Skip to content

Commit

Permalink
chore(deps): update workflows group (#19)
Browse files Browse the repository at this point in the history 
Co-authored-by: Joss Whittle <[email protected]>
  • Loading branch information
@rdash99 @JossWhittle
rdash99 and JossWhittle authored Jul 4, 2024
1 parent 3c2a3e1 commit 2c3069d
Show file tree
Hide file tree
Showing 9 changed files with 90 additions and 102 deletions.
2 changes: 2 additions & 0 deletions .github/CODEOWNERS
View file
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
* @JossWhittle
.github/ @SwanseaUniversityMedical/devops-maintainers
32 changes: 0 additions & 32 deletions .github/labeler.yaml
View file

This file was deleted.

48 changes: 48 additions & 0 deletions .github/renovate.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
module.exports = {

// Uncomment dryRun to test exotic config options without spamming dozens of
// pull requests onto a repo that you would then need to clean up...
//dryRun: "full",

// Inherit default config options
extends: ["config:base"],
configMigration: true,

// Force use of Conventional Commit messages to avoid Renovate not detecting them
semanticCommits: "enabled",

// Disable limits on the number of pull requests that can be managed simultaneously
// since this can sometimes prevent security patches being suggested!
prHourlyLimit: 0,
prConcurrentLimit: 0,

// Tell Renovate to re-create or rebase old pull requests when new commits have
// since been merged into main...
rebaseWhen: "behind-base-branch",

// Set the default schedule for when pull requests will be created or updated.
// If Renovate is run outside of this schedule then it will skip updating pull
// requests for dependencies unless they override the schedule.
updateNotScheduled: false,
timezone: "Europe/London",
schedule: [
"after 10pm",
"before 5am"
],

// This setting helps handle breaking changes to Renovate bot when its version changes.
ignorePrAuthor: true,

// Automatically assign reviewers to pull requests based on who "owns" the source files
// that need to be updated as listed in the CODEOWNERS file in the project repo.
reviewersFromCodeOwners: true,

// Auto discovery is dangerous, never blindly trust the scope of the token!
autodiscover: false,
// Instead, explicitly list the repos that we should manage pull requests on.
// This should realistically only be one repo, the project repo you are currently in.
// The default token "should" only have access to this repo...
repositories: [
"SwanseaUniversityMedical/Guacamole",
],
};
23 changes: 5 additions & 18 deletions .github/workflows/controller-container.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,6 @@ name: Controller Container

on:
pull_request:
# Ignore PRs on branches specifically intended for other assets
branches-ignore:
- '*/guacamole-chart*'
- '*/guacamole-crds-chart*'
# Only consider PRs that change files for this asset, including ci scripts
paths:
- '.github/workflows/flake8.yaml'
Expand All @@ -18,46 +14,37 @@ on:
push:
# Only release off of release and maintenance branches for this asset
branches:
- 'maintenance/controller-container/[0-9]+.x.x'
- 'maintenance/controller-container/[0-9]+.[0-9]+.x'
- 'main'
# Only consider pushes that change files for this asset, including ci scripts
paths:
- '.github/workflows/controller-container.yaml'
- 'containers/controller/**'

permissions:
contents: write
pull-requests: read
actions: read
contents: write
pull-requests: write

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
# Needed to generate releases safely
cancel-in-progress: false
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
# Job name must be unique across repo to target
# branch protection rules "required checks" properly!
# branch protection rules "required checks" properly!!
controller-container:
uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.6.0-containers
uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v2.0.1-containers
with:
job-name: controller-container
registry: ${{ vars.HARBOR_REGISTRY }}
registry-user: ${{ vars.HARBOR_USER }}
registry-repo: ${{ vars.HARBOR_PROJECT }}/controller
release-tag-format: 'controller-container-${version}'
release-branches: |
[
'maintenance/controller-container/[0-9]+\.([0-9]+|x)\.x',
'main'
]
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
slack-channel: ${{ vars.SLACK_CHANNEL }}
build-file: containers/controller/Dockerfile
build-context: containers/controller
secrets:
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosign-password: ${{ secrets.COSIGN_PASSWORD }}
registry-token: ${{ secrets.HARBOR_TOKEN }}
slack-token: ${{ secrets.SLACK_TOKEN }}
23 changes: 5 additions & 18 deletions .github/workflows/guacamole-chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,6 @@ name: Guacamole Chart

on:
pull_request:
# Ignore PRs on branches specifically intended for other assets
branches-ignore:
- '*/controller-container*'
- '*/guacamole-crds-chart*'
# Only consider PRs that change files for this asset, including ci scripts
paths:
- '.github/workflows/guacamole-chart.yaml'
Expand All @@ -17,43 +13,35 @@ on:
push:
# Only release off of release and maintenance branches for this asset
branches:
- 'maintenance/guacamole-chart/[0-9]+.x.x'
- 'maintenance/guacamole-chart/[0-9]+.[0-9]+.x'
- 'main'
# Only consider pushes that change files for this asset, including ci scripts
paths:
- '.github/workflows/guacamole-chart.yaml'
- 'charts/guacamole/**'

permissions:
contents: write
pull-requests: read
actions: read

contents: write
pull-requests: write

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
# Needed to generate releases safely
cancel-in-progress: false
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
# Job name must be unique across repo to target
# branch protection rules "required checks" properly!
guacamole-chart:
uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v1.3.0-charts
uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v2.0.3-charts
with:
job-name: guacamole-chart
registry: ${{ vars.HARBOR_REGISTRY }}
registry-user: ${{ vars.HARBOR_USER }}
registry-project: ${{ vars.HARBOR_PROJECT }}
registry-repo: guacamole
release-tag-format: 'guacamole-chart-${version}'
release-branches: |
[
'maintenance/guacamole-chart/[0-9]+\.([0-9]+|x)\.x',
'main'
]
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
slack-channel: ${{ vars.SLACK_CHANNEL }}
chart: charts/guacamole
test-command: |
helm template $CHART --debug
Expand All @@ -62,4 +50,3 @@ jobs:
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosign-password: ${{ secrets.COSIGN_PASSWORD }}
registry-token: ${{ secrets.HARBOR_TOKEN }}
slack-token: ${{ secrets.SLACK_TOKEN }}
21 changes: 4 additions & 17 deletions .github/workflows/guacamole-crds-chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,6 @@ name: Guacamole CRDs Chart

on:
pull_request:
# Ignore PRs on branches specifically intended for other assets
branches-ignore:
- '*/controller-container*'
- '*/guacamole-chart*'
# Only consider PRs that change files for this asset, including cQi scripts
paths:
- '.github/workflows/guacamole-crds-chart.yaml'
Expand All @@ -17,43 +13,35 @@ on:
push:
# Only release off of release and maintenance branches for this asset
branches:
- 'maintenance/guacamole-crds-chart/[0-9]+.x.x'
- 'maintenance/guacamole-crds-chart/[0-9]+.[0-9]+.x'
- 'main'
# Only consider pushes that change files for this asset, including ci scripts
paths:
- '.github/workflows/guacamole-crds-chart.yaml'
- 'charts/guacamole-crds/**'

permissions:
contents: write
pull-requests: read
actions: read
contents: write
pull-requests: write

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
# Needed to generate releases safely
cancel-in-progress: false
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
# Job name must be unique across repo to target
# branch protection rules "required checks" properly!
guacamole-crds-chart:
uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v1.3.0-charts
uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v2.0.3-charts
with:
job-name: guacamole-crds-chart
registry: ${{ vars.HARBOR_REGISTRY }}
registry-user: ${{ vars.HARBOR_USER }}
registry-project: ${{ vars.HARBOR_PROJECT }}
registry-repo: guacamole-crds
release-tag-format: 'guacamole-crds-chart-${version}'
release-branches: |
[
'maintenance/guacamole-crds-chart/[0-9]+\.([0-9]+|x)\.x',
'main'
]
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
slack-channel: ${{ vars.SLACK_CHANNEL }}
chart: charts/guacamole-crds
test-command: |
helm template $CHART --debug
Expand All @@ -62,4 +50,3 @@ jobs:
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosign-password: ${{ secrets.COSIGN_PASSWORD }}
registry-token: ${{ secrets.HARBOR_TOKEN }}
slack-token: ${{ secrets.SLACK_TOKEN }}
17 changes: 0 additions & 17 deletions .github/workflows/pr-labeler.yaml
View file

This file was deleted.

23 changes: 23 additions & 0 deletions .github/workflows/renovate.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Renovate
on:
workflow_dispatch:
repository_dispatch:
types: [renovate]
schedule:
- cron: '0 * * * *'

concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false

jobs:
renovate:
runs-on:
labels: [ self-hosted, linux, x64 ]
group: heavy

steps:
- uses: SwanseaUniversityMedical/workflows/.github/actions/[email protected]
with:
token: ${{ secrets.RENOVATE_TOKEN }}
config: '.github/renovate.js'
3 changes: 3 additions & 0 deletions renovate.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
}

0 comments on commit 2c3069d

Please sign in to comment.