👷 Modernize CI

coderabbitai · NatoBoram · Feb 27, 2025 · Feb 27, 2025 · Feb 27, 2025 · Feb 27, 2025
commit a7f94af230fdb14d652c86272619dfaa53b4cd80
diff --git a/.github/authorized_keys b/.github/authorized_keys
diff --git a/.github/workflows/node.js.yaml b/.github/workflows/node.js.yaml
@@ -1,10 +1,15 @@
 name: Node.js CI
 
 on:
-  push:
-    branches: main
+  merge_group:
+    branches:
+      - main
   pull_request:
-    branches: main
+    branches:
+      - main
+  push:
+    branches:
+      - main
 
 jobs:
   test:
@@ -39,7 +44,8 @@ jobs:
       - run: pnpm install --frozen-lockfile --strict-peer-dependencies
       - run: pnpm run build --noEmit
       - run: pnpm run lint
-      - run: pnpm run test run
+
+      - run: pnpm run test
         if: github.actor != 'dependabot[bot]'
         env:
           BITBUCKET_CLOUD_USERNAME: ${{ secrets.BITBUCKET_CLOUD_USERNAME }}
@@ -48,3 +54,65 @@ jobs:
           BITBUCKET_SERVER_TOKEN: ${{ secrets.BITBUCKET_SERVER_TOKEN }}
           BITBUCKET_SERVER_TEST_PROJECT_KEY: ${{ vars.BITBUCKET_SERVER_TEST_PROJECT_KEY }}
           BITBUCKET_SERVER_TEST_PROJECT_NAME: ${{ vars.BITBUCKET_SERVER_TEST_PROJECT_NAME }}
+
+  fix:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+
+    needs:
+      - test
+
+    if: failure() && github.event_name != 'merge_group' && github.actor != 'github-actions[bot]' && github.actor != 'nektos/act'
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+      - uses: pnpm/action-setup@v4
+        with:
+          version: latest
+      - uses: actions/setup-node@v4
+        with:
+          cache: pnpm
+          node-version: latest
+
+      - run: |
+          pnpm install --fix-lockfile --no-frozen-lockfile
+          git add .
+      - id: commit-lockfile
+        uses: qoomon/actions--create-commit@v1
+        with:
+          message: |
+            📌 pnpm install --fix-lockfile
+
+            [dependabot skip]
+          skip-empty: true
+
+      - run: |
+          pnpm run format
+          git add .
+      - id: commit-format
+        uses: qoomon/actions--create-commit@v1
+        with:
+          message: |
+            🎨 pnpm run format
+
+            [dependabot skip]
+          skip-empty: true
+
+      - run: |
+          pnpm run lint:fix
+          git add .
+      - id: commit-lint
+        uses: qoomon/actions--create-commit@v1
+        with:
+          message: |
+            🚨 pnpm run lint:fix
+
+            [dependabot skip]
+          skip-empty: true
+
+      - if: steps.commit-lockfile.outputs.commit || steps.commit-format.outputs.commit || steps.commit-lint.outputs.commit
+        run: git push
diff --git a/.github/workflows/pnpm-publish.yaml b/.github/workflows/pnpm-publish.yaml
@@ -45,13 +45,6 @@ jobs:
           NODE_AUTH_TOKEN: ${{ secrets.CODERABBIT_NPM_TOKEN }}
 
       - run: pnpm pack --pack-gzip-level 9
-      - name: Sign
-        run: |
-          eval `ssh-agent -s`
-          ssh-add - <<< '${{ secrets.DEPLOY_KEY_PRIVATE }}'
-          echo '${{ vars.DEPLOY_KEY_PUBLIC }}' > '${{ runner.temp }}/DEPLOY_KEY_PUBLIC.pub'
-          ssh-keygen -Y sign -f '${{ runner.temp }}/DEPLOY_KEY_PUBLIC.pub' -n file coderabbitai-bitbucket-*.tgz
-          ssh-keygen -Y verify -f ./.github/authorized_keys -I '41898282+github-actions[bot]@users.noreply.github.com' -n file -s coderabbitai-bitbucket-*.tgz.sig < coderabbitai-bitbucket-*.tgz
-      - run: gh release upload ${{ github.ref_name }} coderabbitai-bitbucket-*.tgz coderabbitai-bitbucket-*.tgz.sig
+      - run: gh release upload ${{ github.ref_name }} coderabbitai-bitbucket-*.tgz
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pnpm-version-patch.yaml b/.github/workflows/pnpm-version-patch.yaml
@@ -14,35 +14,25 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          ssh-key: ${{ secrets.DEPLOY_KEY_PRIVATE }}
+          ref: ${{ github.ref }}
       - uses: pnpm/action-setup@v4
         with:
           version: latest
-      - uses: actions/setup-node@v4
-        with:
-          cache: pnpm
-          node-version: latest
-      - name: Configure Git, patch, release and push
-        run: |
-          git config user.name 'github-actions[bot]'
-          git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
-
-          git config commit.gpgsign true
-          git config gpg.format ssh
-          git config push.gpgSign 'if-asked'
-          git config tag.gpgSign true
-          git config user.signingkey 'key::${{ vars.DEPLOY_KEY_PUBLIC }}'
 
-          eval `ssh-agent -s`
-          ssh-add - <<< '${{ secrets.DEPLOY_KEY_PRIVATE }}'
+      - id: patch
+        run: |
+          echo "VERSION=$(pnpm version patch --no-git-tag-version)" >> "$GITHUB_OUTPUT"
+          git add .
 
-          VERSION=$(pnpm version patch --no-git-tag-version)
+      - id: commit
+        uses: qoomon/actions--create-commit@v1
+        with:
+          message: 🔖 ${{ steps.patch.outputs.VERSION }}
 
-          git commit --all --message "🔖 $VERSION"
-          git tag --annotate --message "🔖 $VERSION" --sign $VERSION
+      - run: |
           git push
-          git push --tags
-
-          gh release create $VERSION --generate-notes --title $VERSION --verify-tag
+          gh release create "$VERSION" --generate-notes --target "$COMMIT" --title "$VERSION"
         env:
+          COMMIT: ${{ steps.commit.outputs.commit }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VERSION: ${{ steps.patch.outputs.VERSION }}
diff --git a/package.json b/package.json
@@ -39,7 +39,8 @@
 		"lint": "eslint . && markdownlint-cli2 \"**/*.md\" && prettier --check .",
 		"lint:fix": "eslint --fix --quiet .; markdownlint-cli2 \"**/*.md\" --fix; prettier --list-different --write .",
 		"start": "node dist/main.js",
-		"test": "vitest",
+		"test": "vitest run",
+		"test:watch": "vitest",
 		"openapi-typescript": "pnpm run openapi-typescript:cloud && pnpm run openapi-typescript:server",
 		"preopenapi-typescript:cloud": "curl --output ./src/cloud/openapi/swagger.v3.json https://dac-static.atlassian.com/cloud/bitbucket/swagger.v3.json",
 		"openapi-typescript:cloud": "openapi-typescript ./src/cloud/openapi/swagger.v3.json --output ./src/cloud/openapi/openapi-typescript.ts --immutable --empty-objects-unknown --alphabetize --root-types",