diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..dada08d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,20 @@ +version: 2 +updates: +- package-ecosystem: maven + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + pull-request-branch-name: + separator: "-" + labels: + - "sdou" +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + pull-request-branch-name: + separator: "-" + labels: + - "sdou" diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..b60c930 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,53 @@ + +name-template: 'Support for Liquibase v$RESOLVED_VERSION' +tag-template: 'v$RESOLVED_VERSION' +exclude-labels: + - 'skipReleaseNotes' +categories: + - title: ':green_book: Notable Changes' + labels: + - 'notableChanges' + - title: '🚀 New Features' + labels: + - 'TypeEnhancement' + - 'TypeTest' + - title: '🐛 Bug Fixes 🛠' + labels: + - 'TypeBug' + - title: '💥 Breaking Changes' + labels: + - 'breakingChanges' + - title: '🤖 Security Driver and Other Updates' + collapse-after: 5 + labels: + - 'sdou' + - 'dependencies' + - title: '👏 New Contributors' + labels: + - 'newContributors' + + +change-template: '- (#$NUMBER) $TITLE @$AUTHOR ' +change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + patch: + labels: + - 'feature' + - 'enhancement' + - 'patch' + - 'bugfix' + - 'sdou' + default: patch +template: | + ## Changes + + $CHANGES + + **Full Changelog**: https://github.com/liquibase/liquibase-mongodb/compare/liquibase-mongodb-$PREVIOUS_TAG...liquibase-mongodb-$RESOLVED_VERSION + diff --git a/.github/workflows/attach-artifact-release.yml b/.github/workflows/attach-artifact-release.yml new file mode 100644 index 0000000..f5850e3 --- /dev/null +++ b/.github/workflows/attach-artifact-release.yml @@ -0,0 +1,12 @@ +name: Attach Artifact to Release + +on: + pull_request: + types: + - closed + +jobs: + + attach-artifact-to-release: + uses: liquibase/build-logic/.github/workflows/extension-attach-artifact-release.yml@v0.4.1 + secrets: inherit diff --git a/.github/workflows/build-nightly.yml b/.github/workflows/build-nightly.yml new file mode 100644 index 0000000..c72e433 --- /dev/null +++ b/.github/workflows/build-nightly.yml @@ -0,0 +1,13 @@ +# This workflow will build the extension against the latest Liquibase artifact +name: "Nightly build" + +on: + schedule: + - cron: '0 7 * * 1-5' + +jobs: + nightly-build: + uses: liquibase/build-logic/.github/workflows/pro-extension-test.yml@v0.4.1 + with: + nightly: true + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 1090cec..0000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Publish super-pom to GitHub Packages -on: - workflow_dispatch: - release: - types: [created] -jobs: - publish: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-java@v3 - with: - java-version: '17' - distribution: 'temurin' - - name: Publish package - run: mvn -B clean deploy -Durl=https://maven.pkg.github.com/liquibase/liquibase-super-pom - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml new file mode 100644 index 0000000..775a681 --- /dev/null +++ b/.github/workflows/create-release.yml @@ -0,0 +1,11 @@ +name: Create Release + +on: + push: + branches: + - main + +jobs: + create-release: + uses: liquibase/build-logic/.github/workflows/create-release.yml@v0.4.1 + secrets: inherit diff --git a/.github/workflows/label-pr.yml b/.github/workflows/label-pr.yml new file mode 100644 index 0000000..a73d55b --- /dev/null +++ b/.github/workflows/label-pr.yml @@ -0,0 +1,19 @@ +name: Pull Request Labels +on: + pull_request: + types: [opened, labeled, unlabeled, synchronize, reopened] +jobs: + label: + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + steps: + - name: Validate PR Labels + uses: mheap/github-action-required-labels@v5 + with: + mode: minimum + count: 1 + labels: "breakingChanges, newContributors, notableChanges, sdou, skipReleaseNotes, TypeBug, TypeEnhancement, TypeTest" + add_comment: true + message: "Label error: This PR is being prevented from merging because you have not added one of the labels: {{ provided }}. You'll need to add it before this PR can be merged." \ No newline at end of file diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml new file mode 100644 index 0000000..217a666 --- /dev/null +++ b/.github/workflows/release-published.yml @@ -0,0 +1,63 @@ +name: Release Extension to Sonatype + +on: + workflow_dispatch: + release: + types: [published] + +permissions: + contents: write + pull-requests: write + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v3 + + - uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + cache: 'maven' + + - name: Configure Git + run: | + git config user.name "liquibot" + git config user.email "liquibot@liquibase.org" + + - name: Build release artifacts + id: build-release-artifacts + run: | + mvn -B release:clean release:prepare -Dusername=liquibot -Dpassword=$GITHUB_TOKEN -Darguments="-Dmaven.javadoc.skip=true -Dmaven.test.skipTests=true -Dmaven.test.skip=true -Dmaven.deploy.skip=true" -DpushChanges=false + git reset HEAD~ --hard + + - name: Get Artifact ID + id: get-artifact-id + run: echo "artifact_id=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)" >> $GITHUB_ENV + + - name: Download Release Artifacts + uses: robinraju/release-downloader@v1.6 + with: + tag: "${{ github.event.release.tag_name }}" + filename: "${{ env.artifact_id }}-*" + out-file-path: "." + + - name: Publish to GitHub Packages + run: | + version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) + mvn -B org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1:deploy-file \ + -Durl=https://maven.pkg.github.com/liquibase/liquibase-super-pom \ + -DpomFile=${{ env.artifact_id }}-${version}.pom \ + -DgeneratePom=false \ + -Dfile=${{ env.artifact_id }}-${version}.pom \ + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + maven-release: + needs: release + uses: liquibase/build-logic/.github/workflows/extension-release-prepare.yml@v0.4.1 + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/snyk-nightly.yml b/.github/workflows/snyk-nightly.yml new file mode 100644 index 0000000..771a6f4 --- /dev/null +++ b/.github/workflows/snyk-nightly.yml @@ -0,0 +1,14 @@ +# Run Snyk nightly to scan and report security issues on staging. +name: Nightly Snyk Scan + +# Job will run nightly at 02:05 EDT / 01:05 CDT +# Time below is UTC +on: + schedule: + - cron: "5 6 * * *" + workflow_dispatch: + +jobs: + security-scan: + uses: liquibase/build-logic/.github/workflows/synk-nightly.yml@v0.4.1 + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..09c0ebb --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,14 @@ +name: Build and Test + +on: + workflow_dispatch: + pull_request: + types: + - opened + - reopened + - synchronize + +jobs: + build-test: + uses: liquibase/build-logic/.github/workflows/os-extension-test.yml@v0.4.1 + secrets: inherit \ No newline at end of file