Merge pull request #1240 from dev-hato/develop

v2.4.2 リリース

.dockle-version

@@ -0,0 +1 @@
+0.4.9

.github/workflows/add-to-task-list.yml

@@ -0,0 +1,18 @@
+name: Add to Task List
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+  issues:
+    types:
+      - opened
+jobs:
+  add-to-task-list:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dev-hato/[email protected]
+        with:
+          github_app_id: ${{ secrets.PROJECT_AUTOMATION_APP_ID }}
+          github_app_private_key: ${{ secrets.PROJECT_AUTOMATION_PRIVATE_KEY }}
+          project-url: https://github.com/orgs/dev-hato/projects/1

.github/workflows/codeql-analysis.yml

@@ -1,18 +1,15 @@
 ---
 name: "CodeQL"
-
 on:
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [develop, master]
   schedule:
     - cron: '0 21 * * 0'
-
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
-
     strategy:
       fail-fast: false
       matrix:
@@ -22,33 +19,28 @@ jobs:
         language: ['python']
         # Learn more...
         # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
-
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.1.0
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
           fetch-depth: 2
-
       # If this run was triggered by a pull request event, then checkout
       # the head of the pull request instead of the merge commit.
       - run: git checkout HEAD^2
         if: ${{ github.event_name == 'pull_request' }}
-
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:
           languages: ${{ matrix.language }}
-
       # Autobuild attempts to build any compiled languages
       # (C/C++, C#, or Java).
       # If this step fails,
       # then you should remove it and run the build manually (see below)
       - name: Autobuild
         uses: github/codeql-action/autobuild@v2
-
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
 
@@ -60,6 +52,9 @@ jobs:
       #- run: |
       #   make bootstrap
       #   make release
-
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v2
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true

.github/workflows/deploy-hato-bot.yml

@@ -0,0 +1,173 @@
+---
+name: deploy-hato-bot
+
+on:
+  release:
+    types:
+      - published
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+  push:
+    branches:
+      - master
+      - develop
+
+jobs:
+  deploy_docker_image:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_BUILDKIT: 1
+      COMPOSE_DOCKER_CLI_BUILD: 1
+      REPOSITORY: ${{github.repository}}
+    permissions:
+      contents: read
+      packages: write
+    if: github.event_name == 'release' || (github.event_name == 'pull_request' && github.event.action != 'closed' && github.repository == github.event.pull_request.head.repo.full_name)
+    steps:
+      - uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+      - name: Set .env
+        run: cp .env.example .env
+      - name: Login to GitHub Container Registry
+        uses: docker/[email protected]
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up QEMU
+        uses: docker/[email protected]
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/[email protected]
+      - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
+        env:
+          HEAD_REF: ${{github.head_ref}}
+        if: ${{ github.event_name == 'pull_request' }}
+      - run: echo 'TAG_NAME=${{ github.event.release.tag_name }}' >> "$GITHUB_ENV"
+        if: ${{ github.event_name == 'release' }}
+      - name: Build and push (build)
+        uses: docker/[email protected]
+        env:
+          DOCKER_CONTENT_TRUST: 1
+        with:
+          push: true
+          files: build.docker-compose.yml
+      - name: Build and push (main)
+        uses: docker/[email protected]
+        env:
+          DOCKER_CONTENT_TRUST: 1
+        with:
+          push: true
+          files: docker-compose.yml
+      - name: Build and push (dev)
+        uses: docker/[email protected]
+        env:
+          DOCKER_CONTENT_TRUST: 1
+        with:
+          push: true
+          files: docker-compose.yml,dev.docker-compose.yml
+      - run: echo 'TAG_NAME=latest' >> "$GITHUB_ENV"
+        if: ${{ github.event_name == 'release' }}
+      - name: Build and push (build) (latest)
+        uses: docker/[email protected]
+        if: ${{ github.event_name == 'release' }}
+        env:
+          DOCKER_CONTENT_TRUST: 1
+        with:
+          push: true
+          files: build.docker-compose.yml
+      - name: Build and push (main) (latest)
+        uses: docker/[email protected]
+        if: ${{ github.event_name == 'release' }}
+        env:
+          DOCKER_CONTENT_TRUST: 1
+        with:
+          push: true
+          files: docker-compose.yml
+      - name: Build and push (dev) (latest)
+        uses: docker/[email protected]
+        if: ${{ github.event_name == 'release' }}
+        env:
+          DOCKER_CONTENT_TRUST: 1
+        with:
+          push: true
+          files: docker-compose.yml,dev.docker-compose.yml
+      - name: Start docker
+        env:
+          DOCKER_CONTENT_TRUST: 1
+        run: bash "${GITHUB_WORKSPACE}/scripts/deploy_hato_bot/deploy_docker_image/test.sh"
+
+  # .python-version をDockerイメージと同期させる
+  update-version-python-version:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    env:
+      DOCKER_CONTENT_TRUST: 1
+      REPOSITORY: ${{github.repository}}
+    needs: deploy_docker_image
+    if: always() && (needs.deploy_docker_image.result == 'success' || (github.event_name == 'pull_request' && github.event.action == 'closed'))
+    steps:
+      - uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Get Python version
+        id: get_python_version
+        run: bash "${GITHUB_WORKSPACE}/scripts/deploy_hato_bot/update_version_python_version/get_python_version.sh"
+        env:
+          HEAD_REF: ${{github.head_ref}}
+      - uses: dev-hato/[email protected]
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          branch-name-prefix: fix-version-python-version
+          pr-title-prefix: .python-versionを直してあげたよ！
+
+  update-dockle:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+      - uses: dev-hato/[email protected]
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          repo-name: dev-hato/hato-bot
+
+  dockle:
+    runs-on: ubuntu-latest
+    needs:
+      - update-dockle
+      - deploy_docker_image
+    env:
+      DOCKER_CONTENT_TRUST: 1
+      REPOSITORY: ${{github.repository}}
+    steps:
+      - uses: actions/[email protected]
+      - run: bash "${GITHUB_WORKSPACE}/scripts/deploy_hato_bot/dockle/run_dockle.sh"
+        env:
+          HEAD_REF: ${{github.head_ref}}
+
+  deploy-complete:
+    runs-on: ubuntu-latest
+    if: always()
+    needs:
+      - update-version-python-version
+      - update-dockle
+      - dockle
+    steps:
+      - if: needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && (github.event.action == 'closed' || needs.dockle.result == 'success')))
+        run: exit 0
+      - if: ${{ !(needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && (github.event.action == 'closed' || needs.dockle.result == 'success')))) }}
+        run: exit 1
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true

.github/workflows/format-json-yml.yml

@@ -0,0 +1,31 @@
+---
+name: format-json-yml
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+  push:
+    branches:
+      - develop
+      - master
+permissions:
+  contents: write
+  pull-requests: write
+jobs:
+  format-json-yml:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+      - uses: dev-hato/[email protected]
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          repo-name: dev-hato/hato-bot
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true