feat(workflows): use reusable workflows for internal workflows

hoverkraft-tech · Mar 3, 2023 · 63b6d05 · 63b6d05
1 parent c9c67ae
commit 63b6d05
Show file tree

Hide file tree

Showing 8 changed files with 27 additions and 142 deletions.
diff --git a/.github/workflows/__main-ci.yml b/.github/workflows/__main-ci.yml
@@ -8,96 +8,11 @@ on:
 jobs:
   ci:
     uses: ./.github/workflows/__shared-ci.yml
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
 
-  prepare-release:
+  release:
     needs: ci
-    runs-on: "ubuntu-latest"
-    outputs:
-      changed-actions: ${{ steps.get-changed-actions.outputs.result }}
-      latest-tag: ${{ steps.get-latest-tag.outputs.tag }}
-
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - id: get-latest-tag
-        uses: actions-ecosystem/action-get-latest-tag@v1
-
-      - id: changed-files
-        if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }}
-        uses: tj-actions/changed-files@v35.6.0
-        with:
-          files: |
-            ./actions/*
-          dir_names: true
-          dir_names_exclude_root: true
-
-      - id: get-changed-actions
-        run: |
-          CHANGED_FILES="${{ steps.changed-files.outputs.all_changed_and_modified_files }}"
-          IS_TAG_PUSH="${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }}"
-
-          CHANGED_ACTIONS=()
-          for ACTION_FILE in actions/**/action.yml; do
-            ACTION_DIR=$(dirname "$ACTION_FILE")
-            if [ "$IS_TAG_PUSH" = "true" ] || [[ "$CHANGED_FILES" == *"$ACTION_DIR"* ]]; then
-              CHANGED_ACTIONS+=("$ACTION_DIR")
-            fi
-          done
-
-          JSON_CHANGED_ACTIONS=$(jq --compact-output --null-input '$ARGS.positional' --args -- "${CHANGED_ACTIONS[@]}");
-
-          echo "result<<EOF" >> "$GITHUB_OUTPUT" && echo "$JSON_CHANGED_ACTIONS" >> "$GITHUB_OUTPUT" && echo "EOF" >> "$GITHUB_OUTPUT"
-
-  generate-actions-readme:
-    needs: prepare-release
-    runs-on: ubuntu-latest
-    if: ${{ needs.prepare-release.outputs.changed-actions != '[]' }}
-    strategy:
-      fail-fast: false
-      matrix:
-        action: ${{ fromJson(needs.prepare-release.outputs.changed-actions) }}
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: 📖 Generate README
-        uses: bitflight-devops/github-action-readme-generator@v1.3.14
-        with:
-          action: ${{ matrix.action }}/action.yml
-          readme: ${{ matrix.action }}/README.md
-          versioning_enabled: true
-          version_prefix: ""
-          version_override: ${{ needs.prepare-release.outputs.latest-tag }}
-
-        env:
-          INPUT_SHOW_LOGO: "true"
-
-      - uses: actions/upload-artifact@v3
-        with:
-          name: changed-actions
-          path: ${{ github.workspace }}/**/${{ matrix.action }}/README.md
-
-  publish-actions-readme:
-    needs: generate-actions-readme
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: write
-
-    steps:
-      - uses: actions/checkout@v3.1.0
-        with:
-          token: ${{ secrets.GH_PAT }}
-
-      - uses: actions/download-artifact@v3
-        with:
-          name: changed-actions
-
-      - uses: stefanzweifel/git-auto-commit-action@v4
-        with:
-          commit_message: "chore: update actions README"
-          commit_options: "--no-verify --signoff"
-          push_options: "--force-with-lease"
-          file_pattern: actions/**/README.md
-          branch: main
+    uses: ./.github/workflows/release-actions.yml
+    secrets:
+      private-access-token: ${{ secrets.GH_PAT }}
diff --git a/.github/workflows/__pull-request-ci.yml b/.github/workflows/__pull-request-ci.yml
@@ -6,5 +6,6 @@ on:
 
 jobs:
   ci:
-    name: Continuous Integration
     uses: ./.github/workflows/__shared-ci.yml
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml
@@ -1,21 +1,14 @@
-name: Internal - Continuous Integration for common tasks
+name: Internal - Common Continuous Integration tasks
 
 on:
   workflow_call:
+    secrets:
+      github-token:
+        description: 'Token for marking the status of linter run in the Checks section. Can be passed in using "secrets.GITHUB_TOKEN". See https://github.com/github/super-linter#how-to-use'
+        required: true
 
 jobs:
-  checks:
-    runs-on: "ubuntu-latest"
-    name: Run checks
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: 👕 Lint Code Base
-        uses: github/super-linter/slim@v4
-        env:
-          VALIDATE_ALL_CODEBASE: false
-          LOG_LEVEL: WARN
-          DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  linter:
+    uses: ./.github/workflows/linter.yml
+    secrets:
+      github-token: ${{ secrets.github-token }}
diff --git a/.github/workflows/__shared-get-available-actions.yml b/.github/workflows/__shared-get-available-actions.yml
diff --git a/.github/workflows/linter.md b/.github/workflows/linter.md
@@ -36,9 +36,9 @@ jobs:
 <!-- end usage -->
 <!-- start secrets -->
 
-| **Secret**                    | **Description**                                                                                                                                                               |
-| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **<code>github-token</code>** | Token for marking the status of linter run in the Checks section. Can be passed in using "${{ secrets.GITHUB_TOKEN }}". See https://github.com/github/super-linter#how-to-use |
+| **Secret**                    | **Description**                                                                                                                                                                                                                    |
+| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **<code>github-token</code>** | Token for marking the status of linter run in the Checks section. Can be passed in using "${{ secrets.GITHUB_TOKEN }}". See [https://github.com/github/super-linter#how-to-use](https://github.com/github/super-linter#how-to-use) |
 
 <!-- end secrets -->
 <!-- start inputs -->

diff --git a/.github/workflows/release-actions.md b/.github/workflows/release-actions.md
@@ -28,15 +28,15 @@ jobs:
     uses: hoverkraft-tech/ci-github-common/.github/workflows/release-actions.yml@main
     with:
       # Private Access Token for commiting changes and bypassing branch protection if any.
-      github-token: ${{ secrets.GH_PAT }}
+      private-access-token: ${{ secrets.GH_PAT }}
 ```
 
 <!-- end usage -->
 <!-- start secrets -->
 
-| **Secret**                    | **Description**                                                                    |
-| ----------------------------- | ---------------------------------------------------------------------------------- |
-| **<code>github-token</code>** | Private Access Token for commiting changes and bypassing branch protection if any. |
+| **Secret**                            | **Description**                                                                    |
+| ------------------------------------- | ---------------------------------------------------------------------------------- |
+| **<code>private-access-token</code>** | Private Access Token for commiting changes and bypassing branch protection if any. |
 
 <!-- end secrets -->
 <!-- start inputs -->

diff --git a/.github/workflows/release-actions.yml b/.github/workflows/release-actions.yml
@@ -9,13 +9,12 @@ name: Release Actions
 on:
   workflow_call:
     secrets:
-      github-token:
+      private-access-token:
         description: "Private Access Token for commiting changes and bypassing branch protection if any."
         required: true
 
 jobs:
   prepare-release:
-    needs: ci
     runs-on: "ubuntu-latest"
     outputs:
       changed-actions: ${{ steps.get-changed-actions.outputs.result }}
@@ -93,7 +92,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3.1.0
         with:
-          token: ${{ secrets.token }}
+          token: ${{ secrets.private-access-token }}
 
       - uses: actions/download-artifact@v3
         with:

diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml
@@ -16,7 +16,7 @@ on:
   workflow_call:
     secrets:
       github-token:
-        description: 'Token for the repository. Can be passed in using "${{ secrets.GITHUB_TOKEN }}". See https://github.com/amannn/action-semantic-pull-request#installation'
+        description: 'Token for the repository. Can be passed in using "secrets.GITHUB_TOKEN". See https://github.com/amannn/action-semantic-pull-request#installation'
         required: true
 
 jobs: