chore: Initial version

Change-Id: I77d06e0194147ae509414c6edb76d36aa42fd635

Author: sileht

.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+      # yamllint disable-line rule:quoted-strings
+      time: "08:00"
+      timezone: Europe/Paris

.github/workflows/ci.yaml

@@ -0,0 +1,52 @@
+name: Continuous Integration
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+      - devs/**
+
+jobs:
+  linters:
+    timeout-minutes: 20
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout 🛎️
+        uses: actions/[email protected]
+
+      - name: Actionlint
+        uses: docker://rhysd/actionlint:latest
+        with:
+          args: -color
+
+  action:
+    runs-on: ubuntu-24.04
+    outputs:
+      scopes: ${{ steps.action.outputs.scopes }}
+      everything: ${{ fromJSON(steps.action.outputs.scopes).everything }}
+      action: ${{ fromJSON(steps.action.outputs.scopes).action }}
+    steps:
+      - name: Checkout 🛎️
+        uses: actions/[email protected]
+
+      - name: Trying action
+        id: action
+        uses: ./
+  tests:
+    if: ${{ !cancelled() }}
+    runs-on: ubuntu-24.04
+    needs:
+      - action
+    steps:
+      - name: Check scopes
+        env:
+          SCOPES: ${{ needs.action.outputs.scopes }}
+          EVERYTHING: ${{ needs.action.outputs.everything }}
+          EVERYTHING_BOOL: ${{ needs.action.outputs.everything == 'true' }}
+        run: |
+          echo "SCOPES: $SCOPES"
+          test "$EVERYTHING" == "true"
+          test "$EVERYTHING_BOOL" == "true"

.gitignore

@@ -0,0 +1,3 @@
+__pycache__
+*.pyc
+.pytest_cache

.mergify.yml

@@ -0,0 +1,103 @@
+extends: .github
+shared:
+  IsPublicHolidays: &IsPublicHolidays
+    or:
+      - current-datetime = XXXX-01-01T00:00/XXXX-01-01T23:59[Europe/Paris]
+      - current-datetime = XXXX-05-01T00:00/XXXX-05-01T23:59[Europe/Paris]
+      - current-datetime = XXXX-05-08T00:00/XXXX-05-08T23:59[Europe/Paris]
+      - current-datetime = XXXX-07-14T00:00/XXXX-07-14T23:59[Europe/Paris]
+      - current-datetime = XXXX-08-15T00:00/XXXX-08-15T23:59[Europe/Paris]
+      - current-datetime = XXXX-11-01T00:00/XXXX-11-01T23:59[Europe/Paris]
+      - current-datetime = XXXX-11-11T00:00/XXXX-11-11T23:59[Europe/Paris]
+      - current-datetime = XXXX-12-25T00:00/XXXX-12-25T23:59[Europe/Paris]
+  DefaultQueueOptions: &DefaultQueueOptions
+    commit_message_template: |
+      {{ title }} (#{{ number }})
+
+      {{ body }}
+    merge_method: squash
+  CheckRuns: &CheckRuns
+    - check-success=linters
+    - check-success=action
+    - check-success=tests
+
+scopes:
+  source:
+    files:
+      github:
+        includes:
+          - .github/**/*
+      action:
+        includes:
+          - action.yml
+      everything: {}
+
+queue_rules:
+  - name: default
+    <<: *DefaultQueueOptions
+    autoqueue: true
+    queue_conditions:
+      - base=main
+      - and: *CheckRuns
+      - or: &DefaultReviewCond
+          - "#approved-reviews-by>=1"
+          - and:
+              - author=mergify-ci-bot
+              - head=trivy/daily-report
+              - approved-reviews-by=@eng-mgr
+      - "#changes-requested-reviews-by=0"
+      - "#review-threads-unresolved=0"
+      - "#review-requested=0"
+    merge_conditions:
+      - and: *CheckRuns
+      - and:
+          - not: *IsPublicHolidays
+          - schedule=Mon-Fri 09:00-17:30[Europe/Paris]
+
+  - name: lowprio
+    <<: *DefaultQueueOptions
+    autoqueue: true
+    queue_conditions:
+      - base=main
+      - and: *CheckRuns
+      - "#commits=1"
+      - or:
+          - and:
+              - author=mergify-ci-bot
+              - head~=^clifus/
+              - "title~=^chore: bump"
+          - and:
+              - author=mergify-ci-bot
+              - head=trivy/daily-report
+              - label!=new CVE
+          - and:
+              - author=mergify-ci-bot
+              - head=openapi-spec-sync
+          - author=dependabot[bot]
+    merge_method: merge
+    merge_conditions:
+      - and: *CheckRuns
+      - and:
+          - not: *IsPublicHolidays
+          - schedule=Mon-Fri 09:00-17:00[Europe/Paris]
+    batch_size: 7
+    batch_max_wait_time: 5min
+    commit_message_template:
+    queue_branch_merge_method: fast-forward
+
+pull_request_rules:
+  - name: request review
+    conditions:
+      - -author=dependabot[bot]
+      - -author=mergify-ci-bot
+      - -merged
+      - -closed
+      - and: *CheckRuns
+      - "#changes-requested-reviews-by=0"
+      - review-requested!=@devs
+      - not:
+         or: *DefaultReviewCond
+    actions:
+      request_reviews:
+        teams:
+          - devs

README.md

@@ -0,0 +1,118 @@
+# gha-mergify-ci-scopes
+
+A GitHub Action that detects which parts of your monorepo are affected by a pull request, so you can run only the relevant tests.
+
+## The Problem
+
+In monorepos, running all tests for every pull request wastes time and resources. While GitHub Actions offers path filtering:
+
+```yaml
+on:
+  pull_request:
+    paths:
+      - 'js/**'
+```
+
+This approach has a critical flaw: when a job doesn't run, you can't tell if it was skipped due to the filter or if CI failed to start.
+This becomes especially problematic with merge queues, where you don't want to skip tests on the second PR just because the first PR in the queue modified different files.
+
+## The Solution
+
+This action analyzes changed files and returns "scopes" indicating which parts of your codebase are affected. It's merge queue-aware, ignoring changes from PRs ahead in the queue to ensure accurate test selection.
+
+When running in a merge queue context, the action automatically adds a `merge-queue` scope for integration tests.
+
+## Usage
+
+The example bellow demonstrate how to setup a monorepo containing a Python and a Javascript project.
+
+The Python jobs will ran only if `*.py` are modified, same the Javascript jobs and `*.js` files.
+
+An additional job called `integration` will run only when on Mergify merge-queue branches.
+
+### 1. Configure Scopes
+
+Create a `.mergify.yml` file in your repository root:
+
+```yaml
+scopes:
+  source:
+    files:
+      python:
+        includes:
+          - **/*.py
+      js:
+        includes:
+          - **/*.js
+
+queue_rules:
+    - name: default
+      autoqueue: true
+      queue_conditions:
+        - check-success: alls-green
+```
+
+### 2. Set Up Your Workflow
+
+```yaml
+name: Continuous Integration
+on:
+  pull_request_target:
+    types:
+      - opened
+
+jobs:
+  scopes:
+    runs-on: ubuntu-22.04
+    outputs:
+      js: ${{ fromJSON(steps.scopes.outputs.scopes).js }}
+      python: ${{ fromJSON(steps.scopes.outputs.scopes).python }}
+      merge-queue: ${{ fromJSON(steps.scopes.outputs.scopes).merge-queue }}
+    steps:
+      - uses: actions/checkout@v5
+      - name: Get PR scopes
+        id: scopes
+        uses: Mergifyio/gha-mergify-ci-scopes
+
+  python:
+    if: ${{ needs.scopes.outputs.python == 'true' }}
+    needs: scopes
+    uses: ./.github/workflows/python.yaml
+    secrets: inherit
+
+  js:
+    if: ${{ needs.scopes.outputs.js == 'true' }}
+    needs: scopes
+    uses: ./.github/workflows/js.yaml
+    secrets: inherit
+
+  integration:
+    if: ${{ needs.scopes.outputs.merge-queue == 'true' }}
+    needs: scopes
+    uses: ./.github/workflows/integration.yaml
+    secrets: inherit
+
+  alls-green:
+    if: ${{ !cancelled() }}
+    needs:
+      - python
+      - js
+      - integration
+    runs-on: ubuntu-latest
+    steps:
+      - name: Verify all jobs succeeded
+        uses: re-actors/alls-green@release/v1
+        with:
+          allowed-skips: ${{ toJSON(needs) }}
+          jobs: ${{ toJSON(needs) }}
+```
+
+## Outputs
+
+Each scope defined in `.mergify.yml` becomes an output:
+- `scopes.<scope-name>`: Returns `true` if the scope is affected, `false` otherwise
+- `scopes.merge-queue`: Automatically set to `true` when running in a merge queue
+
+## Requirements
+
+- Python >= 3.10 (available in the runner environment)

action.yml

@@ -0,0 +1,42 @@
+name: 'mergify-ci-scopes'
+description: 'Mergify: return the scopes of a pull request depending on the changed files'
+branding:
+  icon: arrow-up
+  color: 'blue'
+inputs:
+  token:
+    required: false
+    description: Mergify CI token
+  mergify_api_url:
+    required: false
+    description: URL of the Mergify API
+outputs:
+  scopes:
+    description: stringified JSON mapping with names of all scopes matching any of changed files
+    value: ${{ steps.scopes-detection.outputs.scopes }}
+runs:
+  using: "composite"
+  steps:
+    - name: Setup Python 🔧
+      uses: actions/[email protected]
+      with:
+        python-version: "3.13"
+
+    - name: Install dependencies
+      shell: bash
+      run: |
+        # pip install mergify-cli
+        pip install -e git+https://github.com/Mergifyio/mergify-cli@devs/sileht/test-bin#egg=mergify-cli
+
+    - name: Detect scopes
+      id: scopes-detection
+      shell: bash
+      run: mergify ci scopes --write $RUNNER_TEMP/mergify-scopes.json
+
+    - name: Upload scopes to Mergify API
+      shell: bash
+      if: ${{ inputs.token }}
+      env:
+        MERGIFY_TOKEN: ${{ inputs.token }}
+        MERGIFY_API_URL: ${{ inputs.mergify_api_url }}
+      run: mergify ci scopes-send --file $RUNNER_TEMP/mergify-scopes.json