paketo-buildpacks · ryanmoran · Mar 31, 2023 · Mar 23, 2023 · Mar 31, 2023
@@ -0,0 +1,2 @@
+CODEOWNERS
+workflows/update-dependencies.yml
@@ -0,0 +1 @@
+* @paketo-buildpacks/nodejs-maintainers
@@ -0,0 +1,7 @@
+---
+version: 2
+updates:
+- package-ecosystem: gomod
+  directory: "/"
+  schedule:
+    interval: daily
@@ -0,0 +1,39 @@
+- name: status/possible-priority
+  description: This issue is ready to work and should be considered as a potential priority
+  color: F9D0C4
+- name: status/prioritized
+  description: This issue has been triaged and resolving it is a priority
+  color: BFD4F2
+- name: status/blocked
+  description: This issue has been triaged and resolving it is blocked on some other issue
+  color: 848978
+- name: bug
+  description: Something isn't working
+  color: d73a4a
+- name: enhancement
+  description: A new feature or request
+  color: a2eeef
+- name: documentation
+  description: This issue relates to writing documentation
+  color: D4C5F9
+- name: semver:major
+  description: A change requiring a major version bump
+  color: 6b230e
+- name: semver:minor
+  description: A change requiring a minor version bump
+  color: cc6749
+- name: semver:patch
+  description: A change requiring a patch version bump
+  color: f9d0c4
+- name: good first issue
+  description: A good first issue to get started with
+  color: d3fc03
+- name: "failure:release"
+  description: An issue filed automatically when a release workflow run fails
+  color: f00a0a
+- name: "failure:push"
+  description: An issue filed automatically when a push buildpackage workflow run fails
+  color: f00a0a
+- name: "failure/update-dependencies"
+  description: An issue filed automatically when updating buildpack.toml dependencies fails in a workflow
+  color: f00a0a
@@ -0,0 +1,69 @@
+name: Approve Bot PRs and Enable Auto-Merge
+
+on:
+  workflow_run:
+    workflows: ["Test Pull Request"]
+    types:
+    - completed
+
+jobs:
+  download:
+    name: Download PR Artifact
+    if: ${{ github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-22.04
+    outputs:
+      pr-author: ${{ steps.pr-data.outputs.author }}
+      pr-number: ${{ steps.pr-data.outputs.number }}
+    steps:
+    - name: 'Download artifact'
+      uses: paketo-buildpacks/github-config/actions/pull-request/download-artifact@main
+      with:
+        name: "event-payload"
+        repo: ${{ github.repository }}
+        run_id: ${{ github.event.workflow_run.id }}
+        workspace: "/github/workspace"
+        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+    - id: pr-data
+      run: |
+        echo "author=$(cat event.json | jq -r '.pull_request.user.login')" >> "$GITHUB_OUTPUT"
+        echo "number=$(cat event.json | jq -r '.pull_request.number')" >> "$GITHUB_OUTPUT"
+
+  approve:
+    name: Approve Bot PRs
+    needs: download
+    if: ${{ needs.download.outputs.pr-author == 'paketo-bot' || needs.download.outputs.pr-author == 'dependabot[bot]' }}
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Check Commit Verification
+      id: unverified-commits
+      uses: paketo-buildpacks/github-config/actions/pull-request/check-unverified-commits@main
+      with:
+        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        repo: ${{ github.repository }}
+        number: ${{ needs.download.outputs.pr-number }}
+
+    - name: Check for Human Commits
+      id: human-commits
+      uses: paketo-buildpacks/github-config/actions/pull-request/check-human-commits@main
+      with:
+        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        repo: ${{ github.repository }}
+        number: ${{ needs.download.outputs.pr-number }}
+
+    - name: Checkout
+      if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
+      uses: actions/checkout@v3
+
+    - name: Approve
+      if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
+      uses: paketo-buildpacks/github-config/actions/pull-request/approve@main
+      with:
+        token: ${{ secrets.PAKETO_BOT_REVIEWER_GITHUB_TOKEN }}
+        number: ${{ needs.download.outputs.pr-number }}
+
+    - name: Enable Auto-Merge
+      if: steps.human-commits.outputs.human_commits == 'false' && steps.unverified-commits.outputs.unverified_commits == 'false'
+      run: |
+        gh pr merge ${{ needs.download.outputs.pr-number }} --auto --rebase
+      env:
+        GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
@@ -0,0 +1,35 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+  - cron: '0 0 * * *'  # Once a day at midnight
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-22.04
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+        - 'go'
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
@@ -0,0 +1,116 @@
+name: Create or Update Draft Release
+
+on:
+  push:
+    branches:
+    - main
+  repository_dispatch:
+    types: [ version-bump ]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version of the release to cut (e.g. 1.2.3)'
+        required: false
+
+concurrency: release
+
+jobs:
+  unit:
+    name: Unit Tests
+    runs-on: ubuntu-22.04
+    outputs:
+      builders: ${{ steps.builders.outputs.builders }}
+    steps:
+    - name: Setup Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.18.x
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Run Unit Tests
+      run: ./scripts/unit.sh
+
+  release:
+    name: Release
+    runs-on: ubuntu-22.04
+    needs: unit
+    steps:
+    - name: Setup Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.18.x
+    - name: Checkout
+      uses: actions/checkout@v3
+    - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true
+    - name: Reset Draft Release
+      id: reset
+      uses: paketo-buildpacks/github-config/actions/release/reset-draft@main
+      with:
+        repo: ${{ github.repository }}
+        token: ${{ github.token }}
+    - name: Calculate Semver Tag
+      if: github.event.inputs.version == ''
+      id: semver
+      uses: paketo-buildpacks/github-config/actions/tag/calculate-semver@main
+      with:
+        repo: ${{ github.repository }}
+        token: ${{ github.token }}
+        ref-name: ${{ github.ref_name }}
+    - name: Set Release Tag
+      id: tag
+      run: |
+        tag="${{ github.event.inputs.version }}"
+        if [ -z "${tag}" ]; then
+          tag="${{ steps.semver.outputs.tag }}"
+        fi
+        echo "tag=${tag}" >> "$GITHUB_OUTPUT"
+    - name: Package
+      run: ./scripts/package.sh --version "${{ steps.tag.outputs.tag }}"
+    - name: Create Release Notes
+      id: create-release-notes
+      uses: paketo-buildpacks/github-config/actions/release/notes@main
+      with:
+        repo: ${{ github.repository }}
+        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+    - name: Create Release
+      uses: paketo-buildpacks/github-config/actions/release/create@main
+      with:
+        repo: ${{ github.repository }}
+        token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+        tag_name: v${{ steps.tag.outputs.tag }}
+        target_commitish: ${{ github.sha }}
+        name: v${{ steps.tag.outputs.tag }}
+        body: ${{ steps.create-release-notes.outputs.release_body }}
+        draft: true
+        assets: |
+          [
+            {
+              "path": "build/buildpack.tgz",
+              "name": "${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.tgz",
+              "content_type": "application/gzip"
+            },
+            {
+              "path": "build/buildpackage.cnb",
+              "name": "${{ github.event.repository.name }}-${{ steps.tag.outputs.tag }}.cnb",
+              "content_type": "application/gzip"
+            }
+          ]
+
+  failure:
+    name: Alert on Failure
+    runs-on: ubuntu-22.04
+    needs: [ unit, release ]
+    if: ${{ always() && needs.unit.result == 'failure' || needs.release.result == 'failure' }}
+    steps:
+    - name: File Failure Alert Issue
+      uses: paketo-buildpacks/github-config/actions/issue/file@main
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        repo: ${{ github.repository }}
+        label: "failure:release"
+        comment_if_exists: true
+        issue_title: "Failure: Create Draft Release workflow"
+        issue_body: |
+          Create Draft Release workflow [failed](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}).
+        comment_body: |
+           Another failure occurred: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
@@ -0,0 +1,52 @@
+name: Go Get Update
+
+on:
+  schedule:
+    - cron: '0 0 * * 1'  # Once per week, Mondays at midnight
+  workflow_dispatch: {}
+
+jobs:
+  update:
+    name: Go Get Update
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18.x
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Checkout Branch
+        uses: paketo-buildpacks/github-config/actions/pull-request/checkout-branch@main
+        with:
+          branch: automation/tools/go-get-update
+
+      - shell: bash
+        run: |
+          go get -u -t ./...
+          go mod tidy
+
+      - name: Commit
+        id: commit
+        uses: paketo-buildpacks/github-config/actions/pull-request/create-commit@main
+        with:
+          message: "Running 'go get -u -t ./...'"
+          pathspec: "."
+          keyid: ${{ secrets.PAKETO_BOT_GPG_SIGNING_KEY_ID }}
+          key: ${{ secrets.PAKETO_BOT_GPG_SIGNING_KEY }}
+
+      - name: Push Branch
+        if: ${{ steps.commit.outputs.commit_sha != '' }}
+        uses: paketo-buildpacks/github-config/actions/pull-request/push-branch@main
+        with:
+          branch: automation/tools/go-get-update
+
+      - name: Open Pull Request
+        if: ${{ steps.commit.outputs.commit_sha != '' }}
+        uses: paketo-buildpacks/github-config/actions/pull-request/open@main
+        with:
+          token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
+          title: "Running 'go get -u -t ./...'"
+          branch: automation/tools/go-get-update
@@ -0,0 +1,33 @@
+name: Set / Validate PR Labels
+on:
+  pull_request_target:
+    branches:
+    - main
+    types:
+    - synchronize
+    - opened
+    - reopened
+    - labeled
+    - unlabeled
+
+concurrency: pr_labels_${{ github.event.number }}
+
+jobs:
+  autolabel:
+    name: Ensure Minimal Semver Labels
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Check Minimal Semver Labels
+      uses: mheap/github-action-required-labels@v1
+      with:
+        count: 1
+        labels: semver:major, semver:minor, semver:patch
+        mode: exactly
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Auto-label Semver
+      if: ${{ failure() }}
+      uses: paketo-buildpacks/github-config/actions/pull-request/auto-semver-label@main
+      env:
+        GITHUB_TOKEN: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
@@ -0,0 +1,30 @@
+name: Lint Workflows
+
+on:
+  pull_request:
+    paths:
+    - '.github/**.yml'
+    - '.github/**.yaml'
+
+jobs:
+  lintYaml:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Checkout github-config
+      uses: actions/checkout@v3
+      with:
+        repository: paketo-buildpacks/github-config
+        path: github-config
+
+    - name: Set up Python
+      uses: actions/setup-python@v3
+      with:
+        python-version: 3.8
+
+    - name: Install yamllint
+      run: pip install yamllint
+
+    - name: Lint YAML files
+      run: yamllint ./.github -c github-config/.github/.yamllint