Merge pull request #2 from pantheon-systems/scaffold-circle

[CMSP-27] Scaffold CircleCI

.circleci/config.yml

@@ -0,0 +1,98 @@
+---
+version: 2.1
+
+executors:
+  go-build:
+    docker:
+      - image: quay.io/getpantheon/go-build
+        auth:
+          username: $QUAY_USER
+          password: $QUAY_PASSWD
+
+commands:
+  save-go-mod-cache:
+    steps:
+      - save_cache:
+          key: v4-dependencies-{{ checksum "go.sum" }}
+          paths:
+            - /go/pkg/mod
+            - /home/circleci/go/pkg/mod
+  restore-go-mod-cache:
+    steps:
+      - restore_cache:
+          keys:
+            - v4-dependencies-{{ checksum "go.sum" }}
+
+  # By default, CircleCI uses ssh, and authenticates as a user with read access to projects, but not write access.
+  # In order for `git push` command to work, we need to have CircleCI use HTTPS with the provided oauth token
+  # instead of ssh (the token is for pantheon-releases which has write access, but the default circle user does not)
+  configure-https-git:
+    steps:
+      - run: git config --global url."https://$GITHUB_TOKEN:[email protected]/pantheon-systems/".insteadOf "[email protected]:pantheon-systems/"
+
+jobs:
+  update-mod-cache:
+    executor: go-build
+    steps:
+      - checkout
+      - restore-go-mod-cache
+      - run: go mod download
+      - save-go-mod-cache
+  # build all the code
+  build:
+    executor: go-build
+    steps:
+      - checkout
+      - restore-go-mod-cache
+      - run: make build
+  # Tests the code
+  test:
+    executor: go-build
+    steps:
+      - checkout
+      - restore-go-mod-cache
+      - run:
+          name: lint and test
+          command: make test-circle
+  # Tag for release
+  release:
+    executor: go-build
+    steps:
+      - checkout
+      - configure-https-git
+      - run: autotag
+      - run: git push --tags
+      - run:
+          name: go releaser
+          command: curl -sL https://git.io/goreleaser | bash -s -- --parallelism=2
+
+workflows:
+  version: 2
+  build-deploy:
+    jobs:
+      - update-mod-cache:
+          context:
+            - docker-executor-auth
+            - sig-go-project
+      - build:
+          context:
+            - docker-executor-auth
+            - sig-go-project
+          requires:
+            - update-mod-cache
+      - test:
+          context:
+            - docker-executor-auth
+            - sig-go-project
+          requires:
+            - update-mod-cache
+      - release:
+          context:
+            - docker-executor-auth
+            - sig-go-release
+          requires:
+            - test
+          filters:
+            branches:
+              only:
+                - main

.gitignore

@@ -0,0 +1,4 @@
+/pyml-validator
+/pyml-validator.yml
+
+.DS_Store

.goreleaser.yml

@@ -0,0 +1,21 @@
+---
+project_name: pyml-validator
+
+# don't compile anything
+builds:
+  - skip: true # TODO: Build for releases.
+
+# configure what shows up in the changelog
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+      - Merge pull request
+      - Merge branch
+
+# make a zip of the source
+# https://goreleaser.com/customization/source/
+source:
+  enabled: true

CODEOWNERS

@@ -0,0 +1,4 @@
+# Code owners. See:
+# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
+
+* @pantheon-systems/cms-platform

Makefile

@@ -0,0 +1,5 @@
+APP := pyml-validator
+
+include devops/make/common.mk
+include devops/make/common-kube.mk
+include devops/make/common-go.mk

devops/make/.circleci/config.yml

@@ -0,0 +1,95 @@
+#
+# This circle.yml builds and tests the utilities in common-makefiles
+# and should not be used as a template for your project.
+#
+---
+version: 2.1
+
+executors:
+  go-build:
+    docker:
+      - image: quay.io/getpantheon/go-build:latest
+        auth:
+          username: $QUAY_USER
+          password: $QUAY_PASSWD
+
+  deploy-toolbox:
+    docker:
+      - image: us-docker.pkg.dev/pantheon-artifacts/internal/deploy-toolbox:latest
+        auth:
+          username: _json_key
+          password: $CIRCLE_CI_COMMON_KEY
+
+commands:
+  # By default, CircleCI uses ssh, and authenticates as a user with read access to projects, but not write access.
+  # In order for `git push` command to work, we need to have CircleCI use HTTPS with the provided oauth token
+  # instead of ssh (the token is for pantheon-releases which has write access, but the default circle user does not)
+  configure-https-git:
+    steps:
+      - run:
+          name: configure github auth
+          command: |
+            # netrc is the preferred way to authenticate and download private go modules
+            echo "machine github.com login $GITHUB_TOKEN" > ~/.netrc
+            git config --global --unset url.ssh://[email protected]
+            git config --global url."https://$GITHUB_TOKEN:[email protected]/pantheon-systems/".insteadOf "[email protected]:pantheon-systems/"
+
+jobs:
+  test-build:
+    executor: go-build
+    steps:
+      - setup_remote_docker
+      - checkout
+      - run: make test-deps-build
+      - run: make test-common-build
+
+  test-deploy:
+    executor: deploy-toolbox
+    steps:
+      - checkout
+      - run: make test-deps-deploy
+      - run: make test-common-deploy
+
+  test-artifact-setup:
+    docker:
+      - image: cimg/go:1.17
+    steps:
+      - checkout
+      - run: make test-vault-gsa-setup
+
+  autotag-release:
+    executor: deploy-toolbox
+    steps:
+      - checkout
+      - configure-https-git
+      - run:
+          name: increment version
+          command: |
+            VERSION_TAG=$(autotag) && git push origin "v${VERSION_TAG}"
+
+workflows:
+  version: 2
+  primary:
+    jobs:
+      - test-build:
+          context:
+            - sig-go-release
+            - docker-executor-auth
+      - test-deploy:
+          context:
+            - sig-go-release
+            - docker-executor-auth
+            - gcp-credentials-ar-ci
+      - test-artifact-setup:
+          context:
+            - sig-go-release
+            - docker-executor-auth
+      - autotag-release:
+          context:
+            - sig-go-release
+            - docker-executor-auth
+            - gcp-credentials-ar-ci
+          filters:
+            branches:
+              only:
+                - master

devops/make/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,18 @@
+## Summary
+_1-2 line summary of changes_
+
+## Changes
+_Please enter each change as a new bullet point_
+
+## Issue IDs
+_Please mention any GIT Issues related to the change_
+
+## Breaking Changes / Backwards Compatibility
+_Are these changes backwards compatible for existing repos using common-make?_
+_If not how can you make them backwards compatible or what is the communications plan to advise squads on detailed steps they need to take?_
+
+## Documentation
+
+- [ ] If this introduces new features or new behavior, update documentation (README.md)
+- [ ] Consider adding example usage to the README.md, especially for non-trivial or non-obvious feature additions
+- [ ] If the README was updated, run `make update-readme-toc` to re-generate the TOC

devops/make/.gitignore

@@ -0,0 +1,6 @@
+.DS_Store
+
+common_makefiles
+shellcheck
+*.swp
+/common-make

devops/make/CODEOWNERS

@@ -0,0 +1,7 @@
+# https://help.github.com/en/articles/about-code-owners
+
+* @pantheon-systems/engops
+
+# owned by #sig-go
+*.go         @pantheon-systems/sig-go
+common-go.mk @pantheon-systems/sig-go

devops/make/Dockerfile

@@ -0,0 +1,3 @@
+FROM scratch
+
+COPY Dockerfile /

devops/make/Makefile

@@ -0,0 +1,74 @@
+APP=common-make
+
+ifeq ($(CIRCLE_BRANCH), master)
+export CIRCLE_BRANCH := notmaster
+export BRANCH := notmaster
+endif
+
+include common.mk
+include common-docs.mk
+include common-go.mk
+include common-docker.mk
+include common-shell.mk
+include common-kube.mk
+include common-pants.mk
+
+# Required Input Variables for common-python and a default value
+PYTHON_PACKAGE_NAME=dummy
+TEST_RUNNER=trial
+include common-python.mk
+
+# Required Input Variables for common-conda and a default value
+CONDA_PACKAGE_NAME=dummy
+CONDA_PACKAGE_VERSION=0.0.1
+include common-conda.mk
+
+test-deps-build: deps-circle-shell deps-go
+test-common-build: test-shell test-readme-toc test-common-docker test-common-docker-ar test-common-go
+
+test-deps-deploy: deps-circle-kube
+test-common-deploy: test-common-kube test-common-pants
+
+test-common-kube: test-common-kube-lint
+	$(MAKE) -f test/make/kube.mk test-common-kube
+
+test-common-kube-lint:
+	$(MAKE) -f test/make/kube.mk test-common-kube-lint | grep "SKIP_KUBEVAL"
+
+test-common-pants:
+	$(MAKE) -f test/make/pants.mk test-common-pants
+# go again to make sure that sandbox reuse works
+	$(MAKE) -f test/make/pants.mk test-common-pants
+	$(MAKE) -f test/make/pants.mk delete-pants-sandbox
+
+test-common-lint:
+	$(call INFO, "running common make tests $(KUBE_NAMESPACE)")
+	@! make test-common --warn-undefined-variables --just-print 2>&1 >/dev/null | grep warning
+
+test-gcloud-setup:
+	$(call INFO, "testing gcloud setup")
+	sh/setup-gcloud-test.sh
+
+test-common-docker:
+	$(call INFO, "testing common-docker")
+	$(MAKE) -f test/make/docker.mk test-common-docker
+
+test-common-docker-ar:
+	$(call INFO, "testing common-docker with Artifact Registry")
+	$(MAKE) -f test/make/docker-ar.mk test-common-docker
+
+test-vault-gsa-setup:
+	sh/setup-circle-vault.sh
+
+prepare-go-path:
+	mkdir -p $(GOPATH)/src/_/$(shell pwd)/test/fixtures
+	ln -sf $(shell pwd)/test/fixtures/golang $(GOPATH)/src/_/$(shell pwd)/test/fixtures
+	ln -sf $(shell pwd)/main.go $(GOPATH)/src/_/$(shell pwd)/
+
+test-common-go:
+	$(call INFO, "testing common go")
+test-common-go: prepare-go-path test-statically-linked-with-cgo-for-tests
+
+test-statically-linked-with-cgo-for-tests:
+	$(MAKE) test-go build-linux
+	file $(APP) | grep 'statically linked'