Merge pull request #141 from OutSystems/ROU-4580-SIGN-COMMITS

rugoncalves · web-flow · commit 4733133996e5 · 2023-10-26T11:50:22.000+02:00
ROU-4580: Make the bot commits signed
diff --git a/.github/os-git-actions/manual-commit/action.yml b/.github/os-git-actions/manual-commit/action.yml
@@ -0,0 +1,30 @@
+name: 'manual-git-commit'
+description: 'Runs the git command to commit'
+inputs:
+    branch:
+        description: 'Branch where to commit.'
+        required: true
+        default: ''
+    message:
+        description: 'Commit message.'
+        required: true
+        default: ''
+    newFiles:
+        description: 'Defines if a `git add.` should be made or not.'
+        required: false
+        default: false
+
+runs:
+    using: composite
+    steps:
+        - name: Add new files (if needed)
+          shell: bash
+          if: ${{ inputs.newFiles }}
+          run: |
+              git add .
+
+        - name: Manual git commit
+          shell: bash
+          run: |
+              git commit -m "${{ inputs.message }}"
+              git push origin ${{ inputs.branch }}
diff --git a/.github/os-git-actions/setup-gpg/action.yml b/.github/os-git-actions/setup-gpg/action.yml
@@ -0,0 +1,22 @@
+name: 'setup-gpg'
+description: 'Prepare to get following commits signed'
+inputs:
+    gpgPriv:
+        description: 'GPG Private key'
+        required: true
+        default: ''
+    gpgPassPhrase:
+        description: 'GPG passphrase'
+        required: false
+        default: '""'
+
+runs:
+    using: composite
+    steps:
+        - name: Import and load GPG key
+          uses: crazy-max/ghaction-import-gpg@v6
+          with:
+              gpg_private_key: ${{ inputs.gpgPriv }}
+              passphrase: ${{ inputs.gpgPassPhrase }}
+              git_user_signingkey: true
+              git_commit_gpgsign: true
diff --git a/.github/os-git-actions/signed-commit/action.yml b/.github/os-git-actions/signed-commit/action.yml
@@ -0,0 +1,39 @@
+name: 'signed-gpg-commit'
+description: 'Prepare and sign the commit signed'
+inputs:
+    branch:
+        description: 'Branch where to commit.'
+        required: true
+        default: ''
+    message:
+        description: 'Commit message.'
+        required: true
+        default: ''
+    newFiles:
+        description: 'Defines if a `git add.` should be made or not.'
+        required: false
+        default: false
+    gpgPriv:
+        description: 'GPG Private key'
+        required: true
+        default: ''
+    gpgPassPhrase:
+        description: 'GPG passphrase'
+        required: false
+        default: '""'
+
+runs:
+    using: composite
+    steps:
+        - name: Setup GPG to sign commits
+          uses: ./.github/setup-gpg/
+          with:
+              gpgPriv: ${{ inputs.gpgPriv }}
+              gpgPassPhrase: ${{ inputs.gpgPassPhrase }}
+
+        - name: Perform git commit
+          uses: ./.github/manual-commit/
+          with:
+              branch: ${{ inputs.branch }}
+              message: ${{ inputs.message }}
+              newFiles: ${{ inputs.newFiles }}
diff --git a/.github/workflows/dev-pr.yml b/.github/workflows/dev-pr.yml
@@ -0,0 +1,44 @@
+name: DEV_PR
+on:
+    # Triggers the workflow on push events but only for the "dev" branch.
+    pull_request:
+        branches: ['dev']
+
+    workflow_dispatch:
+
+jobs:
+    eslint:
+        runs-on: ubuntu-latest
+        defaults:
+            run:
+                working-directory: ./
+        steps:
+            - name: Checkout branch dev
+              uses: actions/checkout@v2
+
+            - uses: actions/setup-node@v1
+              with:
+                  node-version: '16.x'
+
+            - name: Install project dependencies
+              run: npm install
+
+            - name: Run lint
+              run: npm run lint
+
+    compile-code:
+        needs: eslint
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout branch dev
+              uses: actions/checkout@v2
+
+            - uses: actions/setup-node@v1
+              with:
+                  node-version: '16.x'
+
+            - name: Install project dependencies
+              run: npm install
+
+            - name: Compile code
+              run: npm run build
diff --git a/.github/workflows/main-push.yml b/.github/workflows/main-push.yml
@@ -0,0 +1,86 @@
+# This is a basic workflow to help you get started with Actions
+
+name: MAIN_PUSH
+
+# Controls when the action will run.
+on:
+    # Triggers the workflow on push or pull request events but only for the dev branch
+    push:
+        branches: ['main']
+
+    # Allows you to run this workflow manually from the Actions tab
+    workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+    eslint:
+        runs-on: ubuntu-latest
+        defaults:
+            run:
+                working-directory: ./
+        steps:
+            - name: Checkout branch main
+              uses: actions/checkout@v2
+
+            - uses: actions/setup-node@v1
+              with:
+                  node-version: '16.x'
+
+            - name: Install project dependencies
+              run: npm install
+
+            - name: Run lint
+              run: npm run lint
+
+    compile-code:
+        needs: eslint
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout branch dev
+              uses: actions/checkout@v2
+
+            - uses: actions/setup-node@v1
+              with:
+                  node-version: '16.x'
+
+            - name: Install project dependencies
+              run: npm install
+
+            - name: Compile code
+              run: npm run build
+
+    documentation:
+        needs: compile-code
+        runs-on: ubuntu-latest
+
+        # Steps represent a sequence of tasks that will be executed as part of the job
+        steps:
+            # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+            - name: Checkout branch main
+              uses: actions/checkout@v3
+              with:
+                  ref: dev
+                  token: ${{ secrets.PAT }}
+
+            - name: Install graphviz
+              run: sudo apt install -y graphviz
+
+            - uses: actions/setup-node@v3
+              with:
+                  node-version: 16
+                  cache: 'npm'
+
+            - name: Install project dependencies
+              run: npm install
+
+            - name: Generate documentation
+              run: npm run docs
+
+            - name: Sign and commit documentation to branch dev
+              uses: ./.github/os-git-actions/signed-commit/
+              with:
+                  branch: main
+                  message: 'Update documentation [skip ci]'
+                  newFiles: true
+                  gpgPriv: ${{ secrets.GPG_SIGN_KEY }}
+                  gpgPassPhrase: ${{ secrets.GPG_PASSPHRASE }}
