From d27cd80a4b4e0118e5b58bd2f3bee78934354a38 Mon Sep 17 00:00:00 2001 From: Lexus Drumgold Date: Tue, 11 Apr 2023 03:06:51 -0400 Subject: [PATCH] ci(workflows): add `infrastructure` Signed-off-by: Lexus Drumgold --- .github/infrastructure.yml | 213 +++++++++++++++++++++++++++ .github/labels.yml | 173 ---------------------- .github/workflows/infrastructure.yml | 61 ++++++++ .github/workflows/labels.yml | 38 ----- package.json | 1 + 5 files changed, 275 insertions(+), 211 deletions(-) create mode 100644 .github/infrastructure.yml delete mode 100644 .github/labels.yml create mode 100644 .github/workflows/infrastructure.yml delete mode 100644 .github/workflows/labels.yml diff --git a/.github/infrastructure.yml b/.github/infrastructure.yml new file mode 100644 index 00000000..597ad583 --- /dev/null +++ b/.github/infrastructure.yml @@ -0,0 +1,213 @@ +# REPOSITORY INFRASTRUCTURE SETTINGS +--- +# https://docs.github.com/rest/branches/branch-protection#update-branch-protection +branches: + - name: main + protection: + allow_deletions: false + allow_force_pushes: true + allow_fork_syncing: false + block_creations: false + enforce_admins: false + lock_branch: false + required_conversation_resolution: true + required_linear_history: true + required_pull_request_reviews: + bypass_pull_request_allowances: {} + dismiss_stale_reviews: true + dismissal_restrictions: {} + require_code_owner_reviews: false + require_last_push_approval: false + required_approving_review_count: 1 + required_status_checks: + checks: + - context: add-to-project + - context: auto-merge + - context: build + - context: codecov/changes + app_id: 254 + - context: codecov/patch + app_id: 254 + - context: codecov/project + app_id: 254 + - context: commitlint + - context: dependabot-auto + - context: format + - context: gitguardian + - context: lint + - context: spelling + - context: test (16) + - context: test (18) + - context: test (19) + - context: typescript (5.0.4) + - context: typescript (latest) + - context: typescript (~4.9.0) + strict: true + restrictions: null +# https://docs.github.com/rest/deployments/environments#create-or-update-an-environment +environments: + - environment_name: gpr + - environment_name: npm + - environment_name: release +# https://docs.github.com/rest/issues/labels#create-a-label +labels: + - name: flag:breaking-change + description: contains changes that require major version bump + color: fbca04 + - name: flag:duplicate + description: issue, pull request, or discussion already exists + color: fbca04 + - name: flag:needs-discussion + description: discussion required before implementation + color: fbca04 + - name: flag:needs-docs + description: missing documentation or needs existing documentation update + color: fbca04 + - name: flag:needs-refactor + description: code improvements required before being merged + color: fbca04 + - name: scope:dependencies + description: dependency updates + color: 74cefc + - name: scope:esm + description: es modules + color: 74cefc + - name: scope:install + description: package install + color: 74cefc + - name: scope:internal + description: internal-only api + color: 74cefc + - name: scope:lib + description: public api + color: 74cefc + - name: scope:models + description: error models + color: 74cefc + - name: scope:patches + description: patches + color: 74cefc + - name: scope:release + description: package release + color: 74cefc + - name: scope:tests + description: testing + color: 74cefc + - name: scope:ts + description: typescript support + color: 74cefc + - name: scope:utils + description: utilities + color: 74cefc + - name: status:awaiting-answers + description: needs clarification or more information from author + color: e7034b + - name: status:blocked + description: blocked by other work tracked in different issue + color: e7034b + - name: status:cannot-reproduce + description: bug report cannot be reproduced + color: e7034b + - name: status:fixed + description: fixed, but not released + color: e7034b + - name: status:help-wanted + description: extra attention is needed + color: e7034b + - name: status:icebox + description: changes that won't be implemented + color: e7034b + - name: status:invalid + description: no action to be taken or missing information + color: e7034b + - name: status:merged + description: merged, but not released + color: e7034b + - name: status:needs-triage + description: needs further assessment + color: e7034b + - name: status:prereleased + description: merged and prereleased + color: e7034b + - name: status:released + description: merged and released + color: e7034b + - name: status:stale + description: superseded by different issue, pull request, or discussion + color: e7034b + - name: status:triaged + description: bug confirmed + color: e7034b + - name: status:wip + description: work in progress + color: e7034b + - name: type:build + description: changes to the build system or external dependencies + color: 0052cc + - name: type:chore + description: housekeeping / changes that don't impact external users + color: 0052cc + - name: type:ci + description: ci/cd configuration + color: 0052cc + - name: type:docs + description: documentation improvements + color: 0052cc + - name: type:feat + description: new features and improvements + color: 0052cc + - name: type:fix + description: bug reports and fixes + color: 0052cc + - name: type:perf + description: performance updates + color: 0052cc + - name: type:question + description: questions + color: 0052cc + - name: type:refactor + description: code improvements + color: 0052cc + - name: type:task + description: project tasks + color: 0052cc +# https://docs.github.com/rest/repos/repos#update-a-repository +repository: + allow_auto_merge: true + allow_merge_commit: false + allow_rebase_merge: true + allow_squash_merge: true + allow_update_branch: true + archived: false + automated_security_fixes: true + default_branch: main + delete_branch_on_merge: true + description: Universal API for creating Node.js errors + has_issues: true + has_projects: true + has_wiki: false + homepage: https://github.com/flex-development/errnode + is_template: false + private: false + security_and_analysis: + advanced_security: + status: disabled + secret_scanning: + status: enabled + secret_scanning_push_protection: + status: disabled + squash_merge_commit_message: BLANK + squash_merge_commit_title: PR_TITLE + topics: + - errno + - error + - node + - nodejs + - typescript + visibility: public + vulnerability_alerts: true + web_commit_signoff_required: true +# https://docs.github.com/rest/teams/teams#add-or-update-team-repository-permissions +teams: + - team_slug: dependabot-review + permission: triage diff --git a/.github/labels.yml b/.github/labels.yml deleted file mode 100644 index f72222d8..00000000 --- a/.github/labels.yml +++ /dev/null @@ -1,173 +0,0 @@ -# REPOSITORY LABELS - -# flag labels -# indicate additional work is needed - -- name: flag:breaking-change - description: contains changes that require major version bump - color: fbca04 - -- name: flag:duplicate - description: issue, pull request, or discussion already exists - color: fbca04 - -- name: flag:needs-discussion - description: discussion required before implementation - color: fbca04 - -- name: flag:needs-docs - description: missing documentation or needs existing documentation update - color: fbca04 - -- name: flag:needs-refactor - description: code improvements required before being merged - color: fbca04 - -# scope labels -# project-specific groups for issues, pull requests, and discussions - -- name: scope:dependencies - description: dependency updates - color: 74cefc - -- name: scope:esm - description: es modules - color: 74cefc - -- name: scope:install - description: package install - color: 74cefc - -- name: scope:internal - description: internal-only api - color: 74cefc - -- name: scope:lib - description: public api - color: 74cefc - -- name: scope:models - description: error models - color: 74cefc - -- name: scope:patches - description: patches - color: 74cefc - -- name: scope:release - description: package release - color: 74cefc - -- name: scope:tests - description: testing - color: 74cefc - -- name: scope:ts - description: typescript support - color: 74cefc - -- name: scope:utils - description: utilities - color: 74cefc - -# status labels -# current state of an issue, pull request, or discussion - -- name: status:awaiting-answers - description: needs clarification or more information from author - color: e7034b - -- name: status:blocked - description: blocked by other work tracked in different issue - color: e7034b - -- name: status:cannot-reproduce - description: bug report cannot be reproduced - color: e7034b - -- name: status:fixed - description: fixed, but not released - color: e7034b - -- name: status:help-wanted - description: extra attention is needed - color: e7034b - -- name: status:icebox - description: changes that won't be implemented - color: e7034b - -- name: status:invalid - description: no action to be taken or missing information - color: e7034b - -- name: status:merged - description: merged, but not released - color: e7034b - -- name: status:needs-triage - description: needs further assessment - color: e7034b - -- name: status:prereleased - description: merged and prereleased - color: e7034b - -- name: status:released - description: merged and released - color: e7034b - -- name: status:stale - description: superseded by different issue, pull request, or discussion - color: e7034b - -- name: status:triaged - description: bug confirmed - color: e7034b - -- name: status:wip - description: work in progress - color: e7034b - -# type labels -# types of issues, pull requests, and discussions - -- name: type:build - description: changes to the build system or external dependencies - color: 0052cc - -- name: type:chore - description: housekeeping tasks / changes that don't impact external users - color: 0052cc - -- name: type:ci - description: ci/cd configuration - color: 0052cc - -- name: type:docs - description: documentation improvements - color: 0052cc - -- name: type:feat - description: new features and improvements - color: 0052cc - -- name: type:fix - description: bug reports and fixes - color: 0052cc - -- name: type:perf - description: performance updates - color: 0052cc - -- name: type:question - description: questions - color: 0052cc - -- name: type:refactor - description: code improvements - color: 0052cc - -- name: type:task - description: project tasks - color: 0052cc diff --git a/.github/workflows/infrastructure.yml b/.github/workflows/infrastructure.yml new file mode 100644 index 00000000..d016f319 --- /dev/null +++ b/.github/workflows/infrastructure.yml @@ -0,0 +1,61 @@ +# Repository Infrastructure Management +# +# Update repository infrastructure on `push` or `workflow_dispatch` when the infrastructure config +# file (or this workflow) is updated. The user triggering the workflow run (`github.actor`) must be +# a repository admin. +# +# Note: The permissions of `github.actor` is checked because workflow re-runs will reuse the +# privileges of `github.actor` even if the actor initiating the re-run (`github.triggering_actor`) +# has different privileges. +# +# References: +# +# - https://docs.github.com/actions/learn-github-actions/contexts +# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#push +# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch +# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#push +# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_dispatch +# - https://github.com/actions-cool/check-user-permission +# - https://github.com/actions/checkout +# - https://github.com/flex-development/rice-action +# - https://github.com/hmarr/debug-action + +--- +name: infrastructure +on: + push: + branches: + - main + - release/** + paths: + - .github/infrastructure.yml + - .github/workflows/infrastructure.yml + workflow_dispatch: +concurrency: + cancel-in-progress: true + group: ${{ github.workflow }}-${{ github.ref }} +jobs: + infrastructure: + runs-on: ubuntu-latest + steps: + - id: debug + name: Print environment variables and event payload + uses: hmarr/debug-action@v2.1.0 + - id: check-actor-permission + name: Check @${{ github.actor }} permission level + uses: actions-cool/check-user-permission@v2.2.0 + with: + require: admin + username: ${{ github.actor }} + - id: checkout + name: Checkout ${{ github.ref_name }} + uses: actions/checkout@v3.5.0 + with: + persist-credentials: false + ref: ${{ github.ref }} + - id: update + if: steps.check-actor-permission.outputs.require-result == 'true' + name: Update repository infrastructure + uses: flex-development/rice-action@1.0.0 + with: + token: ${{ secrets.PAT_REPO }} diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml deleted file mode 100644 index 16e7650d..00000000 --- a/.github/workflows/labels.yml +++ /dev/null @@ -1,38 +0,0 @@ -# Label Syncer -# -# References: -# -# - https://github.com/micnncim/action-label-syncer - ---- -name: labels -on: - create: - branches: - - main - push: - branches: - - main - paths: - - .github/labels.yml - - .github/workflows/labels.yml - workflow_dispatch: -permissions: - issues: write -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -jobs: - labels: - if: github.actor != 'dependabot[bot]' - runs-on: ubuntu-latest - steps: - - id: checkout - name: Checkout ${{ github.ref_name }} - uses: actions/checkout@v3.5.0 - with: - ref: ${{ github.ref }} - - id: sync - name: Sync labels - uses: micnncim/action-label-syncer@v1.3.0 - with: - manifest: .github/labels.yml diff --git a/package.json b/package.json index b5f08d9d..704392e1 100644 --- a/package.json +++ b/package.json @@ -3,6 +3,7 @@ "description": "Universal API for creating Node.js errors", "version": "1.5.0", "keywords": [ + "errno", "error", "node", "nodejs",