devops-infra · ChristophShyper · Oct 19, 2025 · Oct 19, 2025
@@ -2,7 +2,7 @@
 *
 
 # Include
-!LICENSE
-!entrypoint.sh
 !Dockerfile
+!entrypoint.sh
+!LICENSE
 !README.md
@@ -19,13 +19,3 @@ updates:
       - ChristophShyper
     labels:
       - automatic
-
-#  # Enable version updates for pip
-#  - package-ecosystem: pip
-#    directory: /
-#    schedule:
-#      interval: daily
-#    assignees:
-#      - ChristophShyper
-#    labels:
-#      - automatic
@@ -1,4 +1,4 @@
-name: Pull Request
+name: (Auto) Create Pull Request
 
 on:
   push:
@@ -31,9 +31,9 @@ jobs:
         run: task lint
 
   build-and-push:
-    name: Build and Push test
-    needs: [lint]
+    name: Build and push
     runs-on: ubuntu-24.04-arm
+    needs: [lint]
     steps:
       - name: Checkout
         uses: actions/checkout@v5
@@ -46,23 +46,29 @@ jobs:
         with:
           version: 3.x
 
-      - name: Docker Buildx
+      - name: Install Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           install: true
 
-      - name: QEMU
+      - name: Install QEMU
         uses: docker/setup-qemu-action@v3
         with:
           image: tonistiigi/binfmt:latest
           platforms: amd64,arm64
 
+      - name: Get Docker commands
+        run: task docker:cmds
+
       - name: Build and push test image
         env:
           DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: task docker:push
 
+      - name: Inspect image
+        run: task docker:push:inspect
+
   pull-request:
     name: Pull Request
     runs-on: ubuntu-24.04-arm
@@ -73,14 +79,16 @@ jobs:
           fetch-depth: 0
           fetch-tags: true
 
-      - name: Template
-        shell: bash
-        run: |
-          mkdir -p .tmp
-          curl -LsS https://raw.githubusercontent.com/devops-infra/.github/master/PULL_REQUEST_TEMPLATE.md -o .tmp/PULL_REQUEST_TEMPLATE.md
+      - name: Install Task
+        uses: arduino/[email protected]
+        with:
+          version: 3.x
+
+      - name: Get template
+        run: task git:get-pr-template
 
       - name: Create Pull Request
-        uses: devops-infra/action-pull-request@v0.6
+        uses: devops-infra/action-pull-request@v1
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           assignee: ${{ github.actor }}

@@ -1,19 +1,19 @@
-name: Manual Release
+name: (Auto) Create release
 
 on:
-  workflow_dispatch:
-    inputs:
-      version:
-        description: Release version (e.g., v1.2.3)
-        required: true
-        type: string
+  pull_request:
+    types: [closed]
+  push:
+    branches:
+      - release/**
 
 permissions:
   contents: write
   packages: write
 
 jobs:
   release:
+    if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'release/')
     name: Create Release
     runs-on: ubuntu-24.04-arm
     steps:
@@ -29,12 +29,14 @@ jobs:
           version: 3.x
 
       - name: Create and push git tags
+        id: version
         env:
-          VERSION: ${{ github.event.inputs.version }}
+          VERSION_SUFFIX: ""
         run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
+          task lint
+          task git:set-config
           task version:tag-release
+          echo "REL_VERSION=$(task version:get)" >> "$GITHUB_OUTPUT"
 
       - name: Install Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -47,26 +49,35 @@ jobs:
           image: tonistiigi/binfmt:latest
           platforms: amd64,arm64
 
-      - name: Build and push Docker images
+      - name: Get Docker commands
+        env:
+          VERSION_SUFFIX: ""
+        run: task docker:cmds
+
+      - name: Build and Push
         env:
           DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          VERSION: ${{ github.event.inputs.version }}
           VERSION_SUFFIX: ""
         run: task docker:push
 
-      - name: Create GitHub Release
+      - name: Inspect image
+        env:
+          VERSION_SUFFIX: ""
+        run: task docker:push:inspect
+
+      - name: Create GitHub release
         uses: softprops/action-gh-release@v2
         with:
-          tag_name: ${{ github.event.inputs.version }}
-          name: ${{ github.event.inputs.version }}
+          tag_name: ${{ steps.version.outputs.REL_VERSION }}
+          name: ${{ steps.version.outputs.REL_VERSION }}
           draft: false
           prerelease: false
           generate_release_notes: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Update Docker Hub description
+      - name: Update Docker hub description
         uses: peter-evans/dockerhub-description@v5
         with:
           username: ${{ vars.DOCKER_USERNAME }}

@@ -1,4 +1,4 @@
-name: Weekly Dependency Check
+name: (Cron) Check dependencies
 
 on:
   schedule:
@@ -11,7 +11,7 @@ permissions:
 
 jobs:
   dependency-check:
-    name: Test Dependencies
+    name: Test dependencies
     runs-on: ubuntu-24.04-arm
     steps:
       - name: Checkout
@@ -20,25 +20,30 @@ jobs:
           fetch-depth: 0
           fetch-tags: true
 
-
       - name: Install Task
         uses: arduino/[email protected]
         with:
           version: 3.x
 
-      - name: Docker Buildx
+      - name: Install Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           install: true
 
-      - name: QEMU
+      - name: Install QEMU
         uses: docker/setup-qemu-action@v3
         with:
           image: tonistiigi/binfmt:latest
           platforms: amd64,arm64
 
-      - name: Build & push test image
-        env:
-          DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run linters
+        run: task lint
+
+      - name: Get Docker commands
+        run: task docker:cmds
+
+      - name: Build and push test image
         run: task docker:push
+
+      - name: Inspect image
+        run: task docker:push:inspect
@@ -0,0 +1,116 @@
+name: (Manual) Update Version
+
+on:
+  workflow_dispatch:
+    inputs:
+      type:
+        description: Bump type
+        required: true
+        default: patch
+        type: choice
+        options:
+          - patch
+          - minor
+          - major
+          - set
+      version:
+        description: Explicit version when type="set" (e.g., v1.2.3)
+        required: false
+        default: ''
+
+permissions:
+  contents: write
+  pull-requests: write
+  packages: write
+
+jobs:
+  update:
+    name: Update version and push release branch
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Install Task
+        uses: arduino/[email protected]
+        with:
+          version: 3.x
+
+      - name: Update version
+        id: version
+        env:
+          BUMP_TYPE: ${{ github.event.inputs.type }}
+          INPUT_VERSION: ${{ github.event.inputs.version }}
+        run: |
+          set -eux
+          case "${BUMP_TYPE}" in
+            set)
+              if [ -z "${INPUT_VERSION}" ]; then
+                echo "Missing version for type=set"
+                exit 1
+              fi
+              task version:set VERSION_OVERRIDE="${INPUT_VERSION}"
+              ;;
+            patch)
+              task version:update:patch
+              ;;
+            minor)
+              task version:update:minor
+              ;;
+            major)
+              task version:update:major
+              ;;
+            *)
+              echo "Unknown type: ${BUMP_TYPE}"
+              exit 1
+              ;;
+          esac
+          echo "REL_VERSION=$(task version:get)" >> "$GITHUB_OUTPUT"
+
+      - name: Install Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          install: true
+
+      - name: Install QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:latest
+          platforms: amd64,arm64
+
+      - name: Get Docker commands
+        run: task docker:cmds
+
+      - name: Build and push test image
+        env:
+          DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: task docker:push
+
+      - name: Inspect image
+        run: task docker:push:inspect
+
+      - name: Get template
+        env:
+          VERSION_SUFFIX: ""
+        run: |
+          task git:set-config
+          task git:get-pr-template
+
+      - name: Push to release branch
+        uses: devops-infra/action-commit-push@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          commit_message: ":rocket: Bump version to ${{ steps.version.outputs.REL_VERSION }}"
+          target_branch: ${{ format('release/{0}', steps.version.outputs.REL_VERSION) }}
+
+      - name: Create Pull Request
+        uses: devops-infra/action-pull-request@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          assignee: ${{ github.actor }}
+          template: .tmp/PULL_REQUEST_TEMPLATE.md
+          get_diff: true
@@ -4,3 +4,7 @@
 
 # Custom
 .tmp/
+.venv
+.venv/
+.envrc
+.env
@@ -1,5 +1,13 @@
-failure-threshold: warning
+failure-threshold: error
 format: tty
+strict-labels: false
+no-color: false
+no-fail: false
+disable-ignore-pragma: false
+trustedRegistries:
+  - docker.io
+  - ghcr.io
+
 # ignored: [string]
 # label-schema:
 #   author: text
@@ -9,13 +17,8 @@ format: tty
 #   documentation: url
 #   git-revision: hash
 #   license: spdx
-no-color: false
-# no-fail: boolean
 # override:
 #   error: [string]
 #   warning: [string]
 #   info: [string]
 #   style: [string]
-strict-labels: false
-disable-ignore-pragma: false
-trustedRegistries: [docker.io]
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,3 +4,7 @@ @@
     # Custom
     .tmp/
+    .venv
+    .venv/
+    .envrc
+    .env