OutSystems
diff --git a/‎.github/workflows/actions/az-keyvault-get/action.yml‎
Lines changed: 80 additions & 0 deletions b/‎.github/workflows/actions/az-keyvault-get/action.yml‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎.github/workflows/actions/az-login/action.yml‎
Lines changed: 50 additions & 0 deletions b/‎.github/workflows/actions/az-login/action.yml‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎.github/workflows/actions/signed-commit/action.yml‎
Lines changed: 73 additions & 0 deletions b/‎.github/workflows/actions/signed-commit/action.yml‎
Lines changed: 73 additions & 0 deletions
diff --git a/‎.github/workflows/build.yaml‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/build.yaml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/pre-release.yaml‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/pre-release.yaml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/release.yaml‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/release.yaml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/templates/README.md‎
Lines changed: 5 additions & 0 deletions b/‎.github/workflows/templates/README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/workflows/templates/label-and-validate-pr.yaml‎
Lines changed: 67 additions & 0 deletions b/‎.github/workflows/templates/label-and-validate-pr.yaml‎
Lines changed: 67 additions & 0 deletions
@@ -0,0 +1,80 @@
+#
+# This action allows you to get a masked secret from Azure Key Vault using the Azure CLI.
+# It implies that the action az-login, is used before this action in the same job as where the secrets will be obtained.
+# This action is designed to be reusable and can be called from other workflows.
+#
+# HOW TO USE:
+#
+# To call this reusable action, copy the code between === lines to workflow file,
+# uncomment and adjust "uses" as needed (use the latest tag available).
+# ======================================================================
+# on:
+#  pull_request:
+#    types: [opened, reopened, labeled, unlabeled]
+#
+#  permissions:
+#    id-token: write
+#    contents: read
+#
+#     (...)
+#     steps:
+#     (...)
+#       # First, login to Azure using the az-devops-login action
+#       - name: Azure Login
+#         uses: OutSystems/rd.github-reusable-workflows/.github/actions/az-devops-login@vVersionHash
+#         with:
+#           subscription-id: ${{ AZURE_subscription-id }}
+#           tenant-id: ${{ AZURE_TENANT_ID }}
+#           client-id: ${{ AZURE_CLIENT_ID }}
+#
+#       # Then, multiple calls to the az-keyvault-get action can be made to retrieve different secrets
+#       # from the Azure Key Vault. The secrets will be masked in the logs.
+#
+#       - name: Get KeyVault Secret 1
+#         id: GetAzKeyVaultSecret_1
+#         uses: OutSystems/rd.github-reusable-workflows/.github/actions/az-keyvault-get@vVersionHash
+#         with:
+#           keyvault-name: ${{ AZURE_KEYVAULT_NAME }}
+#           key-name: ${{ AZURE_KEYVAULT_SECRET_NAME_1 }}
+#
+#       - name: Get KeyVault Secret 2
+#         id: GetAzKeyVaultSecret_2
+#         uses: OutSystems/rd.github-reusable-workflows/.github/actions/az-keyvault-get@vVersionHash
+#         with:
+#           keyvault-name: ${{ AZURE_KEYVAULT_NAME }}
+#           key-name: ${{ AZURE_KEYVAULT_SECRET_NAME_2 }}
+#
+#       - name: Use KeyVault Secrets
+#         run: |
+#           echo "The secret 1 value is: ${{ steps.GetAzKeyVaultSecret_1.outputs.az-keyvault-value }}"
+#           echo "The secret 2 value is: ${{ steps.GetAzKeyVaultSecret_2.outputs.az-keyvault-value }}"
+#
+# ======================================================================
+#
+name: Azure KeyVault Get Value
+description: 'Get a secret from Azure Key Vault.'
+inputs:
+    keyvault-name:
+        description: 'Name of the Azure Key Vault.'
+        required: false
+        default: 'kv-ui-components'
+    key-name:
+        description: 'Name of the secret to retrieve.'
+        required: true
+        default: ''
+outputs:
+    az-keyvault-value:
+        description: 'The Azure key value.'
+        value: ${{ steps.GetAzKeyVaultSecret.outputs.az-keyvault-secret }}
+
+runs:
+    using: composite
+    steps:
+        - name: Azure KeyVault get Value
+          uses: azure/cli@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0
+          id: GetAzKeyVaultSecret
+          with:
+              inlineScript: |
+                  secretValue=$(az keyvault secret show --name "${{ inputs.key-name }}" --vault-name "${{ inputs.keyvault-name }}" --query "value" --output tsv)
+                  echo "::add-mask::$secretValue"
+                  echo "az-keyvault-secret=$secretValue" >> $GITHUB_OUTPUT
@@ -0,0 +1,50 @@
+#
+# This action allows you to get a secret from Azure Key Vault using the Azure CLI.
+# The default values are set to the OutSystems Azure subscription and tenant used by the UI Components team.
+#
+# HOW TO USE:
+#
+# To call this reusable action, copy the code between === lines to workflow file,
+# uncomment and adjust "uses" as needed (use the latest tag available).
+# ======================================================================
+# on:
+#  pull_request:
+#    types: [opened, reopened, labeled, unlabeled]
+#
+#     (...)
+#     steps:
+#     (...)
+#       - name: Get KeyVault Secret
+#         uses: OutSystems/rd.github-reusable-workflows/.github/actions/az-devops-login@vVersionHash
+#         with:
+#           subscription-id: ${{ AZURE_subscription-id }}
+#           tenant-id: ${{ AZURE_TENANT_ID }}
+#           client-id: ${{ AZURE_CLIENT_ID }}
+#
+# ======================================================================
+#
+name: Azure Login
+description: 'Logins to Azure using the Azure CLI.'
+inputs:
+    subscription-id:
+        description: 'Azure subscription ID.'
+        required: false
+        default: ''
+    tenant-id:
+        description: 'Azure tenant ID.'
+        required: false
+        default: ''
+    client-id:
+        description: 'Azure client ID.'
+        required: false
+        default: ''
+
+runs:
+    using: composite
+    steps:
+        - name: Azure DevOps Login
+          uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+          with:
+              client-id: ${{ inputs.client-id }}
+              tenant-id: ${{ inputs.tenant-id }}
+              subscription-id: ${{ inputs.subscription-id }}
@@ -0,0 +1,73 @@
+#
+# This action enables to perform signed commits. 
+# It uses the crazy-max/ghaction-import-gpg action to import the GPG key and set up the git configuration for signing commits.
+# The action then performs a manual git commit and push to the specified branch.
+#
+# HOW TO USE:
+#
+# To call this reusable action, copy the code between === lines to workflow file,
+# uncomment and adjust "uses" as needed (use the latest tag available).
+# ======================================================================
+# on:
+#
+#     (...)
+#     steps:
+#     (...)
+#       - name: Commit changes Signed
+#         uses: OutSystems/rd.github-reusable-workflows/.github/actions/signed-commit@vTagVersion
+#         with:
+#           commit-branch: ${{ BRANCH_NAME }}
+#           commit-message: ${{ COMMIT_MESSAGE }}
+#           commit-new-files: ${{ true || false }}
+#           gpg-priv-key: ${{ GPG_SIGN_KEY }}
+#           gpg-pass-phrase: ${{ GPG_PASSPHRASE }}
+#
+# ======================================================================
+#
+
+name: Signed GPG Commit
+description: 'Prepare and sign the commit signed'
+inputs:
+    commit-branch:
+        description: 'Branch where to commit.'
+        required: true
+        default: ''
+    commit-message:
+        description: 'Commit message.'
+        required: true
+        default: ''
+    commit-new-files:
+        description: 'Defines if a `git add.` should be made or not.'
+        required: false
+        default: false
+    gpg-priv-key:
+        description: 'GPG Private key.'
+        required: true
+        default: ''
+    gpg-pass-phrase:
+        description: 'GPG passphrase.'
+        required: false
+        default: '""'
+
+runs:
+    using: composite
+    steps:
+        - name: Import and load GPG key
+          uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
+          with:
+              gpg_private_key: ${{ inputs.gpg-priv-key }}
+              passphrase: ${{ inputs.gpg-pass-phrase }}
+              git_user_signingkey: true
+              git_commit_gpgsign: true
+
+        - name: Add new files (if needed)
+          shell: bash
+          if: ${{ inputs.commit-new-files == 'true' }}
+          run: |
+              git add .
+
+        - name: Manual git commit
+          shell: bash
+          run: |
+              git commit -m "${{ inputs.commit-message }}"
+              git push origin ${{ inputs.commit-branch }}
@@ -16,7 +16,8 @@ permissions:
 jobs:
     build:
         name: Build TypeScript Project
-        uses: OutSystems/ui-components.github-reusable-workflows/.github/workflows/ts-build-project.yaml@7ffd7f90f6e5016bd92d0e050d2516084b99c2f6 #v0.2.5
+        #uses: OutSystems/ui-components.github-reusable-workflows/.github/workflows/ts-build-project.yaml@7ffd7f90f6e5016bd92d0e050d2516084b99c2f6 #v0.2.5
+        uses: .github/workflows/templates/ts-build-project.yaml
         with:
             github-ref: ${{ github.ref }}
             run-jest-tests: false
@@ -23,7 +23,8 @@ permissions:
 jobs:
     create-release-candidate:
         name: Create Release Candidate
-        uses: OutSystems/ui-components.github-reusable-workflows/.github/workflows/pre-release.yaml@7ffd7f90f6e5016bd92d0e050d2516084b99c2f6 #v0.2.5
+        #uses: OutSystems/ui-components.github-reusable-workflows/.github/workflows/pre-release.yaml@7ffd7f90f6e5016bd92d0e050d2516084b99c2f6 #v0.2.5
+        uses: .github/workflows/templates/pre-release.yaml
         with:
             new-version: ${{ inputs.new-version }}
             release-date: ${{ inputs.release-date }}
 
@@ -23,7 +23,8 @@ permissions:
 jobs:
     set-release-latest:
         name: Set Release as Latest
-        uses: OutSystems/ui-components.github-reusable-workflows/.github/workflows/release.yaml@7ffd7f90f6e5016bd92d0e050d2516084b99c2f6 #v0.2.5
+        #uses: OutSystems/ui-components.github-reusable-workflows/.github/workflows/release.yaml@7ffd7f90f6e5016bd92d0e050d2516084b99c2f6 #v0.2.5
+        uses: .github/workflows/templates/release.yaml
         with:
             new-version: ${{ inputs.new-version }}
             update-prerelease-into-latest: ${{ inputs.update-prerelease-into-latest }}
 
@@ -0,0 +1,5 @@
+These workflows were copied from the repo https://github.com/OutSystems/ui-components.github-reusable-workflows.
+
+The reason to copy the workflows here, is due to this repos visibility being public, being that as such it cannot use workflows in private repos.
+
+Do not change these files directly.
@@ -0,0 +1,67 @@
+#
+# This workflow aggregates 3 actions
+# 1. Checks if any (or all) changes in a PR are on files NOT owned by the author and if so adds an inner sourcing label (or inner sourcing strict).
+#
+# 2. Prevents merging pull requests that don't follow the title convention:
+#      The title convention is 
+#      "+semver: <minor|major|patch> <ticket id> <description>"
+#      OR
+#      "<ticket id> <description>"
+#      depending on the 'validate-semVer' input value,
+#      where ´+semver: <minor|major|patch> ´ section is optional, and <ticket id> must be a JIRA issue identifier.
+#
+# 3. Prevents merging pull requests that don't follow the label conventions.
+#      The rules to allow merging a pull request are:
+#        - it must have at least one label that describes the type of pull request
+#        - it must not have the "do not merge" label
+#     
+#      It assumes the code owners file is is `.github/CODEOWNERS` but you can override the configuration with the input variable `codeowners-path`.
+#
+# HOW TO USE:
+#
+# To call this reusable workflow, copy the code between === lines to a new workflow file,
+# uncomment and adjust "uses" as needed (use the latest tag available).
+# ======================================================================
+#
+# name: Check if pull request is inner sourcing
+#
+# on:
+#   pull_request:
+#     types:
+#       - opened
+#
+# jobs:
+#   inner-sourcing:
+#     name: Check if pull request is inner sourcing
+#     uses: OutSystems/rd.github-reusable-workflows/.github/workflows/label-and-validate-pt.yaml@v2.0.4
+#     secrets: inherit
+#
+# ======================================================================
+
+name: Label and Validate the PR
+
+on:
+  workflow_call:
+    inputs:
+      codeowners-path:
+        required: false
+        type: string
+        default: ./.github/CODEOWNERS
+
+jobs:
+  inner-sourcing:
+    runs-on: ubuntu-latest
+    if: github.actor != 'dependabot[bot]'
+    steps:
+      #- name: Run pr-inner-sourcing-label action
+      #  uses: OutSystems/rd.github-reusable-workflows/.github/actions/add-inner-sourcing-label@v2.0.7
+      #  with:
+      #    github-token-for-labelling: ${{ secrets.GITHUB_TOKEN }}
+      #    github-token-for-team-membership: ${{ secrets.INNERSOURCING_PR_DATA_GITHUB_TOKEN }}
+      #    codeowners-path: ./CODEOWNERS
+      - name: Check PR Title
+        #uses: OutSystems/rd.github-reusable-workflows/.github/actions/validate-pr-title@v2.0.7
+        uses: .github/actions/validate-pr-title
+      - name: Validate PR labels
+        #uses: OutSystems/rd.github-reusable-workflows/.github/actions/validate-pr-labels@v2.0.7
+        uses: .github/actions/validate-pr-labels