Skip to content

feat(gitlab): use forked_from_project for Merge Requests target project #13

feat(gitlab): use forked_from_project for Merge Requests target project

feat(gitlab): use forked_from_project for Merge Requests target project #13

Workflow file for this run

name: Build
on:
push:
branches:
- main
- gitlab-forked-from-project-*
# pull_request:
# types:
# - opened
# - synchronize
# - reopened
# - ready_for_review
# merge_group:
# workflow_dispatch:
# inputs:
# dryRun:
# description: 'Dry-Run'
# default: 'true'
# required: false
# permissions:
# contents: read
# concurrency:
# group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
# cancel-in-progress: ${{ github.ref_name != 'main' }}
# env:
# DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
# NODE_VERSION: 18
# DRY_RUN: true
# TEST_LEGACY_DECRYPTION: true
# SPARSE_CHECKOUT: |-
# .github/actions/
# data/
# tools/
# package.json
# pnpm-lock.yaml
# jobs:
# setup:
# runs-on: ubuntu-latest
# outputs:
# os-matrix: ${{ steps.os-matrix.outputs.os-matrix }}
# os-matrix-is-full: ${{ steps.os-matrix-is-full.outputs.os-matrix-is-full }}
# os-matrix-prefetch: ${{ steps.os-matrix-prefetch.outputs.matrix }}
# test-shard-matrix: ${{ steps.schedule-test-shards.outputs.test-shard-matrix }}
# test-matrix-empty: ${{ steps.schedule-test-shards.outputs.test-matrix-empty }}
# steps:
# - name: Calculate `os-matrix-is-full` output
# id: os-matrix-is-full
# env:
# IS_FULL: >-
# ${{
# (
# github.event_name != 'pull_request' ||
# contains(github.event.pull_request.labels.*.name, 'ci:fulltest')
# ) && 'true' || ''
# }}
# run: |
# echo 'OS_MATRIX_IS_FULL=${{ env.IS_FULL }}' >> "$GITHUB_ENV"
# echo 'os-matrix-is-full=${{ env.IS_FULL }}' >> "$GITHUB_OUTPUT"
# - name: Calculate `os-matrix` output
# id: os-matrix
# env:
# OS_ALL: '["ubuntu-latest", "macos-latest", "windows-latest"]'
# OS_LINUX_ONLY: '["ubuntu-latest"]'
# run: |
# echo 'os-matrix=${{
# env.OS_MATRIX_IS_FULL && env.OS_ALL || env.OS_LINUX_ONLY
# }}' >> "$GITHUB_OUTPUT"
# - name: Detect changed files
# if: ${{ github.event_name == 'pull_request' }}
# id: changed-files
# env:
# GH_TOKEN: ${{ github.token }}
# GH_REPO: ${{ github.event.repository.full_name }}
# PR_URL: >-
# https://api.github.com/repos/{owner}/{repo}/compare/${{
# github.event.pull_request.base.sha
# }}...${{
# github.event.pull_request.head.sha
# }}
# JQ_FILTER: >-
# "changed-files=" + ([.files[].filename] | tostring)
# run: gh api ${{ env.PR_URL }} | jq -rc '${{ env.JQ_FILTER }}' >> "$GITHUB_OUTPUT"
# - name: Checkout code
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# filter: blob:none # we don't need all blobs
# sparse-checkout: ${{ env.SPARSE_CHECKOUT }}
# show-progress: false
# - name: Calculate matrix for `node_modules` prefetch
# uses: ./.github/actions/calculate-prefetch-matrix
# id: os-matrix-prefetch
# with:
# repo: ${{ github.event.repository.full_name }}
# token: ${{ github.token }}
# node-version: ${{ env.NODE_VERSION }}
# - name: Prefetch modules for `ubuntu-latest`
# id: setup-node
# uses: ./.github/actions/setup-node
# with:
# node-version: ${{ env.NODE_VERSION }}
# os: ${{ runner.os }}
# save-cache: true
# - name: Schedule test shards
# id: schedule-test-shards
# env:
# ALL_PLATFORMS: ${{ env.OS_MATRIX_IS_FULL }}
# FILTER_SHARDS: ${{ github.event.pull_request.draft && 'true' || '' }}
# CHANGED_FILES: ${{ steps.changed-files.outputs.changed-files }}
# run: |
# echo "$(pnpm -s schedule-test-shards)" >> "$GITHUB_OUTPUT"
# prefetch:
# needs: [setup]
# # We can't check `needs.setup.outputs.os-matrix-is-full` here,
# # as it will lead to further complications that aren't solvable
# # with current GitHub Actions feature set.
# #
# # Although this job sometimes may act as short-lived `no-op`,
# # it's actually the best option available.
# #
# # However, in draft mode we can skip this step.
# if: |
# !(github.event.pull_request.draft == true &&
# needs.setup.outputs.test-matrix-empty == 'true')
# strategy:
# matrix:
# os: ${{ fromJSON(needs.setup.outputs.os-matrix-prefetch) }}
# node-version: [18]
# runs-on: ${{ matrix.os }}
# timeout-minutes: 10
# steps:
# - name: Checkout code
# if: needs.setup.outputs.os-matrix-is-full && runner.os != 'Linux'
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# filter: blob:none # we don't need all blobs
# sparse-checkout: ${{ env.SPARSE_CHECKOUT }}
# show-progress: false
# - name: Setup Node.js
# if: needs.setup.outputs.os-matrix-is-full && runner.os != 'Linux'
# uses: ./.github/actions/setup-node
# with:
# node-version: ${{ env.NODE_VERSION }}
# os: ${{ runner.os }}
# save-cache: true
# lint-eslint:
# needs: [setup]
# runs-on: ubuntu-latest
# timeout-minutes: 15
# permissions:
# actions: write
# steps:
# - name: Checkout code
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# show-progress: false
# - name: Setup Node.js
# uses: ./.github/actions/setup-node
# with:
# node-version: ${{ env.NODE_VERSION }}
# os: ${{ runner.os }}
# - name: Restore eslint cache
# uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
# with:
# path: .cache/eslint
# key: eslint-main-cache
# - name: Lint
# run: pnpm eslint-ci
# - name: Remove cache
# if: github.event_name == 'push'
# env:
# GH_TOKEN: ${{ github.token }}
# GH_REPO: ${{ github.event.repository.full_name }}
# run: |
# gh api --method DELETE /repos/{owner}/{repo}/actions/caches?key=eslint-main-cache ||
# echo "Cache not found"
# - name: Save eslint cache
# if: github.event_name == 'push'
# uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
# with:
# path: .cache/eslint
# key: eslint-main-cache
# lint-prettier:
# needs: [setup]
# runs-on: ubuntu-latest
# timeout-minutes: 7
# permissions:
# actions: write
# steps:
# - name: Checkout code
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# show-progress: false
# - name: Setup Node.js
# uses: ./.github/actions/setup-node
# with:
# node-version: ${{ env.NODE_VERSION }}
# os: ${{ runner.os }}
# - name: Restore prettier cache
# uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
# with:
# path: .cache/prettier
# key: prettier-main-cache
# - name: Lint
# run: pnpm prettier --cache-location .cache/prettier
# - name: Remove cache
# if: github.event_name == 'push'
# env:
# GH_TOKEN: ${{ github.token }}
# GH_REPO: ${{ github.event.repository.full_name }}
# run: |
# gh api --method DELETE /repos/{owner}/{repo}/actions/caches?key=prettier-main-cache ||
# echo "Cache not found"
# - name: Save prettier cache
# if: github.event_name == 'push'
# uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
# with:
# path: .cache/prettier
# key: prettier-main-cache
# lint-docs:
# needs: [setup]
# runs-on: ubuntu-latest
# timeout-minutes: 7
# steps:
# - name: Checkout code
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# show-progress: false
# - name: Setup Node.js
# uses: ./.github/actions/setup-node
# with:
# node-version: ${{ env.NODE_VERSION }}
# os: ${{ runner.os }}
# - name: Lint markdown
# uses: DavidAnson/markdownlint-cli2-action@b4c9feab76d8025d1e83c653fa3990936df0e6c8 # v16.0.0
# - name: Lint fenced code blocks
# run: pnpm doc-fence-check
# - name: Lint documentation
# run: pnpm lint-documentation
# - name: Markdown lint
# run: pnpm markdown-lint
# lint-other:
# needs: [setup]
# runs-on: ubuntu-latest
# timeout-minutes: 7
# steps:
# - name: Checkout code
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# show-progress: false
# - name: Setup Node.js
# uses: ./.github/actions/setup-node
# with:
# node-version: ${{ env.NODE_VERSION }}
# os: ${{ runner.os }}
# - name: Type check
# run: pnpm type-check
# - name: Lint project file structure
# run: pnpm ls-lint
# - name: Check git version
# run: pnpm git-check
# - name: Test schema
# run: pnpm test-schema
# test:
# needs: [setup, prefetch]
# if: |
# !(github.event.pull_request.draft == true &&
# needs.setup.outputs.test-matrix-empty == 'true')
# name: ${{ matrix.name }}
# runs-on: ${{ matrix.os }}
# timeout-minutes: ${{ matrix.runner-timeout-minutes }}
# strategy:
# matrix:
# include: ${{ fromJSON(needs.setup.outputs.test-shard-matrix) }}
# steps:
# - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# show-progress: false
# - name: Setup Node.js
# uses: ./.github/actions/setup-node
# with:
# node-version: ${{ env.NODE_VERSION }}
# os: ${{ runner.os }}
# - name: Cache jest
# uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
# with:
# path: .cache/jest
# key: |
# jest-cache-${{
# runner.os
# }}-${{
# env.NODE_VERSION
# }}-${{
# hashFiles('pnpm-lock.yaml')
# }}-${{
# matrix.cache-key
# }}
# - name: Unit tests
# shell: bash
# run: |
# for shard in ${{ matrix.shards }};
# do
# TEST_SHARD="$shard" pnpm jest \
# --ci \
# --test-timeout ${{ matrix.test-timeout-milliseconds }} \
# --coverage ${{ matrix.coverage }}
# done
# - name: Move coverage files
# if: (success() || failure()) && github.event.pull_request.draft != true && matrix.coverage
# run: |
# mkdir -p ./coverage/lcov
# mkdir -p ./coverage/json
# for shard in ${{ matrix.shards }};
# do
# mv ./coverage/shard/$shard/lcov.info ./coverage/lcov/$shard.lcov
# mv ./coverage/shard/$shard/coverage-final.json ./coverage/json/$shard.json
# done
# - name: Save coverage artifacts
# if: (success() || failure()) && github.event.pull_request.draft != true && matrix.coverage
# uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
# with:
# name: ${{ matrix.upload-artifact-name }}
# path: |
# ./coverage/lcov
# ./coverage/json
# codecov:
# needs: [test]
# runs-on: ubuntu-latest
# timeout-minutes: 3
# if: (success() || failure()) && github.event_name != 'merge_group' && github.event.pull_request.draft != true
# steps:
# - name: Checkout code
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# filter: blob:none # we don't need all blobs
# show-progress: false
# - name: Download coverage reports
# uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
# with:
# pattern: coverage-*
# path: coverage
# merge-multiple: true
# - name: Codecov
# uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
# with:
# token: ${{ secrets.CODECOV_TOKEN }}
# directory: coverage/lcov
# fail_ci_if_error: github.event_name != 'pull_request'
# verbose: true
# coverage-threshold:
# needs:
# - test
# runs-on: ubuntu-latest
# timeout-minutes: 3
# if: (success() || failure()) && github.event.pull_request.draft != true
# steps:
# - name: Checkout code
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# filter: blob:none # we don't need all blobs
# sparse-checkout: ${{ env.SPARSE_CHECKOUT }}
# show-progress: false
# - name: Setup Node.js
# uses: ./.github/actions/setup-node
# with:
# node-version: ${{ env.NODE_VERSION }}
# os: ${{ runner.os }}
# - name: Download coverage reports
# uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
# with:
# pattern: coverage-*
# path: coverage
# merge-multiple: true
# - name: Merge coverage reports
# run: pnpm nyc merge ./coverage/json ./coverage/nyc/coverage.json
# - name: Report coverage
# run: pnpm nyc report -t ./coverage/nyc --skip-full -r text -r text-summary
# - name: Check coverage threshold
# run: |
# pnpm nyc check-coverage -t ./coverage/nyc \
# --branches 100 \
# --functions 100 \
# --lines 100 \
# --statements 100
# # Catch-all required check for test matrix and coverage
# test-success:
# needs:
# - setup
# - test
# - codecov
# - coverage-threshold
# runs-on: ubuntu-latest
# timeout-minutes: 1
# if: always()
# steps:
# - name: Fail for failed or cancelled tests
# if: |
# needs.test.result == 'failure' ||
# needs.test.result == 'cancelled'
# run: exit 1
# - name: Fail for skipped tests when PR is ready for review
# if: |
# github.event_name == 'pull_request' &&
# github.event.pull_request.draft != true &&
# needs.test.result == 'skipped'
# run: exit 1
# - name: Fail for failed or cancelled codecov
# if: |
# needs.codecov.result == 'failure' ||
# needs.codecov.result == 'cancelled'
# run: exit 1
# - name: Fail for skipped codecov when PR is ready for review
# if: |
# github.event_name == 'pull_request' &&
# github.event.pull_request.draft != true &&
# needs.codecov.result == 'skipped'
# run: exit 1
# - name: Fail for failed or cancelled coverage-threshold
# if: |
# needs.coverage-threshold.result == 'failure' ||
# needs.coverage-threshold.result == 'cancelled'
# run: exit 1
# - name: Fail for skipped coverage-threshold when PR is ready for review
# if: |
# github.event_name == 'pull_request' &&
# github.event.pull_request.draft != true &&
# needs.coverage-threshold.result == 'skipped'
# run: exit 1
# build:
# needs: setup
# runs-on: ubuntu-latest
# timeout-minutes: 5
# if: github.event.pull_request.draft != true
# steps:
# - name: Checkout code
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# show-progress: false
# - name: Setup Node.js
# uses: ./.github/actions/setup-node
# with:
# node-version: ${{ env.NODE_VERSION }}
# os: ${{ runner.os }}
# - name: Build
# run: pnpm build
# - name: Build docker
# run: pnpm build:docker build --tries=3
# env:
# LOG_LEVEL: debug
# - name: Pack
# run: pnpm test-e2e:pack
# - name: Upload
# uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
# with:
# name: renovate-package
# path: renovate-0.0.0-semantic-release.tgz
# build-docs:
# needs: [lint-docs]
# runs-on: ubuntu-latest
# timeout-minutes: 5
# if: github.event.pull_request.draft != true
# steps:
# - name: Checkout code
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# show-progress: false
# - name: Setup Node.js
# uses: ./.github/actions/setup-node
# with:
# node-version: ${{ env.NODE_VERSION }}
# os: ${{ runner.os }}
# - name: Build
# run: pnpm build:docs
# - name: Upload
# uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
# with:
# name: docs
# path: tmp/docs/
# test-e2e:
# needs: [build]
# runs-on: 'ubuntu-latest'
# timeout-minutes: 7
# if: github.event.pull_request.draft != true
# steps:
# - name: Checkout code
# uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# show-progress: false
# - name: Setup pnpm
# uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0
# with:
# standalone: true
# - name: Setup Node.js
# uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
# with:
# node-version: ${{ env.NODE_VERSION }}
# - name: Download package
# uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
# with:
# name: renovate-package
# - name: Install dependencies
# run: pnpm test-e2e:install
# - name: E2E Test
# run: pnpm test-e2e:run
# release:
# needs:
# - setup
# - lint-eslint
# - lint-prettier
# - lint-docs
# - lint-other
# - test-e2e
# - test-success
# - build-docs
# - codecov
# - coverage-threshold
# if: github.repository == 'renovatebot/renovate' && github.event_name != 'pull_request'
# runs-on: ubuntu-latest
# timeout-minutes: 60
# permissions:
# contents: write
# issues: write
# pull-requests: write
# id-token: write
# packages: write
# steps:
# - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# with:
# fetch-depth: 0 # zero stands for full checkout, which is required for semantic-release
# filter: blob:none # we don't need all blobs, only the full tree
# show-progress: false
# - name: docker-config
# uses: containerbase/internal-tools@75d68da3c8cd3d622cf6d4b8d2dfe7e4dc33dfed # v3.0.78
# with:
# command: docker-config
# - name: Setup Node.js
# uses: ./.github/actions/setup-node
# with:
# node-version: ${{ env.NODE_VERSION }}
# os: ${{ runner.os }}
# - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
# - name: Docker registry login
# run: |
# echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
# echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
# - name: Check dry run
# run: |
# if [[ "${{github.event_name}}" == "workflow_dispatch" && "${{ github.event.inputs.dryRun }}" != "true" ]]; then
# echo "DRY_RUN=false" >> "$GITHUB_ENV"
# elif [[ "${{github.ref}}" == "refs/heads/${{env.DEFAULT_BRANCH}}" ]]; then
# echo "DRY_RUN=false" >> "$GITHUB_ENV"
# elif [[ "${{github.ref}}" =~ ^refs/heads/v[0-9]+(\.[0-9]+)?$ ]]; then
# echo "DRY_RUN=false" >> "$GITHUB_ENV"
# fi
# - name: semantic-release
# run: |
# pnpm semantic-release --dry-run ${{env.DRY_RUN}}
# env:
# GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} # TODO: use action token?
# NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
# LOG_LEVEL: debug
# #
# name: Create and publish a Docker image
# # Configures this workflow to run every time a change is pushed to the branch called `release`.
# on:
# push:
# branches: ['release']
# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
NODE_VERSION: 18
# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
jobs:
build-and-push-image:
runs-on: ubuntu-latest
# Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
permissions:
contents: read
packages: write
# attestations: write
#
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Setup Node.js
uses: ./.github/actions/setup-node
with:
node-version: ${{ env.NODE_VERSION }}
os: ${{ runner.os }}
- name: semantic-release
run: |
pnpm semantic-release
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} # TODO: use action token?
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
LOG_LEVEL: debug
# This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
# It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
# It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
# - name: Build and push Docker image
# id: push
# uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
# with:
# push: true
# tags: ${{ steps.meta.outputs.tags }}
# labels: ${{ steps.meta.outputs.labels }}
# This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
# - name: Generate artifact attestation
# uses: actions/attest-build-provenance@v1
# with:
# subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
# subject-digest: ${{ steps.push.outputs.digest }}
# push-to-registry: true