From 431029c1510272441cf7ad684283fbf7d4478e3e Mon Sep 17 00:00:00 2001 From: MSevey <15232757+MSevey@users.noreply.github.com> Date: Mon, 2 Dec 2024 20:03:19 -0500 Subject: [PATCH 1/6] feat(ci): create file sync and auto merge dependabot workflows --- .../workflows/approve_merge_dependabot.yml | 29 +++++++++++++++++++ .github/workflows/sync.yml | 19 ++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 .github/workflows/approve_merge_dependabot.yml create mode 100644 .github/workflows/sync.yml diff --git a/.github/workflows/approve_merge_dependabot.yml b/.github/workflows/approve_merge_dependabot.yml new file mode 100644 index 0000000..eb2b85f --- /dev/null +++ b/.github/workflows/approve_merge_dependabot.yml @@ -0,0 +1,29 @@ +name: Approve and Merge Dependabot PRs +on: + pull_request: + +jobs: + approve_and_merge: + name: "Approve and Merge Dependabot PRs" + # The latest actor must be Dependabot. This prevents other users from + # sneaking in changes into the PR. + if: ${{ github.actor == 'dependabot[bot]' }} + runs-on: ubuntu-latest + permissions: write-all + steps: + - uses: actions/checkout@v4 + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2.2.0 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Approve PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Enable auto-merge for Dependabot PRs + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml new file mode 100644 index 0000000..59d9c89 --- /dev/null +++ b/.github/workflows/sync.yml @@ -0,0 +1,19 @@ +name: Sync Files +on: + push: + branches: + - main + workflow_dispatch: +jobs: + sync: + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + - name: Run GitHub File Sync + uses: BetaHuhn/repo-file-sync-action@v1 + with: + GH_PAT: ${{ secrets.FILE_SYNC_PAT }} + PR_LABELS: "action sync" + COMMIT_PREFIX: "chore: " + COMMIT_EACH_FILE: false From 5a161e77aca5e3295ba87dc344b37c9740c015f0 Mon Sep 17 00:00:00 2001 From: MSevey <15232757+MSevey@users.noreply.github.com> Date: Mon, 2 Dec 2024 21:49:26 -0500 Subject: [PATCH 2/6] feat: add sync config and update source files --- .github/auto_request_review.yml | 23 ++-- .github/dependabot.njk | 20 ++++ .github/dependabot.yml | 1 - .github/sync.yml | 105 ++++++++++++++++++ .github/workflows/approve_merge_bots.yml | 56 ++++++++++ .../workflows/approve_merge_dependabot.yml | 29 ----- .github/workflows/semantic_pull_request.yml | 2 + .github/workflows/semantic_release.yml | 2 + 8 files changed, 194 insertions(+), 44 deletions(-) create mode 100644 .github/dependabot.njk create mode 100644 .github/sync.yml create mode 100644 .github/workflows/approve_merge_bots.yml delete mode 100644 .github/workflows/approve_merge_dependabot.yml diff --git a/.github/auto_request_review.yml b/.github/auto_request_review.yml index 82fab00..71a3b2f 100644 --- a/.github/auto_request_review.yml +++ b/.github/auto_request_review.yml @@ -1,22 +1,17 @@ -# More info at https://github.com/necojackarc/auto-request-review +# DO NOT EDIT DIRECTLY +# EDIT TEMPLATE IN ROLLKIT/.GITHUB REPO reviewers: - # The default reviewers defaults: - # Example of Github Team. Github team must have write access to repo. - # NOTE: This assigned the team itself, not members of the team. - # - team:engineering # This is the Github Team - - MSevey - + - rollkit + groups: + rollkit: + - team:core files: ".github/**": - MSevey - + - rollkit options: ignore_draft: true ignored_keywords: - - DO NOT REVIEW - enable_group_assignment: false - - # Randomly pick reviewers up to this number. - # Do not set this option if you'd like to assign all matching reviewers. - number_of_reviewers: 2 + - WIP + number_of_reviewers: 3 \ No newline at end of file diff --git a/.github/dependabot.njk b/.github/dependabot.njk new file mode 100644 index 0000000..cc8651a --- /dev/null +++ b/.github/dependabot.njk @@ -0,0 +1,20 @@ +# DO NOT EDIT DIRECTLY +# EDIT TEMPLATE IN ROLLKIT/.GITHUB REPO +version: 2 +updates: +{% for dep in deps %} + - package-ecosystem: {{dep.ecosystem}} + directory: "/" + schedule: + interval: weekly + open-pull-requests-limit: 10 + groups: + patch-updates: + applies-to: version-updates + update-types: + - "patch" + - "minor" + commit-message: + include: "scope" + prefix: "build" +{% endfor %} diff --git a/.github/dependabot.yml b/.github/dependabot.yml index decb467..1eaf998 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,7 +11,6 @@ updates: update-types: - "patch" - "minor" - # Including this due to certain github action steps installing via npm - package-ecosystem: npm directory: "/" schedule: diff --git a/.github/sync.yml b/.github/sync.yml new file mode 100644 index 0000000..43fb27e --- /dev/null +++ b/.github/sync.yml @@ -0,0 +1,105 @@ +# Use individual repo settings for files that differ +rollkit/.github: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "docker" }, { ecosystem: "github-actions" }, { ecosystem: "npm" }] +rollkit/astria-sequencer: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] +rollkit/avail-da: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] +rollkit/based-sequencer: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "docker" }, { ecosystem: "github-actions" }] +rollkit/bitcoin-da: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] +rollkit/centralized-sequencer: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "docker" }, { ecosystem: "github-actions" }] +rollkit/cosmos-sdk-starter: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] +rollkit/docs: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "npm" }, { ecosystem: "github-actions" }] +rollkit/go-da: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] +rollkit/go-execution: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] +rollkit/go-execution-abci: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] +rollkit/go-execution-evm: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] +rollkit/go-sequencing: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] +rollkit/local-da: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "docker" }, { ecosystem: "github-actions" }] +rollkit/rollkit: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "docker" }, { ecosystem: "github-actions" }] +rollkit/template-da-repo: + - source: .github/dependabot.njk + dest: .github/dependabot.yml + template: + deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] + +# Use groups for common files that have no differences +group: + repos: | + rollkit/astria-sequencer + rollkit/avail-da + rollkit/based-sequencer + rollkit/bitcoin-da + rollkit/centralized-sequencer + rollkit/cosmos-sdk-starter + rollkit/docs + rollkit/go-da + rollkit/go-execution + rollkit/go-execution-abci + rollkit/go-execution-evm + rollkit/go-sequencing + rollkit/local-da + rollkit/rollkit + rollkit/template-da-repo + files: + - .github/workflows/approve_merge_bots.yml + - .github/workflows/semantic_pull_request.yml + - .github/workflows/semantic_release.yml + - .github/auto_request_review.yml diff --git a/.github/workflows/approve_merge_bots.yml b/.github/workflows/approve_merge_bots.yml new file mode 100644 index 0000000..b74517d --- /dev/null +++ b/.github/workflows/approve_merge_bots.yml @@ -0,0 +1,56 @@ +# DO NOT EDIT DIRECTLY +# EDIT TEMPLATE IN ROLLKIT/.GITHUB REPO +name: Approve and Merge Bot PRs +on: + pull_request: + +jobs: + dependabot: + name: "Approve and Merge Dependabot PRs" + if: ${{ github.actor == 'dependabot[bot]' }} + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - uses: actions/checkout@v4 + - name: RollkitBot Approval + run: | + gh auth login --with-token <<< "$PAT" + gh pr review --approve "$PR_URL" + gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + PAT: ${{secrets.PR_APPROVE_PAT_RB}} + - name: Sevey Approval + run: | + gh auth login --with-token <<< "$PAT" + gh pr review --approve "$PR_URL" + gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + PAT: ${{secrets.PR_APPROVE_PAT_SEVEY}} + + rollkitbot: + name: "Approve and Merge RollkitBot PRs" + if: ${{ github.actor == 'RollkitBot' && contains(github.event.pull_request.labels.*.name, 'action sync') }} + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - uses: actions/checkout@v4 + - name: Sevey Approval + run: | + gh auth login --with-token <<< "$PAT" + gh pr review --approve "$PR_URL" + gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + PAT: ${{secrets.PR_APPROVE_PAT_SEVEY}} + - name: TBD Approval + run: | + gh auth login --with-token <<< "$PAT" + gh pr review --approve "$PR_URL" + gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + PAT: ${{secrets.PR_APPROVE_PAT_TBD}} \ No newline at end of file diff --git a/.github/workflows/approve_merge_dependabot.yml b/.github/workflows/approve_merge_dependabot.yml deleted file mode 100644 index eb2b85f..0000000 --- a/.github/workflows/approve_merge_dependabot.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Approve and Merge Dependabot PRs -on: - pull_request: - -jobs: - approve_and_merge: - name: "Approve and Merge Dependabot PRs" - # The latest actor must be Dependabot. This prevents other users from - # sneaking in changes into the PR. - if: ${{ github.actor == 'dependabot[bot]' }} - runs-on: ubuntu-latest - permissions: write-all - steps: - - uses: actions/checkout@v4 - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v2.2.0 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - - name: Approve PR - run: gh pr review --approve "$PR_URL" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Enable auto-merge for Dependabot PRs - run: gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/semantic_pull_request.yml b/.github/workflows/semantic_pull_request.yml index e11fe30..cb26def 100644 --- a/.github/workflows/semantic_pull_request.yml +++ b/.github/workflows/semantic_pull_request.yml @@ -1,3 +1,5 @@ +# DO NOT EDIT DIRECTLY +# EDIT TEMPLATE IN ROLLKIT/.GITHUB REPO name: Semantic Pull Request on: diff --git a/.github/workflows/semantic_release.yml b/.github/workflows/semantic_release.yml index c5f1d5d..949a997 100644 --- a/.github/workflows/semantic_release.yml +++ b/.github/workflows/semantic_release.yml @@ -1,3 +1,5 @@ +# DO NOT EDIT DIRECTLY +# EDIT TEMPLATE IN ROLLKIT/.GITHUB REPO name: Semantic Release on: From a3bebb02ac8dfc19ae56681e844871330b2f2d9c Mon Sep 17 00:00:00 2001 From: MSevey <15232757+MSevey@users.noreply.github.com> Date: Mon, 2 Dec 2024 22:01:23 -0500 Subject: [PATCH 3/6] chore: resolve lint errors --- .github/auto_request_review.yml | 3 ++- .github/sync.yml | 32 ++++++++++++------------ .github/workflows/approve_merge_bots.yml | 6 ++--- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/.github/auto_request_review.yml b/.github/auto_request_review.yml index 71a3b2f..0f016de 100644 --- a/.github/auto_request_review.yml +++ b/.github/auto_request_review.yml @@ -14,4 +14,5 @@ options: ignore_draft: true ignored_keywords: - WIP - number_of_reviewers: 3 \ No newline at end of file + number_of_reviewers: 3 + \ No newline at end of file diff --git a/.github/sync.yml b/.github/sync.yml index 43fb27e..91c27bc 100644 --- a/.github/sync.yml +++ b/.github/sync.yml @@ -3,82 +3,82 @@ rollkit/.github: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "docker" }, { ecosystem: "github-actions" }, { ecosystem: "npm" }] + deps: [{ecosystem: "docker"}, {ecosystem: "github-actions"}, {ecosystem: "npm"}] rollkit/astria-sequencer: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "github-actions"}] rollkit/avail-da: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "github-actions"}] rollkit/based-sequencer: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "docker" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "docker"}, {ecosystem: "github-actions"}] rollkit/bitcoin-da: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "github-actions"}] rollkit/centralized-sequencer: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "docker" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "docker"}, {ecosystem: "github-actions"}] rollkit/cosmos-sdk-starter: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "github-actions"}] rollkit/docs: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "npm" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "npm"}, {ecosystem: "github-actions"}] rollkit/go-da: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "github-actions"}] rollkit/go-execution: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "github-actions"}] rollkit/go-execution-abci: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "github-actions"}] rollkit/go-execution-evm: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "github-actions"}] rollkit/go-sequencing: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "github-actions"}] rollkit/local-da: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "docker" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "docker"}, {ecosystem: "github-actions"}] rollkit/rollkit: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "docker" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "docker"}, {ecosystem: "github-actions"}] rollkit/template-da-repo: - source: .github/dependabot.njk dest: .github/dependabot.yml template: - deps: [{ ecosystem: "gomod" }, { ecosystem: "github-actions" }] + deps: [{ecosystem: "gomod"}, {ecosystem: "github-actions"}] # Use groups for common files that have no differences group: diff --git a/.github/workflows/approve_merge_bots.yml b/.github/workflows/approve_merge_bots.yml index b74517d..1e6050f 100644 --- a/.github/workflows/approve_merge_bots.yml +++ b/.github/workflows/approve_merge_bots.yml @@ -9,7 +9,7 @@ jobs: name: "Approve and Merge Dependabot PRs" if: ${{ github.actor == 'dependabot[bot]' }} runs-on: ubuntu-latest - permissions: + permissions: pull-requests: write steps: - uses: actions/checkout@v4 @@ -34,7 +34,7 @@ jobs: name: "Approve and Merge RollkitBot PRs" if: ${{ github.actor == 'RollkitBot' && contains(github.event.pull_request.labels.*.name, 'action sync') }} runs-on: ubuntu-latest - permissions: + permissions: pull-requests: write steps: - uses: actions/checkout@v4 @@ -53,4 +53,4 @@ jobs: gh pr merge --auto --squash "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}} - PAT: ${{secrets.PR_APPROVE_PAT_TBD}} \ No newline at end of file + PAT: ${{secrets.PR_APPROVE_PAT_TBD}} From ef76b7dcf9925eb398835658272f706aa75c9939 Mon Sep 17 00:00:00 2001 From: MSevey <15232757+MSevey@users.noreply.github.com> Date: Mon, 2 Dec 2024 22:02:38 -0500 Subject: [PATCH 4/6] same --- .github/auto_request_review.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/auto_request_review.yml b/.github/auto_request_review.yml index 0f016de..24c4a5e 100644 --- a/.github/auto_request_review.yml +++ b/.github/auto_request_review.yml @@ -15,4 +15,3 @@ options: ignored_keywords: - WIP number_of_reviewers: 3 - \ No newline at end of file From d8b027867fcb1c14b224118b7c835157459a2608 Mon Sep 17 00:00:00 2001 From: MSevey <15232757+MSevey@users.noreply.github.com> Date: Tue, 3 Dec 2024 09:56:51 -0500 Subject: [PATCH 5/6] chore: remove TBD approver and update rollkit repo sync config --- .github/sync.yml | 5 ++++- .github/workflows/approve_merge_bots.yml | 9 +-------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/sync.yml b/.github/sync.yml index 91c27bc..6422ebf 100644 --- a/.github/sync.yml +++ b/.github/sync.yml @@ -70,6 +70,10 @@ rollkit/local-da: template: deps: [{ecosystem: "gomod"}, {ecosystem: "docker"}, {ecosystem: "github-actions"}] rollkit/rollkit: + # Listing additional files here since the rollkit repo doesn't currently use the semantic release action + - .github/workflows/approve_merge_bots.yml + - .github/workflows/semantic_pull_request.yml + - .github/auto_request_review.yml - source: .github/dependabot.njk dest: .github/dependabot.yml template: @@ -96,7 +100,6 @@ group: rollkit/go-execution-evm rollkit/go-sequencing rollkit/local-da - rollkit/rollkit rollkit/template-da-repo files: - .github/workflows/approve_merge_bots.yml diff --git a/.github/workflows/approve_merge_bots.yml b/.github/workflows/approve_merge_bots.yml index 1e6050f..913c01d 100644 --- a/.github/workflows/approve_merge_bots.yml +++ b/.github/workflows/approve_merge_bots.yml @@ -46,11 +46,4 @@ jobs: env: PR_URL: ${{github.event.pull_request.html_url}} PAT: ${{secrets.PR_APPROVE_PAT_SEVEY}} - - name: TBD Approval - run: | - gh auth login --with-token <<< "$PAT" - gh pr review --approve "$PR_URL" - gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - PAT: ${{secrets.PR_APPROVE_PAT_TBD}} + From 5fd8d374ffdf83e79281c9f1a6f78050efca9ffd Mon Sep 17 00:00:00 2001 From: MSevey <15232757+MSevey@users.noreply.github.com> Date: Tue, 3 Dec 2024 09:58:13 -0500 Subject: [PATCH 6/6] chore: remove extra line for yamllint --- .github/workflows/approve_merge_bots.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/approve_merge_bots.yml b/.github/workflows/approve_merge_bots.yml index 913c01d..77e05b9 100644 --- a/.github/workflows/approve_merge_bots.yml +++ b/.github/workflows/approve_merge_bots.yml @@ -46,4 +46,3 @@ jobs: env: PR_URL: ${{github.event.pull_request.html_url}} PAT: ${{secrets.PR_APPROVE_PAT_SEVEY}} -