fluencelabs/trust-graph
1
0
Fork 0
mirror of https://github.com/fluencelabs/trust-graph synced 2024-12-04 15:20:19 +00:00
Code Issues Projects Releases Wiki Activity

chore: Add release-please, renovate (#61)

Browse Source
This commit is contained in:
Anatolios Laskaris 2023-01-30 13:32:57 +02:00 committed by GitHub
parent 8e58f56190
commit 757145fffc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 272 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/actionlint.yaml vendored Normal file
View File

@ -0,0 +1,3 @@
self-hosted-runner:
labels:
- builder

36
.github/release-please/config.json vendored Normal file
View File

@ -0,0 +1,36 @@
{
"boostrap-sha": "015422efcce41530a6cd84a25091598bc459d2e6",
"release-type": "rust",
"bump-minor-pre-major": true,
"bump-patch-for-minor-pre-major": true,
"plugins": [
{
"type": "cargo-workspace",
"merge": false
},
{
"type": "linked-versions",
"groupName": "trust-graph, wasm and api",
"components": [
"trust-graph",
"trust-graph-api",
"trust-graph-wasm"
]
}
],
"packages": {
".": {
"component": "trust-graph"
},
"aqua": {
"release-type": "node",
"component": "trust-graph-api"
},
"service": {
"component": "trust-graph-wasm"
},
"keypair": {
"component": "keypair"
}
}
}

6
.github/release-please/manifest.json vendored Normal file
View File

@ -0,0 +1,6 @@
{
".": "0.3.2",
"aqua": "0.3.2",
"service": "0.3.2",
"keypair": "0.9.0"
}

38
.github/renovate.json vendored Normal file
View File

@ -0,0 +1,38 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base",
":semanticCommitTypeAll(chore)"
],
"enabledManagers": ["cargo", "npm", "github-actions", "pip_requirements"],
"rangeStrategy": "pin",
"schedule": "every weekend",
"packageRules": [
{
"matchManagers": ["cargo", "npm"],
"matchPackagePatterns": [
"@fluencelabs/.*",
"fluence-.*",
"marine-.*"
],
"semanticCommitType": "fix",
"semanticCommitScope": "deps",
"schedule": "at any time"
},
{
"matchDepTypes": ["devDependencies"],
"prPriority": -1,
"semanticCommitType": "chore",
"semanticCommitScope": "deps"
},
{
"matchUpdateTypes": ["major"],
"prConcurrentLimit": 1
},
{
"matchManagers": ["github-actions"],
"groupName": "all github-actions",
"prPriority": -1
}
]
}

6
.github/workflows/changelog_config.json vendored
View File

@ -1,6 +0,0 @@
{
"template": "## Changes since ${{FROM_TAG}}\n\n${{CHANGELOG}}\n\n${{UNCATEGORIZED}}",
"pr_template": "- #${{NUMBER}} ${{TITLE}}",
"empty_template": "## No changes since ${{FROM_TAG}}",
"sort": "DESC"
}

35
.github/workflows/lint.yml vendored Normal file
View File

@ -0,0 +1,35 @@
name: lint
on:
pull_request:
types:
- opened
- edited
- synchronize
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
jobs:
pr:
name: Validate PR title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
reviewdog:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Lint actions
uses: reviewdog/action-actionlint@v1
env:
SHELLCHECK_OPTS: "-e SC2086 -e SC2207 -e SC2128"
with:
reporter: github-pr-check
fail_on_error: true

250
.github/workflows/release.yml vendored
View File

@ -1,29 +1,66 @@
name: "publish-release" name: "release"
on: on:
push: push:
tags: branches:
- "v*" - "master"
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
jobs: jobs:
release: release-please:
name: "Publish" runs-on: ubuntu-latest
runs-on: builder
outputs:
releases-created: ${{ steps.release.outputs['releases_created'] }}
trust-graph-api-release-created: ${{ steps.release.outputs['aqua--release-created'] }}
trust-graph-release-created: ${{ steps.release.outputs['release-created'] }}
trust-graph-tag-name: ${{ steps.release.outputs['tag_name'] }}
steps: steps:
### Setup - name: Run release-please
- name: Checkout repository id: release
uses: google-github-actions/release-please-action@v3
with:
token: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }}
command: manifest
config-file: .github/release-please/config.json
manifest-file: .github/release-please/manifest.json
- name: Show output from release-please
if: steps.release.outputs.releases_created
env:
RELEASE_PLEASE_OUTPUT: ${{ toJSON(steps.release.outputs) }}
run: echo "${RELEASE_PLEASE_OUTPUT}" | jq
publish:
runs-on: builder
needs: release-please
if: needs.release-please.outputs.releases-created
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Set env - name: Import secrets
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV uses: hashicorp/vault-action@v2.4.3
- uses: actions/setup-node@v3
with: with:
node-version: "15" url: https://vault.fluence.dev
registry-url: "https://registry.npmjs.org" path: jwt/github
cache: npm role: ci
cache-dependency-path: "aqua/package-lock.json" method: jwt
jwtGithubAudience: "https://github.com/fluencelabs"
jwtTtl: 300
exportToken: false
secrets: |
kv/npmjs/fluencebot token | NODE_AUTH_TOKEN ;
kv/crates.io/fluencebot token | CARGO_REGISTRY_TOKEN
- name: Setup Rust toolchain - name: Setup Rust toolchain
uses: actions-rust-lang/setup-rust-toolchain@v1 uses: actions-rust-lang/setup-rust-toolchain@v1
@ -33,101 +70,122 @@ jobs:
with: with:
crate: marine crate: marine
- name: Build trust-graph - name: Build
working-directory: ./service
run: ./build.sh run: ./build.sh
working-directory: service
- name: Check Aqua compiles - name: Install cargo-workspaces
working-directory: ./aqua uses: baptiste0928/cargo-install@v1.3.0
run: |
npm i
npm run build
- name: Create distribution package
run: |
./builtin-package/package.sh
- name: Build Changelog
id: changelog
uses: mikepenz/release-changelog-builder-action@v1
with: with:
configuration: ".github/workflows/changelog_config.json" crate: cargo-workspaces
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
### Publish - name: Publish to crates.io
- name: Release to GitHub run: |
id: release cargo ws publish \
--no-git-commit \
--allow-dirty \
--from-git \
--skip-published \
--yes
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: "16"
registry-url: "https://registry.npmjs.org"
cache-dependency-path: "aqua/package-lock.json"
cache: "npm"
- run: npm i
working-directory: aqua
- run: npm run build
working-directory: aqua
- name: Publish to NPM registry
if: needs.release-please.outputs.trust-graph-api-release-created
run: npm publish --access public
working-directory: aqua
- name: Create builtin distribution package
if: needs.release-please.outputs.trust-graph-release-created
run: ./builtin-package/package.sh
- name: Calculate SHA256
if: needs.release-please.outputs.trust-graph-release-created
id: sha
run: |
# Calculate sha256
du -hs trust-graph.tar.gz
sha256sum trust-graph.tar.gz
sha=($(sha256sum trust-graph.tar.gz))
echo "sha256=${sha}" >> $GITHUB_OUTPUT
- name: Upload trust-graph package
if: needs.release-please.outputs.trust-graph-release-created
uses: softprops/action-gh-release@v1 uses: softprops/action-gh-release@v1
with: with:
name: trust-graph ${{ env.RELEASE_VERSION }} files: trust-graph.tar.gz
tag_name: ${{ env.RELEASE_VERSION }} tag_name: ${{ needs.release-please.outputs.trust-graph-tag-name }}
files: |
./trust-graph.tar.gz
body: ${{steps.changelog.outputs.changelog}}
draft: false
prerelease: false
fail_on_unmatched_files: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
### Publish Aqua API
- name: Publish Aqua API to NPM
run: |
npm version ${{ env.RELEASE_VERSION }}
npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
working-directory: ./aqua
## Update node-distro repo
- name: Calculate SHA256
run: |
du -hs trust-graph.tar.gz
echo $(sha256sum trust-graph.tar.gz)
echo "SHA256=$(sha256sum trust-graph.tar.gz | awk '{ print $1 }')" >> $GITHUB_ENV
- name: Get tar.gz URL
id: package-url
uses: actions/github-script@v4
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
result-encoding: string
script: |
try {
let assets = await github.repos.listReleaseAssets({
owner: context.repo.owner,
repo: context.repo.repo,
release_id: "${{ steps.release.outputs.id }}",
});
console.dir(assets);
let package = assets.data.find((a) => a.name === 'trust-graph.tar.gz');
let url = package.browser_download_url;
console.log("URL: " + url);
return url;
} catch (e) {
console.log("Err: " + e);
throw e;
}
- name: Update version in node-distro repo - name: Update version in node-distro repo
if: needs.release-please.outputs.trust-graph-release-created
uses: benc-uk/workflow-dispatch@v1 uses: benc-uk/workflow-dispatch@v1
with: with:
workflow: update_service workflow: update_service
repo: fluencelabs/node-distro repo: fluencelabs/node-distro
ref: 'main' ref: "main"
token: ${{ secrets.PERSONAL_TOKEN }} token: ${{ secrets.PERSONAL_TOKEN }}
inputs: '{ inputs: '{
"name": "trust-graph", "name": "trust-graph",
"version": "${{ env.RELEASE_VERSION }}", "version": "${{ needs.release-please.outputs.version }}",
"url": "${{ steps.package-url.outputs.result }}", "url": "https://github.com/fluencelabs/trust-graph/releases/download/${{ needs.release-please.outputs.trust-graph-tag-name }}/trust-graph.tar.gz",
"sha256": "${{ env.SHA256 }}" "sha256": "${{ steps.sha.outputs.sha256 }}"
}' }'
- name: Log notice slack:
uses: actions/github-script@v4 if: always()
name: "Notify"
runs-on: ubuntu-latest
needs:
- release-please
- publish
permissions:
contents: read
id-token: write
steps:
- uses: lwhiteley/dependent-jobs-result-check@v1
id: status
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} statuses: failure
script: | dependencies: ${{ toJSON(needs) }}
console.dir(core);
core.info("trust-graph was updated to ${{ env.RELEASE_VERSION }} in node-distro repo"); - name: Log output
run: |
echo "statuses:" "${{ steps.status.outputs.statuses }}"
echo "jobs:" "${{ steps.status.outputs.jobs }}"
echo "found any?:" "${{ steps.status.outputs.found }}"
- name: Import secrets
uses: hashicorp/vault-action@v2.4.3
with:
url: https://vault.fluence.dev
path: jwt/github
role: ci
method: jwt
jwtGithubAudience: "https://github.com/fluencelabs"
jwtTtl: 300
exportToken: false
secrets: |
kv/slack/release-please webhook | SLACK_WEBHOOK_URL
- uses: ravsamhq/notify-slack-action@v2
if: steps.status.outputs.found == 'true'
with:
status: "failure"
notification_title: "*{workflow}* has {status_message}"
message_format: "${{ steps.status.outputs.jobs }} {status_message} in <{repo_url}|{repo}>"
footer: "<{run_url}>"

25
.github/workflows/tag.yml vendored
View File

@ -1,25 +0,0 @@
name: "tag"
on:
workflow_dispatch:
jobs:
tag:
name: "Tag"
runs-on: "ubuntu-latest"
steps:
- uses: actions/checkout@v2
- name: Get branch
run: |
BRANCH=${GITHUB_REF#refs/*/}
SANITIZED=$(echo "$BRANCH" | sed -e 's/[^a-zA-Z0-9-]/-/g')
echo "BRANCH=$SANITIZED" >> $GITHUB_ENV
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5
with:
append_to_pre_release_tag: ${{ env.BRANCH }}
github_token: ${{ secrets.PERSONAL_TOKEN }}