Workflow improvement

templates/.github/workflows/00-start.yaml

@@ -1,40 +1,33 @@
 # {{ repo_managed }}
 name: RunGithubActionsWorkflows
 
-# triggers on master and main commits and merges
-# schedule/cron is optional
 # workflow_dispatch enables option for manual runs
 # workflow_call: it can be started by other workflows
 
 on:
-  push:
-    branches: [master, main]
   workflow_dispatch:
   workflow_call:
-  pull_request:
-    branches: [justheretomakegithubhappy]
-    types: [opened, edited, reopened, synchronize]
 
 jobs:
   review:
     uses: ./.github/workflows/10-review.yaml
     secrets: inherit
-  releaseandbuild:
+  release-and-build:
     uses: ./.github/workflows/30-release-and-build.yaml
     needs: review
     secrets: inherit
   helm:
     uses: ./.github/workflows/40-helm.yaml
-    needs: releaseandbuild
+    needs: release-and-build
     secrets: inherit
     with:
-      new-release-published: ${{ needs.releaseandbuild.outputs.new-release-published }}
-      release-version: ${{ needs.releaseandbuild.outputs.release-version }}
+      new-release-published: ${{ needs.release-and-build.outputs.new-release-published }}
+      release-version: ${{ needs.release-and-build.outputs.release-version }}
   security:
     uses: ./.github/workflows/50-security.yaml
-    needs: releaseandbuild
+    needs: release-and-build
     secrets: inherit
   cleanup:
     uses: ./.github/workflows/90-cleanup.yaml
-    needs: releaseandbuild
+    needs: release-and-build
     secrets: inherit

templates/.github/workflows/10-review.yaml

@@ -2,11 +2,6 @@
 name: ReviewCode
 
 on:
-  workflow_dispatch:
-  workflow_call:
-  pull_request:
-    branches: [master, main]
-    types: [opened, edited, reopened, synchronize]
   pull_request_target:
     types: [opened, edited, reopened, synchronize]
 
@@ -19,14 +14,7 @@ jobs:
 
       # interesting alternative: https://github.com/cocogitto/cocogitto
       - name: Conventional commit checker
-        uses: webiny/[email protected]
-        if: ${{ github.event_name != 'workflow_dispatch' }}
-
-      #- name: Extra conventional commits check
-      #  uses: gsactions/commit-message-checker@v2
-      #  with:
-      #    pattern: '^(feat|fix|test|docs|chore|style|refactor|ci|cd):'
-      #    error: 'You need to start with a conventional commits action.'
+        uses: webiny/action-conventional-commits@v1
 
       - name: Check Card# reference
         uses: gsactions/commit-message-checker@v2
@@ -40,7 +28,6 @@ jobs:
           excludeTitle: 'true' # optional: this excludes the title of a pull request
           checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
           accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true
-        if: ${{ github.event_name != 'workflow_dispatch' }}
 
       - name: Check Line Length
         uses: gsactions/commit-message-checker@v2
@@ -51,7 +38,6 @@ jobs:
           excludeTitle: 'true' # optional: this excludes the title of a pull request
           checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
           accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true
-        if: ${{ github.event_name != 'workflow_dispatch' }}
 
       - name: Check Body Length
         uses: gsactions/commit-message-checker@v2
@@ -62,4 +48,3 @@ jobs:
           excludeTitle: 'true' # optional: this excludes the title of a pull request
           checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
           accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true
-        if: ${{ github.event_name != 'workflow_dispatch' }}

templates/.github/workflows/30-release-and-build.yaml

@@ -28,18 +28,18 @@ jobs:
         fetch-depth: 0
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
+      uses: docker/setup-qemu-action@v3
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3
       with:
         # moby/buildkit v0.11.0 causes untagged images to appear in github
         # packages and the workaround does not seem to have any effect
         # (set provenance=false in docker/build-push-action@v4)
         driver-opts: network=host,image=moby/buildkit:v0.10.5
 
     - name: write semantic-release config
-      uses: DamianReeves/write-file-action@v1.2
+      uses: DamianReeves/write-file-action@v1
       with:
         path: package.json
         contents: |
@@ -64,14 +64,14 @@ jobs:
         write-mode: overwrite
 
     - name: write semantic-release config
-      uses: DamianReeves/write-file-action@v1.2
+      uses: DamianReeves/write-file-action@v1
       with:
         path: .releaserc
         contents: |
           {
             "branches": ["master", "main" ],
             "debug": "True",
-            "repositoryUrl": 'git+https://github.com/linkorb/REPOPLACEHOLDER.git',
+            "repositoryUrl": 'git+https://github.com/linkorb/${{ env.CI_REPOSITORY_NAME }}.git',
             "plugins": [
                 "@semantic-release/commit-analyzer",
                 "@semantic-release/github",
@@ -96,13 +96,9 @@ jobs:
           }
         write-mode: overwrite
 
-
-    - name: Set repo name in .releaserc
-      run: "sed -i s/REPOPLACEHOLDER/${{ env.CI_REPOSITORY_NAME }}/ .releaserc"
-
     - name: Create release
       id: semantic-release
-      uses: codfish/semantic-release-action@v2
+      uses: codfish/semantic-release-action@v3
       with:
         # support releasing the "main" branch
         # whilst preserving the action defaults
@@ -121,16 +117,16 @@ jobs:
               prerelease: true
             }
           ]
-        additional_packages: |
+        additional-packages: |
           ['@semantic-release/changelog', '@semantic-release/git']
-        tag_format: 'v${version}'
+        tag-format: 'v${version}'
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         PACKAGIST_TOKEN: ${{ secrets.PACKAGIST_TOKEN }}
 
     - name: Docker meta
       id: meta
-      uses: docker/metadata-action@v4
+      uses: docker/metadata-action@v5
       with:
         images: |
           ghcr.io/linkorb/${{ env.CI_REPOSITORY_NAME }}
@@ -140,14 +136,14 @@ jobs:
           type=raw,value=${{ steps.semantic-release.outputs.release-version }}
 
     - name: Login to Container Registry ghcr.io
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Build and push
-      uses: docker/build-push-action@v4
+      uses: docker/build-push-action@v5
       with:
         context: .
         provenance: false

templates/.github/workflows/40-helm.yaml

@@ -35,7 +35,7 @@ jobs:
       if: steps.check_files.outputs.files_exists == 'true'
       uses: azure/setup-helm@v3
 
-    - name: Ouput release
+    - name: Output release
       if: steps.check_files.outputs.files_exists == 'true'
       run: "echo ${{ inputs.release-version }}"
 

templates/.github/workflows/50-security.yaml

@@ -13,7 +13,7 @@ jobs:
       uses: FranzDiebold/github-env-vars-action@v2
 
     - name: Login to Docker Hub
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}