11version : ' 3'
2-
32silent : true
4-
53vars :
64 PR_TEMPLATE : https://raw.githubusercontent.com/devops-infra/.github/refs/tags/v1/PULL_REQUEST_TEMPLATE.md
75 CONFIGS_BASE_URL : https://raw.githubusercontent.com/devops-infra/.github/refs/tags/v1/templates/actions/configs
86 TASKFILES_BASE_URL : https://raw.githubusercontent.com/devops-infra/.github/refs/tags/v1/templates/actions/taskfiles
9-
107tasks :
118 pre-commit :
129 desc : Run all pre-commit hooks
@@ -29,97 +26,32 @@ tasks:
2926 lint:actionlint :
3027 desc : Lint GitHub Actions workflows with actionlint
3128 cmds :
32- - |
33- echo "▶️ Running actionlint..."
34- set +e
35- docker run --rm -i -v "$PWD:/work" -w /work rhysd/actionlint:latest -color
36- rc=$?
37- set -e
38- if [ "$rc" -eq 0 ]; then
39- echo "✅ actionlint passed"
40- else
41- echo "❌ actionlint failed"
42- exit $rc
43- fi
29+ - task : scripts:lint:actionlint
4430
4531 lint:hadolint :
4632 desc : Lint Dockerfile with hadolint
4733 cmds :
48- - |
49- echo "▶️ Running hadolint..."
50- set +e
51- docker run --rm -i -v "$PWD:/work" -w /work hadolint/hadolint:latest-debian < Dockerfile
52- rc=$?
53- set -e
54- if [ "$rc" -eq 0 ]; then
55- echo "✅ hadolint passed"
56- else
57- echo "❌ hadolint failed"
58- exit $rc
59- fi
34+ - task : scripts:lint:hadolint
6035
6136 lint:shellcheck :
6237 desc : Lint shell scripts with shellcheck
6338 cmds :
64- - |
65- echo "▶️ Running shellcheck..."
66- set +e
67- docker run --rm -i -v "$PWD:/work" -w /work koalaman/shellcheck:stable -x -S style entrypoint.sh
68- rc=$?
69- set -e
70- if [ "$rc" -eq 0 ]; then
71- echo "✅ shellcheck passed"
72- else
73- echo "❌ shellcheck failed"
74- exit $rc
75- fi
39+ - task : scripts:lint:shellcheck
7640
7741 lint:yamllint :
7842 desc : Lint YAML files with yamllint
7943 cmds :
80- - |
81- echo "▶️ Running yamllint..."
82- set +e
83- docker run --rm -i -v "$PWD:/work" -w /work cytopia/yamllint -c .yamllint.yml .
84- rc=$?
85- set -e
86- if [ "$rc" -eq 0 ]; then
87- echo "✅ yamllint passed"
88- else
89- echo "❌ yamllint failed"
90- exit $rc
91- fi
44+ - task : scripts:lint:yamllint
9245
9346 dependency:update :
94- desc : Check main dependency not covered by dependabot
47+ desc : ' No-op: no dedicated dependency updater configured for this profile '
9548 cmds :
96- - |
97- echo "ℹ️ No dedicated dependency updater configured for this repository."
98- echo "ℹ️ Dependabot handles GitHub Actions and package metadata updates."
99- echo "ℹ️ Docker build validation remains the runtime safety net."
49+ - task : scripts:dependency:update
10050
10151 version:set :
10252 desc : Update version in README.md and action.yml
10353 cmds :
104- - |
105- if [ -z "{{.VERSION}}" ]; then
106- echo "❌ ERROR: VERSION is empty"
107- exit 1
108- fi
109- if ! echo "{{.VERSION}}" | grep -Eq '^v?[0-9]+\.[0-9]+\.[0-9]+$'; then
110- echo "❌ ERROR: VERSION '{{.VERSION}}' is not a valid semantic version (expected vX.Y.Z or X.Y.Z)"
111- exit 1
112- fi
113- echo Updating full version from {{.VERSION_FROM_ACTION_YML}} to {{.VERSION}}
114- - echo Updating minor version from {{.MINOR_FROM_ACTION_YML}} to {{.VERSION_MINOR}}
115- - echo Updating major version from {{.MAJOR_FROM_ACTION_YML}} to {{.VERSION_MAJOR}}
116- - " {{.SED}} -i 's#{{.DOCKER_NAME}}:{{.VERSION_FROM_ACTION_YML}}#{{.DOCKER_NAME}}:{{.VERSION}}#g' action.yml"
117- - " {{.SED}} -i 's#{{.DOCKER_NAME}}@{{.VERSION_FROM_ACTION_YML}}#{{.DOCKER_NAME}}@{{.VERSION}}#g' README.md"
118- - " {{.SED}} -i 's#{{.GITHUB_NAME}}@{{.VERSION_FROM_ACTION_YML}}#{{.GITHUB_NAME}}@{{.VERSION}}#g' README.md"
119- - " {{.SED}} -i 's#{{.DOCKER_NAME}}@{{.MINOR_FROM_ACTION_YML}}#{{.DOCKER_NAME}}@{{.VERSION_MINOR}}#g' README.md"
120- - " {{.SED}} -i 's#{{.GITHUB_NAME}}@{{.MINOR_FROM_ACTION_YML}}#{{.GITHUB_NAME}}@{{.VERSION_MINOR}}#g' README.md"
121- - " {{.SED}} -i 's#{{.DOCKER_NAME}}@{{.MAJOR_FROM_ACTION_YML}}#{{.DOCKER_NAME}}@{{.VERSION_MAJOR}}#g' README.md"
122- - " {{.SED}} -i 's#{{.GITHUB_NAME}}@{{.MAJOR_FROM_ACTION_YML}}#{{.GITHUB_NAME}}@{{.VERSION_MAJOR}}#g' README.md"
54+ - task : scripts:version:set
12355
12456 version:update:patch :
12557 desc : Increment patch version (e.g., 1.2.3 -> 1.2.4)
@@ -139,135 +71,24 @@ tasks:
13971 version:resolve-next :
14072 desc : Resolve next version from bump type and profile
14173 cmds :
142- - |
143- set -eu
144- bump_type="${BUMP_TYPE:-patch}"
145- input_version="${INPUT_VERSION:-}"
146-
147- normalize_version() {
148- candidate="${1#v}"
149- if ! printf "%s" "${candidate}" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+$'; then
150- return 1
151- fi
152- printf "v%s" "${candidate}"
153- }
154-
155- current="$(task version:get 2>/dev/null || true)"
156-
157- case "$bump_type" in
158- set)
159- [ -n "$input_version" ] || { echo "Missing version for type=set"; exit 1; }
160- next="$(normalize_version "$input_version")" || {
161- echo "Invalid explicit version: $input_version. Expected vX.Y.Z or X.Y.Z"
162- exit 1
163- }
164- ;;
165- patch|minor|major)
166- [ -n "$current" ] || { echo "Current version not found or invalid. Expected vX.Y.Z"; exit 1; }
167- current="$(normalize_version "$current")" || { echo "Current version not found or invalid. Expected vX.Y.Z"; exit 1; }
168- no_v="${current#v}"
169- major="$(printf "%s" "$no_v" | awk -F. '{print $1}')"
170- minor="$(printf "%s" "$no_v" | awk -F. '{print $2}')"
171- patch="$(printf "%s" "$no_v" | awk -F. '{print $3}')"
172- case "$bump_type" in
173- patch) next="v${major}.${minor}.$((patch + 1))" ;;
174- minor) next="v${major}.$((minor + 1)).0" ;;
175- major) next="v$((major + 1)).0.0" ;;
176- esac
177- ;;
178- *)
179- echo "Unknown type: $bump_type"
180- exit 1
181- ;;
182- esac
183-
184- printf "%s" "$next"
74+ - task : scripts:version:resolve-next
18575
18676 version:tag-release :
18777 desc : Create set of git tags
18878 cmds :
189- - |
190- set -eu
191- if (set -o | grep -q pipefail) 2>/dev/null; then set -o pipefail; fi
192-
193- REMOTE='origin'
194- FULL='{{.VERSION_FULL}}'
195- MINOR='{{.VERSION_MINOR}}'
196- MAJOR='{{.VERSION_MAJOR}}'
197-
198- # Validate vX.Y.Z
199- if ! printf "%s" "$FULL" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+$'; then
200- echo "❌ ERROR: VERSION '$FULL' must match vX.Y.Z" >&2
201- exit 1
202- fi
203-
204- tag_sha() { git rev-parse "refs/tags/$1" 2>/dev/null || true; }
205- remote_tag_sha() { git ls-remote --tags "$REMOTE" "refs/tags/$1" 2>/dev/null | awk '{print $1}' || true; }
206-
207- echo "ℹ️ INFO: Tags - Full: $FULL | Minor: $MINOR | Major: $MAJOR"
208-
209- # Full tag: must NOT exist on remote; fail fast if it does
210- full_remote_sha="$(remote_tag_sha "$FULL")"
211- if [ -n "$full_remote_sha" ]; then
212- echo "❌ ERROR: Full tag '$FULL' already exists on remote; aborting" >&2
213- exit 1
214- fi
215-
216- # Create full tag locally (if missing) and push
217- if git rev-parse --quiet --verify "refs/tags/$FULL" >/dev/null 2>&1; then
218- echo "ℹ️ INFO: Full tag '$FULL' exists locally but not on remote; pushing"
219- else
220- echo "ℹ️ INFO: Creating full tag '$FULL'"
221- git tag --annotate "$FULL" --message "$FULL"
222- fi
223- git push "$REMOTE" "refs/tags/$FULL"
224- echo "✅ OK: Pushed full tag '$FULL'"
225-
226- # Minor tag: create or update
227- git tag --force --annotate "$MINOR" --message "$FULL"
228- minor_local_sha="$(tag_sha "$MINOR")"
229- minor_remote_sha="$(remote_tag_sha "$MINOR")"
230- if [ -z "$minor_remote_sha" ]; then
231- git push "$REMOTE" "refs/tags/$MINOR"
232- echo "✅ OK: Created and pushed minor tag '$MINOR' -> $minor_local_sha"
233- else
234- if [ "$minor_local_sha" != "$minor_remote_sha" ]; then
235- echo "⚠️ WARN: Updating remote minor tag '$MINOR' to $minor_local_sha (was $minor_remote_sha)"
236- git push --force "$REMOTE" "refs/tags/$MINOR"
237- else
238- echo "ℹ️ INFO: Minor tag '$MINOR' already up-to-date"
239- fi
240- fi
241-
242- # Major tag: create or update
243- git tag --force --annotate "$MAJOR" --message "$FULL"
244- major_local_sha="$(tag_sha "$MAJOR")"
245- major_remote_sha="$(remote_tag_sha "$MAJOR")"
246- if [ -z "$major_remote_sha" ]; then
247- git push "$REMOTE" "refs/tags/$MAJOR"
248- echo "✅ OK: Created and pushed major tag '$MAJOR' -> $major_local_sha"
249- else
250- if [ "$major_local_sha" != "$major_remote_sha" ]; then
251- echo "⚠️ WARN: Updating remote major tag '$MAJOR' to $major_local_sha (was $major_remote_sha)"
252- git push --force "$REMOTE" "refs/tags/$MAJOR"
253- else
254- echo "ℹ️ INFO: Major tag '$MAJOR' already up-to-date"
255- fi
256- fi
79+ - task : scripts:version:tag-release
25780
25881 git:get-pr-template :
25982 desc : Get pull request template
26083 cmds :
261- - mkdir -p .tmp
262- - curl -LsS {{.PR_TEMPLATE}} -o .tmp/PULL_REQUEST_TEMPLATE.md
84+ - task : scripts:git:get-pr-template
26385
26486 git:set-config :
26587 desc : Set git user config
26688 cmds :
267- - git config user.name "github-actions[bot]"
268- - git config user.email "github-actions[bot]@users.noreply.github.com"
89+ - task : scripts:git:set-config
26990
27091 version:get :
27192 desc : Get current version
27293 cmds :
273- - echo "{{.VERSION}}"
94+ - task : scripts:version:get
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments