deps(dev-npm): bump @commitlint/config-conventional in /dev-dependenc… #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Images | |
on: | |
push: | |
branches: | |
- main | |
# Don't grant any access by default | |
permissions: {} | |
jobs: | |
test: | |
name: Build and Test | |
runs-on: ubuntu-latest | |
concurrency: | |
group: ${{ github.workflow }}-main-${{ matrix.images.target }} | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
deployments: write | |
issues: write | |
packages: write | |
strategy: | |
fail-fast: false | |
matrix: | |
images: | |
- prefix: slim- | |
target: slim | |
- prefix: "" | |
target: standard | |
timeout-minutes: 60 | |
env: | |
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest" | |
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}" | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
- name: Set build metadata | |
run: | | |
if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'merge_group' ]]; then | |
BUILD_REVISION=${{ github.sha }} | |
BUILD_VERSION=${{ github.sha }} | |
elif [[ ${{ github.event_name }} == 'pull_request' ]]; then | |
BUILD_REVISION=${{ github.event.pull_request.head.sha }} | |
BUILD_VERSION=${{ github.event.pull_request.head.sha }} | |
else | |
echo "[ERROR] Event not supported when setting build revision and build version" | |
exit 1 | |
fi | |
if [ -z "${BUILD_REVISION}" ]; then | |
echo "[ERROR] BUILD_REVISION is empty" | |
exit 1 | |
fi | |
if [ -z "${BUILD_VERSION}" ]; then | |
echo "[ERROR] BUILD_VERSION is empty" | |
exit 1 | |
fi | |
{ | |
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" | |
echo "BUILD_REVISION=${BUILD_REVISION}" | |
echo "BUILD_VERSION=${BUILD_VERSION}" | |
} >> "${GITHUB_ENV}" | |
- name: Free Disk space | |
shell: bash | |
run: | | |
sudo rm -rf /usr/local/lib/android || true | |
sudo rm -rf /usr/share/dotnet || true | |
sudo rm -rf /opt/ghc || true | |
sudo rm -rf /usr/local/.ghcup || true | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build Image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile | |
build-args: | | |
BUILD_DATE=${{ env.BUILD_DATE }} | |
BUILD_REVISION=${{ env.BUILD_REVISION }} | |
BUILD_VERSION=${{ env.BUILD_VERSION }} | |
cache-from: type=registry,ref=${{ env.CONTAINER_IMAGE_ID }}-buildcache | |
load: true | |
push: false | |
secrets: | | |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
tags: | | |
${{ env.CONTAINER_IMAGE_ID }} | |
target: "${{ matrix.images.target }}" | |
- name: Run Test Suite | |
run: make test | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to GHCR | |
uses: docker/[email protected] | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Start deployment | |
uses: bobheadxi/[email protected] | |
id: deployment | |
with: | |
step: start | |
token: ${{ secrets.GITHUB_TOKEN }} | |
env: Production | |
- name: Build and Push Image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile | |
build-args: | | |
BUILD_DATE=${{ env.BUILD_DATE }} | |
BUILD_REVISION=${{ env.BUILD_REVISION }} | |
BUILD_VERSION=${{ env.BUILD_VERSION }} | |
cache-from: type=registry,ref=${{ env.CONTAINER_IMAGE_ID }}-buildcache | |
cache-to: type=registry,ref=${{ env.CONTAINER_IMAGE_ID }}-buildcache,mode=max | |
load: false | |
push: true | |
secrets: | | |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
tags: | | |
${{ env.CONTAINER_IMAGE_ID }} | |
target: "${{ matrix.images.target }}" | |
- name: Update deployment | |
uses: bobheadxi/[email protected] | |
# We depend on the 'deployment' step outputs, so we can't run this step | |
# if the 'deployment' step didn't run. This can happen if any step | |
# before the 'deployment' step fails. That's why 'always()' is not | |
# suitable here. | |
if: steps.deployment.conclusion != 'cancelled' && steps.deployment.conclusion != 'skipped' | |
with: | |
step: finish | |
token: ${{ secrets.GITHUB_TOKEN }} | |
status: ${{ job.status }} | |
deployment_id: ${{ steps.deployment.outputs.deployment_id }} | |
env: ${{ steps.deployment.outputs.env }} | |
env_url: https://github.com/super-linter/super-linter | |
- name: Create Issue on Failure | |
uses: actions/github-script@v7 | |
if: failure() | |
with: | |
github-token: ${{secrets.GITHUB_TOKEN}} | |
script: | | |
const create = await github.rest.issues.create({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
title: "Failed to deploy to production", | |
body: "Automation has failed us!\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", | |
assignees: [ | |
"zkoppert", "Hanse00", "ferrarimarco" | |
] | |
}) | |
release: | |
name: Release | |
needs: | |
- test | |
runs-on: ubuntu-latest | |
concurrency: | |
group: ${{ github.workflow }}-main-release | |
cancel-in-progress: true | |
permissions: | |
contents: write | |
deployments: write | |
issues: write | |
packages: write | |
pull-requests: write | |
timeout-minutes: 60 | |
steps: | |
- uses: google-github-actions/release-please-action@v4 | |
id: release | |
with: | |
config-file: .github/release-please/release-please-config.json | |
manifest-file: .github/release-please/.release-please-manifest.json | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Start deployment | |
if: steps.release.outputs.release_created | |
uses: bobheadxi/[email protected] | |
id: deployment | |
with: | |
step: start | |
token: ${{ secrets.GITHUB_TOKEN }} | |
env: Release | |
- name: Configure release metedata | |
if: steps.release.outputs.release_created | |
# shellcheck disable=SC2062 | |
run: | | |
RELEASE_VERSION="${{ steps.release.outputs.tag_name }}" | |
if [ -z "${RELEASE_VERSION}" ]; then | |
echo "Error RELEASE_VERSION is empty. Exiting..." | |
exit 1 | |
fi | |
if ! echo "${RELEASE_VERSION}" | grep -E -o "v[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+"; then | |
echo "Error: RELEASE_VERSION doesn't look like a semantic version: ${RELEASE_VERSION}" | |
exit 2 | |
fi | |
SEMVER_MAJOR_VERSION=v${{ steps.release.outputs.major }} | |
{ | |
echo "RELEASE_VERSION=${RELEASE_VERSION}" | |
echo "SEMVER_MAJOR_VERSION=${SEMVER_MAJOR_VERSION}" | |
} >> "${GITHUB_ENV}" | |
- name: Login to GHCR | |
if: steps.release.outputs.release_created | |
uses: docker/[email protected] | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# We don't rebuild the image to avoid that the latest tag and the release tags don't point to the very same container image. | |
# Instead, we pull the latest image and tag it. | |
- name: Retag and Push Images | |
if: steps.release.outputs.release_created | |
uses: akhilerm/[email protected] | |
with: | |
src: ghcr.io/super-linter/super-linter:latest | |
dst: | | |
ghcr.io/super-linter/super-linter:${{ env.SEMVER_MAJOR_VERSION }} | |
ghcr.io/super-linter/super-linter:${{ env.RELEASE_VERSION }} | |
- name: Retag and Push Images slim | |
if: steps.release.outputs.release_created | |
uses: akhilerm/[email protected] | |
with: | |
src: ghcr.io/super-linter/super-linter:slim-latest | |
dst: | | |
ghcr.io/super-linter/super-linter:slim-${{ env.SEMVER_MAJOR_VERSION }} | |
ghcr.io/super-linter/super-linter:slim-${{ env.RELEASE_VERSION }} | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# No need to tag major.minor.patch because that tag is automatically created when creating the release | |
- name: Tag major, minor, and latest versions | |
if: steps.release.outputs.release_created | |
run: | | |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git config user.name "github-actions[bot]" | |
git tag --annotate --force ${{ env.SEMVER_MAJOR_VERSION }} -m "Release ${{ env.SEMVER_MAJOR_VERSION }}" | |
git tag --annotate --force latest -m "Release latest (${{ env.RELEASE_VERSION }})" | |
git push --force origin ${{ env.SEMVER_MAJOR_VERSION }} | |
git push --force origin latest | |
- name: Update deployment | |
uses: bobheadxi/[email protected] | |
# We depend on the 'deployment' step outputs, so we can't run this step | |
# if the 'deployment' step didn't run. This can happen if any step | |
# before the 'deployment' step fails. That's why 'always()' is not | |
# suitable here. | |
if: steps.deployment.conclusion != 'cancelled' && steps.deployment.conclusion != 'skipped' | |
with: | |
step: finish | |
token: ${{ secrets.GITHUB_TOKEN }} | |
status: ${{ job.status }} | |
deployment_id: ${{ steps.deployment.outputs.deployment_id }} | |
env: ${{ steps.deployment.outputs.env }} | |
env_url: https://github.com/super-linter/super-linter | |
- name: Create Issue on Failure | |
uses: actions/github-script@v7 | |
if: failure() | |
with: | |
github-token: ${{secrets.GITHUB_TOKEN}} | |
script: | | |
const create = await github.rest.issues.create({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
title: "Failed to deploy to production", | |
body: "Automation has failed us!\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", | |
assignees: [ | |
"zkoppert", "Hanse00", "ferrarimarco" | |
] | |
}) |