chore: workflows

TrebledJ · Nov 22, 2023 · 12e195f · 12e195f
1 parent e572421
commit 12e195f
Show file tree

Hide file tree

Showing 3 changed files with 180 additions and 32 deletions.
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
@@ -0,0 +1,43 @@
+# https://nicolasiensen.github.io/2022-07-23-automating-dependency-updates-with-dependabot-github-auto-merge-and-github-actions/
+
+name: Dependabot Reviewer
+
+on: pull_request_target
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  review-dependabot-pr:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot' }}
+    steps:
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1.3.1
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Approve patch and minor updates
+        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}
+        run: gh pr review $PR_URL --approve -b "This pull request is **automatically approved** because it includes a **patch or minor update**."
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Approve major updates of development dependencies
+        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}}
+        run: gh pr review $PR_URL --approve -b "This pull request is **automatically approved** because it includes a **major update of a dependency used only in development**."
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Comment on major updates of non-development dependencies
+        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}}
+        run: |
+          gh pr comment $PR_URL --body "This pull request is ***not* automatically approved** because it includes a **major update of a dependency used in production**."
+          gh pr edit $PR_URL --add-label "requires-manual-qa"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,105 @@
+
+# Build (without deploying) an Eleventy site to a local site branch (for further workflow automation)
+# See deploy.yml for a build + deploy to GitHub Pages workflow.
+name: Build Eleventy Site
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    # branches: master
+    paths:
+      - '**'
+      - '!.gitignore'
+      - '!*.md'
+      - '!LICENSE'
+      - '!.eslintignore'
+      - '!.eslintrc.yml'
+      - '!.github/**'
+      - '!.lycheeignore'
+      - '!.vscode/**'
+      - '!archive/**'
+      - '!scripts/**'
+      - '!ust/**'
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: write
+  pages: write
+  id-token: write
+
+# Allow one concurrent deployment
+concurrency:
+  group: "pages"
+  cancel-in-progress: true
+
+jobs:
+  # Build job
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Fetch all commit history.
+
+      - name: Detect Package Manager
+        id: detect-package-manager
+        run: |
+          if [ -f "${{ github.workspace }}/yarn.lock" ]; then
+            echo "manager=yarn" >> $GITHUB_OUTPUT
+            echo "command=install" >> $GITHUB_OUTPUT
+            exit 0
+          elif [ -f "${{ github.workspace }}/package.json" ]; then
+            echo "manager=npm" >> $GITHUB_OUTPUT
+            echo "command=ci" >> $GITHUB_OUTPUT
+            exit 0
+          else
+            echo "Unable to determine packager manager"
+            exit 1
+          fi
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 16
+          cache: ${{ steps.detect-package-manager.outputs.manager }}
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v3
+      - name: Restore cache
+        uses: actions/cache@v3
+        with:
+          path: |
+            .cache
+            .eleventy/cache
+          # Generate a new cache whenever packages or source files change.
+          key: ${{ runner.os }}-eleventy-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
+          # If source files changed but packages didn't, rebuild from a prior cache.
+          restore-keys: |
+            ${{ runner.os }}-eleventy-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-
+
+      - name: Install Dependencies
+        run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }}
+
+      - name: Build
+        run: ${{ steps.detect-package-manager.outputs.manager }} run prod
+
+      - name: Commit & Push Site Build
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: Build site from GitHub Actions
+          branch: site
+          create_branch: true
+
+          file_pattern: '_site/** .lycheeignore'
+
+          commit_options: '--no-verify --signoff'
+          add_options: '-f'
+          push_options: '--force'
+
+          skip_checkout: true
+          skip_dirty_check: true
+          skip_fetch: true
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -3,21 +3,21 @@ name: Deploy Eleventy Site to Pages
 
 on:
   # Runs on pushes targeting the default branch
-  push:
-    branches: master
-    paths:
-      - '**'
-      - '!.gitignore'
-      - '!*.md'
-      - '!LICENSE'
-      - '!.eslintignore'
-      - '!.eslintrc.yml'
-      - '!.github/**'
-      - '!.lycheeignore'
-      - '!.vscode/**'
-      - '!archive/**'
-      - '!scripts/**'
-      - '!ust/**'
+  # push:
+  #   branches: master
+  #   paths:
+  #     - '**'
+  #     - '!.gitignore'
+  #     - '!*.md'
+  #     - '!LICENSE'
+  #     - '!.eslintignore'
+  #     - '!.eslintrc.yml'
+  #     - '!.github/**'
+  #     - '!.lycheeignore'
+  #     - '!.vscode/**'
+  #     - '!archive/**'
+  #     - '!scripts/**'
+  #     - '!ust/**'
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
@@ -102,20 +102,20 @@ jobs:
           skip_dirty_check: true
           skip_fetch: true
 
-  #     - name: Upload Artifact
-  #       uses: actions/upload-pages-artifact@v2
-  #       with:
-  #         path: ./_site
-
-  # # Deployment job
-  # deploy:
-  #   environment:
-  #     name: github-pages
-  #     # url: ${{ steps.deployment.outputs.page_url }}
-  #     # url: trebledj.github.io
-  #   runs-on: ubuntu-latest
-  #   needs: build
-  #   steps:
-  #     - name: Deploy to GitHub Pages
-  #       id: deployment
-  #       uses: actions/deploy-pages@v2
+      - name: Upload Artifact
+        uses: actions/upload-pages-artifact@v2
+        with:
+          path: ./_site
+
+  # Deployment job
+  deploy:
+    environment:
+      name: github-pages
+      # url: ${{ steps.deployment.outputs.page_url }}
+      # url: trebledj.github.io
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v2