From 09eaef2a48dfb9370950bc4218fe604b58b01ee3 Mon Sep 17 00:00:00 2001
From: jwiegratz <jasper.wiegratz@sva.de>
Date: Sun, 17 Mar 2024 19:50:44 +0100
Subject: [PATCH] ci: add dependabot, git-cliff, release-plz

dependabot: opens pull requests for dependency updates.
git-cliff: creates changelogs from git commits.
release-plz: opens release pull request, after merge:
  * creates tags
  * updates changelog
  * creates github release
  * publishes to cargo
---
 .github/dependabot.yml        | 15 ++++++
 .github/workflows/release.yml | 28 +++++++++++
 Cargo.toml                    |  3 +-
 cliff.toml                    | 92 +++++++++++++++++++++++++++++++++++
 release-plz.toml              | 22 +++++++++
 5 files changed, 159 insertions(+), 1 deletion(-)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/release.yml
 create mode 100644 cliff.toml
 create mode 100644 release-plz.toml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..0b4dd78
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+version: 2
+updates:
+  # Maintain dependencies for Cargo
+  - package-ecosystem: cargo
+    directory: "/"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..f43b777
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,28 @@
+name: Release-plz
+
+permissions:
+  pull-requests: write
+  contents: write
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release-plz:
+    name: Release-plz
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+      - name: Run release-plz
+        uses: MarcoIeni/release-plz-action@v0.5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
+
diff --git a/Cargo.toml b/Cargo.toml
index 0e67819..9b5ade8 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -10,8 +10,9 @@ readme = "README.md"
 keywords = ["nftables", "netfilter", "firewall"]
 categories = ["os", "network-programming"]
 exclude = [
-    ".gitlab/*",
     ".github/*",
+    "cliff.toml",
+    "release-plz.toml",
 ]
 
 [dependencies]
diff --git a/cliff.toml b/cliff.toml
new file mode 100644
index 0000000..595eaf6
--- /dev/null
+++ b/cliff.toml
@@ -0,0 +1,92 @@
+# git-cliff ~ default configuration file
+# https://git-cliff.org/docs/configuration
+#
+# Lines starting with "#" are comments.
+# Configuration options are organized into tables and keys.
+# See documentation for more information on available options.
+
+[changelog]
+# changelog header
+header = """
+# Changelog\n
+All notable changes to this project will be documented in this file.\n
+"""
+# template for the changelog body
+# https://keats.github.io/tera/docs/#introduction
+body = """
+{% if version %}\
+    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
+{% else %}\
+    ## [unreleased]
+{% endif %}\
+{% for group, commits in commits | group_by(attribute="group") %}
+    ### {{ group | striptags | trim | upper_first }}
+    {% for commit in commits %}
+        - {% if commit.scope %}*({{ commit.scope }})* {% endif %}\
+            {% if commit.breaking %}[**breaking**] {% endif %}\
+            {{ commit.message | upper_first }}\
+    {% endfor %}
+{% endfor %}\n
+"""
+# template for the changelog footer
+footer = """
+<!-- generated by git-cliff -->
+"""
+# remove the leading and trailing s
+trim = true
+# postprocessors
+postprocessors = [
+  # { pattern = '<REPO>', replace = "https://github.com/orhun/git-cliff" }, # replace repository URL
+]
+
+[git]
+# parse the commits based on https://www.conventionalcommits.org
+conventional_commits = true
+# filter out the commits that are not conventional
+filter_unconventional = true
+# process each line of a commit as an individual commit
+split_commits = false
+# regex for preprocessing the commit messages
+commit_preprocessors = [
+  # Replace issue numbers
+  #{ pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](<REPO>/issues/${2}))"},
+  # Check spelling of the commit with https://github.com/crate-ci/typos
+  # If the spelling is incorrect, it will be automatically fixed.
+  #{ pattern = '.*', replace_command = 'typos --write-changes -' },
+]
+# regex for parsing and grouping commits
+commit_parsers = [
+  { message = "^feat", group = "<!-- 0 -->🚀 Features" },
+  { message = "^fix", group = "<!-- 1 -->🐛 Bug Fixes" },
+  { message = "^doc", group = "<!-- 3 -->📚 Documentation" },
+  { message = "^perf", group = "<!-- 4 -->⚡ Performance" },
+  { message = "^refactor", group = "<!-- 2 -->🚜 Refactor" },
+  { message = "^style", group = "<!-- 5 -->🎨 Styling" },
+  { message = "^test", group = "<!-- 6 -->🧪 Testing" },
+  { message = "^chore\\(release\\): prepare for", skip = true },
+  { message = "^chore\\(deps.*\\)", skip = true },
+  { message = "^chore\\(pr\\)", skip = true },
+  { message = "^chore\\(pull\\)", skip = true },
+  { message = "^chore|^ci", group = "<!-- 7 -->⚙️ Miscellaneous Tasks" },
+  { body = ".*security", group = "<!-- 8 -->🛡️ Security" },
+  { message = "^revert", group = "<!-- 9 -->◀️ Revert" },
+]
+# protect breaking changes from being skipped due to matching a skipping commit_parser
+protect_breaking_commits = false
+# filter out the commits that are not matched by commit parsers
+filter_commits = false
+# regex for matching git tags
+# tag_pattern = "v[0-9].*"
+# regex for skipping tags
+# skip_tags = ""
+# regex for ignoring tags
+# ignore_tags = ""
+# sort the tags topologically
+topo_order = false
+# sort the commits inside sections by oldest/newest order
+sort_commits = "oldest"
+# limit the number of commits included in the changelog.
+# limit_commits = 42
+[bump]
+breaking_always_bump_major = false
+
diff --git a/release-plz.toml b/release-plz.toml
new file mode 100644
index 0000000..8af0467
--- /dev/null
+++ b/release-plz.toml
@@ -0,0 +1,22 @@
+# configuration for https://github.com/MarcoIeni/release-plz
+
+[workspace]
+# path of the git-cliff configuration
+changelog_config = "cliff.toml"
+# enable changelog updates
+changelog_update = true
+# update dependencies with `cargo update`
+dependencies_update = true
+# create tags for the releases
+git_tag_enable = true
+# enable GitHub releases
+git_release_enable = true
+# labels for the release PR
+pr_labels = ["release"]
+# disallow updating repositories with uncommitted changes
+allow_dirty = false
+# disallow packaging with uncommitted changes
+publish_allow_dirty = false
+# disable running `cargo-semver-checks`
+semver_check = true
+