-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: rdash99 <rowan.dash@swansea.ac.uk>
- Loading branch information
1 parent
bfc6c81
commit 8fd4684
Showing
21 changed files
with
351 additions
and
207 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
[flake8] | ||
per-file-ignores = | ||
# imported but unused | ||
__init__.py: F401 | ||
|
||
max-complexity = 10 | ||
|
||
extend-ignore = E501,C901 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
* @JossWhittle | ||
.github/ @SwanseaUniversityMedical/devops-maintainers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
import { RuleConfigSeverity } from '@commitlint/types'; | ||
|
||
export default { | ||
extends: ['@commitlint/config-conventional'], | ||
parserPreset: 'conventional-changelog-conventionalcommits', | ||
rules: { | ||
'scope-enum': [RuleConfigSeverity.Error, 'always', [ | ||
'', | ||
'deps', | ||
'canary-container', | ||
'canary-chart', | ||
'canary-crds-chart' | ||
]], | ||
'subject-case': [RuleConfigSeverity.Error, 'never', []], | ||
} | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
## :construction: Suggest a change | ||
|
||
A clear and concise description of what you are changing. | ||
|
||
## :memo: Pre-merge checklist | ||
|
||
Ready to merge? Do not merge until all checks are satisfied. | ||
- [ ] :chart: Have all `required` CI checks passed on the most recent commit? | ||
- [ ] :black_nib: Is the PR title a valid and meaningful conventional-commit message? ie. `type(scope): summary` | ||
- [ ] :boom: Are `breaking changes` declared in the PR title in conventional-commit style? ie. `type!(scope): summary` | ||
- [ ] :art: Does new code follow the code style of this project? | ||
- [ ] :mag: Has new code been spellchecked and linted? | ||
- [ ] :book: Have docs been updated where necessary? | ||
- [ ] :poop: Have commits been checked for accidental file inclusions? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
module.exports = { | ||
|
||
// Uncomment dryRun to test exotic config options without spamming dozens of | ||
// pull requests onto a repo that you would then need to clean up... | ||
//dryRun: "full", | ||
|
||
// Inherit default config options | ||
extends: ["config:base"], | ||
configMigration: true, | ||
|
||
// Force use of Conventional Commit messages to avoid Renovate not detecting them | ||
semanticCommits: "enabled", | ||
|
||
// Disable limits on the number of pull requests that can be managed simultaneously | ||
// since this can sometimes prevent security patches being suggested! | ||
prHourlyLimit: 0, | ||
prConcurrentLimit: 0, | ||
|
||
// Tell Renovate to re-create or rebase old pull requests when new commits have | ||
// since been merged into main... | ||
rebaseWhen: "behind-base-branch", | ||
|
||
// Set the default schedule for when pull requests will be created or updated. | ||
// If Renovate is run outside of this schedule then it will skip updating pull | ||
// requests for dependencies unless they override the schedule. | ||
updateNotScheduled: false, | ||
timezone: "Europe/London", | ||
schedule: [ | ||
"after 10pm", | ||
"before 5am" | ||
], | ||
|
||
// This setting helps handle breaking changes to Renovate bot when its version changes. | ||
ignorePrAuthor: true, | ||
|
||
// Automatically assign reviewers to pull requests based on who "owns" the source files | ||
// that need to be updated as listed in the CODEOWNERS file in the project repo. | ||
reviewersFromCodeOwners: true, | ||
|
||
// Auto discovery is dangerous, never blindly trust the scope of the token! | ||
autodiscover: false, | ||
// Instead, explicitly list the repos that we should manage pull requests on. | ||
// This should realistically only be one repo, the project repo you are currently in. | ||
// The default token "should" only have access to this repo... | ||
repositories: [ | ||
"SwanseaUniversityMedical/Canary", | ||
], | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
name: Build Canary Chart | ||
|
||
on: | ||
pull_request: | ||
# Only consider PRs that change files for this asset, including ci scripts | ||
paths: | ||
- '.github/workflows/build-canary-chart.yaml' | ||
- 'charts/canary/**' | ||
# Make sure all workflows that are "required checks" for a given | ||
# branch protection rule have the same paths: and branches-ignore: | ||
# filters. Otherwise, you can end up in a deadlock waiting on a | ||
# required check that will never be executed. | ||
push: | ||
# Only release off of release and maintenance branches for this asset | ||
branches: | ||
- 'main' | ||
# Only consider pushes that change files for this asset, including ci scripts | ||
paths: | ||
- '.github/workflows/build-canary-chart.yaml' | ||
- 'charts/canary/**' | ||
|
||
permissions: | ||
contents: write | ||
pull-requests: write | ||
actions: read | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }} | ||
# Cancel early on pull requests if new commits are added, | ||
# Don't cancel on release pushes | ||
cancel-in-progress: ${{ github.event_name == 'pull_request' }} | ||
|
||
jobs: | ||
# Job name must be unique across repo to target | ||
# branch protection rules "required checks" properly! | ||
canary-chart: | ||
uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v2.0.3-charts | ||
with: | ||
job-name: canary-chart | ||
comment-pr: "true" | ||
comment-release: "true" | ||
registry: ${{ vars.HARBOR_REGISTRY }} | ||
registry-user: ${{ vars.HARBOR_USER }} | ||
registry-project: ${{ vars.HARBOR_PROJECT }} | ||
registry-repo: canary | ||
release-tag-format: 'canary-chart-${version}' | ||
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} | ||
chart: charts/canary | ||
test-command: | | ||
helm template $CHART \ | ||
--include-crds \ | ||
--name-template canary \ | ||
--namespace canary \ | ||
--create-namespace \ | ||
--debug | ||
secrets: | ||
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} | ||
cosign-password: ${{ secrets.COSIGN_PASSWORD }} | ||
registry-token: ${{ secrets.HARBOR_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
name: Build Canary Container | ||
|
||
on: | ||
pull_request: | ||
# Only consider PRs that change files for this asset, including ci scripts | ||
paths: | ||
- '.github/workflows/lint-canary-flake8.yaml' | ||
- '.github/workflows/build-canary-container.yaml' | ||
- 'containers/canary/**' | ||
- 'src/**' | ||
# Make sure all workflows that are "required checks" for a given | ||
# branch protection rule have the same paths: and branches-ignore: | ||
# filters. Otherwise, you can end up in a deadlock waiting on a | ||
# required check that will never be executed. | ||
push: | ||
# Only release off of release and maintenance branches for this asset | ||
branches: | ||
- 'main' | ||
# Only consider pushes that change files for this asset, including ci scripts | ||
paths: | ||
- '.github/workflows/lint-canary-flake8.yaml' | ||
- '.github/workflows/build-canary-container.yaml' | ||
- 'containers/canary/**' | ||
- 'src/**' | ||
|
||
permissions: | ||
contents: write | ||
pull-requests: write | ||
actions: read | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }} | ||
# Cancel early on pull requests if new commits are added, | ||
# Don't cancel on release pushes | ||
cancel-in-progress: ${{ github.event_name == 'pull_request' }} | ||
|
||
jobs: | ||
# Job name must be unique across repo to target | ||
# branch protection rules "required checks" properly! | ||
canary-container: | ||
uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v2.0.1-containers | ||
with: | ||
job-name: canary-container | ||
comment-pr: "true" | ||
comment-release: "true" | ||
registry: ${{ vars.HARBOR_REGISTRY }} | ||
registry-user: ${{ vars.HARBOR_USER }} | ||
registry-repo: ${{ vars.HARBOR_PROJECT }}/canary | ||
release-tag-format: 'canary-container-${version}' | ||
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} | ||
build-file: containers/canary/Dockerfile | ||
build-context: '.' | ||
secrets: | ||
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} | ||
cosign-password: ${{ secrets.COSIGN_PASSWORD }} | ||
registry-token: ${{ secrets.HARBOR_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
name: Build Canary CRDs Chart | ||
|
||
on: | ||
pull_request: | ||
# Only consider PRs that change files for this asset, including ci scripts | ||
paths: | ||
- '.github/workflows/build-canary-crds-chart.yaml' | ||
- 'charts/canary-crds/**' | ||
# Make sure all workflows that are "required checks" for a given | ||
# branch protection rule have the same paths: and branches-ignore: | ||
# filters. Otherwise, you can end up in a deadlock waiting on a | ||
# required check that will never be executed. | ||
push: | ||
# Only release off of release and maintenance branches for this asset | ||
branches: | ||
- 'main' | ||
# Only consider pushes that change files for this asset, including ci scripts | ||
paths: | ||
- '.github/workflows/build-canary-crds-chart.yaml' | ||
- 'charts/canary-crds/**' | ||
|
||
permissions: | ||
contents: write | ||
pull-requests: write | ||
actions: read | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }} | ||
# Cancel early on pull requests if new commits are added, | ||
# Don't cancel on release pushes | ||
cancel-in-progress: ${{ github.event_name == 'pull_request' }} | ||
|
||
jobs: | ||
# Job name must be unique across repo to target | ||
# branch protection rules "required checks" properly! | ||
canary-chart: | ||
uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-chart.yaml@v2.0.3-charts | ||
with: | ||
job-name: canary-crds-chart | ||
comment-pr: "true" | ||
comment-release: "true" | ||
registry: ${{ vars.HARBOR_REGISTRY }} | ||
registry-user: ${{ vars.HARBOR_USER }} | ||
registry-project: ${{ vars.HARBOR_PROJECT }} | ||
registry-repo: canary-crds | ||
release-tag-format: 'canary-crds-chart-${version}' | ||
cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} | ||
chart: charts/canary-crds | ||
test-command: | | ||
helm template $CHART \ | ||
--include-crds \ | ||
--name-template canary-crds \ | ||
--namespace canary \ | ||
--create-namespace \ | ||
--debug | ||
secrets: | ||
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} | ||
cosign-password: ${{ secrets.COSIGN_PASSWORD }} | ||
registry-token: ${{ secrets.HARBOR_TOKEN }} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
name: Lint Canary | ||
|
||
on: | ||
pull_request: | ||
# Only consider PRs that change files for this asset, including ci scripts | ||
paths: | ||
- '.github/workflows/lint-canary-flake8.yaml' | ||
- '.github/workflows/build-canary-container.yaml' | ||
- 'containers/canary/**' | ||
- 'src/**' | ||
# Make sure all workflows that are "required checks" for a given | ||
# branch protection rule have the same paths: and branches-ignore: | ||
# filters. Otherwise, you can end up in a deadlock waiting on a | ||
# required check that will never be executed. | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }} | ||
# This linting can be cancelled if there is a newer commit to lint | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
canary-flake8: | ||
runs-on: | ||
labels: [self-hosted, linux, x64] | ||
group: light | ||
|
||
steps: | ||
- name: clone repo | ||
uses: actions/checkout@v4 | ||
|
||
- name: install flake8 | ||
run: pip install flake8 | ||
|
||
- name: install flake8 annotations | ||
uses: rbialon/flake8-annotations@v1 | ||
|
||
- name: run flake8 | ||
run: | | ||
flake8 --config=".github/.flake8" src |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
name: Lint PR Title | ||
|
||
on: | ||
pull_request: | ||
# Run on all PRs whenever the title could have changed | ||
types: | ||
- opened | ||
- reopened | ||
- edited | ||
- synchronize | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }} | ||
# This linting can be cancelled if there is a newer commit to lint | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
pr-title-commitlint: | ||
uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-title-commitlint.yaml@v1.2.0-pr-title-commitlint |
Oops, something went wrong.