chore: configuring workflows and release-please init

.github/workflows/pr-merge-group.yml

@@ -0,0 +1,25 @@
+# triggers on merge_group and pull_request events
+# only use this if merge queue is enabled, otherwise stick to test-command for e2e testing
+
+name: pr-merge-group
+on:
+  merge_group:
+    types: [checks_requested]
+  pull_request:
+
+defaults:
+  run:
+    shell: bash -eo pipefail {0}
+
+permissions:
+  id-token: write # needed for oidc auth for AWS creds
+  contents: read
+
+jobs:
+  pr-merge-group-test:
+    uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/pr-merge-group-test.yml@main
+    secrets:
+      APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
+      APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}
+      AWS_COMMERCIAL_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_COMMERCIAL_ROLE_TO_ASSUME }}
+      AWS_GOVCLOUD_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_GOVCLOUD_ROLE_TO_ASSUME }}

.github/workflows/pre-commit.yml

@@ -3,18 +3,17 @@ name: pre-commit
 
 on:
   pull_request:
+  merge_group:
+
 
 permissions:
   pull-requests: write
   id-token: write
   contents: read
 
 jobs:
-
   pre-commit:
     uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/pre-commit.yml@main
     secrets:
       APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
       APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}
-    with:
-      check-types: '["common", "golang"]'

.github/workflows/pull-request-opened-by-renovate copy.yml

@@ -0,0 +1,32 @@
+# If Renovate is not the author of the PR that triggers this workflow, it will do nothing.
+# If Renovate is the author of the PR that triggers this workflow, but the workflow event is anything but "opened", it will do nothing.
+# If Renovate is the author of the PR that triggers this workflow, and the workflow event is "opened", it will:
+#   1. Autoformat using pre-commit and, if necessary, push an additional commit to the PR with the autoformat fixes.
+#   2. Add the "/test all" comment to the PR, so that the Slash Command Dispatch workflow is triggered automatically.
+#
+# See ADR #0008.
+name: auto-test
+on:
+  pull_request:
+    # WARNING: DO NOT ADD MORE EVENT TYPES HERE! Because this workflow will push a new commit to the PR in the Autoformat step, adding more event types may cause an infinite loop.
+    types:
+      - opened
+
+permissions:
+  id-token: write
+  contents: write
+
+defaults:
+  run:
+    # We need -e -o pipefail for consistency with GitHub Actions' default behavior
+    shell: bash -e -o pipefail {0}
+
+jobs:
+  renovate-test:
+    if: github.event.client_payload.github.actor == 'renovate[bot]' || github.actor == 'renovate[bot]'
+    uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/renovate-test.yml@main
+    secrets:
+      APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
+      APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}
+      AWS_COMMERCIAL_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_COMMERCIAL_ROLE_TO_ASSUME }}
+      AWS_GOVCLOUD_ROLE_TO_ASSUME: ${{ secrets.NARWHAL_AWS_GOVCLOUD_ROLE_TO_ASSUME }}

.github/workflows/release-please.yml

@@ -12,19 +12,8 @@ permissions:
   pull-requests: write
 
 jobs:
-
   release-please:
-    runs-on: ubuntu-latest
-    steps:
-
-      - name: Get token
-        id: get_workflow_token
-        uses: peter-murray/workflow-application-token-action@v2
-        with:
-          application_id: ${{ secrets.NARWHAL_BOT_APP_ID }}
-          application_private_key: ${{ secrets.NARWHAL_BOT_SECRET }}
-
-      - uses: google-github-actions/release-please-action@v3
-        with:
-          token: ${{ steps.get_workflow_token.outputs.token }}
-          command: manifest
+    uses: defenseunicorns/delivery-github-actions-workflows/.github/workflows/release-please.yml@main
+    secrets:
+      APPLICATION_ID: ${{ secrets.NARWHAL_BOT_APP_ID }}
+      APPLICATION_PRIVATE_KEY: ${{ secrets.NARWHAL_BOT_SECRET }}

.github/workflows/slash-command-dispatch.yml

@@ -1,3 +1,6 @@
+# When someone with write access to the repo adds a comment to a PR that contains "/test <command>", dispatch the workflow found in "test-command.yml"
+# When someone with write access to the repo adds a comment to a PR that contains "/update <command>", dispatch the workflow found in "update-command.yml"
+
 name: Slash Command Dispatch
 
 on:
@@ -10,7 +13,6 @@ jobs:
     if: github.event.issue.pull_request && contains(github.event.comment.body, '/test')
     runs-on:  ubuntu-latest
     steps:
-
       - name: Get token
         id: get_workflow_token
         uses: peter-murray/workflow-application-token-action@v2
@@ -31,7 +33,6 @@ jobs:
     if: github.event.issue.pull_request && contains(github.event.comment.body, '/update')
     runs-on:  ubuntu-latest
     steps:
-
     - name: Get token
       id: get_workflow_token
       uses: peter-murray/workflow-application-token-action@v2

.github/workflows/update-command.yml

@@ -1,3 +1,5 @@
+# This workflow is triggered by a comment on a pull request. The comment must contain "/update <command>" to trigger the workflow.
+
 name: update
 on:
   repository_dispatch:

.release-please-manifest.json

@@ -1 +1,3 @@
-{}
+{
+  ".": "0.0.0"
+}

release-please-config.json

@@ -30,7 +30,8 @@
       "release-type": "simple",
       "separate-pull-requests": false,
       "skip-github-release": false,
-      "versioning": "default"
+      "versioning": "default",
+      "release-as": "0.0.1"
     }
   }
 }