chore: configure automerge

Signed-off-by: msclock <msclock@qq.com>
msclock · Aug 22, 2024 · 94e3d8e · 94e3d8e
1 parent 4235141
commit 94e3d8e
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 27 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -5,11 +5,15 @@
     ":enablePreCommit"
   ],
   "prHourlyLimit": 0,
+  "automerge": true,
+  "automergeType": "pr",
+  "platformAutomerge": true,
   "packageRules": [
     {
       "description": "Update port with label update-port and depName commit message topic",
       "addLabels": [
-        "update-port"
+        "update-port",
+        "auto-approval"
       ],
       "matchDepTypes": [
         "git-hash-port",

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,8 +10,8 @@ on:
   pull_request:
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+    group: ${{ github.workflow }}-${{ github.ref }}
+    cancel-in-progress: true
 
 jobs:
 
@@ -21,10 +21,20 @@ jobs:
       contents: write
 
     steps:
+      - name: Generate a bot token with BOT_APP_ID
+        id: bot_token
+        if: vars.BOT_APP_ID && env.BOT_PRIVATE_KEY != null
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1
+        env:
+          BOT_PRIVATE_KEY: ${{ secrets.BOT_PRIVATE_KEY }}
+        with:
+          app-id: ${{ vars.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
+
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.bot_token.outputs.token || secrets.PAT || secrets.GITHUB_TOKEN }}
           ref: ${{ github.head_ref }}
 
       - name: Set up python
@@ -47,10 +57,20 @@ jobs:
       pull-requests: write
 
     steps:
+      - name: Generate a bot token with BOT_APP_ID
+        id: bot_token
+        if: vars.BOT_APP_ID && env.BOT_PRIVATE_KEY != null
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1
+        env:
+          BOT_PRIVATE_KEY: ${{ secrets.BOT_PRIVATE_KEY }}
+        with:
+          app-id: ${{ vars.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
+
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.bot_token.outputs.token || secrets.PAT || secrets.GITHUB_TOKEN }}
           ref: ${{ github.head_ref }}
           fetch-depth: 2
 
@@ -211,30 +231,20 @@ jobs:
                     ]
                 )
 
-  release:
-    name: release
-    runs-on: ubuntu-latest
-    if: github.event_name != 'pull_request'
+  pass:
+    if: always()
+    needs: [verify_os]
+    runs-on: ubuntu-22.04
+    timeout-minutes: 2
     permissions:
-      contents: write
-    needs: [pre-commit, format_and_update_ports, verify_os]
+      pull-requests: write
 
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref }}
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - uses: actions/setup-node@v4
+      - name: Decide whether the needed jobs succeeded or failed
+        uses: re-actors/alls-green@release/v1
         with:
-          node-version: 20
+          jobs: ${{ toJSON(needs) }}
 
-      - name: Semantic Release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: >
-          npx
-          --package conventional-changelog-conventionalcommits@7
-          --package semantic-release@23
-          semantic-release
+      - name: Approve pr if all jobs succeeded
+        if: contains(github.event.pull_request.labels.*.name, 'auto-approval')
+        uses: hmarr/auto-approve-action@v4
diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml
@@ -0,0 +1,58 @@
+name: Semantic Release
+
+on:
+  workflow_run:
+    workflows: [CI]
+    types: [completed]
+    branches:
+      - master
+
+jobs:
+  semantic-release:
+    name: Semantic Release
+    runs-on: ubuntu-22.04
+    if: github.event.workflow_run.conclusion == 'success' && github.repository == 'msclock/cmake-registry'
+    permissions:
+      contents: write
+      id-token: write
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Generate a bot token with BOT_APP_ID
+        id: bot_token
+        if: vars.BOT_APP_ID && env.BOT_PRIVATE_KEY != null
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1
+        env:
+          BOT_PRIVATE_KEY: ${{ secrets.BOT_PRIVATE_KEY }}
+        with:
+          app-id: ${{ vars.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
+
+      - name: Warn if use GITHUB_TOKEN
+        if: env._GITHUB_TOKEN == env._TO_BE_VERIFIED_TOKEN
+        env:
+          _GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          _TO_BE_VERIFIED_TOKEN: ${{ steps.bot_token.outputs.token || secrets.PAT || secrets.GITHUB_TOKEN }}
+        run: |
+          echo "# :warning: GITHUB_TOKEN is used" >> $GITHUB_STEP_SUMMARY
+          echo "The GITHUB_TOKEN is used instead of a bot token or PAT that will not emit the released publish event for triggering a released workflow." >> $GITHUB_STEP_SUMMARY
+
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        with:
+          fetch-depth: 0
+          token: ${{ steps.bot_token.outputs.token || secrets.PAT || secrets.GITHUB_TOKEN }}
+
+      - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4
+        with:
+          node-version: 20
+
+      - uses: cycjimmy/semantic-release-action@v4
+        id: semantic
+        with:
+          semantic_version: 22
+          extra_plugins: |
+            @semantic-release/exec
+            @semantic-release/github
+            conventional-changelog-conventionalcommits@7
+        env:
+          GITHUB_TOKEN: ${{ steps.bot_token.outputs.token || secrets.PAT || secrets.GITHUB_TOKEN }}