From d04bfbe6cf0671a1795f703df65f2c8f6e3310f4 Mon Sep 17 00:00:00 2001 From: Marius Ghita Date: Sun, 12 Nov 2023 16:02:06 +0200 Subject: [PATCH 1/9] feat: generate repo.yaml --- repo.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 repo.yaml diff --git a/repo.yaml b/repo.yaml new file mode 100644 index 0000000..8e2a75d --- /dev/null +++ b/repo.yaml @@ -0,0 +1,10 @@ +codeowners: +- owners: + - '@joostfaassen' + pattern: '*' +description: '' +license: mit +name: connector +readme: + enable_generation: false +type: other From 70b4c87f890b5cb76bdb31bedb71357ddccb2e02 Mon Sep 17 00:00:00 2001 From: Marius Ghita Date: Sun, 12 Nov 2023 18:06:59 +0200 Subject: [PATCH 2/9] chore: repo-ansible run + repo.yaml tweaks --- .github/pull_request_template.md | 38 ++++++++++ .github/settings.yml | 75 +++++++++++++++++++ CODEOWNERS | 5 ++ CODE_OF_CONDUCT.md | 122 +++++++++++++++++++++++++++++++ CONTRIBUTING.md | 58 +++++++++++++++ LICENSE.md => LICENSE | 12 +-- README.md | 19 +++-- SECURITY.md | 24 ++++++ docs/partials/readme.about.md | 29 ++++++++ docs/partials/readme.usage.md | 4 + repo.yaml | 9 ++- 11 files changed, 381 insertions(+), 14 deletions(-) create mode 100644 .github/pull_request_template.md create mode 100644 .github/settings.yml create mode 100644 CODEOWNERS create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md rename LICENSE.md => LICENSE (88%) create mode 100644 SECURITY.md create mode 100644 docs/partials/readme.about.md create mode 100644 docs/partials/readme.usage.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..51ce1de --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,38 @@ +## Proposed changes + +Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request. + +If this relates to a card, please include a link to the card here. Additionally, please terminate the PR title with `#` and the card number, such as `Fix doomsday bug #1234` + +## Types of changes + +What types of changes does your code introduce? +_Put an `x` in the boxes that apply_ + +- [ ] feat: non-breaking change which adds new functionality +- [ ] fix: non-breaking change which fixes a bug or an issue +- [ ] chore(deps): changes to dependencies +- [ ] test: adds or modifies a test +- [ ] docs: creates or updates documentation +- [ ] style: changes that do not affect the meaning or function of code (e.g. formatting, whitespace, missing semi-colons etc.) +- [ ] perf: code change that improves performance +- [ ] revert: reverts a commit +- [ ] refactor: code change that neither fix a bug nor add a new feature +- [ ] ci: changes to continuous integration or continuous delivery scripts or configuration files +- [ ] chore: general tasks or anything that doesn't fit the other commit types + +Please indicate if your PR introduces a breaking change +- [ ] Breaking change: fix or feature that would cause existing functionality to not work as expected + +## Checklist + +_Put an `x` in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code._ + +- [ ] I have read the [Contributing](https://github.com/linkorb/.github/blob/master/CONTRIBUTING.md) doc +- [ ] I have read the [Creating and reviewing pull requests at LinkORB guide](https://engineering.linkorb.com/topics/git/articles/reviewing-pr/) doc +- [ ] Lint and unit tests pass locally with my changes +- [ ] I have added/updated necessary documentation in the README.md or doc/ directories (if appropriate) + +## Further comments + +If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc... \ No newline at end of file diff --git a/.github/settings.yml b/.github/settings.yml new file mode 100644 index 0000000..750df99 --- /dev/null +++ b/.github/settings.yml @@ -0,0 +1,75 @@ +# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. +# These settings are synced to GitHub by https://probot.github.io/apps/settings/ +# See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings. + +repository: + + # The name of the repository. Changing this will rename the repository + name: connector + + # A short description of the repository that will show up on GitHub + description: "Connector: Database connection resolver" + + # A URL with more information about the repository + homepage: https://engineering.linkorb.com + + + + # Either `true` to make the repository private, or `false` to make it public. + private: false + + has_issues: true + + # Either `true` to enable projects for this repository, or `false` to disable them. + # If projects are disabled for the organization, passing `true` will cause an API error. + has_projects: false + + has_wiki: false + + # Either `true` to enable downloads for this repository, `false` to disable them. + has_downloads: false + + # Updates the default branch for this repository. + default_branch: master + + # Either `true` to allow squash-merging pull requests, or `false` to prevent + # squash-merging. + allow_squash_merge: true + + # Either `true` to allow merging pull requests with a merge commit, or `false` + # to prevent merging pull requests with merge commits. + allow_merge_commit: false + + # Either `true` to allow rebase-merging pull requests, or `false` to prevent + # rebase-merging. + allow_rebase_merge: false + + # Either `true` to enable automatic deletion of branches on merge, or `false` to disable + delete_branch_on_merge: true + + # Either `true` to enable automated security fixes, or `false` to disable + # automated security fixes. + enable_automated_security_fixes: true + + # Either `true` to enable vulnerability alerts, or `false` to disable + # vulnerability alerts. + enable_vulnerability_alerts: true + +# Labels: define labels for Issues and Pull Requests +labels: + - name: fix + color: CC0000 + description: An issue with the system. + + - name: feat + # If including a `#`, make sure to wrap it with quotes! + color: '#336699' + description: New feature. + + - name: chore + color: CC0000 + description: A repository chore. + + +# Milestones: define milestones for Issues and Pull Requests + diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..12d4c55 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,5 @@ +# Code Owners + +# The following individuals are designated as code owner(s) for specific files/directories in the repository: + +* @joostfaassen diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..d2d4dfc --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,122 @@ +## TL;DR +# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. + +Be nice. Provide and accept constructive feedback. Avoid spamming, abusive, trolling, and otherwise unacceptable behavior. Repeat violations may result in a permanent ban. + +## Scope + +This Code of Conduct applies to all persons, including contributors, maintainers, end users, sponsors, etc., who interact with this project. It applies within all community spaces and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official email address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Our Pledge + +We as contributors, maintainers, end users, and sponsors of this project pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Giving and gracefully accepting constructive feedback +* Being respectful of differing opinions, viewpoints, and experiences +* Demonstrating empathy and kindness toward other people +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or advances of + any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email address, + without their explicit permission +* Spamming issues, pull requests, or community members +* Other conduct which could reasonably be considered inappropriate or unproductive in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the maintainers or community leaders responsible for enforcement at [engineering@linkorb.com](mailto:engineering@linkorb.com). +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Credits + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html). diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..5f300b5 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,58 @@ +# LinkORB contributing guide 👨‍💻 + +This document provides general guidelines for making meaningful contributions to LinkORB's projects on GitHub. + +## Getting started 🏇 + +The _**README.md**_ file at the root of each repository is a great resource for getting started with an existing project. Review it and read other related documentation (in the ***docs/** folder) if necessary. + +## Making changes 🛠 + +Don't work directly on the `main` branch of a project. Clone the repository to your computer or open it in a Codespace and create a new branch before making changes. + +### Naming a branch 🎋 + +An ideal branch name contains two to three descriptive words. If the branch is related to an internal project/task, terminate its name with the card number of the related Team HQ task. + +**Example** + +``` +add-contributing-guide-4096 +``` + +### Committing changes 🏗 + +LinkORB has the following requirements for committing changes to a repository: + +1. Use [LinkORB's commit message template](/repo_commit.template) to summarize changes introduced by a commit. Please see [configure LinkORB's commit message template](https://engineering.linkorb.com/topics/git/articles/commit-template/) for setup instructions. +2. Use the format outlined in our [conventional commit standards](https://engineering.linkorb.com/topics/git/articles/commit-standards/) when writing commit messages. + +## Submitting and reviewing changes 🚀 + +1. [Squash related commits into one](https://engineering.linkorb.com/topics/git/articles/squash-related-commits/) before opening a pull request or before merging a pull request into the main branch. +2. See our [Creating and reviewing pull requests](https://engineering.linkorb.com/topics/git/articles/reviewing-pr/) guide for pull request best practices. + +## Testing ⛳ + +Test all code changes using development and _mock_ production environments to avoid unpleasant surprises. + +## Reporting/discussing Issues 🚧 + +### Internal team members + +If you're a LinkORB team member, please use one of the following channels to report bugs or vulnerabilities found in internal/closed source and open source projects: + +- Create a Cyans or Mattermost topic to discuss next steps. +- Create and assign Team HQ cards to team members who can resolve the issue. See [Add a card to a project](https://engineering.linkorb.com/about/culture-handbook/project-cards/#add-a-card-to-a-project) for more information. + +### External contributors + +If you're a third-party contributor, please check that there's no open issue addressing the problem before creating a new GitHub issue. + +## Documentation ✍ + +Technical writers, please review LinkORB's [technical documentation standards](https://engineering.linkorb.com/topics/technical-documentation/articles/getting-started/#technical-documentation-standards) before adding or modifying documentation in a project. If the created/modified document is a web page, run the site locally or in a Codespace to ensure it renders as expected before committing changes. + +## Questions 🙋 + +Direct your questions about a project to the repository's primary maintainer/contributor or a subject-matter expert. See [Communicate through appropriate channels](https://engineering.linkorb.com/about/culture-handbook/first-day-and-week/#communicate-through-appropriate-channels) and [Asynchronous communications tl;dr](https://engineering.linkorb.com/about/culture-handbook/first-day-and-week/#asynchronous-communications-tldr) for communication best practices. diff --git a/LICENSE.md b/LICENSE similarity index 88% rename from LICENSE.md rename to LICENSE index 80407e7..06bf053 100644 --- a/LICENSE.md +++ b/LICENSE @@ -1,4 +1,6 @@ -# The MIT License +MIT License + +Copyright (c) 2016 LinkORB Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal @@ -7,13 +9,13 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index e850d87..4b9a896 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ -Connector: Database connection resolver -======================================= + +connector +============ Connector helps you to manage your app's database connection configurations in dynamic environments. @@ -31,17 +32,23 @@ and configure address, username, password, port and custom properties at a higher level. This way you can quickly mass-reconfigure all dbs on a given server or cluster. + + + + ## Usage Please refer to `examples/` for usage examples -## License +## Contributing + +We welcome contributions to make this repository even better. Whether it's fixing a bug, adding a feature, or improving documentation, your help is highly appreciated. To get started, fork this repository then clone your fork. -MIT (see [LICENSE.md](LICENSE.md)) +Be sure to familiarize yourself with LinkORB's [Contribution Guidelines](/CONTRIBUTING.md) for our standards around commits, branches, and pull requests, as well as our [code of conduct](/CODE_OF_CONDUCT.md) before submitting any changes. +If you are unable to implement changes you like yourself, don't hesitate to open a new issue report so that we or others may take care of it. ## Brought to you by the LinkORB Engineering team
Check out our other projects at [linkorb.com/engineering](http://www.linkorb.com/engineering). - -Btw, we're hiring! +By the way, we're hiring! diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..b41d6fb --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,24 @@ + +connector +============ + +### Reporting Security Vulnerabilities +We take the security of our software and systems very seriously, and we appreciate your help in identifying and disclosing any vulnerabilities that you may find. + +If you discover a security vulnerability, please report it to us as soon as possible by emailing us at security@linkorb.com. Please do not disclose the vulnerability publicly until we have had a chance to investigate and address it. Please provide us with as much detail as possible, including: + +* A detailed description of the vulnerability. +* Steps to reproduce the vulnerability. +* Any relevant screenshots, logs, or other supporting information. +* We will review your report as quickly as possible and will work to validate and address the issue. +* Your name and contact information (if you wish to be credited for the discovery) + +### Our Security Practices +* Regularly updating dependencies and libraries to address known security vulnerabilities +* Conducting regular security audits and code reviews +* Implementing secure coding practices and using secure development tools +* Keeping sensitive data (such as API keys or credentials) encrypted and protected +* Providing timely security updates and patches to address known vulnerabilities + +### Responsible Disclosure +We believe in responsible disclosure, and we ask that you do not disclose any details of a vulnerability that you have discovered until we have had a reasonable amount of time to address it. We will notify users of known vulnerabilities and the steps they should take to address them promptly. We will also publish a public advisory on our website and other relevant channels once a vulnerability has been confirmed and addressed. diff --git a/docs/partials/readme.about.md b/docs/partials/readme.about.md new file mode 100644 index 0000000..0731888 --- /dev/null +++ b/docs/partials/readme.about.md @@ -0,0 +1,29 @@ +Connector helps you to manage your app's database connection configurations +in dynamic environments. + +Your app simply requests a configuration from connector by a name. + +Connector will resolve the name into a full database configuration object +with properties like username, password, address, port, protocol etc. + +Connector then helps you to turn this Config object into a PDO connection. + +Next to the common Config properties, Connector also allows you to define +custom properties on a a database config instance. These custom properties +can then be used by your app to configure the application behaviour. + +## Cascading configuration + +A configuration may define connection properties directly, +or refer to a `server` and/or `cluster` by name. + +This enables cascading configuration at 3 levels: + +* db +* server +* cluster + +Using this feature you can define the server or cluster at the db level, +and configure address, username, password, port and custom properties +at a higher level. This way you can quickly mass-reconfigure all +dbs on a given server or cluster. diff --git a/docs/partials/readme.usage.md b/docs/partials/readme.usage.md new file mode 100644 index 0000000..438ed43 --- /dev/null +++ b/docs/partials/readme.usage.md @@ -0,0 +1,4 @@ +## Usage + +Please refer to `examples/` for usage examples + diff --git a/repo.yaml b/repo.yaml index 8e2a75d..0b75f2c 100644 --- a/repo.yaml +++ b/repo.yaml @@ -2,9 +2,12 @@ codeowners: - owners: - '@joostfaassen' pattern: '*' -description: '' +description: 'Connector: Database connection resolver' license: mit +license_year: 2016 name: connector -readme: - enable_generation: false type: other +visibility: public +github: + features: + issues: true From 1ceaf7604f2eda78dd3baf2f4f2984bb6d21c1c1 Mon Sep 17 00:00:00 2001 From: Marius Ghita Date: Wed, 15 Nov 2023 16:57:49 +0200 Subject: [PATCH 3/9] chore: switch repo.yaml type to library --- .devcontainer/Dockerfile | 35 +++++++ .devcontainer/devcontainer.json | 50 +++++++++ .devcontainer/docker-compose.yml | 40 ++++++++ .devcontainer/git/hooks/pre-push | 8 ++ .devcontainer/git/linkorb_commit.template | 17 ++++ .devcontainer/postCreate.sh | 11 ++ .dockerignore | 5 + .editorconfig | 14 +++ .github/settings.yml | 1 - .github/workflows/00-start.yaml | 37 +++++++ .github/workflows/10-review.yaml | 65 ++++++++++++ .github/workflows/30-release-and-build.yaml | 106 ++++++++++++++++++++ .github/workflows/40-helm.yaml | 72 +++++++++++++ .github/workflows/50-security.yaml | 29 ++++++ .github/workflows/90-cleanup.yaml | 28 ++++++ .php-cs-fixer.dist.php | 30 ++++++ .reviewdog.yaml | 27 +++++ .twigcs.yaml | 49 +++++++++ .yamllint.yaml | 20 ++++ README.md | 1 + composer-unused.php | 15 +++ phpstan.neon | 6 ++ repo.yaml | 2 +- 23 files changed, 666 insertions(+), 2 deletions(-) create mode 100644 .devcontainer/Dockerfile create mode 100644 .devcontainer/devcontainer.json create mode 100644 .devcontainer/docker-compose.yml create mode 100644 .devcontainer/git/hooks/pre-push create mode 100644 .devcontainer/git/linkorb_commit.template create mode 100755 .devcontainer/postCreate.sh create mode 100644 .dockerignore create mode 100644 .editorconfig create mode 100644 .github/workflows/00-start.yaml create mode 100644 .github/workflows/10-review.yaml create mode 100644 .github/workflows/30-release-and-build.yaml create mode 100644 .github/workflows/40-helm.yaml create mode 100644 .github/workflows/50-security.yaml create mode 100644 .github/workflows/90-cleanup.yaml create mode 100644 .php-cs-fixer.dist.php create mode 100644 .reviewdog.yaml create mode 100644 .twigcs.yaml create mode 100644 .yamllint.yaml create mode 100644 composer-unused.php create mode 100644 phpstan.neon diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..32dc0a8 --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,35 @@ +# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. + +FROM ghcr.io/linkorb/php-docker-base:php8-review +EXPOSE 80 + +USER root + +ENV APP_ENV=dev + +ARG USERNAME=vscode +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + +ENV APACHE_RUN_USER $USERNAME +ENV APACHE_RUN_GROUP $USERNAME +ENV APACHE_LOCK_DIR /var/lock/apache2 +ENV APACHE_LOG_DIR /var/log/apache2 +ENV APACHE_PID_FILE /var/run/apache2/apache2.pid + +# Create a non-root user with the specified UID and GID +RUN groupadd --gid $USER_GID $USERNAME \ + && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \ + && apt-get update \ + && apt-get install -y sudo \ + && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + && chmod 0440 /etc/sudoers.d/$USERNAME \ + && sudo chsh -s /bin/bash vscode + +COPY --chown=vscode:vscode ../. /app +RUN chown vscode:vscode -R /app /var/log/apache2 + +RUN echo "xdebug.mode=off" | tee '/usr/local/etc/php/conf.d/xdebug.ini' + +WORKDIR /app +USER root diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..b7bdc68 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,50 @@ +// Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. +{ + "dockerComposeFile": "docker-compose.yml", + "service": "app", + "workspaceFolder": "/app", + + "hostRequirements": { + "cpus": 2, + "memory": "8gb", + "storage": "32gb" + }, + + "features": { + "ghcr.io/devcontainers/features/github-cli:1": {}, + "ghcr.io/devcontainers/features/docker-in-docker:1": {} + }, + + // Configure tool-specific properties. + "customizations": { + // Configure properties specific to VS Code. + "vscode": { + // Set *default* container specific settings.json values on container create. + "settings": { + "php.validate.executablePath": "/usr/local/bin/php" + }, + // Add the IDs of extensions you want installed when the container is created. + "extensions": [ + "xdebug.php-debug", + "bmewburn.vscode-intelephense-client", + "mrmlnc.vscode-apache" + ] + } + }, + "forwardPorts": [80, 3306], + "remoteUser": "vscode", + + "secrets": { + "CR_PAT": { + "description": "GitHub Personal Access Token (classic) with package read access, required for docker base image", + "documentationUrl": "https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic" + }, + "PACKAGIST_TOKEN": { + "description": "Packagist access token, required for installation of composer packages from private packagist", + "documentationUrl": "https://packagist.com/orgs/linkorb" + } + }, + + "initializeCommand": "echo $CR_PAT | docker login ghcr.io -u $GITHUB_USER --password-stdin", + "postCreateCommand": ".devcontainer/postCreate.sh" +} diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml new file mode 100644 index 0000000..d362462 --- /dev/null +++ b/.devcontainer/docker-compose.yml @@ -0,0 +1,40 @@ +# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. +version: '3.8' + +services: + app: + build: + context: ../. + dockerfile: .devcontainer/Dockerfile + args: + # Optional Node.js version + NODE_VERSION: "lts/*" + + volumes: + - ..:/workspace:cached + + # Runs app on the same network as the database container, allows "forwardPorts" in devcontainer.json function. + network_mode: service:db + + # Uncomment the next line to use a non-root user for all processes. + # user: vscode + + # Use "forwardPorts" in **devcontainer.json** to forward an app port locally. + # (Adding the "ports" property to this file will not forward from a Codespace.) + + db: + image: mariadb:10.4 + restart: unless-stopped + volumes: + - mariadb-data:/var/lib/mysql + environment: + MYSQL_ROOT_PASSWORD: mariadb + MYSQL_DATABASE: mariadb + MYSQL_USER: mariadb + MYSQL_PASSWORD: mariadb + + # Add "forwardPorts": ["3306"] to **devcontainer.json** to forward MariaDB locally. + # (Adding the "ports" property to this file will not forward from a Codespace.) + +volumes: + mariadb-data: diff --git a/.devcontainer/git/hooks/pre-push b/.devcontainer/git/hooks/pre-push new file mode 100644 index 0000000..92b7a7f --- /dev/null +++ b/.devcontainer/git/hooks/pre-push @@ -0,0 +1,8 @@ +#!/usr/bin/bash + +temporary_file=$(mktemp) +composer-unused --no-progress --output-format=github > $temporary_file +exit_code=$? + +cat $temporary_file | grep -v 'ignored' +exit $exit_code diff --git a/.devcontainer/git/linkorb_commit.template b/.devcontainer/git/linkorb_commit.template new file mode 100644 index 0000000..20e8490 --- /dev/null +++ b/.devcontainer/git/linkorb_commit.template @@ -0,0 +1,17 @@ +# See https://engineering.linkorb.com/topics/github-codespaces/articles/commit-standards for more information +# +# Write a 50-character or less commit header below +# It should take the form: [scope]: # +# -----------------------50 characters ends here:# + + +# [optional body] +# Summarize changes and the motivation for such changes below: +# Keep lines short (72 characters or less) ----72 characters ends here:# +# Ending a commit header with a card number is preferred, it is also acceptable in the commit body + + +# [optional footer] +# Summarize supplemental information such as breaking changes, work item identifiers, co-authors, etc +# Keep lines short (72 characters or less) ----72 characters ends here:# + diff --git a/.devcontainer/postCreate.sh b/.devcontainer/postCreate.sh new file mode 100755 index 0000000..a80b7e4 --- /dev/null +++ b/.devcontainer/postCreate.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash +# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. + +git config commit.template .devcontainer/git/linkorb_commit.template + +cp .devcontainer/git/hooks/pre-push .git/hooks/pre-push +chmod +x .git/hooks/pre-push + +composer config --global --auth http-basic.repo.packagist.com "$GITHUB_USER" "$PACKAGIST_TOKEN" +composer install + diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..95a91ea --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. + +node_modules/ +vendor/ +var/ diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..05dae1f --- /dev/null +++ b/.editorconfig @@ -0,0 +1,14 @@ +# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. + +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_style = space +indent_size = 2 +insert_final_newline = true +trim_trailing_whitespace = true + +[*.php] +indent_size = 4 diff --git a/.github/settings.yml b/.github/settings.yml index 750df99..606f6e6 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -14,7 +14,6 @@ repository: homepage: https://engineering.linkorb.com - # Either `true` to make the repository private, or `false` to make it public. private: false diff --git a/.github/workflows/00-start.yaml b/.github/workflows/00-start.yaml new file mode 100644 index 0000000..29b55d6 --- /dev/null +++ b/.github/workflows/00-start.yaml @@ -0,0 +1,37 @@ +# {{ repo_managed }} +name: RunGithubActionsWorkflows + +# triggers on master and main commits and merges +# schedule/cron is optional +# workflow_dispatch enables option for manual runs +# workflow_call: it can be started by other workflows + +on: + push: + branches: [master, main] + workflow_dispatch: + workflow_call: + pull_request: + branches: [justheretomakegithubhappy] + types: [opened, edited, reopened, synchronize] + +jobs: + review: + uses: ./.github/workflows/10-review.yaml + secrets: inherit + releaseandbuild: + uses: ./.github/workflows/30-release-and-build.yaml + needs: review + secrets: inherit + helm: + uses: ./.github/workflows/40-helm.yaml + needs: releaseandbuild + secrets: inherit + security: + uses: ./.github/workflows/50-security.yaml + needs: helm + secrets: inherit + cleanup: + uses: ./.github/workflows/90-cleanup.yaml + needs: security + secrets: inherit diff --git a/.github/workflows/10-review.yaml b/.github/workflows/10-review.yaml new file mode 100644 index 0000000..a3abf29 --- /dev/null +++ b/.github/workflows/10-review.yaml @@ -0,0 +1,65 @@ +# {{ repo_managed }} +name: ReviewCode + +on: + workflow_dispatch: + workflow_call: + pull_request: + branches: [master, main] + types: [opened, edited, reopened, synchronize] + pull_request_target: + types: [opened, edited, reopened, synchronize] + +jobs: + check-for-cc: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + # interesting alternative: https://github.com/cocogitto/cocogitto + - name: Conventional commit checker + uses: webiny/action-conventional-commits@v1.1.0 + if: ${{ github.event_name != 'workflow_dispatch' }} + + #- name: Extra conventional commits check + # uses: gsactions/commit-message-checker@v2 + # with: + # pattern: '^(feat|fix|test|docs|chore|style|refactor|ci|cd):' + # error: 'You need to start with a conventional commits action.' + + - name: Check Card# reference + uses: gsactions/commit-message-checker@v2 + with: + # Matches lines that end in a card number: #1234 + # Matches lines that end in a card number and PR reference: #1234 (#20) + pattern: '#\d{4}(\s+\(#\d+\))?' + flags: 'gm' + error: 'Your commit message has to end with a card number like "#1234".' + excludeDescription: 'true' # optional: this excludes the description body of a pull request + excludeTitle: 'true' # optional: this excludes the title of a pull request + checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request + accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true + if: ${{ github.event_name != 'workflow_dispatch' }} + + - name: Check Line Length + uses: gsactions/commit-message-checker@v2 + with: + pattern: '^.{0,50}$' + error: 'The maximum line length of 50 characters is exceeded.' + excludeDescription: 'true' # optional: this excludes the description body of a pull request + excludeTitle: 'true' # optional: this excludes the title of a pull request + checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request + accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true + if: ${{ github.event_name != 'workflow_dispatch' }} + + - name: Check Body Length + uses: gsactions/commit-message-checker@v2 + with: + pattern: '^.{0,72}$' + error: 'The maximum line length of 72 characters is exceeded in the body.' + excludeDescription: 'false' # optional: this excludes the description body of a pull request + excludeTitle: 'true' # optional: this excludes the title of a pull request + checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request + accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true + if: ${{ github.event_name != 'workflow_dispatch' }} diff --git a/.github/workflows/30-release-and-build.yaml b/.github/workflows/30-release-and-build.yaml new file mode 100644 index 0000000..9ffd453 --- /dev/null +++ b/.github/workflows/30-release-and-build.yaml @@ -0,0 +1,106 @@ +# {{ repo_managed }} +name: Release + +on: + workflow_dispatch: + workflow_call: + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: GitHub Environment Variables Action + uses: FranzDiebold/github-env-vars-action@v2 + + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: write semantic-release config + uses: DamianReeves/write-file-action@v1.2 + with: + path: package.json + contents: | + { + "name": "linkorb-releases", + "version": "1.0.0", + "description": "Dependencies for the LinkORB release workflow", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC", + "devDependencies": { + "@codedependant/semantic-release-docker": "^4.1.0", + "@semantic-release-plus/docker": "^3.1.2", + "@semantic-release/changelog": "^6.0.1", + "@semantic-release/exec": "^6.0.3", + "@semantic-release/git": "^10.0.1" + } + } + write-mode: overwrite + + - name: write semantic-release config + uses: DamianReeves/write-file-action@v1.2 + with: + path: .releaserc + contents: | + { + "branches": ["master", "main" ], + "debug": "True", + "repositoryUrl": 'git+https://github.com/linkorb/REPOPLACEHOLDER.git', + "plugins": [ + "@semantic-release/commit-analyzer", + "@semantic-release/github", + "@semantic-release/release-notes-generator", + [ + "@semantic-release/npm", + { + "npmPublish": false + } + ], + "@semantic-release/changelog", + [ + "@semantic-release/git", + { + "assets": [ + "CHANGELOG.md" + ], + "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" + } + ], + ["@semantic-release/exec", { + "prepareCmd": "echo ${ process.env.DOCKER_PASSWORD } | docker login ghcr.io --username automation@linkorb.com --password-stdin", + "publishCmd": "git checkout package.json; git checkout package-lock.json; docker build . --build-arg PACKAGIST_USER='token' + --build-arg PACKAGIST_TOKEN=${ process.env.PACKAGIST_TOKEN} + --label org.opencontainers.image.source=https://github.com/linkorb/${ process.env.CI_REPOSITORY_NAME} + --tag ghcr.io/linkorb/${ process.env.CI_REPOSITORY_NAME }:${nextRelease.version} --file Dockerfile && + docker push ghcr.io/linkorb/${ process.env.CI_REPOSITORY_NAME }:${nextRelease.version} && + docker tag ghcr.io/linkorb/${ process.env.CI_REPOSITORY_NAME }:${nextRelease.version} ghcr.io/linkorb/${ process.env.CI_REPOSITORY_NAME }:latest && + docker push ghcr.io/linkorb/${ process.env.CI_REPOSITORY_NAME }:latest" + }] + ] + } + write-mode: overwrite + + + - name: Set repo name in .releaserc + run: "sed -i s/REPOPLACEHOLDER/${{ env.CI_REPOSITORY_NAME }}/ .releaserc" + + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: 'lts/*' + + - name: Install dependencies for release + run: npm install + + - name: Create release and push container image + run: npx semantic-release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + PACKAGIST_TOKEN: ${{ secrets.PACKAGIST_TOKEN }} + CI_REPOSITORY_NAME: ${{ env.CI_REPOSITORY_NAME }} diff --git a/.github/workflows/40-helm.yaml b/.github/workflows/40-helm.yaml new file mode 100644 index 0000000..9855378 --- /dev/null +++ b/.github/workflows/40-helm.yaml @@ -0,0 +1,72 @@ +# {{ repo_managed }} +name: Helm Publish + +on: + workflow_dispatch: + workflow_call: + +jobs: + helm: + runs-on: self-hosted + + steps: + - name: GitHub Environment Variables Action + uses: FranzDiebold/github-env-vars-action@v2 + + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check file existence + id: check_files + uses: andstor/file-existence-action@v2 + with: + files: "helm-chart" + + - uses: actions-ecosystem/action-get-latest-tag@v1 + id: get-latest-tag + with: + semver_only: true + + - name: Remove v from release + if: steps.check_files.outputs.files_exists == 'true' + run: | + TMP=${{ steps.get-latest-tag.outputs.tag }} + echo "VERSION=${TMP#v}" >> $GITHUB_ENV + + - name: Output release + if: steps.check_files.outputs.files_exists == 'true' + run: "echo ${{env.VERSION}}" + + - name: Install Helm + if: steps.check_files.outputs.files_exists == 'true' + uses: azure/setup-helm@v3 + + - name: Set version name in Chart.yaml + if: steps.check_files.outputs.files_exists == 'true' + run: "sed -i s/chartversionplaceholder/${{env.VERSION}}/ helm-chart/Chart.yaml" + + - name: Set version name in Chart.yaml + if: steps.check_files.outputs.files_exists == 'true' + run: "sed -i s/appversionplaceholder/${{env.VERSION}}/ helm-chart/Chart.yaml" + + - name: Add Bitnami Helm repo + if: steps.check_files.outputs.files_exists == 'true' + run: helm repo add bitnami https://charts.bitnami.com/bitnami + + - name: Update Helm repos + if: steps.check_files.outputs.files_exists == 'true' + run: helm repo update + + - name: Install dependencies for Helm chart + if: steps.check_files.outputs.files_exists == 'true' + continue-on-error: true + run: cd helm-chart && helm dependency update + + - name: Package Helm chart + if: steps.check_files.outputs.files_exists == 'true' + run: helm package helm-chart/ + + - name: Upload packaged Chart - if this fails give repo permission to chartmuseum-pass org variable + if: steps.check_files.outputs.files_exists == 'true' + run: curl --silent --fail --show-error -u "github:${{ secrets.CHARTMUSEUMPASS }}" --data-binary "@`ls -1 *.tgz | head -n1`" https://charts.linkorb.com/api/charts diff --git a/.github/workflows/50-security.yaml b/.github/workflows/50-security.yaml new file mode 100644 index 0000000..7467c9e --- /dev/null +++ b/.github/workflows/50-security.yaml @@ -0,0 +1,29 @@ +# {{ repo_managed }} +name: Security + +on: + workflow_call: + +jobs: + security: + name: security + runs-on: ubuntu-latest + steps: + - name: GitHub Environment Variables Action + uses: FranzDiebold/github-env-vars-action@v2 + + - name: Docker login + run: echo ${{ secrets.DOCKER_PASSWORD }} | docker login ghcr.io --username automation@linkorb.com --password-stdin + + - name: Docker pull + run: docker pull ghcr.io/linkorb/${{ env.CI_REPOSITORY_NAME }}:latest + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ghcr.io/linkorb/${{ env.CI_REPOSITORY_NAME }}:latest + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' diff --git a/.github/workflows/90-cleanup.yaml b/.github/workflows/90-cleanup.yaml new file mode 100644 index 0000000..4e94cab --- /dev/null +++ b/.github/workflows/90-cleanup.yaml @@ -0,0 +1,28 @@ +# {{ repo_managed }} +name: Cleanup + +on: + schedule: + - cron: 0 13 * * 2 + workflow_dispatch: + workflow_call: + +jobs: + cleanup: + runs-on: ubuntu-latest + steps: + + - name: GitHub Environment Variables Action + uses: FranzDiebold/github-env-vars-action@v2 + + - name: Delete old unused container images + uses: snok/container-retention-policy@v2 + with: + image-names: "${{ env.CI_REPOSITORY_NAME }}" + cut-off: A month ago UTC + account-type: org + org-name: linkorb + keep-at-least: 5 + skip-tags: latest + untagged-only: false + token: ${{ secrets.DOCKER_PASSWORD }} diff --git a/.php-cs-fixer.dist.php b/.php-cs-fixer.dist.php new file mode 100644 index 0000000..ee47e66 --- /dev/null +++ b/.php-cs-fixer.dist.php @@ -0,0 +1,30 @@ +in("src") +; + +$config = new PhpCsFixer\Config(); + +return $config->setRules([ + '@PSR1' => true, + '@PSR2' => true, + '@Symfony' => true, + 'blank_line_before_statement' => [ + 'statements' => [ + 'declare', + 'return', + ], + ], + 'global_namespace_import' => [ + 'import_classes' => true, + 'import_constants' => true, + 'import_functions' => true, + ], + 'phpdoc_align' => false, + 'single_line_throw' => false, +]) +->setFinder($finder) +->setCacheFile('.php-cs-fixer.cache') // forward compatibility with 3.x line +; diff --git a/.reviewdog.yaml b/.reviewdog.yaml new file mode 100644 index 0000000..2eb960f --- /dev/null +++ b/.reviewdog.yaml @@ -0,0 +1,27 @@ +# .reviewdog.yml +# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. +# Configure the tools +runner: + phpstan: + cmd: phpstan analyze --configuration=phpstan.neon --error-format=checkstyle --memory-limit=-1 + format: checkstyle # format to be parsed by reviewdog + name: phpstan # output in logs + level: error + + php-cs-fixer: + name: php-cs-fixer + cmd: php-cs-fixer fix --dry-run --diff .php-cs-fixer.dist.php --ansi --format checkstyle + format: checkstyle + level: error + + yamllint: + name: yamllint + cmd: yamllint -c .yamllint.yaml . --format "parsable" + errorformat: + - "%f:%l:%c: %m" + level: error + + twigcs: + cmd: "twigcs **/*.twig --reporter checkstyle" + format: checkstyle + level: "warning" diff --git a/.twigcs.yaml b/.twigcs.yaml new file mode 100644 index 0000000..df2a19d --- /dev/null +++ b/.twigcs.yaml @@ -0,0 +1,49 @@ +# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. +ruleset: + syntax: + enabled: true + severity: error + + tags: + enabled: true + severity: warning + + empty-block: + enabled: true + severity: error + + deprecated-function: + enabled: true + severity: warning + + deprecated-filter: + enabled: true + severity: warning + + deprecated-test: + enabled: true + severity: warning + + deprecated-operator: + enabled: true + severity: warning + + missing-space: + enabled: true + severity: error + + trailing-space: + enabled: true + severity: error + + strict-variable: + enabled: true + severity: error + + ternary: + enabled: true + severity: error + + not-operator: + enabled: true + severity: error diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000..d3fc5fe --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,20 @@ +# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. +extends: default + +rules: + # Rule to enforce indentation with 2 spaces + indentation: + spaces: 2 + + # Rule to enforce line length limit of 80 characters + line-length: + max: 120 + + # Rule to enforce key ordering in alphabetical order + key-ordering: disable + + # Rule to check for trailing spaces at the end of lines + trailing-spaces: enable + + # Rule to check for consistent newlines at the end of files + new-lines: enable diff --git a/README.md b/README.md index 4b9a896..6198a80 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ and configure address, username, password, port and custom properties at a higher level. This way you can quickly mass-reconfigure all dbs on a given server or cluster. +Build status: [![Release](https://github.com/linkorb/connector/actions/workflows/30-release-and-build.yaml/badge.svg)](https://github.com/linkorb/connector/actions/workflows/30-release-and-build.yaml) diff --git a/composer-unused.php b/composer-unused.php new file mode 100644 index 0000000..28d7bd8 --- /dev/null +++ b/composer-unused.php @@ -0,0 +1,15 @@ +addPatternFilter(PatternFilter::fromString('/^ext-.*/')) + ; +}; diff --git a/phpstan.neon b/phpstan.neon new file mode 100644 index 0000000..38cecc9 --- /dev/null +++ b/phpstan.neon @@ -0,0 +1,6 @@ +# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. + +parameters: + level: 0 + paths: + - src diff --git a/repo.yaml b/repo.yaml index 0b75f2c..680364a 100644 --- a/repo.yaml +++ b/repo.yaml @@ -6,7 +6,7 @@ description: 'Connector: Database connection resolver' license: mit license_year: 2016 name: connector -type: other +type: library visibility: public github: features: From 7284ef9fa91b5807eb1f3af799299068a2656554 Mon Sep 17 00:00:00 2001 From: Marius Ghita Date: Fri, 24 Nov 2023 15:11:46 +0200 Subject: [PATCH 4/9] chore: less strict PR merge defaults --- .github/settings.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/settings.yml b/.github/settings.yml index 606f6e6..c317d39 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -26,7 +26,7 @@ repository: has_wiki: false # Either `true` to enable downloads for this repository, `false` to disable them. - has_downloads: false + has_downloads: true # Updates the default branch for this repository. default_branch: master @@ -37,11 +37,11 @@ repository: # Either `true` to allow merging pull requests with a merge commit, or `false` # to prevent merging pull requests with merge commits. - allow_merge_commit: false + allow_merge_commit: true # Either `true` to allow rebase-merging pull requests, or `false` to prevent # rebase-merging. - allow_rebase_merge: false + allow_rebase_merge: true # Either `true` to enable automatic deletion of branches on merge, or `false` to disable delete_branch_on_merge: true From fc0f0378608e625e8203e11890bac8fd317c769d Mon Sep 17 00:00:00 2001 From: Marius Ghita Date: Mon, 27 Nov 2023 15:04:07 +0200 Subject: [PATCH 5/9] ci: repo-ansible workflow --- .github/workflows/repo-ansible.yaml | 46 +++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .github/workflows/repo-ansible.yaml diff --git a/.github/workflows/repo-ansible.yaml b/.github/workflows/repo-ansible.yaml new file mode 100644 index 0000000..01ee098 --- /dev/null +++ b/.github/workflows/repo-ansible.yaml @@ -0,0 +1,46 @@ +name: repo-ansible + +on: + pull_request: + paths: + - 'repo.yaml' + push: + paths: + - 'repo.yaml' + +permissions: + contents: write + +jobs: + run: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + path: current + + - uses: actions/checkout@v4 + with: + repository: linkorb/repo-ansible + path: repo-ansible + + # XXX ansible installed within GitHub Runner via pipx, which doesn't support direct installation from a file + # like pip does. See https://github.com/pypa/pipx/issues/934 + - name: install repo-ansible dependencies + working-directory: repo-ansible + run: cat requirements.txt | xargs pipx inject ansible-core + + - run: ansible-playbook ../repo-ansible/playbook-cwd.yaml + working-directory: current + env: + ANSIBLE_DISPLAY_OK_HOSTS: 0 + ANSIBLE_DISPLAY_SKIPPED_HOSTS: 0 + + - name: commit changes + working-directory: current + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add . + git commit -m "chore: repo-ansible run" + git push From 14837bee38ee22a2336de442d93bd45c2379c662 Mon Sep 17 00:00:00 2001 From: Marius Ghita Date: Mon, 27 Nov 2023 17:25:02 +0200 Subject: [PATCH 6/9] ci: update workflow #8277 --- .github/workflows/repo-ansible.yaml | 52 ++++++++++++++++++++++++++--- 1 file changed, 48 insertions(+), 4 deletions(-) diff --git a/.github/workflows/repo-ansible.yaml b/.github/workflows/repo-ansible.yaml index 01ee098..4905bb0 100644 --- a/.github/workflows/repo-ansible.yaml +++ b/.github/workflows/repo-ansible.yaml @@ -1,15 +1,23 @@ name: repo-ansible on: - pull_request: + pull_request_target: paths: - 'repo.yaml' push: + branches: + - main + - master paths: - 'repo.yaml' permissions: - contents: write + contents: write # allow git commits & push + pull-requests: write # allow comments on PR + +env: + # XXX alternative to missing ternary syntax + IS_PULL_REQUEST: ${{ github.event_name == 'pull_request_target' && '1' || '0' }} jobs: run: @@ -18,25 +26,42 @@ jobs: - uses: actions/checkout@v4 with: path: current + ref: ${{ github.event_name == 'pull_request_target' && github.head_ref || '' }} - uses: actions/checkout@v4 with: repository: linkorb/repo-ansible path: repo-ansible + # XXX ansible installed within GitHub Runner via pipx, which doesn't support direct installation from a file # like pip does. See https://github.com/pypa/pipx/issues/934 - name: install repo-ansible dependencies working-directory: repo-ansible run: cat requirements.txt | xargs pipx inject ansible-core - - run: ansible-playbook ../repo-ansible/playbook-cwd.yaml + + - name: run ansible playbook working-directory: current env: ANSIBLE_DISPLAY_OK_HOSTS: 0 ANSIBLE_DISPLAY_SKIPPED_HOSTS: 0 + run: | + ansible-playbook ../repo-ansible/playbook-cwd.yaml | tee /tmp/repo_ansible_output + export OUTPUT=$(cat /tmp/repo_ansible_output) + { + echo 'REPO_ANSIBLE_OUTPUT<> "$GITHUB_ENV" + + if ! echo "$OUTPUT" | grep "changed=0"; then + echo "REPOSITORY_CHANGED=1" >> "$GITHUB_ENV" + fi - - name: commit changes + + - if: ${{ env.IS_PULL_REQUEST == '0' }} + name: commit changes working-directory: current run: | git config user.name github-actions @@ -44,3 +69,22 @@ jobs: git add . git commit -m "chore: repo-ansible run" git push + + + - if: ${{ env.IS_PULL_REQUEST == '1' && env.REPOSITORY_CHANGED == '1' }} + name: comment with changes + uses: actions/github-script@v7 + with: + script: | + const changes = process.env.REPO_ANSIBLE_OUTPUT + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `Following repo-ansible changes will be applied when merged to main/master branch + + \`\`\`shell + ${changes} + \`\`\` + ` + }) From 572ce389576ccd92080bfc0db9498fbaca571db2 Mon Sep 17 00:00:00 2001 From: Marius Ghita Date: Thu, 7 Dec 2023 18:06:13 +0200 Subject: [PATCH 7/9] chore: remove sdlc workflows --- .github/workflows/00-start.yaml | 37 ------- .github/workflows/10-review.yaml | 65 ------------ .github/workflows/30-release-and-build.yaml | 106 -------------------- .github/workflows/40-helm.yaml | 72 ------------- .github/workflows/50-security.yaml | 29 ------ .github/workflows/90-cleanup.yaml | 28 ------ 6 files changed, 337 deletions(-) delete mode 100644 .github/workflows/00-start.yaml delete mode 100644 .github/workflows/10-review.yaml delete mode 100644 .github/workflows/30-release-and-build.yaml delete mode 100644 .github/workflows/40-helm.yaml delete mode 100644 .github/workflows/50-security.yaml delete mode 100644 .github/workflows/90-cleanup.yaml diff --git a/.github/workflows/00-start.yaml b/.github/workflows/00-start.yaml deleted file mode 100644 index 29b55d6..0000000 --- a/.github/workflows/00-start.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# {{ repo_managed }} -name: RunGithubActionsWorkflows - -# triggers on master and main commits and merges -# schedule/cron is optional -# workflow_dispatch enables option for manual runs -# workflow_call: it can be started by other workflows - -on: - push: - branches: [master, main] - workflow_dispatch: - workflow_call: - pull_request: - branches: [justheretomakegithubhappy] - types: [opened, edited, reopened, synchronize] - -jobs: - review: - uses: ./.github/workflows/10-review.yaml - secrets: inherit - releaseandbuild: - uses: ./.github/workflows/30-release-and-build.yaml - needs: review - secrets: inherit - helm: - uses: ./.github/workflows/40-helm.yaml - needs: releaseandbuild - secrets: inherit - security: - uses: ./.github/workflows/50-security.yaml - needs: helm - secrets: inherit - cleanup: - uses: ./.github/workflows/90-cleanup.yaml - needs: security - secrets: inherit diff --git a/.github/workflows/10-review.yaml b/.github/workflows/10-review.yaml deleted file mode 100644 index a3abf29..0000000 --- a/.github/workflows/10-review.yaml +++ /dev/null @@ -1,65 +0,0 @@ -# {{ repo_managed }} -name: ReviewCode - -on: - workflow_dispatch: - workflow_call: - pull_request: - branches: [master, main] - types: [opened, edited, reopened, synchronize] - pull_request_target: - types: [opened, edited, reopened, synchronize] - -jobs: - check-for-cc: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - # interesting alternative: https://github.com/cocogitto/cocogitto - - name: Conventional commit checker - uses: webiny/action-conventional-commits@v1.1.0 - if: ${{ github.event_name != 'workflow_dispatch' }} - - #- name: Extra conventional commits check - # uses: gsactions/commit-message-checker@v2 - # with: - # pattern: '^(feat|fix|test|docs|chore|style|refactor|ci|cd):' - # error: 'You need to start with a conventional commits action.' - - - name: Check Card# reference - uses: gsactions/commit-message-checker@v2 - with: - # Matches lines that end in a card number: #1234 - # Matches lines that end in a card number and PR reference: #1234 (#20) - pattern: '#\d{4}(\s+\(#\d+\))?' - flags: 'gm' - error: 'Your commit message has to end with a card number like "#1234".' - excludeDescription: 'true' # optional: this excludes the description body of a pull request - excludeTitle: 'true' # optional: this excludes the title of a pull request - checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request - accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true - if: ${{ github.event_name != 'workflow_dispatch' }} - - - name: Check Line Length - uses: gsactions/commit-message-checker@v2 - with: - pattern: '^.{0,50}$' - error: 'The maximum line length of 50 characters is exceeded.' - excludeDescription: 'true' # optional: this excludes the description body of a pull request - excludeTitle: 'true' # optional: this excludes the title of a pull request - checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request - accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true - if: ${{ github.event_name != 'workflow_dispatch' }} - - - name: Check Body Length - uses: gsactions/commit-message-checker@v2 - with: - pattern: '^.{0,72}$' - error: 'The maximum line length of 72 characters is exceeded in the body.' - excludeDescription: 'false' # optional: this excludes the description body of a pull request - excludeTitle: 'true' # optional: this excludes the title of a pull request - checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request - accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true - if: ${{ github.event_name != 'workflow_dispatch' }} diff --git a/.github/workflows/30-release-and-build.yaml b/.github/workflows/30-release-and-build.yaml deleted file mode 100644 index 9ffd453..0000000 --- a/.github/workflows/30-release-and-build.yaml +++ /dev/null @@ -1,106 +0,0 @@ -# {{ repo_managed }} -name: Release - -on: - workflow_dispatch: - workflow_call: - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - name: GitHub Environment Variables Action - uses: FranzDiebold/github-env-vars-action@v2 - - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: write semantic-release config - uses: DamianReeves/write-file-action@v1.2 - with: - path: package.json - contents: | - { - "name": "linkorb-releases", - "version": "1.0.0", - "description": "Dependencies for the LinkORB release workflow", - "main": "index.js", - "scripts": { - "test": "echo \"Error: no test specified\" && exit 1" - }, - "author": "", - "license": "ISC", - "devDependencies": { - "@codedependant/semantic-release-docker": "^4.1.0", - "@semantic-release-plus/docker": "^3.1.2", - "@semantic-release/changelog": "^6.0.1", - "@semantic-release/exec": "^6.0.3", - "@semantic-release/git": "^10.0.1" - } - } - write-mode: overwrite - - - name: write semantic-release config - uses: DamianReeves/write-file-action@v1.2 - with: - path: .releaserc - contents: | - { - "branches": ["master", "main" ], - "debug": "True", - "repositoryUrl": 'git+https://github.com/linkorb/REPOPLACEHOLDER.git', - "plugins": [ - "@semantic-release/commit-analyzer", - "@semantic-release/github", - "@semantic-release/release-notes-generator", - [ - "@semantic-release/npm", - { - "npmPublish": false - } - ], - "@semantic-release/changelog", - [ - "@semantic-release/git", - { - "assets": [ - "CHANGELOG.md" - ], - "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" - } - ], - ["@semantic-release/exec", { - "prepareCmd": "echo ${ process.env.DOCKER_PASSWORD } | docker login ghcr.io --username automation@linkorb.com --password-stdin", - "publishCmd": "git checkout package.json; git checkout package-lock.json; docker build . --build-arg PACKAGIST_USER='token' - --build-arg PACKAGIST_TOKEN=${ process.env.PACKAGIST_TOKEN} - --label org.opencontainers.image.source=https://github.com/linkorb/${ process.env.CI_REPOSITORY_NAME} - --tag ghcr.io/linkorb/${ process.env.CI_REPOSITORY_NAME }:${nextRelease.version} --file Dockerfile && - docker push ghcr.io/linkorb/${ process.env.CI_REPOSITORY_NAME }:${nextRelease.version} && - docker tag ghcr.io/linkorb/${ process.env.CI_REPOSITORY_NAME }:${nextRelease.version} ghcr.io/linkorb/${ process.env.CI_REPOSITORY_NAME }:latest && - docker push ghcr.io/linkorb/${ process.env.CI_REPOSITORY_NAME }:latest" - }] - ] - } - write-mode: overwrite - - - - name: Set repo name in .releaserc - run: "sed -i s/REPOPLACEHOLDER/${{ env.CI_REPOSITORY_NAME }}/ .releaserc" - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: 'lts/*' - - - name: Install dependencies for release - run: npm install - - - name: Create release and push container image - run: npx semantic-release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - PACKAGIST_TOKEN: ${{ secrets.PACKAGIST_TOKEN }} - CI_REPOSITORY_NAME: ${{ env.CI_REPOSITORY_NAME }} diff --git a/.github/workflows/40-helm.yaml b/.github/workflows/40-helm.yaml deleted file mode 100644 index 9855378..0000000 --- a/.github/workflows/40-helm.yaml +++ /dev/null @@ -1,72 +0,0 @@ -# {{ repo_managed }} -name: Helm Publish - -on: - workflow_dispatch: - workflow_call: - -jobs: - helm: - runs-on: self-hosted - - steps: - - name: GitHub Environment Variables Action - uses: FranzDiebold/github-env-vars-action@v2 - - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Check file existence - id: check_files - uses: andstor/file-existence-action@v2 - with: - files: "helm-chart" - - - uses: actions-ecosystem/action-get-latest-tag@v1 - id: get-latest-tag - with: - semver_only: true - - - name: Remove v from release - if: steps.check_files.outputs.files_exists == 'true' - run: | - TMP=${{ steps.get-latest-tag.outputs.tag }} - echo "VERSION=${TMP#v}" >> $GITHUB_ENV - - - name: Output release - if: steps.check_files.outputs.files_exists == 'true' - run: "echo ${{env.VERSION}}" - - - name: Install Helm - if: steps.check_files.outputs.files_exists == 'true' - uses: azure/setup-helm@v3 - - - name: Set version name in Chart.yaml - if: steps.check_files.outputs.files_exists == 'true' - run: "sed -i s/chartversionplaceholder/${{env.VERSION}}/ helm-chart/Chart.yaml" - - - name: Set version name in Chart.yaml - if: steps.check_files.outputs.files_exists == 'true' - run: "sed -i s/appversionplaceholder/${{env.VERSION}}/ helm-chart/Chart.yaml" - - - name: Add Bitnami Helm repo - if: steps.check_files.outputs.files_exists == 'true' - run: helm repo add bitnami https://charts.bitnami.com/bitnami - - - name: Update Helm repos - if: steps.check_files.outputs.files_exists == 'true' - run: helm repo update - - - name: Install dependencies for Helm chart - if: steps.check_files.outputs.files_exists == 'true' - continue-on-error: true - run: cd helm-chart && helm dependency update - - - name: Package Helm chart - if: steps.check_files.outputs.files_exists == 'true' - run: helm package helm-chart/ - - - name: Upload packaged Chart - if this fails give repo permission to chartmuseum-pass org variable - if: steps.check_files.outputs.files_exists == 'true' - run: curl --silent --fail --show-error -u "github:${{ secrets.CHARTMUSEUMPASS }}" --data-binary "@`ls -1 *.tgz | head -n1`" https://charts.linkorb.com/api/charts diff --git a/.github/workflows/50-security.yaml b/.github/workflows/50-security.yaml deleted file mode 100644 index 7467c9e..0000000 --- a/.github/workflows/50-security.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# {{ repo_managed }} -name: Security - -on: - workflow_call: - -jobs: - security: - name: security - runs-on: ubuntu-latest - steps: - - name: GitHub Environment Variables Action - uses: FranzDiebold/github-env-vars-action@v2 - - - name: Docker login - run: echo ${{ secrets.DOCKER_PASSWORD }} | docker login ghcr.io --username automation@linkorb.com --password-stdin - - - name: Docker pull - run: docker pull ghcr.io/linkorb/${{ env.CI_REPOSITORY_NAME }}:latest - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ghcr.io/linkorb/${{ env.CI_REPOSITORY_NAME }}:latest - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' diff --git a/.github/workflows/90-cleanup.yaml b/.github/workflows/90-cleanup.yaml deleted file mode 100644 index 4e94cab..0000000 --- a/.github/workflows/90-cleanup.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# {{ repo_managed }} -name: Cleanup - -on: - schedule: - - cron: 0 13 * * 2 - workflow_dispatch: - workflow_call: - -jobs: - cleanup: - runs-on: ubuntu-latest - steps: - - - name: GitHub Environment Variables Action - uses: FranzDiebold/github-env-vars-action@v2 - - - name: Delete old unused container images - uses: snok/container-retention-policy@v2 - with: - image-names: "${{ env.CI_REPOSITORY_NAME }}" - cut-off: A month ago UTC - account-type: org - org-name: linkorb - keep-at-least: 5 - skip-tags: latest - untagged-only: false - token: ${{ secrets.DOCKER_PASSWORD }} From b6acd2f550e371f282d5aa8c63ce315446de59c3 Mon Sep 17 00:00:00 2001 From: Marius Ghita Date: Thu, 7 Dec 2023 18:07:16 +0200 Subject: [PATCH 8/9] chore: repo-ansible run --- .devcontainer/devcontainer.json | 14 +++++++++---- .devcontainer/postCreate.sh | 1 + .github/workflows/dependabot-auto-merge.yaml | 22 ++++++++++++++++++++ 3 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/dependabot-auto-merge.yaml diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index b7bdc68..8eaa8f7 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -21,13 +21,19 @@ "vscode": { // Set *default* container specific settings.json values on container create. "settings": { - "php.validate.executablePath": "/usr/local/bin/php" + "php.validate.executablePath": "/usr/local/bin/php", + "yaml.schemas": { + "https://raw.githubusercontent.com/linkorb/repo-ansible/main/repo.schema.yaml": ["repo.yaml"] + }, + // YAML extension by RedHat that prompts on each new devcontainer to enable telemetry + "redhat.telemetry.enabled": false }, // Add the IDs of extensions you want installed when the container is created. "extensions": [ "xdebug.php-debug", "bmewburn.vscode-intelephense-client", - "mrmlnc.vscode-apache" + "mrmlnc.vscode-apache", + "74th.json-yaml-schema-selector" ] } }, @@ -38,8 +44,8 @@ "CR_PAT": { "description": "GitHub Personal Access Token (classic) with package read access, required for docker base image", "documentationUrl": "https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic" - }, - "PACKAGIST_TOKEN": { + } + ,"PACKAGIST_TOKEN": { "description": "Packagist access token, required for installation of composer packages from private packagist", "documentationUrl": "https://packagist.com/orgs/linkorb" } diff --git a/.devcontainer/postCreate.sh b/.devcontainer/postCreate.sh index a80b7e4..ae59bf3 100755 --- a/.devcontainer/postCreate.sh +++ b/.devcontainer/postCreate.sh @@ -7,5 +7,6 @@ cp .devcontainer/git/hooks/pre-push .git/hooks/pre-push chmod +x .git/hooks/pre-push composer config --global --auth http-basic.repo.packagist.com "$GITHUB_USER" "$PACKAGIST_TOKEN" + composer install diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml new file mode 100644 index 0000000..2fc9db3 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -0,0 +1,22 @@ +name: Dependabot auto-merge +on: pull_request_target + +permissions: + pull-requests: write # required for the action to read metadata + contents: write # required for the gh client to read/merge commits + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1 + + - name: Enable auto-merge for Dependabot PRs + if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch' + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ github.token }} From 1698d56ff30a62a412471ea8c8e06ede2ca71e39 Mon Sep 17 00:00:00 2001 From: Marius Ghita Date: Wed, 27 Dec 2023 20:21:31 +0200 Subject: [PATCH 9/9] chore: fix default branch #8308 --- CODE_OF_CONDUCT.md | 2 +- repo.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index d2d4dfc..abfe9d9 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,5 +1,5 @@ ## TL;DR -# Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten. + Be nice. Provide and accept constructive feedback. Avoid spamming, abusive, trolling, and otherwise unacceptable behavior. Repeat violations may result in a permanent ban. diff --git a/repo.yaml b/repo.yaml index 680364a..0c733a5 100644 --- a/repo.yaml +++ b/repo.yaml @@ -9,5 +9,6 @@ name: connector type: library visibility: public github: + default_branch: master features: issues: true