chore(commitlint): set body-max-line-length to 3000 (#5315) #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CI: proto and commitlint; fan-out Go (fmt, lint, unit-tests) || UI (ui-lint, ui-test); | |
| # then build (gitops, gitops-server). On tag: image, chart, goreleaser. | |
| # | |
| # Flow: vars (sets run_release_jobs: true when ref is v* tag OR workflow_dispatch with run_release_jobs=true) and conventional-commits run first. | |
| # conventional-commits -> pr-title-lint (if PR), proto, ui-lint, ui-test -> go-* -> build. | |
| # Release jobs (build-push-gitops-server, build-and-push-chart, goreleaser) need [build, vars] and | |
| # if: needs.vars.outputs.run_release_jobs == 'true'. | |
| # workflow_dispatch input run_release_jobs is the sentinel when release.yaml (or manual) invokes CI via API. | |
| # No make clean (each run is a fresh checkout). | |
| # | |
| # On tag (v*): build-push-gitops-server (provenance, SBOM, cosign), build-and-push-chart | |
| # (cosign), goreleaser (binaries, cosign, brew for non-rc). Fork-friendly. | |
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ["v*"] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| inputs: | |
| run_release_jobs: | |
| description: "Run image, chart and goreleaser jobs (release build). Set when dispatching to (re-)run release, or when invoked by release.yaml." | |
| required: false | |
| default: false | |
| type: boolean | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| env: | |
| PYTHON_VERSION: "3.12" | |
| jobs: | |
| vars: | |
| name: Set CI vars | |
| runs-on: ubuntu-latest | |
| outputs: | |
| run_release_jobs: ${{ steps.set_vars.outputs.is_release_tag == 'true' || (github.event_name == 'workflow_dispatch' && github.event.inputs.run_release_jobs == 'true') }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| cache: "pip" | |
| - run: pip install -e ./tooling | |
| - id: set_vars | |
| run: echo "is_release_tag=$(weavetooling ci is-tag)" >> $GITHUB_OUTPUT | |
| conventional-commits: | |
| name: Conventional Commits | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: wagoid/commitlint-github-action@v5 | |
| with: | |
| configFile: ./commitlint.config.mjs | |
| pr-title-lint: | |
| name: Validate PR title | |
| needs: [conventional-commits] | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1 | |
| id: lint_pr_title | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 | |
| if: always() && (steps.lint_pr_title.outputs.error_message != null) | |
| with: | |
| header: pr-title-lint-error | |
| message: | | |
| Hey there and thank you for opening this pull request! :wave: | |
| We require pull request titles to follow the | |
| [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) | |
| and it looks like your proposed title needs to be adjusted. | |
| We use the pull request title in automated release changelog updates, and would like our | |
| changelogs to look nice. | |
| Details: | |
| ``` | |
| ${{ steps.lint_pr_title.outputs.error_message }} | |
| ``` | |
| - if: ${{ steps.lint_pr_title.outputs.error_message == null }} | |
| uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 | |
| with: | |
| header: pr-title-lint-error | |
| delete: true | |
| ui-lint: | |
| name: UI lint | |
| needs: [pr-title-lint] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: package.json | |
| cache: yarn | |
| - run: make node_modules | |
| - run: make ui-lint | |
| - run: make ui-audit | |
| ui-test: | |
| name: UI test | |
| needs: [pr-title-lint] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: package.json | |
| cache: yarn | |
| - run: make node_modules | |
| - run: make ui-test | |
| proto: | |
| name: Proto (generate + git diff) | |
| needs: [pr-title-lint] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Install buf and add to PATH | |
| run: | | |
| go install github.com/bufbuild/buf/cmd/buf@v1.48.0 | |
| echo "$(go env GOPATH)/bin" >> $GITHUB_PATH | |
| - run: make proto | |
| - run: git diff --no-ext-diff --exit-code | |
| go-fmt: | |
| name: Go fmt | |
| needs: [proto, ui-lint, ui-test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - run: make fmt | |
| go-lint: | |
| name: Go lint | |
| needs: [proto, ui-lint, ui-test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - run: make lint | |
| go-unit-tests: | |
| name: Go unit-tests | |
| needs: [proto, ui-lint, ui-test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Get FLUX_VERSION from Makefile | |
| id: get_flux_version | |
| run: | | |
| FLUX_VER=$(grep '^FLUX_VERSION=' Makefile | cut -d'=' -f2) | |
| echo "version=$FLUX_VER" >> $GITHUB_OUTPUT | |
| - name: Setup Flux CLI | |
| uses: fluxcd/flux2/action@4a15fa6a023259353ef750acf1c98fe88407d4d0 | |
| with: | |
| version: ${{ steps.get_flux_version.outputs.version }} | |
| - run: make unit-tests | |
| build: | |
| name: Build (gitops, gitops-server) | |
| needs: [go-fmt, go-lint, go-unit-tests] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - run: make gitops | |
| - run: make gitops-server | |
| # --- Tag-only: image, chart, goreleaser --- | |
| build-push-gitops-server: | |
| name: Build and push gitops-server image | |
| needs: [build, vars] | |
| if: needs.vars.outputs.run_release_jobs == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Set build env | |
| run: | | |
| TAG_VER="${GITHUB_REF#refs/tags/v}" | |
| echo "LDFLAGS=$(make echo-ldflags CHART_VERSION=$TAG_VER)" >> $GITHUB_ENV | |
| echo "FLUX_VERSION=$(make echo-flux-version)" >> $GITHUB_ENV | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push gitops-server | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: gitops-server.dockerfile | |
| build-args: | | |
| LDFLAGS=${{ env.LDFLAGS }} | |
| GIT_COMMIT=${{ github.sha }} | |
| push: true | |
| provenance: "mode=max" | |
| sbom: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}/gitops-server:${{ github.ref_name }} | |
| ghcr.io/${{ github.repository }}/gitops-server:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v4 | |
| - name: Keyless signing of image | |
| run: | | |
| cosign sign --yes ghcr.io/${{ github.repository }}/gitops-server@${{ steps.build.outputs.digest }} | |
| - name: Verify the image signing | |
| run: | | |
| cosign verify ghcr.io/${{ github.repository }}/gitops-server@${{ steps.build.outputs.digest }} \ | |
| --certificate-identity "https://github.com/${{ github.workflow_ref }}" \ | |
| --certificate-oidc-issuer "https://token.actions.githubusercontent.com" | jq . | |
| build-and-push-chart: | |
| name: Build and push Helm chart | |
| needs: [build, vars] | |
| if: needs.vars.outputs.run_release_jobs == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| - uses: azure/setup-helm@v4 | |
| with: | |
| version: "v3.17.0" | |
| - name: Helm registry login | |
| run: | | |
| echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Package and push chart | |
| id: push-chart | |
| run: | | |
| helm package charts/gitops-server -d /tmp | |
| CHART=$(ls /tmp/weave-gitops-*.tgz) | |
| helm push "$CHART" oci://ghcr.io/${{ github.repository_owner }} 2>&1 | tee /tmp/push.log | |
| CHART_DIGEST=$(awk '/Digest: /{print $2}' /tmp/push.log) | |
| [ -n "$CHART_DIGEST" ] || { echo "Could not parse digest from helm push"; cat /tmp/push.log; exit 1; } | |
| echo "digest=$CHART_DIGEST" >> $GITHUB_OUTPUT | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v4 | |
| - name: Keyless signing of chart | |
| run: | | |
| cosign sign --yes ghcr.io/${{ github.repository_owner }}/weave-gitops@${{ steps.push-chart.outputs.digest }} | |
| - name: Verify the chart signing | |
| run: | | |
| cosign verify ghcr.io/${{ github.repository_owner }}/weave-gitops@${{ steps.push-chart.outputs.digest }} \ | |
| --certificate-identity "https://github.com/${{ github.workflow_ref }}" \ | |
| --certificate-oidc-issuer "https://token.actions.githubusercontent.com" | jq . | |
| goreleaser: | |
| name: Goreleaser (gitops CLI) | |
| needs: [build, vars] | |
| if: needs.vars.outputs.run_release_jobs == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| env: | |
| FLUX_VERSION: "2.7.2" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - uses: fluxcd/flux2/action@4a15fa6a023259353ef750acf1c98fe88407d4d0 | |
| - name: Set CHART_VERSION from tag | |
| run: echo "CHART_VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV | |
| - name: Include brew publishing | |
| if: "!contains(github.ref_name, '-')" | |
| run: cat .goreleaser.brew.yml >> .goreleaser.yml | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v4 | |
| - uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| distribution: goreleaser | |
| version: "v2" | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| FLUX_VERSION: ${{ env.FLUX_VERSION }} | |
| CHART_VERSION: ${{ env.CHART_VERSION }} | |
| BRANCH: ${{ github.ref_name }} | |
| COSIGN_EXPERIMENTAL: "1" |