tazama-lf · scott45 · Nov 13, 2024 · Nov 6, 2024 · Nov 6, 2024 · Nov 7, 2024
@@ -11,6 +11,7 @@ on:
       - 'main'
 jobs:
   bench:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     runs-on: ubuntu-latest
     steps:
       - name: Clone repo

@@ -29,6 +29,7 @@ permissions:
 
 jobs:
   codacy-security-scan:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     permissions:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results

@@ -24,6 +24,7 @@ on:
 
 jobs:
   analyze:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     name: Analyze
     runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     permissions:

@@ -16,6 +16,7 @@ on:
 
 jobs:
   validate-pr-title:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     runs-on: ubuntu-latest  # Use the latest Ubuntu runner for the job
     steps:
       - name: Checkout code

@@ -9,6 +9,7 @@ on: [pull_request]
 
 jobs:
   dco:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     # Define the runner environment
     runs-on: ubuntu-latest
 

@@ -24,6 +24,7 @@ permissions:
 
 jobs:
   hadolint:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     name: Run hadolint scanning
     runs-on: ubuntu-latest
     permissions:

@@ -12,11 +12,14 @@
 name: Publish Docker image
 
 on:
+  push:
+    branches: [ "main" ]
   release:
     types: [published]
 
 jobs:
   push_to_registry:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     name: Push Docker image to Docker Hub
     runs-on: ubuntu-latest
     permissions:
@@ -34,11 +37,21 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
+      - name: Set ENV variables
+        run: |
+          echo "REPO_NAME=${GITHUB_REPOSITORY#$GITHUB_REPOSITORY_OWNER/}" >> $GITHUB_ENV
+
+      - name: Use the custom ENV variable
+        run: |
+          echo $REPO_NAME
+
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
-          images: my-docker-hub-namespace/my-docker-hub-repository
+          images: tazamaorg/${{ env.REPO_NAME }}
+          tags: |
+            type=raw,value=rc
 
       - name: Build and push Docker image
         id: push
@@ -49,12 +62,17 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-
+          build-args: GH_TOKEN=${{ secrets.GH_TOKEN }}
 
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
-          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-name: docker.io/tazamaorg/${{ env.REPO_NAME }}
           subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true
-
+
+      - name: Send Slack Notification
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        run: |
+          curl -X POST -H 'Content-type: application/json' --data '{"blocks": [{"type": "header","text": {"type": "plain_text","text": "New Dockerhub Image published :ship::ship:","emoji": true}},{"type": "section","fields": [{"type": "mrkdwn","text": "*Service:*\n${{ env.REPO_NAME }} "},{"type": "mrkdwn","text": "*Tazama Dockerhub:*\n<https://hub.docker.com/orgs/tazamaorg/repositories>"}]}]}' $SLACK_WEBHOOK_URL
@@ -0,0 +1,78 @@
+# SPDX-License-Identifier: Apache-2.0
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# GitHub recommends pinning actions to a commit SHA.
+# To get a newer version, you will need to update the SHA.
+# You can also reference a tag or branch, but the action may change without warning.
+
+name: Publish Docker image
+
+on:
+  push:
+    branches: [ "main" ]
+  release:
+    types: [published]
+
+jobs:
+  push_to_registry:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
+    name: Push Docker image to Docker Hub
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Set ENV variables
+        run: |
+          echo "REPO_NAME=${GITHUB_REPOSITORY#$GITHUB_REPOSITORY_OWNER/}" >> $GITHUB_ENV
+
+      - name: Use the custom ENV variable
+        run: |
+          echo $REPO_NAME
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: tazamaorg/${{ env.REPO_NAME }}
+          tags: |
+            type=raw,value=latest
+
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: GH_TOKEN=${{ secrets.GH_TOKEN }}
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: docker.io/tazamaorg/${{ env.REPO_NAME }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+
+      - name: Send Slack Notification
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        run: |
+          curl -X POST -H 'Content-type: application/json' --data '{"blocks": [{"type": "header","text": {"type": "plain_text","text": "New Dockerhub Image published :ship::ship:","emoji": true}},{"type": "section","fields": [{"type": "mrkdwn","text": "*Service:*\n${{ env.REPO_NAME }} "},{"type": "mrkdwn","text": "*Tazama Dockerhub:*\n<https://hub.docker.com/orgs/tazamaorg/repositories>"}]}]}' $SLACK_WEBHOOK_URL
@@ -8,6 +8,7 @@ on: [pull_request]  # Trigger this workflow on pull request events
 
 jobs:
   gpg-verify:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     runs-on: ubuntu-latest  # Use the latest Ubuntu runner for the job
     steps:
     - uses: actions/checkout@v4  # Checkout the repository code using the actions/checkout action

@@ -15,6 +15,7 @@ on:
 
 jobs:
   close_milestone:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     runs-on: ubuntu-latest
 
     steps:

@@ -24,6 +24,7 @@ permissions:
 
 jobs:
   njsscan:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     permissions:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results

@@ -19,6 +19,7 @@ on:
     branches: [ "dev", "main" ]
 jobs:
   build:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     runs-on: ubuntu-latest
     name: run build
     strategy:
@@ -39,6 +40,7 @@ jobs:
         run: npm run build
 
   lint:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     runs-on: ubuntu-latest
     name: check style
     strategy:
@@ -60,6 +62,7 @@ jobs:
         run: npm run lint
 
   test:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     runs-on: ubuntu-latest
     name: check tests
     strategy:

@@ -0,0 +1,49 @@
+# SPDX-License-Identifier: Apache-2.0
+
+name: Publish package to GitHub Packages
+on:
+  push:
+    branches: [ "dev" ]
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Setup .npmrc file to publish to GitHub Packages
+      - name: Setup Node.js (.npmrc)
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          registry-url: 'https://npm.pkg.github.com'
+          # Defaults to the user or organization that owns the workflow file
+          scope: 'tazama-lf'
+
+      - name: Version prerelease
+        run: npm version prerelease
+        env:
+          GH_TOKEN: '${{ secrets.GH_TOKEN }}'
+
+      - name: Install dependencies
+        run: npm ci
+        env:
+          GH_TOKEN: '${{ secrets.GH_TOKEN }}'
+
+      - name: Run dry
+        run: npm run dry
+        env:
+          GH_TOKEN: '${{ secrets.GH_TOKEN }}'
+
+      - name: Build library
+        run: npm run build
+
+      - name: Publish package
+        run: npm publish
+        env:
+          GH_TOKEN: '${{ secrets.GH_TOKEN }}'
+          NODE_AUTH_TOKEN: '${{ secrets.NODE_AUTH_TOKEN }}'
@@ -0,0 +1,41 @@
+# SPDX-License-Identifier: Apache-2.0
+
+name: Publish package to GitHub Packages
+on:
+  push:
+    branches: [ "main" ]
+  release:
+    types: [published]
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Setup .npmrc file to publish to GitHub Packages
+      - name: Setup Node.js (.npmrc)
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          registry-url: 'https://npm.pkg.github.com'
+          # Defaults to the user or organization that owns the workflow file
+          scope: 'tazama-lf'
+
+      - name: Install dependencies
+        run: npm ci
+        env:
+          GH_TOKEN: '${{ secrets.GH_TOKEN }}'
+
+      - name: Build library
+        run: npm run build
+
+      - name: Publish package
+        run: npm publish
+        env:
+          GH_TOKEN: '${{ secrets.GH_TOKEN }}'
+          NODE_AUTH_TOKEN: '${{ secrets.GH_TOKEN }}'
@@ -11,6 +11,7 @@
 
 jobs:
   release:
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
     runs-on: ubuntu-latest
     steps:
       # Checkout the main branch with all history
@@ -228,30 +229,36 @@
           draft: false
           prerelease: false
 
-      # Update the CHANGELOG.md file in the repository
-      - name: Update CHANGELOG.md
-        run: |
-          NEW_VERSION=${{ steps.bump_version.outputs.new_version }}
-          CHANGELOG_CONTENTS=$(cat /home/runner/work/changelog.txt)
-          # Prepend the new changelog content to the existing CHANGELOG.md below SPDX-License-Identifier section
-          echo -e "$(head -n 2 CHANGELOG.md)\n\n## $NEW_VERSION\n\n$CHANGELOG_CONTENTS\n\n$(tail -n +3 CHANGELOG.md)" > CHANGELOG.md
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-          git add CHANGELOG.md
-          git commit -m "chore: Update CHANGELOG.md for $NEW_VERSION"
-          git push origin HEAD:main
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      # # Update the CHANGELOG.md file in the repository
+      # - name: Update CHANGELOG.md
+      #   run: |
+      #     NEW_VERSION=${{ steps.bump_version.outputs.new_version }}
+      #     CHANGELOG_CONTENTS=$(cat /home/runner/work/changelog.txt)
+      #     # Prepend the new changelog content to the existing CHANGELOG.md below SPDX-License-Identifier section
+      #     echo -e "$(head -n 2 CHANGELOG.md)\n\n## $NEW_VERSION\n\n$CHANGELOG_CONTENTS\n\n$(tail -n +3 CHANGELOG.md)" > CHANGELOG.md
+      #     git config --global user.name "github-actions[bot]"
+      #     git config --global user.email "github-actions[bot]@users.noreply.github.com"
+      #     git add CHANGELOG.md
+      #     git commit -m "chore: Update CHANGELOG.md for $NEW_VERSION"
+      #     git push origin HEAD:main
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      # Update the VERSION file
-      - name: Update VERSION file
-        run: |
-          NEW_VERSION=${{ steps.bump_version.outputs.new_version }}
-          echo -e "# SPDX-License-Identifier: Apache-2.0\n\n$NEW_VERSION" > VERSION
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-          git add VERSION
-          git commit -m "chore: Update VERSION to $NEW_VERSION"
-          git push origin HEAD:main
+      # # Update the VERSION file
+      # - name: Update VERSION file
+      #   run: |
+      #     NEW_VERSION=${{ steps.bump_version.outputs.new_version }}
+      #     echo -e "# SPDX-License-Identifier: Apache-2.0\n\n$NEW_VERSION" > VERSION
+      #     git config --global user.name "github-actions[bot]"
+      #     git config --global user.email "github-actions[bot]@users.noreply.github.com"
+      #     git add VERSION
+      #     git commit -m "chore: Update VERSION to $NEW_VERSION"
+      #     git push origin HEAD:main
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Send Slack Notification
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        run: |
+          curl -X POST -H 'Content-type: application/json' --data '{"blocks": [{"type": "header","text": {"type": "plain_text","text": "New Release Alert :smile::tada:","emoji": true}},{"type": "section","fields": [{"type": "mrkdwn","text": "*Service:*\nFull-Stack-Docker-Tazama"},{"type": "mrkdwn","text": "*Release*\n<https://github.com/tazama-lf/Full-Stack-Docker-Tazama/releases/tag/v2.0.0|Release notes>"}]},{"type": "section","fields": [{"type": "mrkdwn","text": "*Code:*\n<https://github.com/tazama-lf/Full-Stack-Docker-Tazama|Full-Stack-Docker-Tazama Github Repository>"},{"type": "mrkdwn","text": "*Changes:*\n<https://github.com/tazama-lf/Full-Stack-Docker-Tazama/pull/42>"}]}]}' ${{ secrets.SLACK_WEBHOOK_URL }}
-Original file line number
+Diff line change
@@ Expand Up / @@ -11,6 +11,7 @@ on: @@
           - 'main'
     jobs:
       bench:
+        if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
         runs-on: ubuntu-latest
         steps:
           - name: Clone repo
@@ Expand Down @@