Merge pull request #76 from Bidon15/docker-ci

Docker ci

.github/CODEOWNERS

@@ -7,6 +7,6 @@
 # global owners are only requested if there isn't a more specific
 # codeowner specified below. For this reason, the global codeowners
 # are often repeated in package-level definitions.
-* @renaynay @Wondertan @vgonkivs @distractedm1nd
+* @renaynay @Wondertan @vgonkivs @distractedm1nd @walldiss
 
 docs/adr @adlerjohn @liamsi

.github/dependabot.yml

@@ -7,6 +7,8 @@ updates:
       day: monday
       time: "11:00"
     open-pull-requests-limit: 10
+    labels:
+      - kind:deps
   - package-ecosystem: gomod
     directory: "/"
     schedule:
@@ -18,4 +20,17 @@ updates:
       - Wondertan
       - renaynay
     labels:
-      - kind:dependencies
+      - kind:deps
+    groups:
+      otel:
+        patterns:
+          - "go.opentelemetry.io/otel*"
+  - package-ecosystem: docker
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "11:00"
+    open-pull-requests-limit: 10
+    labels:
+      - kind:deps

.github/workflows/ci_release.yml

@@ -1,5 +1,6 @@
 name: CI and Release
 on:
+  merge_group:
   push:
     branches:
       - main
@@ -24,21 +25,21 @@ on:
 jobs:
   # Dockerfile Linting
   hadolint:
-    uses: celestiaorg/.github/.github/workflows/reusable_dockerfile_lint.yml@main # yamllint disable-line rule:line-length
+    uses: celestiaorg/.github/.github/workflows/reusable_dockerfile_lint.yml@v0.2.3 # yamllint disable-line rule:line-length
     with:
-      dockerfile: docker/Dockerfile
+      dockerfile: Dockerfile
 
   yamllint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: celestiaorg/.github/.github/actions/yamllint@main
+      - uses: actions/checkout@v4
+      - uses: celestiaorg/.github/.github/actions/yamllint@v0.2.3
 
   markdown-lint:
     name: Markdown Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-node@v3
         with:
           node-version: 18
@@ -49,19 +50,51 @@ jobs:
   go-ci:
     uses: ./.github/workflows/go-ci.yml
 
-  # Make a release if this is a manually trigger job, i.e. workflow_dispatch
-  release:
+  # If this was a workflow dispatch event, we need to generate and push a tag
+  # for goreleaser to grab
+  version_bump:
     needs: [hadolint, yamllint, markdown-lint, go-ci]
     runs-on: ubuntu-latest
-    if: ${{ github.event_name == 'workflow_dispatch' }}
     permissions: "write-all"
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+      - name: Bump version and push tag
+        # Placing the if condition here is a workaround for needing to block
+        # on this step during workflow dispatch events but the step not
+        # needing to run on tags. If we had the if condition on the full
+        # version_bump section, it would skip and not run, which would result
+        # in goreleaser not running either.
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        uses: mathieudutour/github-tag-action@v6.1
+
       - name: Version Release
-        uses: celestiaorg/.github/.github/actions/version-release@main
+        uses: celestiaorg/.github/.github/actions/version-release@v0.2.3
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          default_bump: ${{ inputs.version }}
+
+  # Generate the release with goreleaser to include pre-built binaries
+  goreleaser:
+    needs: version_bump
+    runs-on: ubuntu-latest
+    if: |
+      github.event_name == 'workflow_dispatch' ||
+      (github.event_name == 'push' && contains(github.ref, 'refs/tags/'))
+    permissions: "write-all"
+    steps:
+      - uses: actions/checkout@v4
+      - run: git fetch --force --tags
+      - uses: actions/setup-go@v4
+        with:
+          go-version: 1.21
+      # Generate the binaries and release
+      - uses: goreleaser/goreleaser-action@v5
         with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          version-bump: ${{inputs.version}}
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   # TODO: permission issue, but not worth fixing as this should be refactored
   # into the celestiaorg/.github repo, at which point any permission issues will

.github/workflows/docker-build-publish.yml

@@ -0,0 +1,27 @@
+name: Docker Build & Publish
+
+# Trigger on all push events, new semantic version tags, and all PRs
+on:
+  merge_group:
+  push:
+    branches:
+      - "main"
+      - "*test*"
+      - "*hotfix*"
+      - "*alpha*"
+      - "*beta*"
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+      - "v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+"
+      - "v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+"
+      - "v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+"
+  pull_request:
+
+jobs:
+  docker-security-build:
+    permissions:
+      contents: write
+      packages: write
+    uses: Bidon15/.celestia-github/.github/workflows/reusable_dockerfile_pipeline.yml@v0.2.8 # yamllint disable-line rule:line-length
+    with:
+      dockerfile: Dockerfile

.github/workflows/go-ci.yml

@@ -4,7 +4,7 @@ on:
   workflow_call:
 
 env:
-  GO_VERSION: 1.19
+  GO_VERSION: '1.21'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@@ -16,25 +16,25 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
         with:
           go-version: ${{ env.GO_VERSION }}
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3.2.0
+        uses: golangci/golangci-lint-action@v3.7.0
         with:
-          version: v1.49.0
+          version: v1.54.2
 
   go_mod_tidy_check:
     name: Go Mod Tidy Check
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
         with:
           go-version: ${{ env.GO_VERSION }}
 
@@ -48,28 +48,31 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: set up go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: ${{ env.GO_VERSION }}
 
-      - name: Test & Coverage
-        run: make cover
-      - uses: codecov/codecov-action@v3.1.1
+      - name: run unit tests
+        run: make test-unit
+
+      - name: upload coverage
+        uses: codecov/codecov-action@v3.1.4
         with:
+          token: ${{ secrets.CODECOV_TOKEN }}
           file: ./coverage.txt
 
   unit_race_test:
     name: Run Unit Tests with Race Detector
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: set up go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: ${{ env.GO_VERSION }}
 
@@ -81,10 +84,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: set up go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: ${{ env.GO_VERSION }}
 

.github/workflows/issue-label-automation.yml

@@ -0,0 +1,42 @@
+name: Label Automation
+on:
+  # Using pull_request_target for forks since labels are not a security issue
+  pull_request_target:
+    types: [opened]
+  issues:
+    types: [opened]
+
+jobs:
+  automate-labels:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+      - name: Check for External Contributor
+        uses: tspascoal/get-user-teams-membership@v3
+        id: teamCheck
+        with:
+          username: ${{ github.actor }}
+          team: "celestia-node"
+          GITHUB_TOKEN: ${{ secrets.PAT_TEAM_CHECK }}
+
+      # For issues we want to add a `needs:triage` label if it is unlabeled
+      - name: Triage labeling
+        if: ${{ github.event_name == 'issues' }}
+        uses: andymckay/labeler@master
+        with:
+          add-labels: "needs:triage"
+          ignore-if-labeled: true
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      # For both issues and PRs we want to add the `external` label if the
+      # author is not a member of the node team
+      - name: External labeling
+        if: ${{ steps.teamCheck.outputs.isTeamMember == 'false' }}
+        uses: andymckay/labeler@master
+        with:
+          add-labels: "external"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/labels.yml

@@ -12,8 +12,8 @@ jobs:
   label:
     runs-on: ubuntu-latest
     steps:
-      - uses: mheap/github-action-required-labels@v2
+      - uses: mheap/github-action-required-labels@v5
         with:
           mode: minimum
           count: 1
-          labels: "kind:bug-fix, kind:miscellaneous, kind:breaking, kind:improvement, kind:feature, kind:dependencies" # yamllint disable-line rule:line-length
+          labels: "kind:fix, kind:misc, kind:break!, kind:refactor, kind:feat, kind:deps, kind:docs, kind:ci, kind:chore, kind:testing" # yamllint disable-line rule:line-length

.github/workflows/stale.yml

@@ -0,0 +1,18 @@
+name: 'Close stale issues and PRs'
+on:
+  schedule:
+    - cron: '30 8 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v8
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 60
+          days-before-close: 14
+          days-before-issue-stale: 90
+          days-before-issue-close: 21
+          exempt-issue-labels: 'keep-open'
+          start-date: '2023-09-01T00:00:00Z'