ci: various improvements (#196)

* check for dependencies weekly no need to check daily * cancel previous runs upon new push * only run cometbft-db-testing when a new tag is created * add mergify, PR and issue templates * add conventional-pr-title and markdown-linter workflows * add fast ci option * add markdownlint config files * correct config * fix codeql formatting
cometbft · Sep 9, 2024 · 0c657ee · 0c657ee
1 parent cf9a524
commit 0c657ee
Show file tree

Hide file tree

Showing 15 changed files with 285 additions and 80 deletions.
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,4 @@
+---
+labels: needs-triage
+---
+
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,14 @@
+<!--
+
+Please add a reference to the issue that this PR addresses and indicate which
+files are most critical to review. If it fully addresses a particular issue,
+please include "Closes #XXX" (where "XXX" is the issue number).
+
+-->
+
+---
+
+#### PR checklist
+
+- [ ] Tests written/updated
+- [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -3,14 +3,23 @@ updates:
   - package-ecosystem: github-actions
     directory: "/"
     schedule:
-      interval: daily
-      time: "11:00"
+      interval: weekly
+    target-branch: "main"
     open-pull-requests-limit: 10
+    labels:
+      - dependencies
+      - automerge
+
+  ###################################
+  ##
+  ## Update All Go Dependencies
+
   - package-ecosystem: gomod
     directory: "/"
     schedule:
-      interval: daily
-      time: "11:00"
+      interval: weekly
+    target-branch: "main"
     open-pull-requests-limit: 10
     labels:
       - dependencies
+      - automerge
diff --git a/.github/linters/markdownlint.yml b/.github/linters/markdownlint.yml
@@ -0,0 +1,15 @@
+# markdownlint configuration for Super-Linter
+# - https://github.com/DavidAnson/markdownlint
+# - https://github.com/github/super-linter
+
+# Default state for all rules
+default: true
+
+# See https://github.com/DavidAnson/markdownlint#rules--aliases for rules
+MD007: {"indent": 4}
+MD013: false
+MD024: {siblings_only: true}
+MD025: false
+MD033: {no-inline-html: false}
+no-hard-tabs: false
+whitespace: false
diff --git a/.github/linters/yaml-lint.yml b/.github/linters/yaml-lint.yml
@@ -0,0 +1,9 @@
+---
+# Default rules for YAML linting from super-linter.
+# See: See https://yamllint.readthedocs.io/en/stable/rules.html
+extends: default
+rules:
+  document-end: disable
+  document-start: disable
+  line-length: disable
+  truthy: disable
diff --git a/.github/mergify.yml b/.github/mergify.yml
@@ -0,0 +1,25 @@
+pull_request_rules:
+  - name: automatic approval for Dependabot pull requests
+    conditions:
+      - author=dependabot[bot]
+    actions:
+      review:
+        type: APPROVE
+        message: Automatically approving dependabot
+
+  - name: automatically merge PR with automerge label
+    conditions:
+      - '-label=manual-backport'
+      - label=automerge
+    actions:
+      merge:
+        method: squash
+
+  - name: Make sure PR are up to date before merging
+    description: >-
+      This automatically updates PRs when they are out-of-date with the base
+      branch to avoid semantic conflicts (next step is using a merge queue).
+    conditions:
+      - '-draft'
+    actions:
+      update:
diff --git a/.github/workflows/ci-fast.yml b/.github/workflows/ci-fast.yml
@@ -0,0 +1,37 @@
+name: Test fast (no changes to Dockerfile)
+
+on:
+  pull_request:
+    paths-ignore:
+      - "tools/**"
+  merge_group:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - "tools/**"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+jobs:
+  test-fast:
+    runs-on: ubuntu-latest
+    container: cometbft/cometbft-db-testing
+    steps:
+      - uses: actions/checkout@v4
+
+      - run: echo "GO_VERSION=$(cat .github/workflows/go-version.env | grep GO_VERSION | cut -d '=' -f2)" >> $GITHUB_ENV
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: test & coverage report creation
+        run: |
+          NON_INTERACTIVE=1 make test-all-with-coverage
+
+      - uses: codecov/codecov-action@v4
+        with:
+          file: ./coverage.txt
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,21 +2,23 @@
 #   make docker-test
 
 name: Test
+
 on:
+  pull_request:
+    paths:
+      - tools/Dockerfile
+  merge_group:
   push:
     branches:
       - main
-  merge_group:
-  pull_request:
-jobs:
-  cleanup-runs:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: rokroskar/workflow-run-cleanup-action@master
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-    if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/main'"
+    paths:
+      - tools/Dockerfile
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+jobs:
   Test:
     runs-on: ubuntu-latest
     steps:

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -12,13 +12,16 @@
 name: "CodeQL"
 
 on:
-  workflow_dispatch:
+  workflow_dispatch:  # allow running workflow manually
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "main" ]
-  merge_group:
+    branches: ["main"]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
   analyze:
@@ -32,45 +35,45 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'go' ]
+        language: ['go']
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Use only 'java' to analyze code written in Java, Kotlin or both
         # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
 
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
+          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
 
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+      #   If the Autobuild fails above, remove it and uncomment the following three lines.
+      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
-    # - run: |
-    #     echo "Run, Build Application using script"
-    #     ./location_of_script_within_repo/buildscript.sh
+      # - run: |
+      #     echo "Run, Build Application using script"
+      #     ./location_of_script_within_repo/buildscript.sh
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/conventional-pr-title.yml b/.github/workflows/conventional-pr-title.yml
@@ -0,0 +1,65 @@
+name: "Conventional PR Title"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: write
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        id: lint_pr_title
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          types: |
+              feat
+              fix
+              build
+              chore
+              ci
+              docs
+              refactor
+              perf
+              test
+              revert
+              spec
+              merge
+
+      - uses: marocchino/sticky-pull-request-comment@v2
+        # When the previous steps fails, the workflow would stop. By adding this
+        # condition you can continue the execution with the populated error message.
+        if: always() && (steps.lint_pr_title.outputs.error_message != null)
+        with:
+          header: pr-title-lint-error
+          message: |
+            Hey there and thank you for opening this pull request! 👋🏼
+
+            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
+
+            Details:
+
+            ```
+            ${{ steps.lint_pr_title.outputs.error_message }}
+            ```
+
+            General format: `type(scope): msg`
+            Breaking change: `type(scope)!: msg`
+            Multi-scope change: `type: msg`
+            Types:  `feat`, `fix`, `build`, `chore`, `ci`, `docs`, `refactor`, `perf`, `test`, `revert`, `spec`, `merge`.
+            Example: `fix(cmd/cometbft/commands/debug): execute p.Signal only when p is not nil`
+
+      # Delete a previous comment when the issue has been resolved
+      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: pr-title-lint-error
+          delete: true
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -11,10 +11,8 @@
 
 name: Docker testing image
 on:
-  workflow_dispatch:
+  workflow_dispatch:  # allow running workflow manually
   push:
-    branches:
-      - main
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+"               # Push events to matching v*, i.e. v1.0, v20.15.10
       - "v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+"  # e.g. v0.37.0-alpha.1, v0.38.0-alpha.10
@@ -26,24 +24,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=cometbft/cometbft-db-testing
-          VERSION=noop
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-          elif [[ $GITHUB_REF == refs/heads/* ]]; then
-            VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
-            if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
-              VERSION=latest
-            fi
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            TAGS="$TAGS,${DOCKER_IMAGE}:${VERSION}"
-          fi
-          echo "tags=${TAGS}" >> $GITHUB_OUTPUT
 
       - name: Set up Docker Build
         uses: docker/setup-buildx-action@v3.6.1
@@ -60,5 +40,7 @@ jobs:
           context: ./tools
           file: ./tools/Dockerfile
           platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.prep.outputs.tags }}
+          push: true
+          tags: |
+            cometbft/cometbft-db-testing:latest
+            cometbft/cometbft-db-testing:${{ github.ref_name }}