From d6bcc9083132522da745a182ae6fe8b36a86b19d Mon Sep 17 00:00:00 2001 From: Alex ATorres Date: Mon, 28 Apr 2025 07:10:06 +0200 Subject: [PATCH 1/3] ci: fix workflows, fix tests --- .github/workflows/bump.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bump.yml b/.github/workflows/bump.yml index a777125..da29db5 100644 --- a/.github/workflows/bump.yml +++ b/.github/workflows/bump.yml @@ -23,5 +23,5 @@ jobs: uses: ncipollo/release-action@v1 with: tag: ${{ steps.tag_version.outputs.new_tag }} - name: Release ${{ steps.tag_version.outputs.new_tag }} + name: ${{ steps.tag_version.outputs.new_tag }} body: ${{ steps.tag_version.outputs.changelog }} From 4e374af5e6a3c263feed5e004a8cf4250e324028 Mon Sep 17 00:00:00 2001 From: Alex ATorres Date: Mon, 28 Apr 2025 07:31:22 +0200 Subject: [PATCH 2/3] docs: Update branch protection rules for main and master Update the branch protection rules for the main and master branches to align with the Linux kernel's best practices: - Require at least one approving review from a code owner before merging. - Dismiss stale reviews when new commits are pushed. - Require all required status checks to pass (e.g., Lint, Test). - Enforce a linear commit history. - Restrict push access to the maintainers team and specific users. - Require signed commits. The changes ensure that all contributions to the main and master branches go through a rigorous review process, maintain a clean commit history, and are signed by the author. This helps to uphold the quality and integrity of the codebase. Affected files: - .github/settings.yml No functional changes to the application code. This is a purely administrative update to the repository configuration. --- .github/settings.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/.github/settings.yml b/.github/settings.yml index bf29d7c..abfb0f7 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -89,12 +89,37 @@ branches: # - "Format Check" # Often done locally or via pre-commit, but can be added # Add other required checks like build steps if applicable + require_signatures: true + enforce_admins: false # Admins are not exempt from protection rules required_linear_history: true # Enforce linear history restrictions: # Restrict who can push to main (ADJUST AS NEEDED) users: [Excoriate] teams: [maintainers] + - name: master + protection: + required_pull_request_reviews: + required_approving_review_count: 1 + dismiss_stale_reviews: true + require_code_owner_reviews: true + dismissal_restrictions: {} + required_conversation_resolution: true + + required_status_checks: + strict: true + contexts: + - "Lint" + - "Test" + + require_signatures: true + + enforce_admins: false + required_linear_history: true + restrictions: + users: [Excoriate] + teams: [maintainers] + # Removed Template-Specific Repository Metadata # repository_config: # template_generation_date: 2024-01-15 From 7116bc7a342776aec6ef7be3660a95e827c21232 Mon Sep 17 00:00:00 2001 From: Alex ATorres Date: Mon, 28 Apr 2025 08:52:24 +0200 Subject: [PATCH 3/3] ci: update GitHub Actions workflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update the GitHub Actions workflows to improve the labeling and sizing functionality for pull requests. The key changes are: - Rename the "Assign labels on PR" workflow to a more descriptive name "🔖 Assign labels on PR". - Update the trigger event to `pull_request_target` instead of `pull_request` to ensure the workflow can access the full context of the pull request, including labels. - Upgrade the `actions/labeler` action to the latest version (v5). - Add the `sync-labels` option to ensure the workflow keeps the repository labels in sync with the configuration in `.github/labeler.yml`. - Update the `.github/labeler.yml` configuration to use the new `changed-files` syntax for more precise matching of file paths. This includes adding new patterns for scripts, config files, and meta-information like licenses and READMEs. These changes improve the reliability and flexibility of the automated labeling process for pull requests, ensuring that changes are properly categorized according to the project's conventions. Affected files: - .github/workflows/labels-assigner.yml - .github/labeler.yml No functional changes to the application code. This is purely an update to the CI/CD tooling to enhance the developer experience and streamline the pull request review process. --- .github/labeler.yml | 49 +++++++++++++++++++++++---- .github/workflows/labels-assigner.yml | 8 +++-- 2 files changed, 48 insertions(+), 9 deletions(-) diff --git a/.github/labeler.yml b/.github/labeler.yml index bc54947..ed5a6e8 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -3,18 +3,27 @@ # Label for CI/CD changes ci/cd: - - .github/workflows/* + - changed-files: + - any-glob-to-any-file: '.github/workflows/*' + - any-glob-to-any-file: 'justfile' + - any-glob-to-any-file: 'Dockerfile' # Label for documentation changes documentation: - - README.md - - docs/**/*.md # Updated path for all docs - - "*.md" # Root level markdown files + - changed-files: + - any-glob-to-any-file: 'README.md' + - any-glob-to-any-file: 'docs/**/*.md' + - any-glob-to-any-file: 'docs/**/*' + - any-glob-to-any-file: '*.md' # Label for source code changes source: - - main.ts - - "**/*.ts" # All TypeScript files + - changed-files: + - any-glob-to-any-file: 'src/**/*.ts' + - any-glob-to-any-file: 'src/**/*.js' + - any-glob-to-any-file: 'src/**/*.json' + - any-glob-to-any-file: 'src/**/*.md' + - any-glob-to-any-file: 'main.ts' # Label for configuration changes / patches patch: @@ -30,3 +39,31 @@ patch: - .github/*.yml # Other root .github YAML configs - .gitignore - .gitattributes + +scripts: + - changed-files: + - any-glob-to-any-file: 'scripts/**/*' + +config: + - changed-files: + - any-glob-to-any-file: '.env' + - any-glob-to-any-file: '.env.example' + - any-glob-to-any-file: 'deno.json' + - any-glob-to-any-file: 'deno.lock' + - any-glob-to-any-file: 'biome.json' + - any-glob-to-any-file: '.nvmrc' + - any-glob-to-any-file: '.pre-commit-config.yaml' + - any-glob-to-any-file: '.shellcheckrc' + - any-glob-to-any-file: '.gitattributes' + - any-glob-to-any-file: '.gitignore' + - any-glob-to-any-file: '.vscode/**/*' + +meta: + - changed-files: + - any-glob-to-any-file: 'LICENSE' + - any-glob-to-any-file: 'SECURITY.md' + - any-glob-to-any-file: '.github/labeler.yml' + - any-glob-to-any-file: '.github/settings.yml' + - any-glob-to-any-file: '.github/ISSUE_TEMPLATE/*' + - any-glob-to-any-file: '.github/CODEOWNERS' + - any-glob-to-any-file: '.github/*.yml' diff --git a/.github/workflows/labels-assigner.yml b/.github/workflows/labels-assigner.yml index cac61f9..7a6abe4 100644 --- a/.github/workflows/labels-assigner.yml +++ b/.github/workflows/labels-assigner.yml @@ -1,7 +1,7 @@ --- -name: Assign labels on PR +name: 🔖 Assign labels on PR on: - pull_request: + pull_request_target: types: [opened, labeled, unlabeled, synchronize] defaults: run: @@ -13,9 +13,11 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@v3 + - uses: actions/labeler@v5 with: repo-token: ${{ secrets.GITHUB_TOKEN }} + sync-labels: true + configuration-path: .github/labeler.yml size-label: runs-on: ubuntu-latest steps: