feat: add ci schedule and cleanup dependabot (#26)

radiorabe · Mar 4, 2024 · 3dbdaa1 · 3dbdaa1
1 parent 4df0bc4
commit 3dbdaa1
Show file tree

Hide file tree

Showing 5 changed files with 133 additions and 12 deletions.
diff --git a/catalog-info.yaml b/catalog-info.yaml
@@ -6,5 +6,6 @@ metadata:
 spec:
   type: url
   targets:
+    - https://github.com/radiorabe/backstage-software-templates/blob/main/scaffolder-templates/ci_schedule/template.yaml
     - https://github.com/radiorabe/backstage-software-templates/blob/main/scaffolder-templates/dependabot/template.yaml
     - https://github.com/radiorabe/backstage-software-templates/blob/main/scaffolder-templates/semrel/template.yaml
diff --git a/scaffolder-skeletons/ci_schedule/.github/workflows/schedule.yaml b/scaffolder-skeletons/ci_schedule/.github/workflows/schedule.yaml
@@ -0,0 +1,14 @@
+name: Scheduled tasks
+
+on:
+  schedule:
+    - cron:  '${{ values.schedule }}'
+  workflow_dispatch:
+
+jobs:
+{%- if values.trivy %}
+  schedule-trivy:
+    uses: radiorabe/actions/.github/workflows/schedule-trivy.yaml@${{ values.actions_version }}
+    with:
+      image-ref: ${{ values.trivy_image_ref }}
+{%- endif %}
diff --git a/scaffolder-skeletons/dependabot/.github/dependabot.yml b/scaffolder-skeletons/dependabot/.github/dependabot.yml
@@ -1,20 +1,28 @@
 version: 2
 updates:
 {%- if values.is_docker %}
-  - package-ecosystem: "docker"
-    directory: "/"
+  - package-ecosystem: docker
+    directory: /
     schedule:
-      interval: "daily"
+      interval: daily
+    commit-message:
+      prefix: "chore: "
+    groups:
+      baseimages:
+        patterns:
+          - "*"
 {%- endif %}
-{%- if values.is_python %}
-  - package-ecosystem: pip
-    directory: "/"
+{%- if values.is_github_actions %}
+  - package-ecosystem: github-actions
+    directory: /
     schedule:
-      interval: "daily"
+      interval: daily
+    commit-message:
+      prefix: "chore(ci): "
 {%- endif %}
-{%- if values.is_github_actions %}
-  - package-ecosystem: "github-actions"
-    directory: "/"
+{%- if values.is_python %}
+  - package-ecosystem: pip
+    directory: /
     schedule:
-      interval: "daily"
+      interval: daily
 {%- endif %}
diff --git a/scaffolder-templates/ci_schedule/template.yaml b/scaffolder-templates/ci_schedule/template.yaml
@@ -0,0 +1,98 @@
+apiVersion: scaffolder.backstage.io/v1beta3
+kind: Template
+metadata:
+  name: ci_schedule
+  title: CI Schedule
+  description: Enable scheduled CI runs on an existing project.
+  tags:
+    - security
+spec:
+  owner: it-reaktion
+  type: ci
+  parameters:
+    - title: Choose a location
+      required:
+        - repoUrl
+      properties:
+        repoUrl:
+          title: Repository Location
+          type: string
+          ui:field: RepoUrlPicker
+          ui:options:
+            allowedHosts:
+              - github.com
+            allowedOwners:
+              - radiorabe
+            requestUserCredentials:
+              secretsKey: USER_GITHUB_OAUTH_TOKEN
+    - title: Configure Schedule
+      required:
+        - schedule
+      properties:
+        schedule:
+          title: Schedule in crontab syntax
+          type: string
+          default: "13 12 * * *"
+    - title: Enable Features
+      required:
+        - trivy
+      properties:
+        trivy:
+          title: Enable Trivy
+          type: boolean
+          default: true
+          readOnly: true
+    - title: Configure Trivy
+      required:
+        - trivy_image_ref
+      properties:
+        trivy_image_ref:
+          title: Image Ref
+          type: string
+          default: ghcr.io/radiorabe/<changeme>:latest
+  steps:
+    - id: getversion
+      name: Get radiorabe/actions version
+      action: http:backstage:request
+      input:
+        method: 'GET'
+        path: /proxy/api.github.com/repos/radiorabe/actions/releases/latest
+    - id: fetch-base
+      name: Fetch Base
+      action: fetch:template
+      input:
+        url: ../../scaffolder-skeletons/ci_schedule/
+        replace: true
+        values:
+          actions_version: ${{ steps.getversion.output.body.tag_name }}
+          schedule: ${{ parameters.schedule }}
+          trivy: ${{ parameters.trivy }}
+          trivy_image_ref: ${{ parameters.trivy_image_ref }}
+    - id: publish
+      name: Publish
+      action: publish:github:pull-request
+      input:
+        title: "chore(ci): configure scheduled CI runs"
+        token: ${{ secrets.USER_GITHUB_OAUTH_TOKEN }}
+        repoUrl: ${{ parameters.repoUrl }}
+        branchName: chore/ci/schedule
+        description: |
+          # Scheduled GitHub Actions
+
+          Configure scheduled CI runs.
+
+          ## Schedule
+
+          ```
+          ${{ parameters.schedule }}
+          ```
+
+          ## Jobs
+
+          {%- if parameters.trivy %}
+          * [Trivy](https://trivy.dev) (via [radiorabe/actions](https://radiorabe.github.io/actions/#container-schedule))
+          {%- endif %}
+  output:
+    links:
+      - url: ${{steps.publish.output.remoteUrl}}
+        title: "Go to PR"
diff --git a/scaffolder-templates/dependabot/template.yaml b/scaffolder-templates/dependabot/template.yaml
@@ -62,7 +62,7 @@ spec:
         description: |
           # Initialize [GitHub Dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
 
-          Configures Dependabot to create weekly update PRs.
+          Configures Dependabot to create regular update PRs.
   output:
     links:
       - url: ${{steps.publish.output.remoteUrl}}