feat(ci): adds baseline project CI (#6)

* feat(ci): adds baseline project CI * chore: minor clean up after reviewing PR * chore(test): minor tweak on test code * fix(ci): remove copy paste error)
celestiaorg · Mar 6, 2025 · f4de01d · f4de01d
1 parent c8ee28b
commit f4de01d
Show file tree

Hide file tree

Showing 30 changed files with 877 additions and 138 deletions.
diff --git a/.githooks/pre-commit b/.githooks/pre-commit
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Run make lint before committing
+echo "Running linters..."
+make lint
+
+# Check the exit status
+if [ $? -ne 0 ]; then
+    echo "❌ Linting failed. Please fix the issues before committing."
+    exit 1
+fi
+
+echo "✅ Linting passed."
+exit 0 
diff --git a/.github/auto_request_review.yml b/.github/auto_request_review.yml
@@ -0,0 +1,15 @@
+reviewers:
+  defaults:
+    - devops
+  groups:
+    devops:
+      - team:devops
+files:
+  ".github/**":
+    - MSevey
+    - devops
+options:
+  ignore_draft: true
+  ignored_keywords:
+    - WIP
+  number_of_reviewers: 3
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,34 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    # Group all patch updates into a single PR
+    groups:
+      patch-updates:
+        applies-to: version-updates
+        update-types:
+          - "patch"
+          - "minor"
+    commit-message:
+      include: "scope"
+      prefix: "build"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    # Group all patch updates into a single PR
+    groups:
+      patch-updates:
+        applies-to: version-updates
+        update-types:
+          - "patch"
+          - "minor"
+    commit-message:
+      include: "scope"
+      prefix: "build"
diff --git a/.github/release_WIP.yml b/.github/release_WIP.yml
@@ -0,0 +1,58 @@
+# name: Release Debian Package
+
+# on:
+#   push:
+#     tags:
+#       - 'v*.*.*'  # Trigger on version tags v1.0.0, v2.1.0, etc.
+
+# jobs:
+#   build-deb:
+#     runs-on: ubuntu-latest
+#     permissions:
+#       contents: write  # Needed for creating releases
+
+#     steps:
+#       - name: Checkout code
+#         uses: actions/checkout@v4
+
+#       - name: Set up Go
+#         uses: actions/setup-go@v5
+#         with:
+#           go-version: '1.21'
+#           cache: true
+
+#       - name: Install build dependencies
+#         run: |
+#           sudo apt-get update
+#           sudo apt-get install -y dpkg-dev debhelper fakeroot golang-go
+
+#       - name: Get version from tag
+#         id: get_version
+#         run: |
+#           VERSION=${GITHUB_REF#refs/tags/v}
+#           echo "version=$VERSION" >> $GITHUB_OUTPUT
+#           # Update version in build script
+#           sed -i "s/VERSION=\".*\"/VERSION=\"$VERSION\"/" scripts/build-deb.sh
+
+#       - name: Build Debian package
+#         run: ./scripts/build-deb.sh
+
+#       - name: Create Release
+#         id: create_release
+#         uses: softprops/action-gh-release@v2
+#         with:
+#           name: Release ${{ steps.get_version.outputs.version }}
+#           draft: false
+#           prerelease: false
+#           files: |
+#             build/talis-agent_${{ steps.get_version.outputs.version }}_*.deb
+#           generate_release_notes: true
+#         env:
+#           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+#       - name: Upload package to release
+#         uses: actions/upload-artifact@v4
+#         with:
+#           name: debian-package
+#           path: build/talis-agent_${{ steps.get_version.outputs.version }}_*.deb
+#           retention-days: 5
diff --git a/.github/workflows/approve_merge_bots.yml b/.github/workflows/approve_merge_bots.yml
@@ -0,0 +1,24 @@
+---
+name: Approve and Merge Dependabot PRs
+on:
+  # This is needed to grant permissions for secrets because dependabot PRs are opened by bots
+  pull_request_target:
+
+jobs:
+  dependabot:
+    name: "Approve and Merge Dependabot PRs"
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: CelestiaBot Approval
+        run: gh pr review --approve "$PR_URL"
+        # Leaving out the auto merge step until we have 2 approvals enforced
+        # run: |
+        #   gh pr review --approve "$PR_URL"
+        #   gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.PR_APPROVE_PAT_CB}} # should be used automatically by gh cli
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,52 @@
+---
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - v*
+  pull_request:
+  merge_group:
+
+jobs:
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: celestiaorg/.github/.github/actions/[email protected]
+
+  golangci-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+      - uses: golangci/[email protected]
+
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Run tests
+        run: make test
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Build main application
+        run: make build
diff --git a/.github/workflows/housekeeping.yml b/.github/workflows/housekeeping.yml
@@ -0,0 +1,18 @@
+---
+name: Auto Request Review
+
+on:
+  pull_request_target:
+    types: [opened, ready_for_review]
+
+jobs:
+  auto-add-reviewer:
+    name: Auto add reviewer to PR
+    if: github.event.pull_request
+    uses: celestiaorg/.github/.github/workflows/[email protected]
+    secrets: inherit
+    permissions:
+      issues: write
+      pull-requests: write
+    with:
+      run-auto-request-review: true
diff --git a/.github/workflows/project-automation.yml b/.github/workflows/project-automation.yml
@@ -0,0 +1,48 @@
+---
+name: DevOps project automation
+
+on:
+  issues:
+    types:
+      - opened
+  # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
+  # About security concerns: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+  pull_request_target:
+    types:
+      - opened
+      - ready_for_review
+
+jobs:
+  project-automation:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Set issue url and creator login
+        if: ${{ github.event.issue }}
+        run: |
+          echo "ISSUE=${{ github.event.issue.html_url }}" >> $GITHUB_ENV
+          echo "CREATOR=${{ github.event.issue.user.login }}" >> $GITHUB_ENV
+          echo "HAS_ASSIGNEE=${{ github.event.issue.assignees[0] != null }}" >> $GITHUB_ENV
+      - name: Set pull_request url and creator login
+        if: ${{ github.event.pull_request }}
+        run: |
+          echo "ISSUE=${{ github.event.pull_request.html_url }}" >> $GITHUB_ENV
+          echo "CREATOR=${{ github.event.pull_request.user.login }}" >> $GITHUB_ENV
+          echo "HAS_ASSIGNEE=${{ github.event.pull_request.assignees[0] != null }}" >> $GITHUB_ENV
+      - name: Add issue/PR to project
+        uses: actions/[email protected]
+        with:
+          project-url: https://github.com/orgs/celestiaorg/projects/38
+          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
+      - name: Assign issue to creator (issue)
+        if: ${{ github.event.issue && env.HAS_ASSIGNEE == 'false' && env.CREATOR != 'dependabot[bot]' }}
+        run: gh issue edit ${{ env.ISSUE }} --add-assignee ${{ env.CREATOR }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Assign issue to creator (PR)
+        if: ${{ github.event.pull_request && env.HAS_ASSIGNEE == 'false' && env.CREATOR != 'dependabot[bot]' }}
+        run: gh pr edit ${{ env.ISSUE }} --add-assignee ${{ env.CREATOR }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml
@@ -0,0 +1,20 @@
+name: Semantic Pull Request
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: read
+
+jobs:
+  main:
+    name: conventional-commit-pr-title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -0,0 +1,24 @@
+---
+name: stale
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  stale:
+    permissions:
+      issues: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-message: >
+            This issue has been automatically marked as stale because it
+            has not had recent activity. It will be closed if no further
+            activity occurs. Thank you for your contributions.
+          stale-pr-message: >
+            This pull request has been automatically marked as stale because it
+            has not had recent activity. It will be closed if no further
+            activity occurs. Thank you for your contributions.