diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 342a6d14..bc3a8310 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,31 +22,38 @@ # IN THE SOFTWARE. name: Build + on: - pull_request: push: branches: - master - -env: - NODE_VERSION: 24.x + pull_request: + branches: + - master + workflow_call: + inputs: + ref: + required: true + type: string permissions: - contents: read + attestations: write # Required for attestations + id-token: write # Required for OIDC jobs: build: - name: Build templates + name: Templates runs-on: ubuntu-latest steps: - - name: Checkout repository uses: actions/checkout@v5 + with: + ref: ${{ inputs.ref || github.sha }} - name: Set up Node.js runtime uses: actions/setup-node@v5 with: - node-version: ${{ env.NODE_VERSION }} + node-version: 24.x - name: Set up Node.js dependency cache uses: actions/cache@v4 @@ -59,7 +66,29 @@ jobs: if: steps.cache.outputs.cache-hit != 'true' run: npm install - - name: Build project + - name: Build artifact + run: npm run build + + - name: Create artifact archive + shell: bash run: | - npm run build - git diff --name-only + if [ -d dist ]; then + tar -C dist -czf templates.tar.gz . + ls -la + else + echo "dist directory not found" + exit 1 + fi + + - name: Create artifact attestation + uses: actions/attest-build-provenance@v1 + with: + show-summary: false + subject-path: templates.tar.gz + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: templates + path: templates.tar.gz + diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml new file mode 100644 index 00000000..080d794a --- /dev/null +++ b/.github/workflows/check.yml @@ -0,0 +1,55 @@ +# Copyright (c) 2025 Zensical and contributors + +# SPDX-License-Identifier: MIT +# Third-party contributions licensed under DCO + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +name: Check + +on: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + release: + name: Release + runs-on: ubuntu-latest + if: | + startsWith(github.event.pull_request.head.ref, 'release/') + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + ref: ${{ github.sha }} + fetch-depth: 0 + + - name: Check commit count + run: | + BASE="${{ github.event.pull_request.base.sha }}" + HEAD="${{ github.event.pull_request.head.sha }}" + COMMITS=$(git rev-list --count $HEAD ^$BASE) + if [ "$COMMITS" -ne 1 ]; then + echo "Release branch must contain exactly one commit, found $COMMITS" + exit 1 + fi diff --git a/.github/workflows/commit.yml b/.github/workflows/commit.yml new file mode 100644 index 00000000..cf8bffd0 --- /dev/null +++ b/.github/workflows/commit.yml @@ -0,0 +1,58 @@ +# Copyright (c) 2025 Zensical and contributors + +# SPDX-License-Identifier: MIT +# Third-party contributions licensed under DCO + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +name: Commit + +on: + pull_request: + types: + - opened + - synchronize + - reopened + +jobs: + validate: + name: Validate + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + ref: ${{ github.event.pull_request.base.sha }} + fetch-depth: 0 + + - name: Set up mono + uses: zensical/mono@v0 + + - name: Get commit messages + run: | + BASE="${{ github.event.pull_request.base.sha }}" + HEAD="${{ github.event.pull_request.head.sha }}" + git log "$BASE..$HEAD" --format=%h > commits.txt + + - name: Validate commit messages + run: | + while IFS= read -r id; do + [ -z "$id" ] && continue + mono validate commit --id $id + done < commits.txt diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..73af6a6a --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,116 @@ +# Copyright (c) 2025 Zensical and contributors + +# SPDX-License-Identifier: MIT +# Third-party contributions licensed under DCO + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +name: Release + +on: + pull_request: + types: + - closed + branches: + - master + +permissions: + contents: write # Required for tags and releases + attestations: write # Required for attestations + id-token: write # Required for OIDC + +jobs: + build: + name: Build + if: | + github.event.pull_request.merged == true && + startsWith(github.event.pull_request.head.ref, 'release/') + uses: ./.github/workflows/build.yml + with: + ref: ${{ github.event.pull_request.merge_commit_sha }} + + tag: + name: Create tag + runs-on: ubuntu-latest + needs: build + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + ref: ${{ github.event.pull_request.merge_commit_sha }} + fetch-depth: 0 + + - name: Determine version + id: version + run: | + BRANCH="${{ github.event.pull_request.head.ref }}" + VERSION=${BRANCH#release/} + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Create and push tag + run: | + VERSION="${{ steps.version.outputs.version }}" + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git tag -a $VERSION -m "Release $VERSION" + git push origin $VERSION + + release: + name: Create release + runs-on: ubuntu-latest + needs: tag + env: + VERSION: ${{ needs.tag.outputs.version }} + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + ref: ${{ github.event.pull_request.merge_commit_sha }} + fetch-depth: 0 + fetch-tags: true + + - name: Set up mono + uses: zensical/mono@v0 + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + path: templates.tar.gz + + - name: Create release + env: + GH_TOKEN: ${{ github.token }} + run: | + mono version changelog -s $VERSION > notes.txt + gh release create $VERSION \ + --title ${VERSION#v} \ + --notes-file notes.txt \ + --draft + + - name: Upload release artifacts + env: + GH_TOKEN: ${{ github.token }} + run: gh release upload $VERSION templates.tar.gz + + - name: Publish release + env: + GH_TOKEN: ${{ github.token }} + run: gh release edit $VERSION --draft=false