Merge branch 'main' into noelle/docker-support

.github/workflows/auto-approve.yml

@@ -0,0 +1,14 @@
+name: Auto approve
+
+on: pull_request_target
+
+jobs:
+  auto-approve:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - uses: hmarr/auto-approve-action@v3
+        with:
+            github-token: ${{ secrets.PAT_TOKEN }}

.github/workflows/codeql.yml

@@ -0,0 +1,53 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+      - main
+
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  Analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v4
+
+    - name: Set up Python 3.12
+      id: setup-python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.12'
+
+    - name: Cache Dependencies
+      id: cache-pip
+      uses: actions/cache@v4
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-codeql-pip-${{ hashFiles('**/requirements.txt') }}
+        restore-keys: |
+          ${{ runner.os }}-codeql-pip-
+    
+    - name: Install Dependencies
+      if: steps.cache-pip.outputs.cache-hit != 'true'
+      run: |
+        pip install -r requirements.txt
+    
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: python
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        upload: true

.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,31 @@
+name: Dependabot Auto-Merge
+on: 
+  pull_request_target:
+    types:
+      - opened
+  workflow_run:
+    workflows: ["Lint", "CodeQL"]
+    branches: [main]
+    types: 
+      - completed
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]'}}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Enable auto-merge for Dependabot PRs
+        if: ${{ steps.metadata.outputs.update-type != 'version-update:semver-major' }}
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lint.yml

@@ -0,0 +1,37 @@
+name: Lint
+on:
+  push:
+    branches:
+      - main
+
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  Analyze:
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        version: [3.9, '3.10', '3.11', '3.12']
+
+    steps:
+      - name: Checkout Repository  
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.version }}
+
+      - name: Install Tox
+        run: |
+          pip install "tox>=4.18.1,<5"
+
+      - name: Lint Codebase
+        run: |
+          RAW_PYTHON_VERSION=${{ matrix.version }}
+          PYTHON_VERSION=$(echo $RAW_PYTHON_VERSION | sed 's/\.//')
+          tox -e py$PYTHON_VERSION

.github/workflows/release.yml

@@ -0,0 +1,69 @@
+name: Release
+on:
+  push:
+    branches:
+      - main
+jobs:
+  Bundle:
+    runs-on: ubuntu-latest
+    if: contains(github.event.head_commit.message, '#major') || contains(github.event.head_commit.message, '#minor') || contains(github.event.head_commit.message, '#patch')
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Prepare for bundling
+        run: |
+          mkdir -p kanae-docker
+          mkdir -p releases
+          cp docker/docker-compose.yml kanae-docker/
+          cp docker/example.env kanae-docker/
+          cp config-example.yml kanae-docker/
+  
+      - name: Bundle docker-related files
+        run: |
+          zip releases/kanae-docker.zip kanae-docker/**
+          tar -czf releases/kanae-docker.tar.gz kanae-docker/** 
+  
+      - name: Upload bundle
+        uses: actions/upload-artifact@v4
+        with:
+          path: releases
+
+
+  Release:
+    runs-on: ubuntu-latest
+    needs: Bundle
+    if: contains(github.event.head_commit.message, '#major') || contains(github.event.head_commit.message, '#minor') || contains(github.event.head_commit.message, '#patch')
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: '0'
+
+    - name: Get Previous Tag
+      uses: WyriHaximus/github-action-get-previous-tag@v1
+      id: prev_tag
+      with:
+        fallback: v0.1.0
+
+    - name: Download Artifacts
+      uses: actions/download-artifact@v4
+      with:
+        name: artifact
+        path: releases
+
+    - name: Bump version and push tag
+      uses: anothrNick/github-tag-action@1.67.0
+      id: tag_version
+      env:
+        GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }}
+        WITH_V: true
+        RELEASE_BRANCHES: main
+
+    - name: Release New Version
+      uses: ncipollo/release-action@v1
+      with:
+        body: "https://github.com/UCMercedACM/kanae/compare/${{ steps.prev_tag.outputs.tag }}...${{ steps.tag_version.outputs.new_tag }}"
+        token: ${{ secrets.PAT_TOKEN }}
+        tag: ${{ steps.tag_version.outputs.new_tag }}
+        name: ${{ steps.tag_version.outputs.new_tag }}
+        artifacts: "releases/kanae-docker.zip,releases/kanae-docker.tar.gz"