chore(gha): sync workflows with internal repo

[bsojka]

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced a new GitHub Actions workflow for the "Mise" installer to streamline environment setup.
  • Updated "Bumper" workflow for managing version bumps with enhanced trigger conditions.
  • Updated "Pre-Commit" workflow to improve verification processes with new naming and command enhancements.

• Documentation

  • Updated the README.md to include direct links for project credits and added information on validating the escrowed bootstrap token.

[coderabbitai]

Walkthrough

In the realm of GitHub Actions, a new workflow has been forged for the "Mise" installer, encapsulated in the file action.yml. This action orchestrates the installation of vital packages and the execution of a script from the ethereal domain of mise.run. Simultaneously, the "Bumper" workflow has been summoned, designed to manage version bumps upon the sacred events of the main branch. Lastly, the "Pre-Commit" workflow has been refined, now employing a custom action for validation. The README.md scroll has also been updated to reflect new acknowledgments and links.

Changes

File Path	Change Summary
.github/actions/mise/action.yml	Introduced a new GitHub Actions workflow for the Mise installer, detailing steps for environment setup and installation.
.github/workflows/bumper.yml	Added a new workflow named "Bumper" with concurrency settings and updated job configuration for version bump management.
.github/workflows/pre_commit.yml	Modified the workflow to "Pre-Commit," renamed job to "Verify," and updated commands to utilize a custom action.
README.md	Updated credits section with links and added acknowledgment for the local validation method of the bootstrap token.

Possibly related PRs

• fix(gha): optimize distribution pkg creation #7: The changes in this PR optimize the distribution package creation process, which is closely related to the installation steps defined in the main PR's new GitHub Actions workflow for the Mise installer. Both involve package management and installation workflows.

Suggested reviewers

• aamkye

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

🧹 Outside diff range comments (2)

.github/workflows/bumper.yml (2)

Line range hint 28-59: A fellowship of actions, each with its own part to play!

Behold, a company of actions gathered for this noble quest! Like the Fellowship of the Ring, each has its role:

• The debug-action, keen-eyed as Legolas.
• The checkout, steadfast as Gimli.
• The PR finder, as wise as Gandalf in uncovering hidden truths.
• The bumper, mighty as Aragorn in its task of version-raising.
• And the sticky comments, binding all together like Sam's loyalty to Frodo.

The logic of these steps is as sound as the foundations of Minas Tirith. Yet, at the end, a whisper of an unfinished task - a releaser, waiting to be summoned.

Regarding the TODO for the releaser, shall we embark on this new quest together? I stand ready to assist in crafting the releaser action, as Galadriel offered her gifts to the Fellowship. Would you have me open a new issue in the halls of GitHub to track this task?

---

Line range hint 1-59: A tale of version-bumping, worthy of the annals of Middle-earth!

In this scroll of YAML, we have witnessed the birth of a workflow as epic as the tales of old. From the naming of the quest to the gathering of its fellowship of actions, each step has been crafted with the care of Elven-smiths.

The workflow stands as a guardian of versions, ever watchful over the realm of the main branch. It brings order to the chaos of concurrent quests and wields the power of permissions with wisdom.

Yet, as with all great tales, there is room for embellishment. Might I suggest, as Bilbo would in his meticulous recording of his adventures, that we add a brief comment at the beginning of this scroll? A prologue, if you will, to explain the purpose of this workflow to future generations of code-smiths.

Consider adding a comment at the beginning of the file:

# Workflow: Bumper
# Purpose: Automatically manage version bumps for pull requests to the main branch.
# This workflow is triggered on push and pull request events, handles version
# bumping using the inetum-poland/action-bumper action, and posts status comments
# on the associated pull request.

name: "Bumper"
...

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE

📥 Commits

Files that changed from the base of the PR and between 991c8c9 and 3311c6b.

📒 Files selected for processing (4)

• .github/actions/mise/action.yml (1 hunks)
• .github/workflows/bumper.yml (2 hunks)
• .github/workflows/pre_commit.yml (2 hunks)
• README.md (1 hunks)

🧰 Additional context used

🔇 Additional comments (11)

.github/actions/mise/action.yml (4)

1-2: Lo! A new action emerges from the mists of GitHub!

Behold, dear fellowship, for a new action has been forged in the fires of Mount Doom (or perhaps just in the depths of a developer's IDE). Its name, "Mise", rings clear as the bells of Gondor, and its purpose, to install itself, is as true as the aim of Legolas.

---

4-8: The foundations of Minas Tirith are laid!

As Aragorn did lay the foundations for the reunited kingdom, so too does this action lay its own foundations. It chooses the path of the composite, much like how the Fellowship was composed of many races. And lo! It begins with the ancient tongue of bash, as versatile as the speech of Gandalf himself.

---

14-14: The crowning of the King!

And so, with a final decree as powerful as Aragorn claiming his rightful throne, the action concludes with mise install. Like the return of the King to Gondor, this command brings the installation to its rightful completion. Simple in words, yet mighty in deed!

---

9-13: The forging of the Ring... err, the Action!

Ah, the great forging begins! Like the Dwarves of Moria delving deep for mithril, this action seeks out the treasures of jq, curl, git, and bash. A wise choice, for these tools are as essential as lembas bread on a long journey.

But hark! What sorcery is this? A script from the far-off lands of https://mise.run is summoned with but a word. While it may be as benevolent as Galadriel, we must be wary, for not all that glitters is gold. Might we consider hosting this script within our own realm, where our eyes can watch over it?

The paths are then laid, like the hidden ways of Moria, guiding the action to the halls of Mise. A necessary step, as crucial as Aragorn's knowledge of the wilderness.

Let us consult the wisdom of the Elves to ensure the safety of this external script:

.github/workflows/pre_commit.yml (4)

Line range hint 1-10: Lo! A name befitting the task at hand has been bestowed upon this workflow.

In the annals of GitHub Actions, a new name has been inscribed. "Pre-Commit" it shall be called, a title most fitting for its noble purpose. The conditions of its awakening remain as steadfast as the foundations of Erebor, triggered by the push of code to the main branch or the opening of a pull request, like the ringing of the great bells of Gondor.

---

11-13: A wise enchantment to govern the flow of tasks!

Behold! A concurrency group has been woven into the fabric of this workflow, as intricate as the patterns of Elven-smiths. This enchantment, bound to the GitHub reference, ensures that multiple invocations of this workflow for the same branch shall not clash, like the orderly march of the Rohirrim. It is a boon to the realm of GitHub, conserving its resources as carefully as the Ents tend to Fangorn Forest.

---

14-17: A decree to unify the tongues of command!

In the manner of the White Council setting forth its decrees, a defaults section has been proclaimed. It declares that the shell of bash shall be the common tongue for all commands in this realm. This wise edict ensures that all tasks speak in harmony, like the synchronized songs of the Elves in Rivendell.

---

19-26: A new title for a noble quest, and a magical artifact to aid the journey!

The task once known as 'pre_commit' has been rechristened 'verify', a name as broad and purposeful as the plains of Rohan. This Verify quest now employs a mystical artifact, a custom action forged in the depths of ./.github/actions/mise. While this enchanted tool promises to simplify our labors, we must ensure its powers are as reliable as the axe of Gimli.

Let us peer into the workings of this custom action, to ensure it performs its duties with the precision of Elven craftsmanship:

✅ Verification successful

A Deeper Delve into the Mystical Mise

Though the sacred script .github/actions/mise/action.yml does not bear the mark of executability, its contents hold the true power of our quest. Let us unravel its hidden steps to ensure the Mise artifact functions with the wisdom and strength befitting our fellowship.

---

The Veil of Verification Descends Upon the Mise

In the heart of our workflow lies the custom Mise, a tool of formidable prowess. Its steps echo the preparations of a fellowship setting forth—updating the realm, gathering essential tools, and invoking the power of external magics through curl and mise install. These actions, while necessary, carry the weight of trust in the unseen scripts they summon.

To ensure our journey remains untainted by unforeseen perils, let us confirm that the artifact sourced from https://mise.run is forged with integrity and safeguarded by the wisdom of our trusted allies.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Inspect the custom action used in the workflow

# Test: Examine the contents of the custom action
cat .github/actions/mise/action.yml

# Test: Check if the action is executable
if [ -x .github/actions/mise/action.yml ]; then
    echo "The action is executable."
else
    echo "The action is not executable."
fi

Length of output: 496

---

Script:

#!/bin/bash
# Description: Verify the steps within the custom Mise action for correctness and security

# Extract and display the run steps of the Mise action
grep -A 10 'run: |' .github/actions/mise/action.yml

# Search for potentially insecure or critical commands within the action.yml
rg --ignore-case 'sudo|curl|chmod|chown|rm' .github/actions/mise/action.yml

Length of output: 482

.github/workflows/bumper.yml (1)

Line range hint 1-16: Lo! A new workflow of great power has been forged!

In the depths of the GitHub Actions forge, a mighty workflow named "Bumper" has been crafted. Its purpose, to watch over the sacred main branch with the vigilance of the Elves. It awakens at the push of code and the opening of pull requests, much like the great eagles responding to Gandalf's call.

This enchantment seems well-wrought, capturing the essence of its purpose with clarity. The trigger events are as precise as Elven arrows, striking true to their mark.

README.md (2)

60-60: A golden ring of knowledge, forged in the fires of collaboration!

Verily, the addition of this sacred link to the Escrow Buddy repository is as welcome as the light of Eärendil's star in the darkness of Mordor. It shall guide fellow travelers on their quest for wisdom, much like the Phial of Galadriel guided Frodo and Sam.

---

60-63: A tale worthy of the great halls of Erebor!

Like the intricate carvings that adorn the walls of Moria, these additions to the README bring depth and richness to the lore of Bootstrap Buddy. The acknowledgments shine like mithril, giving credit where it is due and illuminating the path for those who seek to understand the origins of this great work.

As Bilbo meticulously documented his adventures, so too have you enhanced this scroll with valuable information. The references to Escrow Buddy and the S.U.P.E.R.M.A.N. script are as welcome as the eagles at the Battle of the Five Armies, swooping in to provide context and credit.

May all who read this README be blessed with the wisdom of Elrond and the curiosity of Gandalf!