Skip to content

Commit

Permalink
chore(ci): use github app instead of bot user (#492)
Browse files Browse the repository at this point in the history 
* chore(ci): use github app instead of bot user

* Cleanup
  • Loading branch information
@nirinchev
nirinchev authored Dec 5, 2024
1 parent d9db8b5 commit 94d5ec2
Show file tree
Hide file tree
Showing 5 changed files with 119 additions and 140 deletions.
39 changes: 12 additions & 27 deletions .github/workflows/bump-packages.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,25 +10,27 @@ jobs:
name: Bump packages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: mongodb-js/devtools-shared/actions/setup-bot-token@main
id: app-token
with:
app-id: ${{ vars.DEVTOOLS_BOT_APP_ID }}
private-key: ${{ secrets.DEVTOOLS_BOT_PRIVATE_KEY }}

- uses: actions/checkout@v4
with:
# don't checkout a detatched HEAD
ref: ${{ github.head_ref }}
token: ${{ steps.app-token.outputs.token }}

# this is important so git log can pick up on
# the whole history to generate the list of AUTHORS
fetch-depth: '0'

- name: Setup git
run: |
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
fetch-depth: "0"

- name: Setup Node.js
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: 20.x
cache: 'npm'
cache: "npm"

- name: Install npm
run: npm install -g npm@8
Expand All @@ -46,21 +48,4 @@ jobs:
npm run bump-packages
git add .
git commit --no-allow-empty -m "chore(ci): bump packages" || true
- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@v6
with:
commit-message: 'chore(ci): bump packages'
branch: ci/bump-packages
title: 'chore(ci): bump packages'
body: |
- Bump package versions
- name: Merge PR
if: ${{steps.cpr.outputs.pull-request-operation == 'created'}}
env:
PULL_REQUEST_NUMBER: ${{steps.cpr.outputs.pull-request-number}}
GITHUB_TOKEN: ${{secrets.PAT}}
run: |
gh pr merge $PULL_REQUEST_NUMBER --squash --delete-branch
git push
10 changes: 5 additions & 5 deletions .github/workflows/check-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,25 +46,25 @@ jobs:

# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Node.js
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: 20.x
cache: 'npm'
cache: "npm"

- name: Install npm
run: npm install -g npm@8

- name: Use [email protected]
# Default Python (3.12) doesn't have support for distutils
# https://github.com/nodejs/node-gyp/issues/2869
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: '3.11'
python-version: "3.11"

- name: Install Dependencies
run: |
Expand Down
80 changes: 40 additions & 40 deletions .github/workflows/codeql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@ name: "CodeQL"

on:
push:
branches: [ "main" ]
branches: ["main"]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
branches: ["main"]
schedule:
- cron: '30 14 * * 4'
- cron: "30 14 * * 4"

jobs:
analyze:
Expand All @@ -33,53 +33,53 @@ jobs:
strategy:
fail-fast: false
matrix:
language: [ 'javascript-typescript' ]
language: ["javascript-typescript"]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
# Use only 'java' to analyze code written in Java, Kotlin or both
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Checkout repository
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
config: |
paths-ignore:
- '**/*.test.js'
- '**/*.spec.js'
- '**/*.test.ts'
- '**/*.spec.ts'
- '**/*.test.tsx'
- '**/*.spec.tsx'
- 'scripts/**'
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
config: |
paths-ignore:
- '**/*.test.js'
- '**/*.spec.js'
- '**/*.test.ts'
- '**/*.spec.ts'
- '**/*.test.tsx'
- '**/*.spec.tsx'
- 'scripts/**'
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh
# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
85 changes: 43 additions & 42 deletions .github/workflows/publish-packages.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,45 +18,46 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
with:
# don't checkout a detatched HEAD
ref: ${{ github.head_ref }}

# this is important so git log has the whole history
fetch-depth: '0'

- name: Setup git
run: |
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 20.x
cache: 'npm'

- name: Install npm
run: npm install -g npm@8

- name: Install Dependencies
run: |
npm run bootstrap-ci
shell: bash

- name: "Publish what is not already in NPM"
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc
git update-index --assume-unchanged .npmrc
npm run publish-packages
- name: "Publish tags"
run: |
npx lerna list -a --json | \
jq -r '.[] | .name + "@" + .version' | \
xargs -i sh -c "git tag -a {} -m {} || true"
git push --follow-tags
- uses: mongodb-js/devtools-shared/actions/setup-bot-token@main
id: app-token
with:
app-id: ${{ vars.DEVTOOLS_BOT_APP_ID }}
private-key: ${{ secrets.DEVTOOLS_BOT_PRIVATE_KEY }}

- uses: actions/checkout@v4
with:
# don't checkout a detatched HEAD
ref: ${{ github.head_ref }}
token: ${{ steps.app-token.outputs.token }}

# this is important so git log has the whole history
fetch-depth: "0"

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20.x
cache: "npm"

- name: Install npm
run: npm install -g npm@8

- name: Install Dependencies
run: |
npm run bootstrap-ci
shell: bash

- name: "Publish what is not already in NPM"
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc
git update-index --assume-unchanged .npmrc
npm run publish-packages
- name: "Publish tags"
run: |
npx lerna list -a --json | \
jq -r '.[] | .name + "@" + .version' | \
xargs -i sh -c "git tag -a {} -m {} || true"
git push --follow-tags
45 changes: 19 additions & 26 deletions .github/workflows/update-cidrs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,42 +11,35 @@ jobs:
name: Update automatically generated files
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
- uses: actions/create-github-app-token@v1
id: app-token
with:
node-version: ^18.x
cache: 'npm'
app-id: ${{ vars.DEVTOOLS_BOT_APP_ID }}
private-key: ${{ secrets.DEVTOOLS_BOT_PRIVATE_KEY }}

- name: Install npm@8
run: |
npm install -g npm@8
- uses: actions/checkout@v4
with:
# don't checkout a detatched HEAD
ref: ${{ github.head_ref }}
token: ${{ steps.app-token.outputs.token }}

- uses: actions/setup-node@v4
with:
node-version: ^20.x
cache: "npm"

- name: Install Dependencies
run: |
npm -v
npm i
npm ci
# make sure precommit.js is compiled
npm run bootstrap-ci -- --scope @mongodb-js/monorepo-tools --stream --include-dependencies
- name: Update cidrs.json
run: npm run -w packages/mongodb-cloud-info update-cidrs

- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@v6
with:
commit-message: Update report
branch: ci/update-cidrs
title: 'chore: update cidrs.json'
add-paths: |
resources/cidrs.json
body: |
- Update `cidrs.json`
- name: Merge PR
env:
PULL_REQUEST_NUMBER: ${{steps.cpr.outputs.pull-request-number}}
# NOTE: we don't use a PAT so to not trigger further automation
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Commit and push
run: |
gh pr merge $PULL_REQUEST_NUMBER --squash --delete-branch
git add resources/cidrs.json
git commit --no-allow-empty -m "chore: update cidrs.json [skip ci]" || true
git push

0 comments on commit 94d5ec2

Please sign in to comment.