fix: improve all workflows

seantrane · seantrane · commit aa659fa1c540 · 2023-05-15T15:58:12.000-04:00
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,63 @@
+---
+name: Bug Report
+description: Submit a bug report
+title: "[Bug]: "
+labels: ["bug", "triage"]
+# assignees:
+#   - octocat
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. email@example.com
+    validations:
+      required: false
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also tell us, what did you expect to happen?
+      placeholder: Tell us what you see!
+      value: "A bug happened!"
+    validations:
+      required: true
+  - type: dropdown
+    id: version
+    attributes:
+      label: Version
+      description: What version of our software are you running?
+      options:
+        - 1.0.2 (Default)
+        - 1.0.3 (Edge)
+    validations:
+      required: true
+  - type: dropdown
+    id: browsers
+    attributes:
+      label: What browsers are you seeing the problem on?
+      multiple: true
+      options:
+        - Firefox
+        - Chrome
+        - Safari
+        - Microsoft Edge
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: shell
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://example.com)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
diff --git a/.github/workflows/delivery.yml b/.github/workflows/delivery.yml
@@ -1,13 +1,13 @@
 ---
-name: Continuous Delivery
+name: Delivery
 
 on:
   push:
     branches: [main]
 
 concurrency:
   group: ${{ github.ref }}-${{ github.workflow }}
-  cancel-in-progress: true
+  cancel-in-progress: false
 
 permissions:
   contents: write
@@ -21,4 +21,4 @@ jobs:
   release:
     uses: ./.github/workflows/semantic-release.yml
     secrets:
-      token: ${{ secrets.GH_PAT }}
+      GH_TOKEN: ${{ secrets.GH_PAT }}
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -1,5 +1,5 @@
 ---
-name: Continuous Integration
+name: Integration
 
 on:
   pull_request:
@@ -28,23 +28,31 @@ jobs:
     uses: ./.github/workflows/semantic-pr.yml
 
   lint:
-    uses: ./.github/workflows/linter.yml
+    uses: ./.github/workflows/mega-linter.yml@main
+    secrets:
+      GH_TOKEN: ${{ secrets.GH_PAT }}
 
   # sonar:
   #   uses: ./.github/workflows/sonar.yml
   #   secrets:
-  #     token: ${{ env.SONAR_TOKEN }}
+  #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
   # terraform:
   #   strategy:
+  #     # max-parallel: 1
+  #     fail-fast: false
   #     matrix:
   #       working-directory:
   #         - 'terraform/deployments/dev'
   #         - 'terraform/deployments/stage'
   #         - 'terraform/deployments/prod'
   #   uses: ./.github/workflows/terraform.yml
   #   with:
+  #     state: cloud
   #     version: 1.4.4
   #     working-directory: ${{ matrix.working-directory }}
   #     format: false
   #     apply: false
+  #   secrets:
+  #     GH_TOKEN: ${{ secrets.GH_PAT }}
+  #     TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }}
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -0,0 +1,99 @@
+---
+# MegaLinter GitHub Action configuration file
+# More info at https://megalinter.io
+# https://github.com/oxsecurity/megalinter
+# https://github.com/oxsecurity/megalinter/blob/main/TEMPLATES/mega-linter.yml
+name: MegaLinter
+
+# Trigger mega-linter at every push. Action will also be visible from Pull Requests to main
+# Comment this line to trigger action only on pull-requests (not recommended if you don't pay for GH Actions)
+on:
+  workflow_call:
+    inputs:
+      APPLY_FIXES_EVENT:
+        description: |
+          Apply MegaLinter fixes during given event: all, push, pull_request, none.
+        type: string
+        default: pull_request
+      APPLY_FIXES_MODE:
+        description: |
+          `commit` to create a new commit and push it on the same branch, or
+          `pull_request` to create a new PR targeting the branch.
+        type: string
+        default: pull_request
+      VALIDATE_ALL_CODEBASE:
+        description: |
+          Validates all source when push on main, else just the git diff with main.
+          Override with true if you always want to lint all sources.
+        type: boolean
+        default: false
+    secrets:
+      GH_TOKEN:
+        required: true
+
+env:
+  APPLY_FIXES_EVENT: ${{ inputs.APPLY_FIXES_EVENT }}
+  APPLY_FIXES_MODE: ${{ inputs.APPLY_FIXES_MODE }}
+  VALIDATE_ALL_CODEBASE: ${{ inputs.VALIDATE_ALL_CODEBASE }}
+
+jobs:
+  lint:
+    name: MegaLinter
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
+
+      - name: MegaLinter
+        id: ml
+        uses: oxsecurity/megalinter@v6
+        env:
+          VALIDATE_ALL_CODEBASE: ${{ inputs.VALIDATE_ALL_CODEBASE }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # Upload MegaLinter artifacts
+      - name: Archive production artifacts
+        if: ${{ success() }} || ${{ failure() }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: MegaLinter reports
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+      # Create pull request if applicable (for now works only on PR from same repository, not from forks)
+      - name: Create Pull Request with applied fixes
+        id: cpr
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
+        uses: peter-evans/create-pull-request@v5
+        with:
+          token: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }}
+          commit-message: "style(MegaLinter): apply linter fixes"
+          title: "style(MegaLinter): apply linter fixes"
+          labels: |
+            state: pending
+            type: chore
+            work: obvious
+
+      - name: Create PR output
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
+        run: |
+          echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
+          echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
+
+      # Push new commit if applicable (for now works only on PR from same repository, not from forks)
+      - name: Prepare commit
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
+        run: sudo chown -Rc $UID .git/
+
+      - name: Commit and push applied linter fixes
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
+        uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
+          commit_message: "style(MegaLinter): apply linter fixes"
+          commit_user_name: informa-ap-devops
+          commit_user_email: informa-ap-devops@users.noreply.github.com
diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml
@@ -4,7 +4,7 @@ name: Semantic Release
 on:
   workflow_call:
     secrets:
-      token:
+      GH_TOKEN:
         required: true
 
 permissions:
@@ -23,15 +23,15 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
         with:
-          token: ${{ secrets.token }}
+          token: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }}
           fetch-depth: 0
 
       # https://github.com/marketplace/actions/semantic-release-action#usage
       - name: Semantic Release
         uses: docker://ghcr.io/codfish/semantic-release-action:v2
         id: semantic
         env:
-          GITHUB_TOKEN: ${{ secrets.token }}
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }}
         with:
           tag_format: 'v${version}'
           additional_packages: |
diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
@@ -7,24 +7,22 @@ name: SonarSource, SonarCloud, SonarQube
 on:
   workflow_call:
     inputs:
-      cert:
-        description: If SonarQube uses self-signed certificate, pass a root certificate (in PEM format)
+      SONAR_HOST_URL:
+        description: Specify the Sonar Host URL.
         type: string
-        default: ''
-      host:
-        description: Specify SonarQube Host URL
-        type: string
-        default: ''
-      gate:
-        description: Use SonarQube Quality Gate in Status Checks?
+        default: 'https://sonarcloud.io'
+      SONAR_QUALITY_GATE_CHECK:
+        description: Use Sonar Quality Gate in Status Checks?
         type: boolean
         default: false
-      working-directory:
-        description: Directory in which to run Sonar Scanner
+      projectBaseDir:
+        description: Directory in which to run Sonar Scanner.
         type: string
-        default: ./
+        default: ${{ $GITHUB_WORKSPACE }}
     secrets:
-      token:
+      # If SonarQube uses self-signed certificate, pass a root certificate (in PEM format).
+      SONAR_ROOT_CERT: ''
+      SONAR_TOKEN:
         required: true
 
 permissions:
@@ -43,40 +41,40 @@ jobs:
           fetch-depth: 0
 
       - name: SonarCloud Scan
-        if: ${{ inputs.host == '' }}
+        if: ${{ inputs.SONAR_HOST_URL == '' }}
         uses: SonarSource/sonarcloud-github-action@master
         with:
-          projectBaseDir: ${{ inputs.working-directory }}
+          projectBaseDir: ${{ inputs.projectBaseDir }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
-          SONAR_TOKEN: ${{ secrets.token }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
       - name: SonarQube Scan
-        if: ${{ inputs.host != '' }}
+        if: ${{ inputs.SONAR_HOST_URL != '' }}
         uses: sonarsource/sonarqube-scan-action@master
         with:
-          projectBaseDir: ${{ inputs.working-directory }}
+          projectBaseDir: ${{ inputs.projectBaseDir }}
         env:
           # SonarQube access token should be generated from https://sonarcloud.io/account/security/
-          SONAR_TOKEN: ${{ secrets.token }}
-          SONAR_HOST_URL: ${{ inputs.host }}
-          # SONAR_ROOT_CERT: ${{ inputs.cert }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ inputs.SONAR_HOST_URL }}
+          # SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
 
       # Check the Quality Gate status.
       - name: SonarQube Quality Gate check
         id: sonarqube-quality-gate-check
-        if: ${{ inputs.host != '' && inputs.gate == true }}
+        if: ${{ inputs.SONAR_HOST_URL != '' && inputs.SONAR_QUALITY_GATE_CHECK == true }}
         uses: sonarsource/sonarqube-quality-gate-action@master
         # Force to fail step after specific time.
         timeout-minutes: 5
         env:
-          SONAR_TOKEN: ${{ secrets.token }}
-          SONAR_HOST_URL: ${{ inputs.host }}
-          # SONAR_ROOT_CERT: ${{ inputs.cert }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ inputs.SONAR_HOST_URL }}
+          # SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
 
       # Optionally you can use the output from the Quality Gate in another step.
       # The possible outputs of the `quality-gate-status` variable are `PASSED`, `WARN` or `FAILED`.
       - name: SonarQube Quality Gate Status
-        if: ${{ inputs.host != '' && inputs.gate == true }}
+        if: ${{ inputs.SONAR_HOST_URL != '' && inputs.SONAR_QUALITY_GATE_CHECK == true }}
         run: echo "The Quality Gate status is ${{ steps.sonarqube-quality-gate-check.outputs.quality-gate-status }}"
diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
