diff --git a/.editorconfig b/.editorconfig index 9396e05..5d21196 100644 --- a/.editorconfig +++ b/.editorconfig @@ -10,5 +10,5 @@ end_of_line = lf # editorconfig-tools is unable to ignore longs strings or urls max_line_length = null -[{*.yaml, *.yml}] +[{*.yaml,*.yml,*.json}] indent_size = 2 diff --git a/.github/workflows/create_changelog.yaml b/.github/workflows/create_changelog.yaml index acea31f..971799a 100644 --- a/.github/workflows/create_changelog.yaml +++ b/.github/workflows/create_changelog.yaml @@ -3,6 +3,10 @@ name: create release on: workflow_call: inputs: + revision: + description: Tag given to container image + required: false + type: string changelogScopes: description: 'Changelog scopes (i.e { "App": ["app", "application"] })' required: true diff --git a/.github/workflows/lint_cloudformation.yaml b/.github/workflows/lint_cloudformation.yaml new file mode 100644 index 0000000..1b1d67f --- /dev/null +++ b/.github/workflows/lint_cloudformation.yaml @@ -0,0 +1,34 @@ +name: cloudformation lint + +on: + workflow_call: + inputs: + path: + description: Path to lint + required: false + type: string + default: ./deploy/cloudformation/**/*.yaml + ignoreChecks: + description: Codes to ignore (equivalent to --ignore-checks option) + required: false + type: string + # By default ignore warning about package, as it is part of the deploy_cloudformation workflow anyway + default: W3002 + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: clone repository + uses: actions/checkout@v3 + + - name: install cfn-lint + run: pip install cfn-lint==${CFN_LINT_VERSION} + env: + # renovate: datasource=github-releases depName=aws-cloudformation/cfn-lint + CFN_LINT_VERSION: v0.76.1 + + - name: lint + run: | + cfn-lint ${{ inputs.path }} \ + --ignore-checks ${{ inputs.ignoreChecks }} diff --git a/.github/workflows/lint_gh_actions.yaml b/.github/workflows/lint_gh_actions.yaml new file mode 100644 index 0000000..3115f7f --- /dev/null +++ b/.github/workflows/lint_gh_actions.yaml @@ -0,0 +1,26 @@ +name: lint github workflows + +on: + workflow_call: + inputs: + extraArgs: + description: Additional extra arguments for actionlint + required: false + type: string + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: clone repository + uses: actions/checkout@v3 + + - name: lint + run: | + # Disabling shellcheck as we are not using it + docker run \ + -v $(pwd):/repo \ + --workdir /repo \ + --rm \ + rhysd/actionlint:1.6.23 \ + -shellcheck="" ${{ inputs.extraArgs }} diff --git a/.github/workflows/lint_helmfile.yaml b/.github/workflows/lint_helmfile.yaml new file mode 100644 index 0000000..7c3e8d1 --- /dev/null +++ b/.github/workflows/lint_helmfile.yaml @@ -0,0 +1,52 @@ +name: lint helmfile + +on: + workflow_call: + inputs: + helmfilePath: + description: Path to helmfile.yaml + required: true + type: string + helmfileEnvironment: + description: Helmfile environment + required: false + type: string + helmfileOtherArgs: + description: Other helmfile parameters + required: false + type: string + envVariables: + description: Space separated list of environment variables to be set during helmfile sync + required: false + type: string + # example: + # envVariables: > + # FOO=bar + # BAR=foo + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: clone repository + uses: actions/checkout@v3 + + - name: install helmfile + run: | + mkdir -p $HOME/.local/bin + curl -fsSL -o helmfile.tar.gz https://github.com/helmfile/helmfile/releases/download/v${{ env.HELMFILE_VERSION }}/helmfile_${{ env.HELMFILE_VERSION }}_linux_amd64.tar.gz + tar -C $HOME/.local/bin/ -xf ./helmfile.tar.gz + chmod +x $HOME/.local/bin/helmfile + echo "$HOME/.local/bin" >> $GITHUB_PATH + env: + # renovate: datasource=github-releases depName=helmfile/helmfile + HELMFILE_VERSION: '0.147.0' + + - name: lint + run: | + export $(echo ${{ inputs.envVariables }}) + HELMFILE_PARAMS="-f ${{ inputs.helmfilePath }}" + [ ! -z ${{ inputs.helmfileEnvironment }} ] && HELMFILE_PARAMS+=" -e ${{ inputs.helmfileEnvironment }}" + [ ! -z ${{ inputs.helmfileOtherArgs }} ] && HELMFILE_PARAMS+=" ${{ inputs.helmfileOtherArgs }}" + helmfile $HELMFILE_PARAMS lint + diff --git a/.github/workflows/local_lint_gh_actions.yaml b/.github/workflows/local_lint_gh_actions.yaml new file mode 100644 index 0000000..2d478bc --- /dev/null +++ b/.github/workflows/local_lint_gh_actions.yaml @@ -0,0 +1,16 @@ +name: lint workflows + +on: + workflow_dispatch: + + push: + branches: + - '**' + tags-ignore: + - '**' + +jobs: + lint: + uses: ./.github/workflows/lint_gh_actions.yaml + with: + extraArgs: -ignore 'property "aws_.+" is not defined in .+' diff --git a/.github/workflows/pr_toolkit.yml b/.github/workflows/local_pr_toolkit.yml similarity index 100% rename from .github/workflows/pr_toolkit.yml rename to .github/workflows/local_pr_toolkit.yml diff --git a/.github/workflows/sync_branches.yaml b/.github/workflows/sync_branches.yaml index 82b164b..be95c15 100644 --- a/.github/workflows/sync_branches.yaml +++ b/.github/workflows/sync_branches.yaml @@ -16,7 +16,11 @@ on: required: false type: string default: develop - + actorOverride: + description: Override the author of event + required: false + type: string + secrets: slackToken: description: Slack API token @@ -24,7 +28,7 @@ on: githubToken: description: Github token to approve PR (GITHUB_TOKEN cannot open and approve PR) required: true - + jobs: pull_request: runs-on: ubuntu-latest @@ -35,7 +39,7 @@ jobs: - name: open and merge pull request uses: actions/github-script@v6 - env: + env: GIT_HUB_TOKEN: ${{ secrets.githubToken }} with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -53,7 +57,7 @@ jobs: } else if (eventName === 'push' || eventName === 'workflow_dispatch') { headBranch = process.env.GITHUB_REF_NAME; } else { - throw new Error(`Don't know how to handle event name: ${eventName}`); + throw new Error(`Don't know how to handle event name: ${eventName}`); } // Create pull request diff --git a/.github/workflows/sync_branches_push.yaml b/.github/workflows/sync_branches_push.yaml index 5057e4a..2ac053d 100644 --- a/.github/workflows/sync_branches_push.yaml +++ b/.github/workflows/sync_branches_push.yaml @@ -26,7 +26,11 @@ on: required: false type: string default: develop - + actorOverride: + description: Override the author of event + required: false + type: string + secrets: slackToken: description: Slack API token @@ -36,11 +40,11 @@ on: githubToken: description: Github token to approve PR (GITHUB_TOKEN cannot open and approve PR) required: true - + jobs: push: runs-on: ubuntu-latest - steps: + steps: - name: git run: | if [ "${GITHUB_EVENT_NAME}" = "pull_request" ]; then @@ -101,4 +105,4 @@ jobs: ] } ] - } \ No newline at end of file + } diff --git a/renovate.json b/renovate.json index f854476..0228bd3 100644 --- a/renovate.json +++ b/renovate.json @@ -15,5 +15,16 @@ "groupSlug": "all", "automerge": true } + ], + "regexManagers": [ + { + "fileMatch": [ + "*.yaml$" + ], + "matchStrings": [ + "# renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?( registryUrl=(?.*?))?\\s.*?_VERSION=(?.*)\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}" + } ] -} \ No newline at end of file +}