Merge branch 'develop' into add_mock_header

Author: massongit

.dockle-version

@@ -1 +1 @@
-0.4.7
+0.4.9

.github/workflows/add-to-task-list.yml

@@ -11,7 +11,7 @@ jobs:
   add-to-task-list:
     runs-on: ubuntu-latest
     steps:
-      - uses: dev-hato/actions-add-to-projects@v0.0.10
+      - uses: dev-hato/actions-add-to-projects@v0.0.16
         with:
           github_app_id: ${{ secrets.PROJECT_AUTOMATION_APP_ID }}
           github_app_private_key: ${{ secrets.PROJECT_AUTOMATION_PRIVATE_KEY }}

.github/workflows/codeql-analysis.yml

@@ -54,3 +54,7 @@ jobs:
       #   make release
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v2
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true

.github/workflows/deploy-hato-bot.yml

@@ -22,6 +22,7 @@ jobs:
     env:
       DOCKER_BUILDKIT: 1
       COMPOSE_DOCKER_CLI_BUILD: 1
+      REPOSITORY: ${{github.repository}}
     permissions:
       contents: read
       packages: write
@@ -33,23 +34,22 @@ jobs:
       - name: Set .env
         run: cp .env.example .env
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v2.1.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v2.1.0
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v2.2.1
       - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
         env:
           HEAD_REF: ${{github.head_ref}}
         if: ${{ github.event_name == 'pull_request' }}
       - run: echo 'TAG_NAME=${{ github.event.release.tag_name }}' >> "$GITHUB_ENV"
         if: ${{ github.event_name == 'release' }}
-      - run: echo "REPOSITORY=${{github.repository}}" >> "${GITHUB_ENV}"
       - name: Build and push (build)
         uses: docker/bake-action@v2.3.0
         env:
@@ -97,6 +97,10 @@ jobs:
         with:
           push: true
           files: docker-compose.yml,dev.docker-compose.yml
+      - name: Start docker
+        env:
+          DOCKER_CONTENT_TRUST: 1
+        run: bash "${GITHUB_WORKSPACE}/scripts/deploy_hato_bot/deploy_docker_image/test.sh"
 
   # .python-version をDockerイメージと同期させる
   update-version-python-version:
@@ -106,74 +110,34 @@ jobs:
       pull-requests: write
     env:
       DOCKER_CONTENT_TRUST: 1
+      REPOSITORY: ${{github.repository}}
     needs: deploy_docker_image
     if: always() && (needs.deploy_docker_image.result == 'success' || (github.event_name == 'pull_request' && github.event.action == 'closed'))
     steps:
       - uses: actions/checkout@v3.1.0
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
-      - name: Set .env
-        run: cp .env.example .env
-      - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
-        env:
-          HEAD_REF: ${{github.head_ref}}
-      - run: echo "REPOSITORY=${{github.repository}}" >> "${GITHUB_ENV}"
-      - run: docker compose pull
       - name: Get Python version
         id: get_python_version
-        run: |
-          DOCKER_CMD="python --version 2>&1 | sed -e 's/^Python //g'"
-          python_version=$(docker compose run hato-bot sh -c "${DOCKER_CMD}")
-          echo "Python version:" "${python_version}"
-          echo "python_version=${python_version}" >> "${GITHUB_OUTPUT}"
-      - name: Update versions
-        run: |
-          PYTHON_VERSION="${{steps.get_python_version.outputs.python_version}}"
-          echo "${PYTHON_VERSION}" > .python-version
-      - uses: dev-hato/actions-diff-pr-management@v1.0.6
+        run: bash "${GITHUB_WORKSPACE}/scripts/deploy_hato_bot/update_version_python_version/get_python_version.sh"
+        env:
+          HEAD_REF: ${{github.head_ref}}
+      - uses: dev-hato/actions-diff-pr-management@v1.1.0
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           branch-name-prefix: fix-version-python-version
           pr-title-prefix: .python-versionを直してあげたよ！
           repo-name: dev-hato/hato-bot
 
-  pr-docker:
-    runs-on: ubuntu-latest
-    env:
-      DOCKER_CONTENT_TRUST: 1
-    needs: deploy_docker_image
-    steps:
-      - uses: actions/checkout@v3.1.0
-        with:
-          fetch-depth: 0
-      - name: Set .env
-        run: cp .env.example .env
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
-        env:
-          HEAD_REF: ${{github.head_ref}}
-      - run: echo "REPOSITORY=${{github.repository}}" >> "${GITHUB_ENV}"
-      - run: docker compose pull
-      - name: Start docker
-        run: docker compose up -d --wait
-      # Dockerコンテナに疎通できるかテストする
-      - name: Test
-        run: curl http://localhost:3000/status
-
   update-dockle:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3.1.0
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
-      - uses: dev-hato/actions-update-dockle@v0.0.23
+      - uses: dev-hato/actions-update-dockle@v0.0.31
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           repo-name: dev-hato/hato-bot
@@ -185,43 +149,26 @@ jobs:
       - deploy_docker_image
     env:
       DOCKER_CONTENT_TRUST: 1
+      REPOSITORY: ${{github.repository}}
     steps:
       - uses: actions/checkout@v3.1.0
-      - name: Set .env
-        run: cp .env.example .env
-      - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
+      - run: bash "${GITHUB_WORKSPACE}/scripts/deploy_hato_bot/dockle/run_dockle.sh"
         env:
           HEAD_REF: ${{github.head_ref}}
-      - run: echo "REPOSITORY=${{github.repository}}" >> "${GITHUB_ENV}"
-      - run: |
-          dockle_version="$(cat .dockle-version)"
-          curl -L -o dockle.deb "https://github.com/goodwithtech/dockle/releases/download/v${dockle_version}/dockle_${dockle_version}_Linux-64bit.deb"
-          sudo dpkg -i dockle.deb
-      - run: docker compose pull
-      - run: docker compose up -d
-      - run: |
-          for image_name in $(docker compose images | awk 'OFS=":" {print $2,$3}' | tail -n +2); do
-            cmd="dockle --exit-code 1 "
-
-            if [[ "${image_name}" =~ "postgres" ]]; then
-              cmd+="-ak key "
-            fi
-
-            cmd+="${image_name}"
-            echo "> ${cmd}"
-            eval "${cmd}"
-          done
 
   deploy-complete:
     runs-on: ubuntu-latest
     if: always()
     needs:
       - update-version-python-version
-      - pr-docker
       - update-dockle
       - dockle
     steps:
-      - if: needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && (github.event.action == 'closed' || (needs.pr-docker.result == 'success' && needs.dockle.result == 'success'))))
+      - if: needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && (github.event.action == 'closed' || needs.dockle.result == 'success')))
         run: exit 0
-      - if: ${{ !(needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && (github.event.action == 'closed' || (needs.pr-docker.result == 'success' && needs.dockle.result == 'success'))))) }}
+      - if: ${{ !(needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && (github.event.action == 'closed' || needs.dockle.result == 'success')))) }}
         run: exit 1
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true

.github/workflows/format-json-yml.yml

@@ -22,7 +22,10 @@ jobs:
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
-      - uses: dev-hato/actions-format-json-yml@v0.0.16
+      - uses: dev-hato/actions-format-json-yml@v0.0.25
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           repo-name: dev-hato/hato-bot
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true

.github/workflows/pr-check-npm.yml

@@ -25,26 +25,13 @@ jobs:
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
-      - name: Get Dependabot npm version
-        id: get_dependabot_npm_version
-        run: |
-          DOCKER_CMD="npm --version"
-          npm_version="$(docker run ghcr.io/dependabot/dependabot-core sh -c "${DOCKER_CMD}")"
-          echo "npm version:" "${npm_version}"
-          echo "npm_version=${npm_version}" >> "${GITHUB_OUTPUT}"
-      - name: Update version
-        run: |
-          DEPENDABOT_NPM_VERSION="${{steps.get_dependabot_npm_version.outputs.npm_version}}"
-          NPM_PATTERN_PACKAGE="s/\"npm\": \".*\"/\"npm\": \"^${DEPENDABOT_NPM_VERSION}\"/g"
-          sed -i -e "${NPM_PATTERN_PACKAGE}" package.json
       - uses: actions/setup-node@v3.5.1
         with:
           cache: npm
-      - run: |
-          npm_version=$(jq -r '.engines.npm | ltrimstr("^")' package.json)
-          npm install --prefer-offline --location=global "npm@${npm_version}"
-          npm install
-      - uses: dev-hato/actions-diff-pr-management@v1.0.6
+      - name: Get Dependabot npm version
+        id: get_dependabot_npm_version
+        run: bash "${GITHUB_WORKSPACE}/scripts/pr_check_npm/pr_update_version/get_dependabot_npm_version.sh"
+      - uses: dev-hato/actions-diff-pr-management@v1.1.0
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           branch-name-prefix: fix-version
@@ -61,16 +48,13 @@ jobs:
           # submodule: 'recursive'
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
-      - name: Set up Node.js ${{ env.NODE_VERSION }}
+      - name: Set up Node.js
         uses: actions/setup-node@v3.5.1
         with:
           cache: npm
       - name: Install dependencies
-        run: |
-          npm_version=$(jq -r '.engines.npm | ltrimstr("^")' package.json)
-          npm install --prefer-offline --location=global "npm@${npm_version}"
-          npm install
-      - uses: dev-hato/actions-diff-pr-management@v1.0.6
+        run: bash "${GITHUB_WORKSPACE}/scripts/pr_check_npm/npm_install.sh"
+      - uses: dev-hato/actions-diff-pr-management@v1.1.0
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           branch-name-prefix: npm
@@ -85,3 +69,6 @@ jobs:
         run: exit 0
       - if: needs.pr-check-npm.result != 'success'
         run: exit 1
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true

.github/workflows/pr-copy-ci-hato-bot.yml

@@ -30,76 +30,26 @@ jobs:
           repository: ${{steps.set_org_name.outputs.result}}/sudden-death
           path: sudden-death
       - name: Copy CI
-        run: |
-          worklows_path=.github/workflows
-          find sudden-death/${worklows_path} -type f \
-                                             -not -name "*sudden-death.yml" \
-                                             -exec rm -f {} \;
-
-          for f in $(find hato-bot/${worklows_path} -type f \
-                                                    -not -name "*hato-bot.yml" | sed -e "s:hato-bot/${worklows_path}/::g"); do
-            yq '(.jobs.*.steps.[] | select(has("with")).with | select(has("repo-name")).repo-name) = "dev-hato/sudden-death"' "hato-bot/${worklows_path}/${f}" > "sudden-death/${worklows_path}/${f}"
-          done
-
-          for f in .markdown-lint.yml .python-lint .textlintrc .gitleaks.toml .mypy.ini .pre-commit-config.yaml .python-version .pep8 .flake8 .python-black .isort.cfg renovate.json
-          do
-            cp hato-bot/${f} sudden-death/
-          done
-          PATTERN_BEFORE="$(grep '^click' sudden-death/Pipfile)"
-          PATTERN_AFTER="$(grep '^click' hato-bot/Pipfile)"
-          PATTERN="s/${PATTERN_BEFORE}/${PATTERN_AFTER}/g"
-          sed -i -e "${PATTERN}" sudden-death/Pipfile
+        run: bash "${GITHUB_WORKSPACE}/hato-bot/scripts/pr_copy_ci_hato_bot/pr_copy_ci/copy_ci.sh"
       - name: Copy package.json
         uses: actions/github-script@v6.3.3
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
-            const fs = require('fs');
-            const hatoBotPackage = require('./hato-bot/package.json');
-            const hatoBotPackageLock = require('./hato-bot/package-lock.json');
-            const suddenDeathPackage = require('./sudden-death/package.json');
-            const suddenDeathPackageLock = require('./sudden-death/package-lock.json');
-
-            delete hatoBotPackage.scripts;
-
-            for (const packageKey of Object.keys(hatoBotPackage)) {
-                suddenDeathPackage[packageKey] = hatoBotPackage[packageKey];
-            }
-
-            fs.writeFileSync('./sudden-death/package.json', JSON.stringify(suddenDeathPackage, null, "  ") + "\n", 'utf8');
-
-            delete hatoBotPackageLock.name;
-
-            for (const packageLockKey of Object.keys(hatoBotPackageLock)) {
-                suddenDeathPackageLock[packageLockKey] = hatoBotPackageLock[packageLockKey];
-            }
-
-            fs.writeFileSync('./sudden-death/package-lock.json', JSON.stringify(suddenDeathPackageLock, null, "  ") + "\n", 'utf8');
+            const script = require(`${process.env.GITHUB_WORKSPACE}/hato-bot/scripts/pr_copy_ci_hato_bot/pr_copy_ci/copy_package.js`)
+            script()
       - name: Show diff
         id: show_diff
         working-directory: sudden-death
-        run: |
-          git add -A
-          result="$(git diff --cached)"
-          result="${result//'%'/'%25'}"
-          result="${result//$'\n'/'%0A'}"
-          result="${result//$'\r'/'%0D'}"
-          echo "diff=${result}" >> "${GITHUB_OUTPUT}"
+        run: bash "${GITHUB_WORKSPACE}/hato-bot/scripts/pr_copy_ci_hato_bot/pr_copy_ci/show_diff.sh"
       - name: Push
         if: ${{ steps.show_diff.outputs.diff != '' }}
         working-directory: sudden-death
-        run: |
-          git config user.name "github-actions[bot]"
-          EMAIL="41898282+github-actions[bot]@users.noreply.github.com"
-          git config user.email "${EMAIL}"
-          git commit -m "鳩は唐揚げ！(hato-botのCIを反映するよ！)"
-          echo "${{secrets.SUDDEN_DEATH_CI_PRIVATE_KEY}}" > deploy_key.pem
-          chmod 600 deploy_key.pem
-          REPO_URL="git@github.com:${{steps.set_org_name.outputs.result}}/sudden-death.git"
-          GITHUB_HEAD="HEAD:refs/heads/pr-copy-ci"
-          GIT_SSH_COMMAND="ssh"
-          GIT_SSH_COMMAND+=" -i deploy_key.pem"
-          GIT_SSH_COMMAND+=" -o StrictHostKeyChecking=no"
-          GIT_SSH_COMMAND+=" -F /dev/null"
-          export GIT_SSH_COMMAND
-          git push -f "${REPO_URL}" "${GITHUB_HEAD}"
+        env:
+          SUDDEN_DEATH_CI_PRIVATE_KEY: ${{secrets.SUDDEN_DEATH_CI_PRIVATE_KEY}}
+          ORG_NAME: ${{steps.set_org_name.outputs.result}}
+        run: bash "${GITHUB_WORKSPACE}/hato-bot/scripts/pr_copy_ci_hato_bot/pr_copy_ci/push.sh"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true