From 4d14b8ae2614b9ed1e5a9d45b5612eb2cdffe881 Mon Sep 17 00:00:00 2001 From: Frederic Leger Date: Sat, 28 Dec 2024 12:48:10 +0100 Subject: [PATCH] ci: first implementation --- .github/FUNDING.yml | 6 + .github/ISSUE_TEMPLATE/bug_report.md | 26 ++++ .github/ISSUE_TEMPLATE/feature_request.md | 17 +++ .github/dependabot.yml | 34 +++++ .github/release-drafter.yml | 78 ++++++++++++ .github/workflows/__shared-ci.yml | 57 +++++++++ .github/workflows/main-ci.yml | 27 ++++ .github/workflows/pull-request-ci.yml | 37 ++++++ .github/workflows/release.yml | 144 ++++++++++++++++++++++ .github/workflows/stale.yml | 24 ++++ .tool-versions | 9 +- 11 files changed, 457 insertions(+), 2 deletions(-) create mode 100644 .github/FUNDING.yml create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/dependabot.yml create mode 100644 .github/release-drafter.yml create mode 100644 .github/workflows/__shared-ci.yml create mode 100644 .github/workflows/main-ci.yml create mode 100644 .github/workflows/pull-request-ci.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/stale.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..971b794 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,6 @@ +# These are supported funding model platforms + +github: +- fredleger +- neilime +patreon: webofmars diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..1515c59 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,26 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Kubernetes (please complete the following information):** + - Kubernetes version [`kubectl version --short`] + +**HRE pod logs** +`kubectl logs hre-xxxxxxx` + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..df09be8 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,34 @@ +# .github/dependabot.yml +version: 2 +updates: + + - package-ecosystem: "github-actions" + directories: + - "/" + open-pull-requests-limit: 3 + labels: + - "github_actions" + schedule: + interval: "weekly" + day: friday + time: '04:00' + + - package-ecosystem: "docker" + directory: "/" + open-pull-requests-limit: 3 + labels: + - "docker" + schedule: + interval: "weekly" + day: friday + time: '04:10' + + - package-ecosystem: "pip" + directory: "/" + open-pull-requests-limit: 3 + labels: + - "pip" + schedule: + interval: "weekly" + day: friday + time: '04:20' diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..5497e1a --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,78 @@ +template: | + ## What's Changed + + $CHANGES + + ## Full Changelog + + - https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...$RESOLVED_VERSION +name-template: "Version $RESOLVED_VERSION" +tag-template: "$RESOLVED_VERSION" + +categories: + - title: '๐Ÿš€ Features' + labels: + - 'feature' + - 'feat' + - title: '๐Ÿ› Bug Fixes' + labels: + - 'fix' + - 'bugfix' + - 'bug' + - title: '๐Ÿงฐ Maintenance' + label: 'chore' + - title: '๐Ÿ“š Documentation' + label: 'docs' + - title: '๐Ÿงช Tests' + label: 'test' + - title: '๐Ÿท๏ธ Version Tags' + label: 'version' + - title: '๐Ÿ”– Release Tags' + label: 'release' + - title: '๐Ÿงฉ Dependencies' + label: 'dependencies' + - title: '๐Ÿ”’ Security' + label: 'security' + - title: '๐Ÿšจ Breaking Changes' + label: 'breaking' + - title: '๐Ÿงน Code Cleanup' + label: 'cleanup' + - title: '๐Ÿ”ง Config' + label: 'config' + - title: '๐Ÿ“ฆ Packages' + label: 'package' + - title: '๐Ÿ”ฅ Removals' + label: 'removal' + - title: '๐Ÿšง Work In Progress' + label: 'wip' + - title: '๐Ÿ”€ Merges' + label: 'merge' + - title: '๐ŸŽจ Style' + label: 'style' + - title: '๐Ÿ”Š Logging' + label: 'logging' + - title: '๐Ÿ”‡ Silence' + label: 'silence' + - title: '๐Ÿค– CI/CD' + label: 'ci' + +version-resolver: + major: + labels: + - "release-major" + minor: + labels: + - "release-minor" + patch: + labels: + - "release-patch" + default: patch + +autolabeler: + - label: "release-major" + title: + - "/^BREAKING CHANGE:/" + - label: "release-minor" + title: + - "/^feat:/" + - "/^feat\\(.+\\):/" diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml new file mode 100644 index 0000000..3500fe3 --- /dev/null +++ b/.github/workflows/__shared-ci.yml @@ -0,0 +1,57 @@ +name: Internal - Common Continuous Integration tasks + +on: + workflow_call: + inputs: + tag: + description: "Tag Version (semver - x.x.x)" + type: string + required: false + outputs: + built-images: + value: ${{ jobs.docker-build-images.outputs.built-images }} + +jobs: + + chart-testing: + name: "Tests: helm chart" + runs-on: self-hosted + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Install tools with asdf + uses: asdf-vm/actions/install@v3 + - uses: actions/setup-python@v5 + with: + python-version: '3.12' + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.6.1 + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "INFO: The chart has changes compared to the default branch" + echo "changed=true" >> "$GITHUB_OUTPUT" + else + echo "INFO: The chart has no changes compared to the default branch" + fi + - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} + - name: Create kind cluster + if: steps.list-changed.outputs.changed == 'true' + uses: helm/kind-action@v1.11.0 + - name: Run chart-testing (install) + if: steps.list-changed.outputs.changed == 'true' + run: | + ct install \ + --target-branch ${{ github.event.repository.default_branch }} \ + --wait" + - name: show pods + if: steps.list-changed.outputs.changed == 'true' + run: | + sleep 10 + kubectl get pods -A diff --git a/.github/workflows/main-ci.yml b/.github/workflows/main-ci.yml new file mode 100644 index 0000000..076b1e0 --- /dev/null +++ b/.github/workflows/main-ci.yml @@ -0,0 +1,27 @@ +name: Main - Continuous Integration + +on: + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + + ci: + name: Continuous Integration + uses: ./.github/workflows/__shared-ci.yml + permissions: + actions: write + contents: read + id-token: write + issues: read + packages: write + pull-requests: read + secrets: inherit diff --git a/.github/workflows/pull-request-ci.yml b/.github/workflows/pull-request-ci.yml new file mode 100644 index 0000000..78cda07 --- /dev/null +++ b/.github/workflows/pull-request-ci.yml @@ -0,0 +1,37 @@ +name: Pull request - Continuous Integration + +on: + pull_request: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + + pull-request-labeler: + name: Pull request labeler + runs-on: self-hosted + permissions: + contents: write + pull-requests: write + steps: + - uses: release-drafter/release-drafter@v6 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + disable-releaser: true + + ci: + name: Continuous Integration + uses: ./.github/workflows/__shared-ci.yml + permissions: + actions: write + contents: read + id-token: write + issues: read + packages: write + pull-requests: read + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..2a361a8 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,144 @@ +name: ๐Ÿš€ Release + +on: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + + check-branches: + name: Check branches + runs-on: self-hosted + steps: + - name: Check branch + run: | + if [[ "${{ github.ref_name }}" != "${{ github.event.repository.default_branch }}" ]]; then + echo "This action can only be run on the ${{ github.event.repository.default_branch }} branch" + exit 1 + fi + + update_release_draft: + name: Draft a new release + # we want to publish a new tag only if ci succeeds + needs: check-branches + permissions: + contents: write + pull-requests: write + runs-on: self-hosted + outputs: + latestRelease: ${{ steps.update_release_draft.outputs.tag_name }} + steps: + # create a new release + - id: update_release_draft + uses: release-drafter/release-drafter@v6 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + publish: true + disable-autolabeler: true + + ci: + needs: update_release_draft + name: Continuous Integration + uses: ./.github/workflows/__shared-ci.yml + with: + tag: ${{ needs.update_release_draft.outputs.latestRelease }} + permissions: + actions: write + contents: read + id-token: write + issues: read + packages: write + pull-requests: read + secrets: inherit + + helm-publish: + name: "Helm: push chart to OCI registry" + needs: [update_release_draft, ci] + runs-on: self-hosted + steps: + # Get a local copy of the code + - uses: actions/checkout@v4 + + # install tools with asdf + - name: install tools with asdf + uses: asdf-vm/actions/install@v3 + + - name: login to OCI registry + run: | + echo "+ login to OCI registry" + helm registry login ${OCI_REGISTRY} -u "${OCI_REGISTRY_USERNAME}" -p "${OCI_REGISTRY_PASSWORD}" + env: + OCI_REGISTRY: ghcr.io + OCI_REGISTRY_USERNAME: ${{ github.actor }} + OCI_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + + - name: update helm chart version + run: | + cd "${CHART_PATH}" + echo "+ update helm chart version" + sed -i "s/version: .*/version: ${VERSION}/g" Chart.yaml + sed -i "s/appVersion: .*/appVersion: ${VERSION}/g" Chart.yaml + env: + CHART_PATH: ${{github.workspace}}/helm/chart + VERSION: ${{ needs.update_release_draft.outputs.latestRelease }} + + - name: update helm chart docs + uses: losisin/helm-docs-github-action@v1.3.5 + with: + chart-search-root: helm/chart + git-push: "false" + + - name: update helm values schema json + uses: losisin/helm-values-schema-json-action@v1.3.0 + with: + input: helm/chart/values.yaml + + - uses: hoverkraft-tech/ci-github-common/actions/create-and-merge-pull-request@0.15.0 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + branch: release-chart-${{ needs.update_release_draft.outputs.latestRelease }} + title: "ci: release chart ${{ needs.update_release_draft.outputs.latestRelease }}" + body: Release app and chart version ${{ needs.update_release_draft.outputs.latestRelease }} + commit-message: | + ci: release chart ${{ needs.update_release_draft.outputs.latestRelease }} + + [skip ci] + + - name: refresh main branch + run: | + set -x + echo "refreshing current branch" + git config --global user.name "${GITHUB_ACTOR}" + git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com" + git fetch --all + git checkout ${BRANCH_NAME} + git pull --rebase + echo "commit id: $(git rev-parse --short HEAD)" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BRANCH_NAME: ${{ github.head_ref || github.ref_name }} + + # Push the chart + - name: push helm chart to OCI registry + uses: hoverkraft-tech/helm-push@v5.0.0 + with: + useOCIRegistry: true + username: ${{ env.OCI_REGISTRY_USERNAME }} + # NOTE: access-token is the password for OCI registry + # cf https://github.com/bsord/helm-push/blob/5ec3320fb5720a0a5aa210d871999f2b836f2d97/entrypoint.sh#L37 + access-token: ${{ env.OCI_REGISTRY_PASSWORD }} + registry-url: oci://${{ env.OCI_REGISTRY }}/${{ env.OCI_REGISTRY_CHART_REPOSITORY }} + chart-folder: helm/chart + force: true + update-dependencies: true + version: ${{ needs.update_release_draft.outputs.latestRelease }} + appVersion: ${{ needs.update_release_draft.outputs.latestRelease }} + env: + OCI_REGISTRY: ghcr.io + OCI_REGISTRY_USERNAME: ${{ github.actor }} + OCI_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + OCI_REGISTRY_CHART_REPOSITORY: 'hoverkraft-tech/charts' diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..918f6b7 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,24 @@ +name: Mark stale issues and pull requests + +on: + schedule: + - cron: "30 1 * * *" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + stale: + runs-on: self-hosted + + steps: + - uses: actions/stale@v9.0.0 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-issue-message: "This issue is stale" + stale-pr-message: "This PR is stale" + stale-issue-label: "no-issue-activity" + exempt-issue-labels: "awaiting-approval,work-in-progress" + stale-pr-label: "no-pr-activity" + exempt-pr-labels: "awaiting-approval,work-in-progress" diff --git a/.tool-versions b/.tool-versions index aae4b18..70096a8 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,2 +1,7 @@ -helm-ct 3.11.0 -helm 3.16.3 +github-cli 2.58.0 +helm 3.14.3 +helm-ct 3.10.1 +helm-docs 1.14.2 +kubeconform 0.6.4 +kubectl 1.30.5 +cosign 2.0.2