diff --git a/.github/release.yml b/.github/release.yml index d7e4d4d3ae7..5a01dc2c170 100644 --- a/.github/release.yml +++ b/.github/release.yml @@ -11,6 +11,7 @@ changelog: - title: Vulnerabilities 🔐 labels: - vulnerability + - security - title: Breaking Changes 🛠 labels: - breaking-change diff --git a/.github/workflows/add_issue_to_project.yml b/.github/workflows/add-issue-to-project.yml similarity index 100% rename from .github/workflows/add_issue_to_project.yml rename to .github/workflows/add-issue-to-project.yml diff --git a/.github/workflows/conventional_commits.yml b/.github/workflows/conventional-commits.yml similarity index 100% rename from .github/workflows/conventional_commits.yml rename to .github/workflows/conventional-commits.yml diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml new file mode 100644 index 00000000000..322e14ba1ee --- /dev/null +++ b/.github/workflows/lint-pr.yml @@ -0,0 +1,33 @@ +--- + + +name: "Verify PR title" + +"on": + pull_request: + types: + - opened + - edited + - reopened + - synchronize + +jobs: + lint_pr: + timeout-minutes: 10 + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.1 + + - name: Setup node + uses: actions/setup-node@v4.0.1 + with: + node-version-file: '.nvmrc' + + - name: Install dependencies + run: | + rm package.json + npm install --no-save @commitlint/cli @commitlint/config-conventional @commitlint/config-nx-scopes nx + + - name: Check PR title + run: echo "${{ github.event.pull_request.title }}" | npx commitlint --config ./commitlint.config-ci.js diff --git a/.github/workflows/match-labels-for-release-notes.yml b/.github/workflows/match-labels-for-release-notes.yml new file mode 100644 index 00000000000..04ac72862b7 --- /dev/null +++ b/.github/workflows/match-labels-for-release-notes.yml @@ -0,0 +1,158 @@ +--- + + +name: "Match labels for auto-gen release notes" + +"on": + pull_request_target: + branches: [develop, master] + types: [opened, closed] + +# Configure the project specific variables +env: + ORGANIZATION: vegaprotocol + PROJECT_NUMBER: 106 + PR_URL: ${{ github.event.pull_request.html_url }} + PR_ID: ${{ github.event.pull_request.node_id }} + GH_TOKEN: ${{ secrets.PROJECT_MANAGE_ACTION }} + USER: ${{ github.actor }} + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + label-match: + runs-on: ubuntu-latest + permissions: write-all + steps: + + - name: "Get linked issue url" + id: get-linked-issue + run: | + gh api graphql -f query=' + query($pr_url: URI!) { + resource(url: $pr_url) { + ... on PullRequest { + closingIssuesReferences(last: 1) { + nodes { + id + url + } + } + } + } + }' -f pr_url=$PR_URL > data.json + echo 'LINKED_ISSUE_URL='$(jq -r '.data.resource.closingIssuesReferences.nodes[] | .url' data.json) >> $GITHUB_ENV + + - name: "Check issue for applicable labels" + id: get-issue-labels + if: | + env.LINKED_ISSUE_URL != '' + run: | + gh api graphql -f query=' + query($issue_url: URI!) { + resource(url: $issue_url) { + ... on Issue { + labels(last: 10) { + nodes { + id + name + } + } + } + } + }' -f issue_url=$LINKED_ISSUE_URL > data.json + echo 'BUG='$(jq '.data.resource.labels.nodes[] | select(.name== "bug") | .id' data.json) >> $GITHUB_ENV + echo 'BREAKING='$(jq '.data.resource.labels.nodes[] | select(.name== "breaking-change") | .id' data.json) >> $GITHUB_ENV + echo 'DEPRECATE='$(jq '.data.resource.labels.nodes[] | select(.name== "deprecation") | .id' data.json) >> $GITHUB_ENV + echo 'VULNERABILITY='$(jq '.data.resource.labels.nodes[] | select(.name== "vulnerability") | .id' data.json) >> $GITHUB_ENV + echo 'SECURITY='$(jq '.data.resource.labels.nodes[] | select(.name== "security") | .id' data.json) >> $GITHUB_ENV + echo 'ENHANCE='$(jq '.data.resource.labels.nodes[] | select(.name== "enhancement") | .id' data.json) >> $GITHUB_ENV + echo 'FEATURE='$(jq '.data.resource.labels.nodes[] | select(.name== "feature") | .id' data.json) >> $GITHUB_ENV + + - run: env + + - name: "Add bug label" + id: add-bug-label + if: | + env.BUG != '' + run: | + gh api graphql -f query=' + mutation($user:String!, $pr:ID!, $label:[ID!]!) { + addLabelsToLabelable(input: {clientMutationId: $user, labelableId: $pr, labelIds: $label}) { + clientMutationId + } + }' -f label=$BUG -f pr=$PR_ID -f user=$USER + + - name: "Add breaking change label" + id: add-breaking-label + if: | + env.BREAKING != '' + run: | + gh api graphql -f query=' + mutation($user:String!, $pr:ID!, $label:[ID!]!) { + addLabelsToLabelable(input: {clientMutationId: $user, labelableId: $pr, labelIds: $label}) { + clientMutationId + } + }' -f label=$BREAKING -f pr=$PR_ID -f user=$USER + + - name: "Add deprecation label" + id: add-deprecation-label + if: | + env.DEPRECATE != '' + run: | + gh api graphql -f query=' + mutation($user:String!, $pr:ID!, $label:[ID!]!) { + addLabelsToLabelable(input: {clientMutationId: $user, labelableId: $pr, labelIds: $label}) { + clientMutationId + } + }' -f label=$DEPRECATE -f pr=$PR_ID -f user=$USER + + - name: "Add vulnerability label" + id: add-vulnerability-label + if: | + env.VULNERABILITY != '' + run: | + gh api graphql -f query=' + mutation($user:String!, $pr:ID!, $label:[ID!]!) { + addLabelsToLabelable(input: {clientMutationId: $user, labelableId: $pr, labelIds: $label}) { + clientMutationId + } + }' -f label=$VULNERABILITY -f pr=$PR_ID -f user=$USER + + - name: "Add security label" + id: add-security-label + if: | + env.SECURITY != '' + run: | + gh api graphql -f query=' + mutation($user:String!, $pr:ID!, $label:[ID!]!) { + addLabelsToLabelable(input: {clientMutationId: $user, labelableId: $pr, labelIds: $label}) { + clientMutationId + } + }' -f label=$SECURITY -f pr=$PR_ID -f user=$USER + + - name: "Add enhancement label" + id: add-enhancement-label + if: | + env.ENHANCE != '' + run: | + gh api graphql -f query=' + mutation($user:String!, $pr:ID!, $label:[ID!]!) { + addLabelsToLabelable(input: {clientMutationId: $user, labelableId: $pr, labelIds: $label}) { + clientMutationId + } + }' -f label=$ENHANCE -f pr=$PR_ID -f user=$USER + + - name: "Add feature label" + id: add-feature-label + if: | + env.FEATURE != '' + run: | + gh api graphql -f query=' + mutation($user:String!, $pr:ID!, $label:[ID!]!) { + addLabelsToLabelable(input: {clientMutationId: $user, labelableId: $pr, labelIds: $label}) { + clientMutationId + } + }' -f label=$FEATURE -f pr=$PR_ID -f user=$USER diff --git a/.github/workflows/project_management.yml b/.github/workflows/project-management.yml similarity index 98% rename from .github/workflows/project_management.yml rename to .github/workflows/project-management.yml index 39263129cfb..5331be702be 100644 --- a/.github/workflows/project_management.yml +++ b/.github/workflows/project-management.yml @@ -70,7 +70,7 @@ jobs: if: | env.LINKED_ISSUE_ID != '' && contains(github.event.pull_request.labels.*.name, env.EXCLUDE_LABEL) != true - uses: actions/github-script@v6.4.1 + uses: actions/github-script@v7.0.1 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | @@ -80,7 +80,7 @@ jobs: if: | steps.bot-pr.outcome == 'success' || env.LINKED_ISSUE_ID == '' && contains(github.event.pull_request.labels.*.name, env.EXCLUDE_LABEL) == true - uses: actions/github-script@v6.4.1 + uses: actions/github-script@v7.0.1 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | @@ -88,7 +88,7 @@ jobs: - name: "Fail if no linked issue or exclusion label" id: exclude-linked-error if: steps.linked.outcome == 'skipped' && steps.exclude-linked.outcome == 'skipped' - uses: actions/github-script@v6.4.1 + uses: actions/github-script@v7.0.1 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | @@ -97,7 +97,7 @@ jobs: - name: "Fail if linked issue AND exclusion label" id: linked-and-nochangelog if: steps.linked.outcome == 'success' && steps.exclude-linked.outcome == 'success' - uses: actions/github-script@v6.4.1 + uses: actions/github-script@v7.0.1 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | @@ -376,7 +376,7 @@ jobs: steps: - name: "Checkout" id: checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.1 - name: "Check changelog entry" id: check-changelog uses: Zomzog/changelog-checker@v1.3.0