Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Iain Sproat
|
e4bde6ce7c |
@@ -1,46 +0,0 @@
|
||||
version: 2.1
|
||||
|
||||
workflows:
|
||||
version: 2
|
||||
verify:
|
||||
jobs:
|
||||
- pre-commit:
|
||||
filters:
|
||||
tags: &filter-all-tags # run for all tags
|
||||
only: /.*/
|
||||
|
||||
jobs:
|
||||
pre-commit:
|
||||
parameters:
|
||||
config_file:
|
||||
default: ./.pre-commit-config.yaml
|
||||
description: Optional, path to pre-commit config file.
|
||||
type: string
|
||||
cache_prefix:
|
||||
default: ''
|
||||
description: |
|
||||
Optional cache prefix to be used on CircleCI. Can be used for cache busting or to ensure multiple jobs use different caches.
|
||||
type: string
|
||||
docker:
|
||||
- image: speckle/pre-commit-runner:latest
|
||||
resource_class: medium
|
||||
working_directory: &workingdir /tmp/ci
|
||||
steps:
|
||||
- checkout
|
||||
- restore_cache:
|
||||
keys:
|
||||
- cache-pre-commit-<<parameters.cache_prefix>>-{{ checksum "<<parameters.config_file>>" }}
|
||||
- run:
|
||||
name: Install pre-commit hooks
|
||||
command: pre-commit install-hooks --config <<parameters.config_file>>
|
||||
- save_cache:
|
||||
key: cache-pre-commit-<<parameters.cache_prefix>>-{{ checksum "<<parameters.config_file>>" }}
|
||||
paths:
|
||||
- ~/.cache/pre-commit
|
||||
- run:
|
||||
name: Run pre-commit
|
||||
command: pre-commit run --all-files --config <<parameters.config_file>>
|
||||
- run:
|
||||
command: git --no-pager diff
|
||||
name: git diff
|
||||
when: on_fail
|
||||
@@ -1,77 +0,0 @@
|
||||
name: Update issue Status
|
||||
|
||||
on:
|
||||
issues:
|
||||
types: [closed]
|
||||
|
||||
jobs:
|
||||
update_issue:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Get project data
|
||||
env:
|
||||
GITHUB_TOKEN: ${{secrets.GHPROJECT_TOKEN}}
|
||||
ORGANIZATION: specklesystems
|
||||
PROJECT_NUMBER: 9
|
||||
run: |
|
||||
gh api graphql --header 'GraphQL-Features: projects_next_graphql' -f query='
|
||||
query($org: String!, $number: Int!) {
|
||||
organization(login: $org){
|
||||
projectNext(number: $number) {
|
||||
id
|
||||
fields(first:20) {
|
||||
nodes {
|
||||
id
|
||||
name
|
||||
settings
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}' -f org=$ORGANIZATION -F number=$PROJECT_NUMBER > project_data.json
|
||||
|
||||
echo 'PROJECT_ID='$(jq '.data.organization.projectNext.id' project_data.json) >> $GITHUB_ENV
|
||||
echo 'STATUS_FIELD_ID='$(jq '.data.organization.projectNext.fields.nodes[] | select(.name== "Status") | .id' project_data.json) >> $GITHUB_ENV
|
||||
|
||||
echo "$PROJECT_ID"
|
||||
echo "$STATUS_FIELD_ID"
|
||||
|
||||
echo 'DONE_ID='$(jq '.data.organization.projectNext.fields.nodes[] | select(.name== "Status") | .settings | fromjson | .options[] | select(.name== "Done") | .id' project_data.json) >> $GITHUB_ENV
|
||||
echo "$DONE_ID"
|
||||
|
||||
- name: Add Issue to project #it's already in the project, but we do this to get its node id!
|
||||
env:
|
||||
GITHUB_TOKEN: ${{secrets.GHPROJECT_TOKEN}}
|
||||
ISSUE_ID: ${{ github.event.issue.node_id }}
|
||||
run: |
|
||||
item_id="$( gh api graphql --header 'GraphQL-Features: projects_next_graphql' -f query='
|
||||
mutation($project:ID!, $id:ID!) {
|
||||
addProjectNextItem(input: {projectId: $project, contentId: $id}) {
|
||||
projectNextItem {
|
||||
id
|
||||
}
|
||||
}
|
||||
}' -f project=$PROJECT_ID -f id=$ISSUE_ID --jq '.data.addProjectNextItem.projectNextItem.id')"
|
||||
|
||||
echo 'ITEM_ID='$item_id >> $GITHUB_ENV
|
||||
|
||||
- name: Update Status
|
||||
env:
|
||||
GITHUB_TOKEN: ${{secrets.GHPROJECT_TOKEN}}
|
||||
ISSUE_ID: ${{ github.event.issue.node_id }}
|
||||
run: |
|
||||
gh api graphql --header 'GraphQL-Features: projects_next_graphql' -f query='
|
||||
mutation($project:ID!, $status:ID!, $id:ID!, $value:String!) {
|
||||
set_status: updateProjectNextItemField(
|
||||
input: {
|
||||
projectId: $project
|
||||
itemId: $id
|
||||
fieldId: $status
|
||||
value: $value
|
||||
}
|
||||
) {
|
||||
projectNextItem {
|
||||
id
|
||||
}
|
||||
}
|
||||
}' -f project=$PROJECT_ID -f status=$STATUS_FIELD_ID -f id=$ITEM_ID -f value=${{ env.DONE_ID }}
|
||||
@@ -1,50 +0,0 @@
|
||||
name: Move new issues into Project
|
||||
|
||||
on:
|
||||
issues:
|
||||
types: [opened]
|
||||
|
||||
jobs:
|
||||
track_issue:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Get project data
|
||||
env:
|
||||
GITHUB_TOKEN: ${{secrets.GHPROJECT_TOKEN}}
|
||||
ORGANIZATION: specklesystems
|
||||
PROJECT_NUMBER: 9
|
||||
run: |
|
||||
gh api graphql --header 'GraphQL-Features: projects_next_graphql' -f query='
|
||||
query($org: String!, $number: Int!) {
|
||||
organization(login: $org){
|
||||
projectNext(number: $number) {
|
||||
id
|
||||
fields(first:20) {
|
||||
nodes {
|
||||
id
|
||||
name
|
||||
settings
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}' -f org=$ORGANIZATION -F number=$PROJECT_NUMBER > project_data.json
|
||||
|
||||
echo 'PROJECT_ID='$(jq '.data.organization.projectNext.id' project_data.json) >> $GITHUB_ENV
|
||||
echo 'STATUS_FIELD_ID='$(jq '.data.organization.projectNext.fields.nodes[] | select(.name== "Status") | .id' project_data.json) >> $GITHUB_ENV
|
||||
|
||||
- name: Add Issue to project
|
||||
env:
|
||||
GITHUB_TOKEN: ${{secrets.GHPROJECT_TOKEN}}
|
||||
ISSUE_ID: ${{ github.event.issue.node_id }}
|
||||
run: |
|
||||
item_id="$( gh api graphql --header 'GraphQL-Features: projects_next_graphql' -f query='
|
||||
mutation($project:ID!, $id:ID!) {
|
||||
addProjectNextItem(input: {projectId: $project, contentId: $id}) {
|
||||
projectNextItem {
|
||||
id
|
||||
}
|
||||
}
|
||||
}' -f project=$PROJECT_ID -f id=$ISSUE_ID --jq '.data.addProjectNextItem.projectNextItem.id')"
|
||||
|
||||
echo 'ITEM_ID='$item_id >> $GITHUB_ENV
|
||||
@@ -0,0 +1,37 @@
|
||||
name: Release pipeline
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- '**' # all branches
|
||||
tags:
|
||||
- "[0-9]+.[0-9]+.[0-9]+"
|
||||
workflow_dispatch:
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
|
||||
permissions: {} # purposefully empty by default at workflow level, explicitly overridden for specific jobs below
|
||||
|
||||
jobs:
|
||||
pre-commit:
|
||||
name: Precommit check
|
||||
runs-on: blacksmith-4vcpu-ubuntu-2404
|
||||
permissions:
|
||||
contents: read
|
||||
packages: read # to be able to pull the pre-commit-runner image from ghcr.io
|
||||
container:
|
||||
image: ghcr.io/specklesystems/pre-commit-runner:latest # zizmor: ignore[unpinned-images] Speckle own this image repository
|
||||
steps:
|
||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
|
||||
with:
|
||||
fetch-depth: 0
|
||||
persist-credentials: false
|
||||
- run: git config --global --add safe.directory $PWD
|
||||
- name: Set precommit
|
||||
run: pre-commit install-hooks --config ./.pre-commit-config.yaml
|
||||
- name: Run precommit
|
||||
run: pre-commit run --all-files --config ./.pre-commit-config.yaml
|
||||
- name: Diff on failure
|
||||
if: failure()
|
||||
run: git --no-pager diff
|
||||
@@ -1,14 +1,9 @@
|
||||
default_stages:
|
||||
- 'commit'
|
||||
- 'pre-commit'
|
||||
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/mirrors-prettier
|
||||
rev: 'v2.7.1'
|
||||
hooks:
|
||||
- id: prettier
|
||||
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: 'v4.3.0'
|
||||
rev: 'v6.0.0'
|
||||
hooks:
|
||||
- id: check-yaml
|
||||
- id: check-merge-conflict
|
||||
@@ -20,12 +15,12 @@ repos:
|
||||
- id: end-of-file-fixer
|
||||
|
||||
- repo: https://github.com/syntaqx/git-hooks
|
||||
rev: 'v0.0.17'
|
||||
rev: 'v0.0.18'
|
||||
hooks:
|
||||
- id: forbid-binary
|
||||
|
||||
- repo: https://github.com/pre-commit/pre-commit
|
||||
rev: 'v2.20.0'
|
||||
rev: 'v4.5.1'
|
||||
hooks:
|
||||
- id: validate_manifest
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
- id: ggshield-not-ci
|
||||
name: GitGuardian Shield (pre-commit)
|
||||
description: Runs ggshield in non-CI environments to detect hardcoded secrets, security vulnerabilities and policy breaks.
|
||||
stages: [commit]
|
||||
stages: [pre-commit]
|
||||
entry: hooks/ggshield-not-ci.sh
|
||||
language: script
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
.github/
|
||||
@@ -4,5 +4,5 @@ set -eo pipefail
|
||||
if [[ -z "${CI}" ]]; then
|
||||
ggshield secret scan pre-commit
|
||||
else
|
||||
echo "In a CI environment, so skipping GitGuardian ggshield"
|
||||
echo "Detected that this script is running in a CI environment, so skipping GitGuardian ggshield"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user