From 421ec4924f609bb983e9f476e0f5dc3800ca1bf6 Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Wed, 20 Aug 2025 11:17:52 +0100 Subject: [PATCH] refactor: move linting, dep checks, and license checks to own workflow --- .../workflows/plugins-ci-elasticsearch.yml | 74 ++------------- .github/workflows/plugins-ci-kafka.yml | 74 ++------------- .github/workflows/plugins-ci-mongo.yml | 75 ++------------- .github/workflows/plugins-ci-mysql.yml | 77 ++------------- .github/workflows/plugins-ci-postgres.yml | 75 ++------------- .github/workflows/plugins-ci-quality.yml | 94 +++++++++++++++++++ .github/workflows/plugins-ci-redis.yml | 75 ++------------- .github/workflows/plugins-ci.yml | 76 ++------------- 8 files changed, 151 insertions(+), 469 deletions(-) create mode 100644 .github/workflows/plugins-ci-quality.yml diff --git a/.github/workflows/plugins-ci-elasticsearch.yml b/.github/workflows/plugins-ci-elasticsearch.yml index f44571a..816a26b 100644 --- a/.github/workflows/plugins-ci-elasticsearch.yml +++ b/.github/workflows/plugins-ci-elasticsearch.yml @@ -35,77 +35,19 @@ on: type: string jobs: - dependency-review: - name: Dependency Review - if: github.event_name == 'pull_request' - runs-on: ubuntu-latest + quality-check: + uses: ./.github/workflows/plugins-ci-quality.yml permissions: contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Dependency review - uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 - - license-check: - if: > - !failure() && - !cancelled() && - inputs.license-check == true - name: Check Licenses - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Check Licenses - env: - ALLOWED_ADDITIONAL: ${{ inputs.license-check-allowed-additional }} - run: npx license-checker --production --summary --onlyAllow="0BSD;Apache-2.0;BlueOak-1.0.0;BSD-2-Clause;BSD-3-Clause;ISC;MIT;$ALLOWED_ADDITIONAL" - linter: - name: Lint Code - if: > - !failure() && - !cancelled() && - inputs.lint == true - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Lint code - run: npm run lint + secrets: inherit + with: + license-check: ${{ inputs.license-check }} + license-check-allowed-additional: ${{ inputs.license-check-allowed-additional }} + lint: ${{ inputs.lint }} test: name: Node.js ${{ matrix.node-version }} + needs: quality-check runs-on: ubuntu-latest strategy: matrix: diff --git a/.github/workflows/plugins-ci-kafka.yml b/.github/workflows/plugins-ci-kafka.yml index 0c485eb..18bdcaf 100644 --- a/.github/workflows/plugins-ci-kafka.yml +++ b/.github/workflows/plugins-ci-kafka.yml @@ -30,77 +30,19 @@ on: type: string jobs: - dependency-review: - name: Dependency Review - if: github.event_name == 'pull_request' - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Dependency review - uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 - - license-check: - if: > - !failure() && - !cancelled() && - inputs.license-check == true - name: Check Licenses - runs-on: ubuntu-latest + quality-check: + uses: ./.github/workflows/plugins-ci-quality.yml permissions: contents: read - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Check Licenses - env: - ALLOWED_ADDITIONAL: ${{ inputs.license-check-allowed-additional }} - run: npx license-checker --production --summary --onlyAllow="0BSD;Apache-2.0;BlueOak-1.0.0;BSD-2-Clause;BSD-3-Clause;ISC;MIT;$ALLOWED_ADDITIONAL" - linter: - name: Lint Code - if: > - !failure() && - !cancelled() && - inputs.lint == true - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Lint code - run: npm run lint + secrets: inherit + with: + license-check: ${{ inputs.license-check }} + license-check-allowed-additional: ${{ inputs.license-check-allowed-additional }} + lint: ${{ inputs.lint }} test: name: Node.js ${{ matrix.node-version }} + needs: quality-check runs-on: ubuntu-latest strategy: matrix: diff --git a/.github/workflows/plugins-ci-mongo.yml b/.github/workflows/plugins-ci-mongo.yml index c8d3808..194e1cd 100644 --- a/.github/workflows/plugins-ci-mongo.yml +++ b/.github/workflows/plugins-ci-mongo.yml @@ -30,78 +30,19 @@ on: type: string jobs: - dependency-review: - name: Dependency Review - if: github.event_name == 'pull_request' - runs-on: ubuntu-latest + quality-check: + uses: ./.github/workflows/plugins-ci-quality.yml permissions: contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Dependency review - uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 - - license-check: - if: > - !failure() && - !cancelled() && - inputs.license-check == true - name: Check Licenses - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Check Licenses - env: - ALLOWED_ADDITIONAL: ${{ inputs.license-check-allowed-additional }} - run: npx license-checker --production --summary --onlyAllow="0BSD;Apache-2.0;BlueOak-1.0.0;BSD-2-Clause;BSD-3-Clause;ISC;MIT;$ALLOWED_ADDITIONAL" - - linter: - name: Lint Code - if: > - !failure() && - !cancelled() && - inputs.lint == true - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Lint code - run: npm run lint + secrets: inherit + with: + license-check: ${{ inputs.license-check }} + license-check-allowed-additional: ${{ inputs.license-check-allowed-additional }} + lint: ${{ inputs.lint }} test: name: Node.js ${{ matrix.node-version }} - ${{ matrix.db }} + needs: quality-check runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/plugins-ci-mysql.yml b/.github/workflows/plugins-ci-mysql.yml index 0144fdd..7f620a5 100644 --- a/.github/workflows/plugins-ci-mysql.yml +++ b/.github/workflows/plugins-ci-mysql.yml @@ -30,80 +30,19 @@ on: type: string jobs: - dependency-review: - name: Dependency Review - if: github.event_name == 'pull_request' - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Dependency review - uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 - - license-check: - if: > - !failure() && - !cancelled() && - inputs.license-check == true - name: Check Licenses - runs-on: ubuntu-latest + quality-check: + uses: ./.github/workflows/plugins-ci-quality.yml permissions: contents: read - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Check Licenses - env: - ALLOWED_ADDITIONAL: ${{ inputs.license-check-allowed-additional }} - run: npx license-checker --production --summary --onlyAllow="0BSD;Apache-2.0;BlueOak-1.0.0;BSD-2-Clause;BSD-3-Clause;ISC;MIT;$ALLOWED_ADDITIONAL" - - linter: - name: Lint Code - if: > - !failure() && - !cancelled() && - inputs.lint == true - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Lint code - if: ${{ inputs.lint == true}} - run: npm run lint + secrets: inherit + with: + license-check: ${{ inputs.license-check }} + license-check-allowed-additional: ${{ inputs.license-check-allowed-additional }} + lint: ${{ inputs.lint }} test: name: Node.js ${{ matrix.node-version }} - ${{ matrix.db }} + needs: quality-check runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/plugins-ci-postgres.yml b/.github/workflows/plugins-ci-postgres.yml index d476a4c..0e95069 100644 --- a/.github/workflows/plugins-ci-postgres.yml +++ b/.github/workflows/plugins-ci-postgres.yml @@ -30,78 +30,19 @@ on: type: string jobs: - dependency-review: - name: Dependency Review - if: github.event_name == 'pull_request' - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Dependency review - uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 - - license-check: - if: > - !failure() && - !cancelled() && - inputs.license-check == true - name: Check Licenses - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Check Licenses - env: - ALLOWED_ADDITIONAL: ${{ inputs.license-check-allowed-additional }} - run: npx license-checker --production --summary --onlyAllow="0BSD;Apache-2.0;BlueOak-1.0.0;BSD-2-Clause;BSD-3-Clause;ISC;MIT;$ALLOWED_ADDITIONAL" - - linter: - name: Lint Code - if: > - !failure() && - !cancelled() && - inputs.lint == true - runs-on: ubuntu-latest + quality-check: + uses: ./.github/workflows/plugins-ci-quality.yml permissions: contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Lint code - run: npm run lint + secrets: inherit + with: + license-check: ${{ inputs.license-check }} + license-check-allowed-additional: ${{ inputs.license-check-allowed-additional }} + lint: ${{ inputs.lint }} test: name: Node.js ${{ matrix.node-version }} - ${{ matrix.db }} + needs: quality-check runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/plugins-ci-quality.yml b/.github/workflows/plugins-ci-quality.yml new file mode 100644 index 0000000..5b4f93a --- /dev/null +++ b/.github/workflows/plugins-ci-quality.yml @@ -0,0 +1,94 @@ +name: Plugin CI - Quality + +# **What it does**: Runs dependency review, license checks, and linting for plugins. +# **Why we have it**: Used by other workflows to ensure code quality and compliance. + +on: + workflow_call: + inputs: + license-check: + description: 'Check licenses.' + required: false + type: boolean + default: false + license-check-allowed-additional: + description: 'A semicolon seperated list of additional licenses to allow.' + required: false + type: string + default: '' + lint: + description: 'Set to true to run linting scripts.' + required: false + default: false + type: boolean + +jobs: + dependency-review: + name: Dependency Review + if: github.event_name == 'pull_request' + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Check out repo + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Dependency review + uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 + + license-check: + if: > + !failure() && + !cancelled() && + inputs.license-check == true + name: Check Licenses + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Setup Node + uses: actions/setup-node@v4 + with: + check-latest: true + node-version: lts/* + + - name: Install dependencies + run: npm i --ignore-scripts + + - name: Check Licenses + env: + ALLOWED_ADDITIONAL: ${{ inputs.license-check-allowed-additional }} + run: npx license-checker --production --summary --onlyAllow="0BSD;Apache-2.0;BlueOak-1.0.0;BSD-2-Clause;BSD-3-Clause;ISC;MIT;$ALLOWED_ADDITIONAL" + + linter: + name: Lint Code + if: > + !failure() && + !cancelled() && + inputs.lint == true + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Check out repo + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Setup Node + uses: actions/setup-node@v4 + with: + check-latest: true + node-version: lts/* + + - name: Install dependencies + run: npm i --ignore-scripts + + - name: Lint code + run: npm run lint \ No newline at end of file diff --git a/.github/workflows/plugins-ci-redis.yml b/.github/workflows/plugins-ci-redis.yml index b135d15..6120ebf 100644 --- a/.github/workflows/plugins-ci-redis.yml +++ b/.github/workflows/plugins-ci-redis.yml @@ -30,78 +30,19 @@ on: type: string jobs: - dependency-review: - name: Dependency Review - if: github.event_name == 'pull_request' - runs-on: ubuntu-latest + quality-check: + uses: ./.github/workflows/plugins-ci-quality.yml permissions: contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Dependency review - uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 - - license-check: - if: > - !failure() && - !cancelled() && - inputs.license-check == true - name: Check Licenses - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Check Licenses - env: - ALLOWED_ADDITIONAL: ${{ inputs.license-check-allowed-additional }} - run: npx license-checker --production --summary --onlyAllow="0BSD;Apache-2.0;BlueOak-1.0.0;BSD-2-Clause;BSD-3-Clause;ISC;MIT;$ALLOWED_ADDITIONAL" - - linter: - name: Lint Code - if: > - !failure() && - !cancelled() && - inputs.lint == true - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Lint code - run: npm run lint + secrets: inherit + with: + license-check: ${{ inputs.license-check }} + license-check-allowed-additional: ${{ inputs.license-check-allowed-additional }} + lint: ${{ inputs.lint }} test: name: Node.js ${{ matrix.node-version }} - ${{ matrix.db }} + needs: quality-check runs-on: ubuntu-latest strategy: matrix: diff --git a/.github/workflows/plugins-ci.yml b/.github/workflows/plugins-ci.yml index d83510d..9ae40df 100644 --- a/.github/workflows/plugins-ci.yml +++ b/.github/workflows/plugins-ci.yml @@ -35,78 +35,19 @@ on: type: string jobs: - dependency-review: - name: Dependency Review - if: github.event_name == 'pull_request' - runs-on: ubuntu-latest + quality-check: + uses: ./.github/workflows/plugins-ci-quality.yml permissions: contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Dependency review - uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 - - license-check: - if: > - !failure() && - !cancelled() && - inputs.license-check == true - name: Check Licenses - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Check Licenses - env: - ALLOWED_ADDITIONAL: ${{ inputs.license-check-allowed-additional }} - run: npx license-checker --production --summary --onlyAllow="0BSD;Apache-2.0;BlueOak-1.0.0;BSD-2-Clause;BSD-3-Clause;ISC;MIT;$ALLOWED_ADDITIONAL" - - linter: - name: Lint Code - if: > - !failure() && - !cancelled() && - inputs.lint == true - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Check out repo - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Node - uses: actions/setup-node@v4 - with: - check-latest: true - node-version: lts/* - - - name: Install dependencies - run: npm i --ignore-scripts - - - name: Lint code - run: npm run lint + secrets: inherit + with: + license-check: ${{ inputs.license-check }} + license-check-allowed-additional: ${{ inputs.license-check-allowed-additional }} + lint: ${{ inputs.lint }} test: name: Test + needs: quality-check runs-on: ${{ matrix.os }} permissions: contents: read @@ -143,6 +84,7 @@ jobs: fastify-dependency-integration: name: Test Fastify Integration + needs: quality-check runs-on: ubuntu-latest if: > !failure() &&