feat(lint): add changie validation job to lint action #83

.changes/unreleased/new-product-feature-20240813-013511.yaml

@@ -0,0 +1,3 @@
+kind: new-product-feature
+body: Improve linting with additional job that validates changie entry exists when it should be included. Certain exclusions are added such as labels for `dependencies` by Renovate, and `no-changie-required` label for exceptions. This will use PR comment type so automatic changes required will show up.
+time: 2024-08-13T01:35:11.383368408Z

.changes/v0.1.0.md

@@ -5,7 +5,9 @@
 - New template to simplify maintenance by workflow dispatch adding required changelog entries to create a pull request that bumps the version and runs changie commands to generate a new release.
 
 This is done to help the development effort to bump a release based on dependency updates without having to clone and run cli tools locally.
+
 - New template to trigger a changie based release from just CI. Will create PR for release to be reviewed and approved.
+
 ### ⬆️ Dependencies
 
-- Maintenance release due to updated dependencies.
+- Maintenance release due to updated dependencies.

.github/workflows/lint.yml

@@ -23,10 +23,10 @@ jobs:
       contents: read # For repo checkout
     steps:
       - name: checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+        uses: actions/checkout@v4
       - name: set-aqua-policy-if-file-exists
         run: |
-          if [ -f aqua-policy.yaml ]; then
+          if [[ -f aqua-policy.yaml ]]; then
             echo "AQUA_POLICY_CONFIG=${GITHUB_WORKSPACE}/aqua-policy.yaml:${AQUA_POLICY_CONFIG}" >> $GITHUB_ENV
           else
             echo "👉 No aqua-policy.yaml file found, skipping setting AQUA_POLICY_CONFIG"
@@ -44,3 +44,84 @@ jobs:
         uses: trunk-io/trunk-action@86b68ffae610a05105e90b1f52ad8c549ef482c2 # v1.1.16
         with:
           arguments: --github-annotate-new-only=true
+
+  changie-validation:
+    name: changie-validation
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: read
+      checks: write
+    env:
+      GH_TOKEN: ${{ github.token }}
+      GITHUB_REF_BRANCH: ${{ github.ref }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ env.GITHUB_REF_BRANCH }}
+
+      - name: Set up default branch name
+        id: default_branch
+        run: echo "DEFAULT_BRANCH=$(gh repo view --json defaultBranchRef -q '.defaultBranchRef.name')" >> $GITHUB_ENV
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check for .changes directory
+        id: check_changes_dir
+        run: |
+          if [[ -d ".changes" ]]; then
+            echo "changes_dir_exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "changes_dir_exists=false" >> $GITHUB_OUTPUT
+            echo "⏩ no changie entry required on this"
+          fi
+
+      - name: Fetch default branch
+        id: fetch_branches
+        run: |
+          git fetch origin ${{ env.DEFAULT_BRANCH }}
+          git fetch origin ${{ env.GITHUB_REF_BRANCH }}
+
+      - name: Check for labels
+        id: check_labels
+        run: |
+          echo "no_changie_required=false" >> $GITHUB_OUTPUT
+          echo "dependencies=false" >> $GITHUB_OUTPUT
+          for label in $(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name'); do
+            if [[ "$label" == "no-changie-required" ]]; then
+              echo "no_changie_required=true" >> $GITHUB_OUTPUT
+              echo "❎ bypass on changie noted due to label"
+            elif [[ "$label" == "dependencies" ]]; then
+              echo "dependencies=true" >> $GITHUB_OUTPUT
+            fi
+          done
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Validate changie entry
+        id: validate_changie_entry
+        if: steps.check_changes_dir.outputs.changes_dir_exists == 'true' && steps.check_labels.outputs.no_changie_required == 'false' && steps.check_labels.outputs.dependencies == 'false'
+        run: |
+          # Fetch existing comments
+          changes=$(git diff --name-only --diff-filter=A origin/${{ env.DEFAULT_BRANCH }}...HEAD -- .changes/)
+
+          if [[ -n "$changes" ]]; then
+            echo "Changie entry found"
+            comment="✅ changie entry was found"
+            gh pr review ${{ github.event.pull_request.number }} --approve --body "$comment"
+            gh pr comment ${{ github.event.pull_request.number }} --body "$comment" --edit-last || gh pr comment ${{ github.event.pull_request.number }} --body "$comment"
+          else
+            echo "No changie entry found in .changes"
+            comment="❌ A changie entry is required in .changes/"
+            echo "adding review comment saying required, since not seeing prior comment before"
+            gh pr review ${{ github.event.pull_request.number }} --request-changes --body "$comment"
+            gh pr comment ${{ github.event.pull_request.number }} --body "$comment" --edit-last || gh pr comment ${{ github.event.pull_request.number }} --body "$comment"
+          fi
+
+          # Update or post the review comment
+          if [[ -n "$comment" ]]; then
+              echo "adding review comment since not seeing prior comment before"
+              gh pr comment ${{ github.event.pull_request.number }} --body "$comment" --edit-last || gh pr comment ${{ github.event.pull_request.number }} --body "$comment"
+          fi
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stale.yml

@@ -36,4 +36,3 @@ jobs:
           ignore-pr-updates: true # else renovate prs will never age out
           labels-to-remove-when-unstale: stale, stale-issue, stale-closed
           enable-statistics: true
-

.markdownlint.yaml

@@ -1,6 +1,6 @@
 ---
 #https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md#md002
-comment: my-markdown-linting-rules
+# comment: my-markdown-linting-rules
 
 # enable all default tagged rules
 default: true
@@ -43,13 +43,12 @@ MD025: true
 # This is for maintainability and code diffs.
 # Try applying semantic line break concept for breaking up longer phrases
 # https://sembr.org/
-MD013:
-  line_length: 200
+MD013: false
 
 # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
 # This tweaks to allow nested items to have duplicate headers.
 MD024:
   # Only check sibling headings
-  allow_different_nesting: true
+
   # Only check sibling headings
   siblings_only: true

README.md

@@ -1,11 +1,9 @@
 # github-workflow
 
-> **_Warning_**
-
-This is a collection of github workflow automation for managing workflows for this GitHub organization.
-This is not a published marketplace set of actions for external use, and customized for workflows on public repos managed here.
-
-These are subject to breaking changes and managed by the DevOps Secrets Vault team primarily.
+> **warning**
+> This is a collection of github workflow automation for managing workflows for this GitHub organization.
+> This is not a published marketplace set of actions for external use, and customized for workflows on public repos managed here.
+> These are subject to breaking changes and managed by the DevOps Secrets Vault team primarily.
 
 ## Contributors