Skip to content

Commit

Permalink
Migrate to npm-managed GitHub label sync infrastructure
Browse files Browse the repository at this point in the history
Several tools are used by the "Sync Labels" workflow. The new approach is to specify the version of the tools via the
standard npm metadata files (package.json + package-lock.json), providing the following benefits:

- Enables automated updates via Dependabot PRs
- Enables automated vulnerability alerts
  • Loading branch information
per1234 committed Oct 16, 2024
1 parent cf59441 commit 4b8be67
Show file tree
Hide file tree
Showing 4 changed files with 1,039 additions and 24 deletions.
Original file line number Diff line number Diff line change
@@ -1,16 +1,22 @@
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/sync-labels.md
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/sync-labels-npm.md
name: Sync Labels

# See: https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows
on:
push:
paths:
- ".github/workflows/sync-labels.ya?ml"
- ".github/workflows/sync-labels-npm.ya?ml"
- ".github/label-configuration-files/*.ya?ml"
- ".npmrc"
- "package.json"
- "package-lock.json"
pull_request:
paths:
- ".github/workflows/sync-labels.ya?ml"
- ".github/workflows/sync-labels-npm.ya?ml"
- ".github/label-configuration-files/*.ya?ml"
- ".npmrc"
- "package.json"
- "package-lock.json"
schedule:
# Run daily at 8 AM UTC to sync with changes to shared label configurations.
- cron: "0 8 * * *"
Expand All @@ -31,6 +37,11 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version-file: package.json

- name: Download JSON schema for labels configuration file
id: download-schema
uses: carlosperate/download-file-action@v2
Expand All @@ -39,20 +50,19 @@ jobs:
location: ${{ runner.temp }}/label-configuration-schema

- name: Install JSON schema validator
run: |
sudo npm install \
--global \
ajv-cli \
ajv-formats
run: npm install

- name: Validate local labels configuration
run: |
# See: https://github.com/ajv-validator/ajv-cli#readme
ajv validate \
--all-errors \
-c ajv-formats \
-s "${{ steps.download-schema.outputs.file-path }}" \
-d "${{ env.CONFIGURATIONS_FOLDER }}/*.{yml,yaml}"
npx \
--package=ajv-cli \
--package=ajv-formats \
ajv validate \
--all-errors \
-c ajv-formats \
-s "${{ steps.download-schema.outputs.file-path }}" \
-d "${{ env.CONFIGURATIONS_FOLDER }}/*.{yml,yaml}"
download:
needs: check
Expand Down Expand Up @@ -126,21 +136,27 @@ jobs:
with:
name: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}*

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version-file: package.json

- name: Merge label configuration files
run: |
# Merge all configuration files
shopt -s extglob
cat "${{ env.CONFIGURATIONS_FOLDER }}"/*.@(yml|yaml) > "${{ env.MERGED_CONFIGURATION_PATH }}"
- name: Install github-label-sync
run: sudo npm install --global github-label-sync
run: npm install

- name: Sync labels
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# See: https://github.com/Financial-Times/github-label-sync
github-label-sync \
--labels "${{ env.MERGED_CONFIGURATION_PATH }}" \
${{ steps.dry-run.outputs.flag }} \
${{ github.repository }}
npx \
github-label-sync \
--labels "${{ env.MERGED_CONFIGURATION_PATH }}" \
${{ steps.dry-run.outputs.flag }} \
${{ github.repository }}
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
[![Check Workflows status](https://github.com/arduino/arduino-lint/actions/workflows/check-workflows-task.yml/badge.svg)](https://github.com/arduino/arduino-lint/actions/workflows/check-workflows-task.yml)
[![Check Shell Scripts status](https://github.com/arduino/arduino-lint/actions/workflows/check-shell-task.yml/badge.svg)](https://github.com/arduino/arduino-lint/actions/workflows/check-shell-task.yml)
[![Check Certificates status](https://github.com/arduino/arduino-lint/actions/workflows/check-certificates.yml/badge.svg)](https://github.com/arduino/arduino-lint/actions/workflows/check-certificates.yml)
[![Sync Labels status](https://github.com/arduino/arduino-lint/actions/workflows/sync-labels.yml/badge.svg)](https://github.com/arduino/arduino-lint/actions/workflows/sync-labels.yml)
[![Sync Labels status](https://github.com/arduino/arduino-lint/actions/workflows/sync-labels-npm.yml/badge.svg)](https://github.com/arduino/arduino-lint/actions/workflows/sync-labels-npm.yml)

**Arduino Lint** is a command line tool that checks for common problems in [Arduino](https://www.arduino.cc/) projects:

Expand Down
Loading

0 comments on commit 4b8be67

Please sign in to comment.