diff options
| author | seth <[email protected]> | 2024-10-09 10:59:13 -0400 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-10-09 10:59:13 -0400 |
| commit | d17bca56238e9ca326d60e58230d0d354f23bfe8 (patch) | |
| tree | 12aee4c37a1490914e6307ce1b0023be2df93105 /.github/workflows | |
| parent | 7d6495399d5e1ba429a339de1c3a00f121e89305 (diff) | |
back to astro for hopefully the last time (#146)
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/autobot.yaml | 32 | ||||
| -rw-r--r-- | .github/workflows/ci.yaml | 27 | ||||
| -rw-r--r-- | .github/workflows/codeql.yaml | 49 | ||||
| -rw-r--r-- | .github/workflows/eslint.yaml | 61 | ||||
| -rw-r--r-- | .github/workflows/update-flake.yaml | 38 |
5 files changed, 171 insertions, 36 deletions
diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml new file mode 100644 index 0000000..9c7e8f6 --- /dev/null +++ b/.github/workflows/autobot.yaml @@ -0,0 +1,32 @@ +name: Auto-merge Dependabot + +on: pull_request + +jobs: + automerge: + name: Check and merge PR + + if: github.actor == 'dependabot[bot]' + + runs-on: ubuntu-latest + + steps: + - name: Generate GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + + - name: Fetch metadata + uses: dependabot/fetch-metadata@v2 + id: metadata + with: + github-token: ${{ steps.app-token.outputs.token }} + + - name: Enable auto-merge + if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' }} + run: gh pr merge --auto --squash "$PR" + env: + PR: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index 9f1ec19..0000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,27 +0,0 @@ -name: CI - -on: - push: - branches: [main] - pull_request: - workflow_dispatch: - -jobs: - ci: - name: Build site - - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v14 - - - name: Setup cache - uses: DeterminateSystems/magic-nix-cache-action@v8 - - - name: Build site - run: | - nix build --print-build-logs diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml new file mode 100644 index 0000000..82fb9e6 --- /dev/null +++ b/.github/workflows/codeql.yaml @@ -0,0 +1,49 @@ +name: CodeQL + +on: + push: + branches: [main] + paths: + - "**.ts" + - "package.json" + - "pnpm-lock.yaml" + + - "tsconfig.json" + + - ".github/workflows/codeql.yaml" + pull_request: + paths: + - "**.ts" + - "package.json" + - "pnpm-lock.yaml" + + - "tsconfig.json" + + - ".github/workflows/codeql.yaml" + workflow_dispatch: + +jobs: + codeql: + name: Run scan + + runs-on: ubuntu-latest + + permissions: + security-events: write + + env: + LANGUAGE: "javascript-typescript" + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ env.LANGUAGE }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{ env.LANGUAGE }}" diff --git a/.github/workflows/eslint.yaml b/.github/workflows/eslint.yaml new file mode 100644 index 0000000..c5fe28c --- /dev/null +++ b/.github/workflows/eslint.yaml @@ -0,0 +1,61 @@ +name: ESLint + +on: + push: + branches: [main] + paths: + - "**.ts" + - "**.astro" + - "package.json" + - "pnpm-lock.yaml" + + - "astro.config.ts" + - "eslint.config.js" + - "tsconfig.json" + + - ".github/workflows/eslint.yaml" + pull_request: + paths: + - "**.ts" + - "**.astro" + - "package.json" + - "pnpm-lock.yaml" + + - "astro.config.ts" + - "eslint.config.js" + - "tsconfig.json" + + - ".github/workflows/eslint.yaml" + +jobs: + eslint: + name: Run scan + + runs-on: ubuntu-latest + + permissions: + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v14 + + - name: Install Dependencies + run: nix develop .#ci --command pnpm install --frozen-lockfile + + - name: Run ESLint + continue-on-error: true + run: | + nix develop .#ci --command \ + nrr lint \ + --format @microsoft/eslint-formatter-sarif \ + --output-file /tmp/results.sarif + + - name: Upload Results + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: /tmp/results.sarif + wait-for-processing: true diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml index 4e33720..4473811 100644 --- a/.github/workflows/update-flake.yaml +++ b/.github/workflows/update-flake.yaml @@ -8,22 +8,42 @@ on: jobs: update: - name: Run update - runs-on: ubuntu-latest + name: Run update & create PR - permissions: - contents: write - pull-requests: write + runs-on: ubuntu-latest steps: + - name: Generate GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + - name: Checkout repository uses: actions/checkout@v4 + with: + token: ${{ steps.app-token.outputs.token }} - name: Install Nix uses: DeterminateSystems/nix-installer-action@v14 - - name: Update flake.lock & make PR - uses: DeterminateSystems/update-flake-lock@v24 + - name: Run update + run: nix flake update + + - name: Create pull request + id: pull-request + uses: peter-evans/create-pull-request@v7 with: - commit-msg: "nix: update flake.lock" - pr-title: "nix: update flake.lock" + branch: update-flake-lock + commit-message: "nix: update flake.lock" + title: "nix: update flake.lock" + token: ${{ steps.app-token.outputs.token }} + sign-commits: true + + - name: Enable auto-merge + if: ${{ env.PR_ID != '' }} + run: gh pr merge --auto --squash "$PR_ID" + env: + PR_ID: ${{ steps.pull-request.outputs.pull-request-number }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} |