: + name: CI Release gate + needs: [build, treefmt] - - name: Run Prettier - run: pnpm exec prettier --check . + if: always() + + runs-on: ubuntu-latest + + steps: + - name: Exit with error + if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') + run: exit 1 diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index c8dfaf4..9d82771 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -1,14 +1,14 @@ name: CodeQL on: - push: - branches: ["main"] pull_request: + workflow_dispatch: jobs: codeql: name: Run CodeQL scan - runs-on: "ubuntu-latest" + + runs-on: ubuntu-latest permissions: security-events: write @@ -17,7 +17,8 @@ jobs: LANGUAGE: "javascript-typescript" steps: - - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@v4 - name: Initialize CodeQL uses: github/codeql-action/init@v3 diff --git a/.github/workflows/eslint.yaml b/.github/workflows/eslint.yaml index 4cecab1..0a6f7ce 100644 --- a/.github/workflows/eslint.yaml +++ b/.github/workflows/eslint.yaml @@ -3,37 +3,37 @@ name: ESLint on: push: branches: [main] + paths: + - "**.ts" + - "package.json" + - "pnpm-lock.yaml" + - "tsconfig.json" pull_request: jobs: eslint: - name: Run ESLint scan + name: Run scan + runs-on: ubuntu-latest permissions: security-events: write steps: - - uses: actions/checkout@v4 - with: - submodules: recursive + - name: Checkout repository + uses: actions/checkout@v4 - - name: Setup pnpm - uses: pnpm/action-setup@v4 - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: pnpm - cache-dependency-path: pnpm-lock.yaml + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v13 - name: Install Dependencies - run: pnpm install --frozen-lockfile + run: nix develop .#ci --command pnpm install --frozen-lockfile - name: Run ESLint continue-on-error: true - run: pnpm run lint --format @microsoft/eslint-formatter-sarif --output-file /tmp/results.sarif + run: | + nix develop .#ci --command \ + nrr lint --format @microsoft/eslint-formatter-sarif --output-file /tmp/results.sarif - name: Upload Results uses: github/codeql-action/upload-sarif@v3 diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml index 33fc043..bfebbc7 100644 --- a/.github/workflows/update-flake.yaml +++ b/.github/workflows/update-flake.yaml @@ -9,6 +9,7 @@ on: jobs: update: name: Run update + runs-on: ubuntu-latest permissions: @@ -20,7 +21,7 @@ jobs: uses: actions/checkout@v4 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v12 + uses: DeterminateSystems/nix-installer-action@v13 - name: Update flake.lock & make PR uses: DeterminateSystems/update-flake-lock@v23 -- cgit v1.2.3