Merge pull request #28 from paullockaby/migrating-with-actions

feat: updating name and adding workflows

Author: plockaby

.cz.toml

@@ -0,0 +1,6 @@
+[tool.commitizen]
+name = "cz_conventional_commits"
+tag_format = "v$version"
+version_scheme = "semver"
+version_provider = "scm"
+update_changelog_on_bump = true

.github/workflows/build.yaml

@@ -13,5 +13,5 @@ jobs:
         uses: actions/delete-package-versions@v5
         with:
           package-type: "container"
-          package-name: "docker-debug"
+          package-name: "container-debug"
           min-versions-to-keep: 10

.github/workflows/expire-packages.yaml

@@ -0,0 +1,44 @@
+name: Build Container
+
+on:
+  push:
+    tags:
+    - "v*"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Configure Docker for multi-arch builds
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker buildx for multi-arch builds
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build, tag, and push docker image to the GitHub Container Registry
+        run: make push
+
+      - name: Update release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: |
+            dist/*
+            CHANGELOG.md
+          tag_name: "${{ github.ref_name }}"
+
+      - run: |
+          echo "Finished building and pushing containers for version ${{ github.ref_name }}."

.github/workflows/release-build.yaml

@@ -0,0 +1,76 @@
+name: Create Release
+
+on:
+  # only trigger this workflow manually
+  workflow_dispatch:
+    inputs:
+      increment:
+        description: "Set a field to increment."
+        required: false
+        default: ""
+        type: choice
+        options:
+          - ""
+          - MAJOR
+          - MINOR
+          - PATCH
+      prerelease:
+        description: "Set as a prerelease version."
+        required: false
+        default: ""
+        type: choice
+        options:
+          - ""
+          - alpha
+          - beta
+          - rc
+
+jobs:
+  tests:
+    uses: ./.github/workflows/tests.yaml
+    secrets: inherit
+
+  security:
+    uses: ./.github/workflows/security.yaml
+    secrets: inherit
+
+  bump_version:
+    runs-on: ubuntu-latest
+
+    # only run if the other jobs succeed
+    needs:
+      - tests
+      - security
+
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ssh-key: "${{ secrets.DEPLOY_KEY }}"
+
+      - id: cz
+        name: Create changelog and bump version
+        uses: commitizen-tools/commitizen-action@0.24.0
+        with:
+          changelog: true
+          changelog_increment_filename: "changes.md"
+          git_redirect_stderr: true
+          increment: ${{ inputs.increment }}
+          prerelease: ${{ inputs.prerelease }}
+          push: false
+
+      - name: Push changelog updates
+        run: |
+          git push origin main --tags
+
+      - name: Create release
+        uses: softprops/action-gh-release@v2
+        with:
+          body_path: "changes.md"
+          tag_name: "v${{ steps.cz.outputs.version }}"
+
+      - run: |
+          echo "Bumped to version v${{ steps.cz.outputs.version }}"

.github/workflows/release-create.yaml

@@ -0,0 +1,30 @@
+name: Security Scanning
+
+on:
+  workflow_call:
+  schedule:
+    - cron: "0 2 * * 1"
+
+jobs:
+  trivy:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup trivy
+        uses: aquasecurity/setup-trivy@v0.2.2
+        with:
+          cache: true
+          version: latest
+
+      - name: Run trivy configuration checks
+        run: |
+          trivy config . --config=.trivy.yaml --ignorefile=.trivyignore
+
+      - name: Run trivy filesystem checks
+        run: |
+          trivy filesystem . --config=.trivy.yaml --ignorefile=.trivyignore --no-progress

.github/workflows/security.yaml

@@ -0,0 +1,26 @@
+name: Linters and Tests
+
+on:
+  workflow_call:
+
+jobs:
+  pre-commit:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13.x"
+          cache: "pip"
+
+      - name: Run linter
+        uses: pre-commit/action@v3.0.1
+        env:
+          SKIP: no-commit-to-branch

.github/workflows/tests.yaml

@@ -0,0 +1,52 @@
+exclude: '^$'
+fail_fast: false
+default_install_hook_types: [pre-commit, pre-push, commit-msg]
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-added-large-files
+        stages: [pre-commit]
+      - id: check-json
+        stages: [pre-commit]
+      - id: check-toml
+        stages: [pre-commit]
+      - id: check-yaml
+        args: [--allow-multiple-documents]
+        stages: [pre-commit]
+      - id: check-xml
+        stages: [pre-commit]
+      - id: check-shebang-scripts-are-executable
+        stages: [pre-commit]
+      - id: check-executables-have-shebangs
+        stages: [pre-commit]
+      - id: check-merge-conflict
+        stages: [pre-commit]
+      - id: check-case-conflict
+        stages: [pre-commit]
+      - id: check-symlinks
+        stages: [pre-commit]
+      - id: destroyed-symlinks
+        stages: [pre-commit]
+      - id: detect-private-key
+        stages: [pre-commit]
+      - id: mixed-line-ending
+        exclude: "(^.idea/|.vscode/|CHANGELOG.md)"
+        stages: [pre-commit]
+      - id: trailing-whitespace
+        exclude: "(^.idea/|.vscode/|CHANGELOG.md)"
+        stages: [pre-commit]
+      - id: end-of-file-fixer
+        exclude: "(^.idea/|.vscode/|CHANGELOG.md)"
+        stages: [pre-commit]
+      - id: no-commit-to-branch
+        args: [--branch, main]
+        stages: [pre-commit]
+
+  - repo: https://github.com/commitizen-tools/commitizen
+    rev: v4.1.0
+    hooks:
+      - id: commitizen
+      - id: commitizen-branch
+        stages: [pre-push]

.pre-commit-config.yaml

@@ -0,0 +1,8 @@
+exit-code: 1
+
+severity:
+  - HIGH
+  - CRITICAL
+
+scan:
+  skip-dirs: []