chore(dependabot.yml): add Dependabot configuration file to enable au…

…tomated dependency updates chore(release-drafter.yml): add Release Drafter configuration file to automate release notes generation chore(attach-artifact-release.yml): add workflow to attach artifact to release on pull request closure chore(build-nightly.yml): add workflow to build the extension nightly chore(create-release.yml): add workflow to create a release on push to main branch chore(label-pr.yml): add workflow to validate and label pull requests chore(release-published.yml): add workflow to release extension to Sonatype chore(snyk-nightly.yml): add workflow to run Snyk nightly for security scanning chore(test.yml): add workflow to build and test the extension on pull request events
liquibase · Sep 12, 2023 · 8631a3a · 8631a3a
1 parent 72245bb
commit 8631a3a
Show file tree

Hide file tree

Showing 10 changed files with 219 additions and 21 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,20 @@
+version: 2
+updates:
+- package-ecosystem: maven
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  pull-request-branch-name:
+    separator: "-"
+  labels:
+      - "sdou"
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  pull-request-branch-name:
+    separator: "-"
+  labels:
+    - "sdou"
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -0,0 +1,53 @@
+
+name-template: 'Support for Liquibase v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+exclude-labels:
+  - 'skipReleaseNotes'
+categories:
+  - title: ':green_book: Notable Changes'
+    labels: 
+      - 'notableChanges'
+  - title: '🚀 New Features'
+    labels:
+      - 'TypeEnhancement'
+      - 'TypeTest'
+  - title: '🐛 Bug Fixes 🛠'
+    labels:
+      - 'TypeBug'
+  - title: '💥 Breaking Changes'
+    labels: 
+      - 'breakingChanges'
+  - title: '🤖 Security Driver and Other Updates'
+    collapse-after: 5
+    labels:
+      - 'sdou'
+      - 'dependencies'
+  - title: '👏 New Contributors'
+    labels:
+      - 'newContributors'  
+
+
+change-template: '- (#$NUMBER) $TITLE @$AUTHOR '
+change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+  patch:
+    labels:
+      - 'feature'
+      - 'enhancement'
+      - 'patch'
+      - 'bugfix'
+      - 'sdou'
+  default: patch
+template: |
+  ## Changes
+  
+  $CHANGES
+
+  **Full Changelog**: https://github.com/liquibase/liquibase-mongodb/compare/liquibase-mongodb-$PREVIOUS_TAG...liquibase-mongodb-$RESOLVED_VERSION
+
diff --git a/.github/workflows/attach-artifact-release.yml b/.github/workflows/attach-artifact-release.yml
@@ -0,0 +1,12 @@
+name: Attach Artifact to Release
+
+on:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+
+  attach-artifact-to-release:
+    uses: liquibase/build-logic/.github/workflows/[email protected]
+    secrets: inherit
diff --git a/.github/workflows/build-nightly.yml b/.github/workflows/build-nightly.yml
@@ -0,0 +1,13 @@
+# This workflow will build the extension against the latest Liquibase artifact
+name: "Nightly build"
+
+on:
+  schedule:
+    - cron: '0 7 * * 1-5'
+
+jobs:
+    nightly-build:
+      uses: liquibase/build-logic/.github/workflows/[email protected]
+      with:
+        nightly: true
+      secrets: inherit
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -0,0 +1,11 @@
+name: Create Release
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  create-release:
+    uses: liquibase/build-logic/.github/workflows/[email protected]
+    secrets: inherit
diff --git a/.github/workflows/label-pr.yml b/.github/workflows/label-pr.yml
@@ -0,0 +1,19 @@
+name: Pull Request Labels
+on:
+  pull_request:
+    types: [opened, labeled, unlabeled, synchronize, reopened]
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Validate PR Labels
+        uses: mheap/github-action-required-labels@v5
+        with:
+          mode: minimum
+          count: 1
+          labels: "breakingChanges, newContributors, notableChanges, sdou, skipReleaseNotes, TypeBug, TypeEnhancement, TypeTest"
+          add_comment: true
+          message: "Label error: This PR is being prevented from merging because you have not added one of the labels: {{ provided }}. You'll need to add it before this PR can be merged."
diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml
@@ -0,0 +1,63 @@
+name: Release Extension to Sonatype
+
+on:
+  workflow_dispatch:
+  release:
+    types: [published]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'maven'
+
+      - name: Configure Git
+        run: |
+          git config user.name "liquibot"
+          git config user.email "[email protected]"
+
+      - name: Build release artifacts
+        id: build-release-artifacts
+        run: |
+          mvn -B release:clean release:prepare -Dusername=liquibot -Dpassword=$GITHUB_TOKEN -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DpushChanges=false
+          git reset HEAD~ --hard
+
+      - name: Get Artifact ID
+        id: get-artifact-id
+        run: echo "artifact_id=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)" >> $GITHUB_ENV
+
+      - name: Download Release Artifacts
+        uses: robinraju/[email protected]
+        with:
+          tag: "${{ github.event.release.tag_name }}"
+          filename: "${{ env.artifact_id }}-*"
+          out-file-path: "."
+
+      - name: Publish to GitHub Packages
+        run: |
+          version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)          
+          mvn -B org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1:deploy-file \
+                      -Durl=https://maven.pkg.github.com/liquibase/liquibase-super-pom \
+                      -DpomFile=${{ env.artifact_id }}-${version}.pom \
+                      -DgeneratePom=false \
+                      -Dfile=${{ env.artifact_id }}-${version}.pom \
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  maven-release:
+    needs: release
+    uses: liquibase/build-logic/.github/workflows/[email protected]
+    secrets: inherit
diff --git a/.github/workflows/snyk-nightly.yml b/.github/workflows/snyk-nightly.yml
@@ -0,0 +1,14 @@
+# Run Snyk nightly to scan and report security issues on staging.
+name: Nightly Snyk Scan
+
+# Job will run nightly at 02:05 EDT / 01:05 CDT
+# Time below is UTC
+on:
+  schedule:
+    - cron: "5 6 * * *"
+  workflow_dispatch:
+
+jobs:
+  security-scan:
+    uses: liquibase/build-logic/.github/workflows/[email protected]
+    secrets: inherit
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,14 @@
+name: Build and Test
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+jobs:
+  build-test:
+    uses: liquibase/build-logic/.github/workflows/[email protected]
+    secrets: inherit