From 9f35191cd1a91f4494212e25e46ea6164e914f64 Mon Sep 17 00:00:00 2001 From: Lexus Drumgold Date: Sun, 9 Apr 2023 15:43:03 -0400 Subject: [PATCH] ci(workflows): add `infrastructure` - https://github.com/flex-development/rice-action Signed-off-by: Lexus Drumgold --- .github/infrastructure.yml | 212 +++++++++++++++++++++++++++ .github/labels.yml | 161 -------------------- .github/workflows/infrastructure.yml | 61 ++++++++ .github/workflows/labels.yml | 38 ----- package.json | 1 + 5 files changed, 274 insertions(+), 199 deletions(-) create mode 100644 .github/infrastructure.yml delete mode 100644 .github/labels.yml create mode 100644 .github/workflows/infrastructure.yml delete mode 100644 .github/workflows/labels.yml diff --git a/.github/infrastructure.yml b/.github/infrastructure.yml new file mode 100644 index 00000000..3ce4f87c --- /dev/null +++ b/.github/infrastructure.yml @@ -0,0 +1,212 @@ +# REPOSITORY INFRASTRUCTURE SETTINGS +--- +# https://docs.github.com/rest/branches/branch-protection#update-branch-protection +branches: + - name: main + protection: + allow_deletions: false + allow_force_pushes: true + allow_fork_syncing: false + block_creations: false + enforce_admins: false + lock_branch: false + required_conversation_resolution: true + required_linear_history: true + required_pull_request_reviews: + bypass_pull_request_allowances: {} + dismiss_stale_reviews: true + dismissal_restrictions: {} + require_code_owner_reviews: false + require_last_push_approval: false + required_approving_review_count: 1 + required_status_checks: + checks: + - context: add-to-project + - context: auto-merge + - context: build + - context: codecov/changes + app_id: 254 + - context: codecov/patch + app_id: 254 + - context: codecov/project + app_id: 254 + - context: commitlint + - context: dependabot-auto + - context: format + - context: gitguardian + - context: lint + - context: spelling + - context: test (14) + - context: test (16) + - context: test (18) + - context: test (19) + - context: typescript (5.0.4) + - context: typescript (latest) + - context: typescript (~4.8.0) + - context: typescript (~4.9.0) + strict: true + restrictions: null +# https://docs.github.com/rest/deployments/environments#create-or-update-an-environment +environments: + - environment_name: gpr + - environment_name: npm + - environment_name: release +# https://docs.github.com/rest/issues/labels#create-a-label +labels: + - name: flag:breaking-change + description: contains changes that require major version bump + color: fbca04 + - name: flag:duplicate + description: issue, pull request, or discussion already exists + color: fbca04 + - name: flag:needs-discussion + description: discussion required before implementation + color: fbca04 + - name: flag:needs-docs + description: missing documentation or needs existing documentation update + color: fbca04 + - name: flag:needs-refactor + description: code improvements required before being merged + color: fbca04 + - name: scope:cli + description: cli application + color: 74cefc + - name: scope:dependencies + description: dependency updates + color: 74cefc + - name: scope:esm + description: es modules + color: 74cefc + - name: scope:install + description: package install + color: 74cefc + - name: scope:patches + description: patches + color: 74cefc + - name: scope:release + description: package release + color: 74cefc + - name: scope:tests + description: testing + color: 74cefc + - name: scope:ts + description: typescript support + color: 74cefc + - name: status:awaiting-answers + description: needs clarification or more information from author + color: e7034b + - name: status:blocked + description: blocked by other work tracked in different issue + color: e7034b + - name: status:cannot-reproduce + description: bug report cannot be reproduced + color: e7034b + - name: status:fixed + description: fixed, but not released + color: e7034b + - name: status:help-wanted + description: extra attention is needed + color: e7034b + - name: status:icebox + description: changes that won't be implemented + color: e7034b + - name: status:invalid + description: no action to be taken or missing information + color: e7034b + - name: status:merged + description: merged, but not released + color: e7034b + - name: status:needs-triage + description: needs further assessment + color: e7034b + - name: status:prereleased + description: merged and prereleased + color: e7034b + - name: status:released + description: merged and released + color: e7034b + - name: status:stale + description: superseded by different issue, pull request, or discussion + color: e7034b + - name: status:triaged + description: bug confirmed + color: e7034b + - name: status:wip + description: work in progress + color: e7034b + - name: type:build + description: changes to the build system or external dependencies + color: 0052cc + - name: type:chore + description: housekeeping / changes that don't impact external users + color: 0052cc + - name: type:ci + description: ci/cd configuration + color: 0052cc + - name: type:docs + description: documentation improvements + color: 0052cc + - name: type:feat + description: new features and improvements + color: 0052cc + - name: type:fix + description: bug reports and fixes + color: 0052cc + - name: type:perf + description: performance updates + color: 0052cc + - name: type:question + description: questions + color: 0052cc + - name: type:refactor + description: code improvements + color: 0052cc + - name: type:task + description: project tasks + color: 0052cc +# https://docs.github.com/rest/repos/repos#update-a-repository +repository: + allow_auto_merge: true + allow_merge_commit: false + allow_rebase_merge: true + allow_squash_merge: true + allow_update_branch: true + archived: false + automated_security_fixes: true + default_branch: main + delete_branch_on_merge: true + description: Toggle type fields in package.json files + has_issues: true + has_projects: true + has_wiki: false + homepage: https://github.com/flex-development/toggle-pkg-type + is_template: false + private: false + security_and_analysis: + advanced_security: + status: disabled + secret_scanning: + status: enabled + secret_scanning_push_protection: + status: disabled + squash_merge_commit_message: BLANK + squash_merge_commit_title: PR_TITLE + topics: + - cjs + - commonjs + - default-exports + - esbuild + - esm + - interop + - module + - package-json + - toggle + - type + - typescript + visibility: public + vulnerability_alerts: true + web_commit_signoff_required: true +# https://docs.github.com/rest/teams/teams#add-or-update-team-repository-permissions +teams: + - team_slug: dependabot-review + permission: triage diff --git a/.github/labels.yml b/.github/labels.yml deleted file mode 100644 index b2ba76c4..00000000 --- a/.github/labels.yml +++ /dev/null @@ -1,161 +0,0 @@ -# REPOSITORY LABELS - -# flag labels -# indicate additional work is needed - -- name: flag:breaking-change - description: contains changes that require major version bump - color: fbca04 - -- name: flag:duplicate - description: issue, pull request, or discussion already exists - color: fbca04 - -- name: flag:needs-discussion - description: discussion required before implementation - color: fbca04 - -- name: flag:needs-docs - description: missing documentation or needs existing documentation update - color: fbca04 - -- name: flag:needs-refactor - description: code improvements required before being merged - color: fbca04 - -# scope labels -# project-specific groups for issues, pull requests, and discussions - -- name: scope:cli - description: cli application - color: 74cefc - -- name: scope:dependencies - description: dependency updates - color: 74cefc - -- name: scope:esm - description: es modules - color: 74cefc - -- name: scope:install - description: package install - color: 74cefc - -- name: scope:patches - description: patches - color: 74cefc - -- name: scope:release - description: package release - color: 74cefc - -- name: scope:tests - description: testing - color: 74cefc - -- name: scope:ts - description: typescript support - color: 74cefc - -# status labels -# current state of an issue, pull request, or discussion - -- name: status:awaiting-answers - description: needs clarification or more information from author - color: e7034b - -- name: status:blocked - description: blocked by other work tracked in different issue - color: e7034b - -- name: status:cannot-reproduce - description: bug report cannot be reproduced - color: e7034b - -- name: status:fixed - description: fixed, but not released - color: e7034b - -- name: status:help-wanted - description: extra attention is needed - color: e7034b - -- name: status:icebox - description: changes that won't be implemented - color: e7034b - -- name: status:invalid - description: no action to be taken or missing information - color: e7034b - -- name: status:merged - description: merged, but not released - color: e7034b - -- name: status:needs-triage - description: needs further assessment - color: e7034b - -- name: status:prereleased - description: merged and prereleased - color: e7034b - -- name: status:released - description: merged and released - color: e7034b - -- name: status:stale - description: superseded by different issue, pull request, or discussion - color: e7034b - -- name: status:triaged - description: bug confirmed - color: e7034b - -- name: status:wip - description: work in progress - color: e7034b - -# type labels -# types of issues, pull requests, and discussions - -- name: type:build - description: changes to the build system or external dependencies - color: 0052cc - -- name: type:chore - description: housekeeping tasks / changes that don't impact external users - color: 0052cc - -- name: type:ci - description: ci/cd configuration - color: 0052cc - -- name: type:docs - description: documentation improvements - color: 0052cc - -- name: type:feat - description: new features and improvements - color: 0052cc - -- name: type:fix - description: bug reports and fixes - color: 0052cc - -- name: type:perf - description: performance updates - color: 0052cc - -- name: type:question - description: questions - color: 0052cc - -- name: type:refactor - description: code improvements - color: 0052cc - -- name: type:task - description: project tasks - color: 0052cc diff --git a/.github/workflows/infrastructure.yml b/.github/workflows/infrastructure.yml new file mode 100644 index 00000000..d016f319 --- /dev/null +++ b/.github/workflows/infrastructure.yml @@ -0,0 +1,61 @@ +# Repository Infrastructure Management +# +# Update repository infrastructure on `push` or `workflow_dispatch` when the infrastructure config +# file (or this workflow) is updated. The user triggering the workflow run (`github.actor`) must be +# a repository admin. +# +# Note: The permissions of `github.actor` is checked because workflow re-runs will reuse the +# privileges of `github.actor` even if the actor initiating the re-run (`github.triggering_actor`) +# has different privileges. +# +# References: +# +# - https://docs.github.com/actions/learn-github-actions/contexts +# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#push +# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch +# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#push +# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch +# - https://github.com/actions-cool/check-user-permission +# - https://github.com/actions/checkout +# - https://github.com/flex-development/rice-action +# - https://github.com/hmarr/debug-action + +--- +name: infrastructure +on: + push: + branches: + - main + - release/** + paths: + - .github/infrastructure.yml + - .github/workflows/infrastructure.yml + workflow_dispatch: +concurrency: + cancel-in-progress: true + group: ${{ github.workflow }}-${{ github.ref }} +jobs: + infrastructure: + runs-on: ubuntu-latest + steps: + - id: debug + name: Print environment variables and event payload + uses: hmarr/debug-action@v2.1.0 + - id: check-actor-permission + name: Check @${{ github.actor }} permission level + uses: actions-cool/check-user-permission@v2.2.0 + with: + require: admin + username: ${{ github.actor }} + - id: checkout + name: Checkout ${{ github.ref_name }} + uses: actions/checkout@v3.5.0 + with: + persist-credentials: false + ref: ${{ github.ref }} + - id: update + if: steps.check-actor-permission.outputs.require-result == 'true' + name: Update repository infrastructure + uses: flex-development/rice-action@1.0.0 + with: + token: ${{ secrets.PAT_REPO }} diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml deleted file mode 100644 index 16e7650d..00000000 --- a/.github/workflows/labels.yml +++ /dev/null @@ -1,38 +0,0 @@ -# Label Syncer -# -# References: -# -# - https://github.com/micnncim/action-label-syncer - ---- -name: labels -on: - create: - branches: - - main - push: - branches: - - main - paths: - - .github/labels.yml - - .github/workflows/labels.yml - workflow_dispatch: -permissions: - issues: write -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -jobs: - labels: - if: github.actor != 'dependabot[bot]' - runs-on: ubuntu-latest - steps: - - id: checkout - name: Checkout ${{ github.ref_name }} - uses: actions/checkout@v3.5.0 - with: - ref: ${{ github.ref }} - - id: sync - name: Sync labels - uses: micnncim/action-label-syncer@v1.3.0 - with: - manifest: .github/labels.yml diff --git a/package.json b/package.json index aa924117..1a620611 100644 --- a/package.json +++ b/package.json @@ -5,6 +5,7 @@ "keywords": [ "cjs", "commonjs", + "default-exports", "esbuild", "esm", "interop",