diff --git a/.github/commitlint.config.mjs b/.github/commitlint.config.mjs new file mode 100644 index 000000000..b532de16a --- /dev/null +++ b/.github/commitlint.config.mjs @@ -0,0 +1,22 @@ +import { RuleConfigSeverity } from '@commitlint/types'; + +export default { + extends: ['@commitlint/config-conventional'], + parserPreset: 'conventional-changelog-conventionalcommits', + rules: { + 'scope-enum': [RuleConfigSeverity.Error, 'always', [ + '', + 'deps', + 'egress-api-container', + 'egress-ui-container', + 'main-api-container', + 'main-ui-container', + 'tre-api-container', + 'tre-ui-container', + 'tre-hasura-container', + 'tre-sql-pg-container', + 'tre-sql-trino-container' + ]], + 'subject-case': [RuleConfigSeverity.Error, 'never', []], + } +}; diff --git a/.github/labeler.yaml b/.github/labeler.yaml new file mode 100644 index 000000000..90e088e90 --- /dev/null +++ b/.github/labeler.yaml @@ -0,0 +1,56 @@ +# Release branches where trunk branches are merge-committed to trigger releases + +release: +- base-branch: + - 'main' + - 'maintenance/.+/[0-9]+\.([0-9]+|x)\.x' + +# Label any maintenance branch, trunk and release + +maintenance: +- base-branch: + - 'maintenance/.+/[0-9]+\.([0-9]+|x)\.x' + +# Label PRs into the main branch + +main: +- base-branch: + - 'main' + +# Labels for PRs on asset specific branches + +egress-api-container: +- base-branch: + - '.+/egress-api-container(/.+)?' + +egress-ui-container: +- base-branch: + - '.+/egress-ui-container(/.+)?' + +main-api-container: +- base-branch: + - '.+/main-api-container(/.+)?' + +main-ui-container: +- base-branch: + - '.+/main-ui-container(/.+)?' + +tre-api-container: +- base-branch: + - '.+/tre-api-container(/.+)?' + +tre-ui-container: +- base-branch: + - '.+/tre-ui-container(/.+)?' + +tre-hasura-container: +- base-branch: + - '.+/tre-hasura-container(/.+)?' + +tre-sql-pg-container: +- base-branch: + - '.+/tre-sql-pg-container(/.+)?' + +tre-sql-trino-container: +- base-branch: + - '.+/tre-sql-trino-container(/.+)?' diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..ef876fa16 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,14 @@ +## :construction: Suggest a change + +A clear and concise description of what you are changing. + +## :memo: Pre-merge checklist + +Ready to merge? Do not merge until all checks are satisfied. +- [ ] :chart: Have all `required` CI checks passed on the most recent commit? +- [ ] :black_nib: Is the PR title a valid and meaningful conventional-commit message? ie. `type(scope): summary` +- [ ] :boom: Are `breaking changes` declared in the PR title in conventional-commit style? ie. `type!(scope): summary` +- [ ] :art: Does new code follow the code style of this project? +- [ ] :mag: Has new code been spellchecked and linted? +- [ ] :book: Have docs been updated where necessary? +- [ ] :poop: Have commits been checked for accidental file inclusions? diff --git a/.github/workflows/api-container.yaml b/.github/workflows/api-container.yaml deleted file mode 100644 index bc3d02810..000000000 --- a/.github/workflows/api-container.yaml +++ /dev/null @@ -1,41 +0,0 @@ -name: API Container - -on: - pull_request: - paths: - - 'src/DARE-API/**' - - 'src/BL/**' - push: - branches: - - main - paths: - - 'src/DARE-API/**' - - 'src/BL/**' - -permissions: - contents: write - pull-requests: write - actions: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: false - -jobs: - api-container: - uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.8.1-containers - with: - job-name: api-container - registry: ${{ vars.HARBOR_REGISTRY }} - registry-user: ${{ vars.HARBOR_USER }} - registry-repo: ${{ vars.HARBOR_PROJECT }}/${{ vars.HARBOR_REPO }}-main-api - release-tag-format: 'DARE-Control-API-Container-${version}' - cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} - slack-channel: ${{ vars.SLACK_CHANNEL }} - build-file: src/DARE-API/Dockerfile - build-context: src - secrets: - cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} - cosign-password: ${{ secrets.COSIGN_PASSWORD }} - registry-token: ${{ secrets.HARBOR_TOKEN }} - slack-token: ${{ secrets.SLACK_TOKEN }} diff --git a/.github/workflows/egress-api-container.yaml b/.github/workflows/egress-api-container.yaml index 062fcfb56..92b336a5d 100644 --- a/.github/workflows/egress-api-container.yaml +++ b/.github/workflows/egress-api-container.yaml @@ -2,13 +2,34 @@ name: Egress API Container on: pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/egress-ui-container*' + - '*/main-api-container*' + - '*/main-ui-container*' + - '*/tre-api-container*' + - '*/tre-ui-container*' + - '*/tre-hasura-container*' + - '*/tre-sql-pg-container*' + - '*/tre-sql-trino-container*' + # Only consider PRs that change files for this asset, including ci scripts paths: + - '.github/workflows/egress-api-container.yaml' - 'src/Data-Egress-API/**' - 'src/BL/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. push: + # Only release off of release and maintenance branches for this asset branches: - - main + - 'maintenance/egress-api-container/[0-9]+.x.x' + - 'maintenance/egress-api-container/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts paths: + - '.github/workflows/egress-api-container.yaml' - 'src/Data-Egress-API/**' - 'src/BL/**' @@ -19,9 +40,12 @@ permissions: concurrency: group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely cancel-in-progress: false jobs: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! egress-api-container: uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.8.1-containers with: @@ -30,7 +54,11 @@ jobs: registry-user: ${{ vars.HARBOR_USER }} registry-repo: ${{ vars.HARBOR_PROJECT }}/${{ vars.HARBOR_REPO }}-egress-api release-tag-format: 'DARE-Egress-API-Container-${version}' - cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} + release-branches: | + [ + 'maintenance/egress-api-container/[0-9]+\.([0-9]+|x)\.x', + 'main' + ]cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} slack-channel: ${{ vars.SLACK_CHANNEL }} build-file: src/Data-Egress-API/Dockerfile build-context: src diff --git a/.github/workflows/egress-ui-container.yaml b/.github/workflows/egress-ui-container.yaml index e6d98ce0f..59908d6eb 100644 --- a/.github/workflows/egress-ui-container.yaml +++ b/.github/workflows/egress-ui-container.yaml @@ -2,13 +2,34 @@ name: Egress UI Container on: pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/egress-api-container*' + - '*/main-api-container*' + - '*/main-ui-container*' + - '*/tre-api-container*' + - '*/tre-ui-container*' + - '*/tre-hasura-container*' + - '*/tre-sql-pg-container*' + - '*/tre-sql-trino-container*' + # Only consider PRs that change files for this asset, including ci scripts paths: + - '.github/workflows/egress-ui-container.yaml' - 'src/Data-Egress-UI/**' - 'src/BL/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. push: + # Only release off of release and maintenance branches for this asset branches: - - main + - 'maintenance/egress-ui-container/[0-9]+.x.x' + - 'maintenance/egress-ui-container/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts paths: + - '.github/workflows/egress-ui-container.yaml' - 'src/Data-Egress-UI/**' - 'src/BL/**' @@ -19,9 +40,12 @@ permissions: concurrency: group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely cancel-in-progress: false jobs: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! egress-ui-container: uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.8.1-containers with: @@ -30,6 +54,11 @@ jobs: registry-user: ${{ vars.HARBOR_USER }} registry-repo: ${{ vars.HARBOR_PROJECT }}/${{ vars.HARBOR_REPO }}-egress-ui release-tag-format: 'DARE-Egress-UI-Container-${version}' + release-branches: | + [ + 'maintenance/egress-ui-container/[0-9]+\.([0-9]+|x)\.x', + 'main' + ] cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} slack-channel: ${{ vars.SLACK_CHANNEL }} build-file: src/Data-Egress-UI/Dockerfile diff --git a/.github/workflows/main-api-container.yaml b/.github/workflows/main-api-container.yaml new file mode 100644 index 000000000..4f58c15f8 --- /dev/null +++ b/.github/workflows/main-api-container.yaml @@ -0,0 +1,70 @@ +name: Main API Container + +on: + pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/egress-api-container*' + - '*/egress-ui-container*' + - '*/main-ui-container*' + - '*/tre-api-container*' + - '*/tre-ui-container*' + - '*/tre-hasura-container*' + - '*/tre-sql-pg-container*' + - '*/tre-sql-trino-container*' + # Only consider PRs that change files for this asset, including ci scripts + paths: + - '.github/workflows/main-api-container.yaml' + - 'src/DARE-API/**' + - 'src/BL/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. + push: + # Only release off of release and maintenance branches for this asset + branches: + - 'maintenance/main-api-container/[0-9]+.x.x' + - 'maintenance/main-api-container/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts + paths: + - '.github/workflows/main-api-container.yaml' + - 'src/DARE-API/**' + - 'src/BL/**' + +permissions: + contents: write + pull-requests: write + actions: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely + cancel-in-progress: false + +jobs: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! + main-api-container: + uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.8.1-containers + with: + job-name: main-api-container + registry: ${{ vars.HARBOR_REGISTRY }} + registry-user: ${{ vars.HARBOR_USER }} + registry-repo: ${{ vars.HARBOR_PROJECT }}/${{ vars.HARBOR_REPO }}-main-api + release-tag-format: 'DARE-Control-API-Container-${version}' + release-branches: | + [ + 'maintenance/main-api-container/[0-9]+\.([0-9]+|x)\.x', + 'main' + ] + cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} + slack-channel: ${{ vars.SLACK_CHANNEL }} + build-file: src/DARE-API/Dockerfile + build-context: src + secrets: + cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} + cosign-password: ${{ secrets.COSIGN_PASSWORD }} + registry-token: ${{ secrets.HARBOR_TOKEN }} + slack-token: ${{ secrets.SLACK_TOKEN }} diff --git a/.github/workflows/main-ui-container.yaml b/.github/workflows/main-ui-container.yaml new file mode 100644 index 000000000..e7444070f --- /dev/null +++ b/.github/workflows/main-ui-container.yaml @@ -0,0 +1,70 @@ +name: Main UI Container + +on: + pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/egress-api-container*' + - '*/egress-ui-container*' + - '*/main-api-container*' + - '*/tre-api-container*' + - '*/tre-ui-container*' + - '*/tre-hasura-container*' + - '*/tre-sql-pg-container*' + - '*/tre-sql-trino-container*' + # Only consider PRs that change files for this asset, including ci scripts + paths: + - '.github/workflows/main-ui-container.yaml' + - 'src/DARE-FrontEnd/**' + - 'src/BL/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. + push: + # Only release off of release and maintenance branches for this asset + branches: + - 'maintenance/main-ui-container/[0-9]+.x.x' + - 'maintenance/main-ui-container/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts + paths: + - '.github/workflows/main-ui-container.yaml' + - 'src/DARE-FrontEnd/**' + - 'src/BL/**' + +permissions: + contents: write + pull-requests: write + actions: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely + cancel-in-progress: false + +jobs: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! + main-ui-container: + uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.8.1-containers + with: + job-name: main-ui-container + registry: ${{ vars.HARBOR_REGISTRY }} + registry-user: ${{ vars.HARBOR_USER }} + registry-repo: ${{ vars.HARBOR_PROJECT }}/${{ vars.HARBOR_REPO }}-main-ui + release-tag-format: 'DARE-Control-UI-Container-${version}' + release-branches: | + [ + 'maintenance/main-ui-container/[0-9]+\.([0-9]+|x)\.x', + 'main' + ] + cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} + slack-channel: ${{ vars.SLACK_CHANNEL }} + build-file: src/DARE-FrontEnd/Dockerfile + build-context: src + secrets: + cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} + cosign-password: ${{ secrets.COSIGN_PASSWORD }} + registry-token: ${{ secrets.HARBOR_TOKEN }} + slack-token: ${{ secrets.SLACK_TOKEN }} diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml new file mode 100644 index 000000000..b1ddaa72d --- /dev/null +++ b/.github/workflows/pr-labeler.yaml @@ -0,0 +1,17 @@ +name: PR Labeler + +on: + pull_request: + # Run on all PRs whenever they are opened + types: + - opened + - reopened + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + # This labelling can be cancelled if there is a newer run + cancel-in-progress: true + +jobs: + pr-labeler: + uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-labeler.yaml@v1.0.0-pr-labeler diff --git a/.github/workflows/pr-title-commitlint.yaml b/.github/workflows/pr-title-commitlint.yaml new file mode 100644 index 000000000..00d5d1762 --- /dev/null +++ b/.github/workflows/pr-title-commitlint.yaml @@ -0,0 +1,19 @@ +name: PR Title Commitlint + +on: + pull_request: + # Run on all PRs whenever the title could have changed + types: + - opened + - reopened + - edited + - synchronize + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + # This linting can be cancelled if there is a newer commit to lint + cancel-in-progress: true + +jobs: + pr-title-commitlint: + uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-title-commitlint.yaml@v1.2.0-pr-title-commitlint diff --git a/.github/workflows/tre-api-container.yaml b/.github/workflows/tre-api-container.yaml index 97bf57f55..47e25ce7d 100644 --- a/.github/workflows/tre-api-container.yaml +++ b/.github/workflows/tre-api-container.yaml @@ -2,13 +2,34 @@ name: TRE API Container on: pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/egress-api-container*' + - '*/egress-ui-container*' + - '*/main-api-container*' + - '*/main-ui-container*' + - '*/tre-ui-container*' + - '*/tre-hasura-container*' + - '*/tre-sql-pg-container*' + - '*/tre-sql-trino-container*' + # Only consider PRs that change files for this asset, including ci scripts paths: + - '.github/workflows/tre-api-container.yaml' - 'src/TRE-API/**' - 'src/BL/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. push: + # Only release off of release and maintenance branches for this asset branches: - - main + - 'maintenance/tre-api-container/[0-9]+.x.x' + - 'maintenance/tre-api-container/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts paths: + - '.github/workflows/tre-api-container.yaml' - 'src/TRE-API/**' - 'src/BL/**' @@ -19,9 +40,12 @@ permissions: concurrency: group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely cancel-in-progress: false jobs: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! tre-api-container: uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.8.1-containers with: @@ -30,6 +54,11 @@ jobs: registry-user: ${{ vars.HARBOR_USER }} registry-repo: ${{ vars.HARBOR_PROJECT }}/${{ vars.HARBOR_REPO }}-tre-api release-tag-format: 'DARE-TRE-API-Container-${version}' + release-branches: | + [ + 'maintenance/tre-api-container/[0-9]+\.([0-9]+|x)\.x', + 'main' + ] cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} slack-channel: ${{ vars.SLACK_CHANNEL }} build-file: src/TRE-API/Dockerfile diff --git a/.github/workflows/tre-hasura-container.yaml b/.github/workflows/tre-hasura-container.yaml index 78c29ffee..91b901f02 100644 --- a/.github/workflows/tre-hasura-container.yaml +++ b/.github/workflows/tre-hasura-container.yaml @@ -2,13 +2,34 @@ name: TRE Hasura Container on: pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/egress-api-container*' + - '*/egress-ui-container*' + - '*/main-api-container*' + - '*/main-ui-container*' + - '*/tre-api-container*' + - '*/tre-ui-container*' + - '*/tre-sql-pg-container*' + - '*/tre-sql-trino-container*' + # Only consider PRs that change files for this asset, including ci scripts paths: + - '.github/workflows/tre-hasura-container.yaml' - 'src/Tre-Hasura/**' - 'src/BL/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. push: + # Only release off of release and maintenance branches for this asset branches: - - main + - 'maintenance/tre-hasura-container/[0-9]+.x.x' + - 'maintenance/tre-hasura-container/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts paths: + - '.github/workflows/tre-hasura-container.yaml' - 'src/Tre-Hasura/**' - 'src/BL/**' @@ -19,9 +40,12 @@ permissions: concurrency: group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely cancel-in-progress: false jobs: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! tre-hasura-container: uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.8.1-containers with: @@ -30,6 +54,11 @@ jobs: registry-user: ${{ vars.HARBOR_USER }} registry-repo: ${{ vars.HARBOR_PROJECT }}/${{ vars.HARBOR_REPO }}-tre-hasura release-tag-format: 'DARE-TRE-HASURA-Container-${version}' + release-branches: | + [ + 'maintenance/tre-hasura-container/[0-9]+\.([0-9]+|x)\.x', + 'main' + ] cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} slack-channel: ${{ vars.SLACK_CHANNEL }} build-file: src/Tre-Hasura/Dockerfile diff --git a/.github/workflows/tre-sql-pg-container.yaml b/.github/workflows/tre-sql-pg-container.yaml index dd8a76598..14803fa5c 100644 --- a/.github/workflows/tre-sql-pg-container.yaml +++ b/.github/workflows/tre-sql-pg-container.yaml @@ -2,12 +2,33 @@ name: TRE SQL PG Container on: pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/egress-api-container*' + - '*/egress-ui-container*' + - '*/main-api-container*' + - '*/main-ui-container*' + - '*/tre-api-container*' + - '*/tre-ui-container*' + - '*/tre-hasura-container*' + - '*/tre-sql-trino-container*' + # Only consider PRs that change files for this asset, including ci scripts paths: + - '.github/workflows/tre-sql-pg-container.yaml' - 'src/Tre-SQL-PG/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. push: + # Only release off of release and maintenance branches for this asset branches: - - main + - 'maintenance/tre-sql-pg-container/[0-9]+.x.x' + - 'maintenance/tre-sql-pg-container/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts paths: + - '.github/workflows/tre-sql-pg-container.yaml' - 'src/Tre-SQL-PG/**' permissions: @@ -17,17 +38,25 @@ permissions: concurrency: group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely cancel-in-progress: false jobs: - tre-pg-container: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! + tre-sql-pg-container: uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.8.1-containers with: - job-name: tre-sqlpg-container + job-name: tre-sql-pg-container registry: ${{ vars.HARBOR_REGISTRY }} registry-user: ${{ vars.HARBOR_USER }} registry-repo: ${{ vars.HARBOR_PROJECT }}/${{ vars.HARBOR_REPO }}-tre-sqlpg release-tag-format: 'DARE-TRE-SQLPG-Container-${version}' + release-branches: | + [ + 'maintenance/tre-sql-pg-container/[0-9]+\.([0-9]+|x)\.x', + 'main' + ] cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} slack-channel: ${{ vars.SLACK_CHANNEL }} build-file: src/Tre-SQL-PG/Dockerfile diff --git a/.github/workflows/tre-sql-trino-container.yaml b/.github/workflows/tre-sql-trino-container.yaml index c4a6415d5..ecb3924ce 100644 --- a/.github/workflows/tre-sql-trino-container.yaml +++ b/.github/workflows/tre-sql-trino-container.yaml @@ -2,12 +2,33 @@ name: TRE SQL Trino Container on: pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/egress-api-container*' + - '*/egress-ui-container*' + - '*/main-api-container*' + - '*/main-ui-container*' + - '*/tre-api-container*' + - '*/tre-ui-container*' + - '*/tre-hasura-container*' + - '*/tre-sql-pg-container*' + # Only consider PRs that change files for this asset, including ci scripts paths: + - '.github/workflows/tre-sql-trino-container.yaml' - 'src/Tre-SQL-Trino/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. push: + # Only release off of release and maintenance branches for this asset branches: - - main + - 'maintenance/tre-sql-trino-container/[0-9]+.x.x' + - 'maintenance/tre-sql-trino-container/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts paths: + - '.github/workflows/tre-sql-trino-container.yaml' - 'src/Tre-SQL-Trino/**' permissions: @@ -17,17 +38,25 @@ permissions: concurrency: group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely cancel-in-progress: false jobs: - tre-trino-container: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! + tre-sql-trino-container: uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.8.1-containers with: - job-name: tre-sqltrino-container + job-name: tre-sql-trino-container registry: ${{ vars.HARBOR_REGISTRY }} registry-user: ${{ vars.HARBOR_USER }} registry-repo: ${{ vars.HARBOR_PROJECT }}/${{ vars.HARBOR_REPO }}-tre-sqltrino release-tag-format: 'DARE-TRE-SQLTRINO-Container-${version}' + release-branches: | + [ + 'maintenance/tre-sql-trino-container/[0-9]+\.([0-9]+|x)\.x', + 'main' + ] cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} slack-channel: ${{ vars.SLACK_CHANNEL }} build-file: src/Tre-SQL-Trino/Dockerfile diff --git a/.github/workflows/tre-ui-container.yaml b/.github/workflows/tre-ui-container.yaml index b19045f3b..a23f43321 100644 --- a/.github/workflows/tre-ui-container.yaml +++ b/.github/workflows/tre-ui-container.yaml @@ -2,13 +2,34 @@ name: TRE UI Container on: pull_request: + # Ignore PRs on branches specifically intended for other assets + branches-ignore: + - '*/egress-api-container*' + - '*/egress-ui-container*' + - '*/main-api-container*' + - '*/main-ui-container*' + - '*/tre-api-container*' + - '*/tre-hasura-container*' + - '*/tre-sql-pg-container*' + - '*/tre-sql-trino-container*' + # Only consider PRs that change files for this asset, including ci scripts paths: + - '.github/workflows/tre-ui-container.yaml' - 'src/TRE-UI/**' - 'src/BL/**' + # Make sure all workflows that are "required checks" for a given + # branch protection rule have the same paths: and branches-ignore: + # filters. Otherwise, you can end up in a deadlock waiting on a + # required check that will never be executed. push: + # Only release off of release and maintenance branches for this asset branches: - - main + - 'maintenance/tre-ui-container/[0-9]+.x.x' + - 'maintenance/tre-ui-container/[0-9]+.[0-9]+.x' + - 'main' + # Only consider pushes that change files for this asset, including ci scripts paths: + - '.github/workflows/tre-ui-container.yaml' - 'src/TRE-UI/**' - 'src/BL/**' @@ -19,9 +40,12 @@ permissions: concurrency: group: ${{ github.workflow }}-${{ github.ref }} + # Needed to generate releases safely cancel-in-progress: false jobs: + # Job name must be unique across repo to target + # branch protection rules "required checks" properly! tre-ui-container: uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.8.1-containers with: @@ -30,6 +54,11 @@ jobs: registry-user: ${{ vars.HARBOR_USER }} registry-repo: ${{ vars.HARBOR_PROJECT }}/${{ vars.HARBOR_REPO }}-tre-ui release-tag-format: 'DARE-TRE-UI-Container-${version}' + release-branches: | + [ + 'maintenance/tre-ui-container/[0-9]+\.([0-9]+|x)\.x', + 'main' + ] cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} slack-channel: ${{ vars.SLACK_CHANNEL }} build-file: src/TRE-UI/Dockerfile diff --git a/.github/workflows/ui-container.yaml b/.github/workflows/ui-container.yaml deleted file mode 100644 index 654aad8c6..000000000 --- a/.github/workflows/ui-container.yaml +++ /dev/null @@ -1,41 +0,0 @@ -name: UI Container - -on: - pull_request: - paths: - - 'src/DARE-FrontEnd/**' - - 'src/BL/**' - push: - branches: - - main - paths: - - 'src/DARE-FrontEnd/**' - - 'src/BL/**' - -permissions: - contents: write - pull-requests: write - actions: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: false - -jobs: - ui-container: - uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@v1.8.1-containers - with: - job-name: ui-container - registry: ${{ vars.HARBOR_REGISTRY }} - registry-user: ${{ vars.HARBOR_USER }} - registry-repo: ${{ vars.HARBOR_PROJECT }}/${{ vars.HARBOR_REPO }}-main-ui - release-tag-format: 'DARE-Control-UI-Container-${version}' - cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }} - slack-channel: ${{ vars.SLACK_CHANNEL }} - build-file: src/DARE-FrontEnd/Dockerfile - build-context: src - secrets: - cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} - cosign-password: ${{ secrets.COSIGN_PASSWORD }} - registry-token: ${{ secrets.HARBOR_TOKEN }} - slack-token: ${{ secrets.SLACK_TOKEN }}