From 0c657ee9858e4eb5aa1e984ab14211bb533e56d6 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 9 Sep 2024 22:13:01 +0400 Subject: [PATCH] ci: various improvements (#196) * check for dependencies weekly no need to check daily * cancel previous runs upon new push * only run cometbft-db-testing when a new tag is created * add mergify, PR and issue templates * add conventional-pr-title and markdown-linter workflows * add fast ci option * add markdownlint config files * correct config * fix codeql formatting --- .github/ISSUE_TEMPLATE.md | 4 ++ .github/PULL_REQUEST_TEMPLATE.md | 14 +++++ .github/dependabot.yml | 17 ++++-- .github/linters/markdownlint.yml | 15 +++++ .github/linters/yaml-lint.yml | 9 +++ .github/mergify.yml | 25 ++++++++ .github/workflows/ci-fast.yml | 37 ++++++++++++ .github/workflows/ci.yml | 22 ++++--- .github/workflows/codeql.yml | 67 +++++++++++---------- .github/workflows/conventional-pr-title.yml | 65 ++++++++++++++++++++ .github/workflows/docker.yml | 28 ++------- .github/workflows/govulncheck.yml | 12 ++-- .github/workflows/lint.yml | 12 ++-- .github/workflows/markdown-linter.yml | 36 +++++++++++ .github/workflows/stale.yml | 2 +- 15 files changed, 285 insertions(+), 80 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/linters/markdownlint.yml create mode 100644 .github/linters/yaml-lint.yml create mode 100644 .github/mergify.yml create mode 100644 .github/workflows/ci-fast.yml create mode 100644 .github/workflows/conventional-pr-title.yml create mode 100644 .github/workflows/markdown-linter.yml diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..13dea6c --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,4 @@ +--- +labels: needs-triage +--- + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..9428cc3 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,14 @@ + + +--- + +#### PR checklist + +- [ ] Tests written/updated +- [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8ce6974..bd2eec4 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,14 +3,23 @@ updates: - package-ecosystem: github-actions directory: "/" schedule: - interval: daily - time: "11:00" + interval: weekly + target-branch: "main" open-pull-requests-limit: 10 + labels: + - dependencies + - automerge + + ################################### + ## + ## Update All Go Dependencies + - package-ecosystem: gomod directory: "/" schedule: - interval: daily - time: "11:00" + interval: weekly + target-branch: "main" open-pull-requests-limit: 10 labels: - dependencies + - automerge diff --git a/.github/linters/markdownlint.yml b/.github/linters/markdownlint.yml new file mode 100644 index 0000000..40aa577 --- /dev/null +++ b/.github/linters/markdownlint.yml @@ -0,0 +1,15 @@ +# markdownlint configuration for Super-Linter +# - https://github.com/DavidAnson/markdownlint +# - https://github.com/github/super-linter + +# Default state for all rules +default: true + +# See https://github.com/DavidAnson/markdownlint#rules--aliases for rules +MD007: {"indent": 4} +MD013: false +MD024: {siblings_only: true} +MD025: false +MD033: {no-inline-html: false} +no-hard-tabs: false +whitespace: false diff --git a/.github/linters/yaml-lint.yml b/.github/linters/yaml-lint.yml new file mode 100644 index 0000000..e6fd77d --- /dev/null +++ b/.github/linters/yaml-lint.yml @@ -0,0 +1,9 @@ +--- +# Default rules for YAML linting from super-linter. +# See: See https://yamllint.readthedocs.io/en/stable/rules.html +extends: default +rules: + document-end: disable + document-start: disable + line-length: disable + truthy: disable diff --git a/.github/mergify.yml b/.github/mergify.yml new file mode 100644 index 0000000..f76c5f7 --- /dev/null +++ b/.github/mergify.yml @@ -0,0 +1,25 @@ +pull_request_rules: + - name: automatic approval for Dependabot pull requests + conditions: + - author=dependabot[bot] + actions: + review: + type: APPROVE + message: Automatically approving dependabot + + - name: automatically merge PR with automerge label + conditions: + - '-label=manual-backport' + - label=automerge + actions: + merge: + method: squash + + - name: Make sure PR are up to date before merging + description: >- + This automatically updates PRs when they are out-of-date with the base + branch to avoid semantic conflicts (next step is using a merge queue). + conditions: + - '-draft' + actions: + update: diff --git a/.github/workflows/ci-fast.yml b/.github/workflows/ci-fast.yml new file mode 100644 index 0000000..9ce0529 --- /dev/null +++ b/.github/workflows/ci-fast.yml @@ -0,0 +1,37 @@ +name: Test fast (no changes to Dockerfile) + +on: + pull_request: + paths-ignore: + - "tools/**" + merge_group: + push: + branches: + - main + paths-ignore: + - "tools/**" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: + test-fast: + runs-on: ubuntu-latest + container: cometbft/cometbft-db-testing + steps: + - uses: actions/checkout@v4 + + - run: echo "GO_VERSION=$(cat .github/workflows/go-version.env | grep GO_VERSION | cut -d '=' -f2)" >> $GITHUB_ENV + + - uses: actions/setup-go@v5 + with: + go-version: ${{ env.GO_VERSION }} + + - name: test & coverage report creation + run: | + NON_INTERACTIVE=1 make test-all-with-coverage + + - uses: codecov/codecov-action@v4 + with: + file: ./coverage.txt diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c6b5b08..78c6758 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,21 +2,23 @@ # make docker-test name: Test + on: + pull_request: + paths: + - tools/Dockerfile + merge_group: push: branches: - main - merge_group: - pull_request: -jobs: - cleanup-runs: - runs-on: ubuntu-latest - steps: - - uses: rokroskar/workflow-run-cleanup-action@master - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/main'" + paths: + - tools/Dockerfile +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: Test: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8b3d160..18a608b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -12,13 +12,16 @@ name: "CodeQL" on: - workflow_dispatch: + workflow_dispatch: # allow running workflow manually push: - branches: [ "main" ] + branches: ["main"] pull_request: # The branches below must be a subset of the branches above - branches: [ "main" ] - merge_group: + branches: ["main"] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} jobs: analyze: @@ -32,45 +35,45 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go' ] + language: ['go'] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Use only 'java' to analyze code written in Java, Kotlin or both # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - - name: Checkout repository - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@v4 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v3 + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v3 - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/conventional-pr-title.yml b/.github/workflows/conventional-pr-title.yml new file mode 100644 index 0000000..d58e82f --- /dev/null +++ b/.github/workflows/conventional-pr-title.yml @@ -0,0 +1,65 @@ +name: "Conventional PR Title" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +permissions: + pull-requests: write + +jobs: + main: + name: Validate PR title + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v5 + id: lint_pr_title + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + types: | + feat + fix + build + chore + ci + docs + refactor + perf + test + revert + spec + merge + + - uses: marocchino/sticky-pull-request-comment@v2 + # When the previous steps fails, the workflow would stop. By adding this + # condition you can continue the execution with the populated error message. + if: always() && (steps.lint_pr_title.outputs.error_message != null) + with: + header: pr-title-lint-error + message: | + Hey there and thank you for opening this pull request! 👋đŸŧ + + We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted. + + Details: + + ``` + ${{ steps.lint_pr_title.outputs.error_message }} + ``` + + General format: `type(scope): msg` + Breaking change: `type(scope)!: msg` + Multi-scope change: `type: msg` + Types: `feat`, `fix`, `build`, `chore`, `ci`, `docs`, `refactor`, `perf`, `test`, `revert`, `spec`, `merge`. + Example: `fix(cmd/cometbft/commands/debug): execute p.Signal only when p is not nil` + + # Delete a previous comment when the issue has been resolved + - if: ${{ steps.lint_pr_title.outputs.error_message == null }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr-title-lint-error + delete: true diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e6c6df1..1485c73 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -11,10 +11,8 @@ name: Docker testing image on: - workflow_dispatch: + workflow_dispatch: # allow running workflow manually push: - branches: - - main tags: - "v[0-9]+.[0-9]+.[0-9]+" # Push events to matching v*, i.e. v1.0, v20.15.10 - "v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+" # e.g. v0.37.0-alpha.1, v0.38.0-alpha.10 @@ -26,24 +24,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Prepare - id: prep - run: | - DOCKER_IMAGE=cometbft/cometbft-db-testing - VERSION=noop - if [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') - if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then - VERSION=latest - fi - fi - TAGS="${DOCKER_IMAGE}:${VERSION}" - if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - TAGS="$TAGS,${DOCKER_IMAGE}:${VERSION}" - fi - echo "tags=${TAGS}" >> $GITHUB_OUTPUT - name: Set up Docker Build uses: docker/setup-buildx-action@v3.6.1 @@ -60,5 +40,7 @@ jobs: context: ./tools file: ./tools/Dockerfile platforms: linux/amd64,linux/arm64 - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.prep.outputs.tags }} + push: true + tags: | + cometbft/cometbft-db-testing:latest + cometbft/cometbft-db-testing:${{ github.ref_name }} diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 9a58553..0965973 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -6,25 +6,25 @@ name: Check for Go vulnerabilities # Run `make vulncheck` from the root of the repo to run this workflow locally. on: pull_request: + merge_group: push: branches: - main - - release/** - merge_group: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} jobs: govulncheck: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - - name: Load Go version - run: echo "GO_VERSION=$(cat .github/workflows/go-version.env | grep GO_VERSION | cut -d '=' -f2)" >> $GITHUB_ENV + - run: echo "GO_VERSION=$(cat .github/workflows/go-version.env | grep GO_VERSION | cut -d '=' -f2)" >> $GITHUB_ENV - uses: actions/setup-go@v5 with: go-version: ${{ env.GO_VERSION }} - - uses: technote-space/get-diff-action@v6 with: PATTERNS: | diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8eab1a7..07b55c8 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,10 +1,15 @@ name: Lint + on: + pull_request: + merge_group: push: branches: - main - pull_request: - merge_group: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} jobs: golangci: @@ -15,8 +20,7 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Load Go version - run: echo "GO_VERSION=$(cat .github/workflows/go-version.env | grep GO_VERSION | cut -d '=' -f2)" >> $GITHUB_ENV + - run: echo "GO_VERSION=$(cat .github/workflows/go-version.env | grep GO_VERSION | cut -d '=' -f2)" >> $GITHUB_ENV - uses: actions/setup-go@v5 with: diff --git a/.github/workflows/markdown-linter.yml b/.github/workflows/markdown-linter.yml new file mode 100644 index 0000000..5add167 --- /dev/null +++ b/.github/workflows/markdown-linter.yml @@ -0,0 +1,36 @@ +name: Markdown Linter +on: + push: + branches: + - main + paths: + - "**.md" + - "**.yml" + - "**.yaml" + pull_request: + branches: [main] + paths: + - "**.md" + - "**.yml" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: + build: + name: Super linter + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + - name: Lint Code Base + uses: docker://github/super-linter:v4 + env: + VALIDATE_ALL_CODEBASE: true + DEFAULT_BRANCH: main + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + VALIDATE_MD: true + VALIDATE_OPENAPI: true + VALIDATE_YAML: true + YAML_CONFIG_FILE: yaml-lint.yml diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index b25cd59..35bfb53 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -17,4 +17,4 @@ jobs: days-before-close: -1 days-before-pr-stale: 10 days-before-pr-close: 4 - exempt-pr-labels: "pinned, security, proposal, blocked, wip" + exempt-pr-labels: "wip"