Merge pull request #225 from vyos/T6533-add-reusable-workflows

T6533: add reusable workflows

9 files changed, 151 insertions, 0 deletions

diff --git a/.github/workflows/add-pr-labels.yml b/.github/workflows/add-pr-labels.yml
new file mode 100644
index 00000000..c53fb7a7
--- /dev/null
+++ b/.github/workflows/add-pr-labels.yml
@@ -0,0 +1,16 @@
+name: Add pull request labels
+
+on:
+  pull_request_target:
+    branches:
+      - equuleus
+      - sagitta
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  add-pr-label:
+    uses: vyos/.github/.github/workflows/add-pr-labels.yml@sagitta
+    secrets: inherit
diff --git a/.github/workflows/auto-author-assign.yml b/.github/workflows/auto-author-assign.yml
new file mode 100644
index 00000000..f3980f50
--- /dev/null
+++ b/.github/workflows/auto-author-assign.yml
@@ -0,0 +1,14 @@
+name: "PR Triage"
+on:
+  pull_request_target:
+    types: [opened, reopened, ready_for_review, locked]
+
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  assign-author:
+    uses: vyos/.github/.github/workflows/assign-author.yml@sagitta
+    secrets: inherit
diff --git a/.github/workflows/chceck-pr-message.yml b/.github/workflows/chceck-pr-message.yml
new file mode 100644
index 00000000..0770656b
--- /dev/null
+++ b/.github/workflows/chceck-pr-message.yml
@@ -0,0 +1,18 @@
+---
+  name: Check pull request message format
+  
+  on:
+    pull_request_target:
+      branches:
+        - equuleus
+        - sagitta
+      types: [opened, synchronize, edited]
+  
+  permissions:
+    pull-requests: write
+    contents: read
+  
+  jobs:
+    check-pr-title:
+      uses: vyos/.github/.github/workflows/check-pr-message.yml@sagitta
+      secrets: inherit
diff --git a/.github/workflows/check-pr-conflicts.yml b/.github/workflows/check-pr-conflicts.yml
new file mode 100644
index 00000000..1f7b38bb
--- /dev/null
+++ b/.github/workflows/check-pr-conflicts.yml
@@ -0,0 +1,14 @@
+name: "PR Conflicts checker"
+on:
+  pull_request_target:
+    types: [synchronize]
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  check-pr-conflict-call:
+    uses: vyos/.github/.github/workflows/check-pr-merge-conflict.yml@sagitta
+    secrets: inherit
+
diff --git a/.github/workflows/check-stale.yml b/.github/workflows/check-stale.yml
new file mode 100644
index 00000000..1cd4dec5
--- /dev/null
+++ b/.github/workflows/check-stale.yml
@@ -0,0 +1,13 @@
+name: "Issue and PR stale management"
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  stale:
+    uses: vyos/.github/.github/workflows/check-stale.yml@sagitta
+    secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/check-unused-imports.yml b/.github/workflows/check-unused-imports.yml
new file mode 100644
index 00000000..d7a5aab3
--- /dev/null
+++ b/.github/workflows/check-unused-imports.yml
@@ -0,0 +1,16 @@
+name: Check for unused imports using Pylint
+on:
+  pull_request_target:
+    branches:
+      - equuleus
+      - sagitta
+  workflow_dispatch:
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  check-unused-imports:
+    uses: vyos/.github/.github/workflows/check-unused-imports.yml@sagitta
+    secrets: inherit
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 00000000..30bd1b58
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,22 @@
+name: "Perform CodeQL Analysis"
+
+on:
+  push:
+    branches: [ "sagitta", "equuleus"]
+  pull_request_target:
+    # The branches below must be a subset of the branches above
+    branches: [ "sagitta" ]
+  schedule:
+    - cron: '22 10 * * 0'
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  codeql-analysis-call:
+    uses: vyos/.github/.github/workflows/codeql-analysis.yml@sagitta
+    secrets: inherit
+    with:
+      languages: "['python']"
\ No newline at end of file
diff --git a/.github/workflows/lint-j2.yml b/.github/workflows/lint-j2.yml
new file mode 100644
index 00000000..2114f07d
--- /dev/null
+++ b/.github/workflows/lint-j2.yml
@@ -0,0 +1,17 @@
+---
+  name: J2 Lint
+  
+  on:
+    pull_request_target:
+      branches:
+        - equuleus
+        - sagitta
+  
+  permissions:
+    pull-requests: write
+    contents: read
+  
+  jobs:
+    j2lint:
+      uses: vyos/.github/.github/workflows/lint-j2.yml@sagitta
+      secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
new file mode 100644
index 00000000..bfdca69c
--- /dev/null
+++ b/.github/workflows/sonarcloud.yml
@@ -0,0 +1,21 @@
+name: Sonar Checks
+on:
+  push:
+    branches:
+        - equuleus
+        - sagitta
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+jobs:
+  sonar-cloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}