Wip

.github/workflows/01_add_patch_label.yml

@@ -0,0 +1,60 @@
+name: Add PATCH default label
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the main branch
+  pull_request_target:
+    branches:
+      - main
+    types: [ opened, reopened ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  add_patch_label:
+    runs-on: ubuntu-latest
+    name: Add default label
+    steps:
+      - name: Check user labels
+        id: check_user_labels
+        uses: actions/[email protected]
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            var addPatch = "true";
+            // retrieve label list
+            let labels = await github.rest.issues.listLabelsOnIssue({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo
+            });
+
+            // verify if user have already added IGNORE-FOR-RELEASE, then skip add PATCH
+            // note: GitHub labels are added in .identity/03_github_environment.tf as github_issue_label resource
+            if (labels.data.find(label => label.name === 'ignore-for-release')){
+              addPatch = "false";
+            }
+            return addPatch;
+          result-encoding: string
+
+      - name: Add PATCH label
+        if: ${{ steps.check_user_labels.outputs.result == 'true' }}
+        uses: pagopa/github-actions-template/default-label@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          label: 'patch'
+
+      - name: Add comment
+        if: ${{ steps.check_user_labels.outputs.result == 'true' }}
+        uses: actions/[email protected]
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: 'The default action is to increase the `PATCH` number of `SEMVER`. Set `IGNORE-FOR-RELEASE` if you want to skip `SEMVER` bump. `BREAKING-CHANGE` and `NEW-RELEASE` must be run from GH Actions section manually.'
+              });

.github/workflows/01_assignee.yml

@@ -0,0 +1,26 @@
+name: Auto Assign
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the main branch
+  pull_request_target:
+    branches:
+      - main
+    types: [ opened, reopened ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - name: Assign Me
+        # You may pin to the exact commit or the version.
+        uses: kentaro-m/[email protected]
+        with:
+          configuration-path: '.github/auto_assign.yml'

.github/workflows/02_check_pr.yml

@@ -0,0 +1,125 @@
+name: Check PR
+
+# Controls when the workflow will run
+on:
+  pull_request:
+    branches:
+      - main
+    types: [ opened, synchronize, labeled, unlabeled, reopened, edited ]
+
+
+permissions:
+  pull-requests: write
+
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  auto_assign:
+    name: Auto Assign
+
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - name: Assign Me
+        # You may pin to the exact commit or the version.
+        uses: kentaro-m/[email protected]
+        with:
+          configuration-path: '.github/auto_assign.yml'
+
+  check_labels:
+    name: Check Required Labels
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - name: Verify PR Labels
+        if: ${{ !contains(github.event.pull_request.labels.*.name, 'patch') && !contains(github.event.pull_request.labels.*.name, 'ignore-for-release') }}
+        uses: actions/[email protected]
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            var comments = await github.rest.issues.listComments({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo
+            });
+            for (const comment of comments.data) {
+              if (comment.body.includes('This pull request does not contain a valid label')){
+                github.rest.issues.deleteComment({
+                  issue_number: context.issue.number,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  comment_id: comment.id
+                })
+              }
+            }
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'This pull request does not contain a valid label. Please add one of the following labels: `[patch, ignore-for-release]`'
+            })
+            core.setFailed('Missing required labels')
+
+
+  check_format:
+    name: Check Format
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Formatting
+        id: format
+        continue-on-error: true
+        uses: axel-op/googlejavaformat-action@v3
+        with:
+          args: "--set-exit-if-changed"
+
+      - uses: actions/[email protected]
+        if: steps.format.outcome != 'success'
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            console.log(context);
+            var comments = await github.rest.issues.listComments({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo
+            });
+            for (const comment of comments.data) {
+              console.log(comment);
+              if (comment.body.includes('Comment this PR with')){
+                github.rest.issues.deleteComment({
+                  issue_number: context.issue.number,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  comment_id: comment.id
+                })
+              }
+            }
+            github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: 'Comment this PR with *update_code* to format the code. Consider to use pre-commit to format the code.'
+            })
+            core.setFailed('Format your code.')
+
+  check_size:
+    runs-on: ubuntu-latest
+    name: Check Size
+    steps:
+
+      - name: Dump GitHub context
+        run: echo $JSON
+        env:
+          JSON: ${{ toJSON(github) }}
+
+      - name: Check PR Size
+        uses: pagopa/github-actions-template/check-pr-size@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          ignored_files: 'openapi.json'

.github/workflows/03_code_review.yml

@@ -0,0 +1,84 @@
+name: Code Review
+
+# Controls when the workflow will run
+on:
+  pull_request:
+    branches:
+      - main
+    types:
+      - opened
+      - synchronize
+      - reopened
+  push:
+    branches:
+      - main
+
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+env:
+  PROJECT_KEY: pagopa_pagopa-stand-in-technical-support
+
+
+permissions:
+  id-token: write
+  contents: read
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  code-review:
+    name: Code Review
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - name: Code Review
+        uses: pagopa/github-actions-template/[email protected]
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          sonar_token: ${{ secrets.SONAR_TOKEN }}
+          project_key: ${{env.PROJECT_KEY}}
+          coverage_exclusions: "**/config/*,**/*Mock*,**/model/**,**/entity/*,**/repository/*"
+          cpd_exclusions: "**/model/**,**/entity/*"
+          java_version: '17'
+
+#  smoke-test:
+#    name: Smoke Test
+#    runs-on: ubuntu-latest
+#    environment:
+#      name: dev
+#    steps:
+#      - name: Checkout
+#        id: checkout
+#        uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
+#
+#      - name: Login
+#        id: login
+#        # from https://github.com/Azure/login/commits/master
+#        uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
+#        with:
+#          client-id: ${{ secrets.CT_CLIENT_ID }}
+#          tenant-id: ${{ secrets.TENANT_ID }}
+#          subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
+#
+#      - name: Run Service on Docker
+#        shell: bash
+#        run: |
+#          cd ./docker
+#          chmod +x ./run_docker.sh
+#          ./run_docker.sh local
+#
+#      - name: Run Integration Tests
+#        shell: bash
+#        run: |
+#          export CANARY=${{ inputs.canary }}
+#          export CUCUMBER_PUBLISH_TOKEN=${{ secrets.CUCUMBER_PUBLISH_TOKEN }}
+#          export EVENT_HUB_TX_PRIMARY_KEY=${{ secrets.EVENT_HUB_TX_PRIMARY_KEY }}
+#          export COSMOS_DB_PRIMARY_KEY=${{ secrets.COSMOS_DB_PRIMARY_KEY }}
+#          export EVENTHUB_CONN_STRING=${{secrets.EVENTHUB_CONN_STRING}}
+#
+#          cd ./integration-test
+#          chmod +x ./run_integration_test.sh
+#          ./run_integration_test.sh local