Merge branch 'puzzle:master' into olibrian-ptime-doc

puzzle · Feb 22, 2024 · d127692 · d127692
2 parents 05929a3 + 9e9b30e
commit d127692
Show file tree

Hide file tree

Showing 634 changed files with 14,492 additions and 12,383 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,46 @@
+# Ignore bundler config.
+/.bundle
+
+# Ignore the default SQLite database.
+/db/*.sqlite3
+/db/*.sqlite3-journal
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/tmp/.keep
+!/log/.keep
+
+# Puma is unhappy without this
+!/tmp/pids
+/tmp/pids/*
+!/tmp/pids/.keep
+
+# Ignore uploaded files in development
+/storage/*
+!/storage/.keep
+
+/node_modules
+/yarn-error.log
+
+/public/assets
+.byebug_history
+
+# Ignore master key for decrypting credentials and more.
+/config/master.key
+
+# Ignore public uploads
+public/uploads
+
+# Ignore changed bundle binstub
+bin/bundle
+
+# Ignore local environment variables file
+.env.local
+.envrc
+
+# Ignore local gems
+vendor/bundle/**/
+
+.git/
+.github/
diff --git a/.github/workflows/build-manual.yaml b/.github/workflows/build-manual.yaml
@@ -0,0 +1,40 @@
+name: 'Manual build without tests'
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Environment to build in'
+        required: true
+        type: choice
+        options:
+          - pitc-ptime-int
+          - pitc-ptime-prod
+          - pude-ptime-prod
+        default: 'pitc-ptime-int'
+      project_name:
+        description: 'Project to build for'
+        required: true
+        type: choice
+        options:
+          - pitc-ptime-int
+          - pitc-ptime-prod
+          - pude-ptime-prod
+        default: 'pitc-ptime-int'
+      push:
+        description: 'Should we push the image to the registry?'
+        required: true
+        type: boolean
+        default: true
+
+jobs:
+  build-dispatch:
+    uses: ./.github/workflows/reusable-build.yaml
+    with:
+      environment: ${{ inputs.environment }}
+      project_name: ${{ inputs.project_name  }}
+      push: ${{ inputs.push }}
+      registry: registry.puzzle.ch
+    secrets:
+      PUZZLE_REGISTRY_USERNAME: ${{ secrets.PUZZLE_REGISTRY_USERNAME }}
+      PUZZLE_REGISTRY_TOKEN: ${{ secrets.PUZZLE_REGISTRY_TOKEN }}
diff --git a/.github/workflows/build-on-push.yaml b/.github/workflows/build-on-push.yaml
@@ -0,0 +1,82 @@
+name: 'Lint, test and image build on push'
+
+on:
+  push:
+    branches:
+      - master
+    paths-ignore:
+      - 'doc/**'
+      - '**.md'
+
+jobs:
+  lint:
+    uses: ./.github/workflows/reusable-lint.yaml
+
+  test:
+    uses: ./.github/workflows/reusable-test.yaml
+
+  build-int:
+    needs: [lint, test]
+    uses: ./.github/workflows/reusable-build.yaml
+    with:
+      environment: pitc-ptime-int
+      project_name: pitc-ptime-int
+      push: true
+      registry: registry.puzzle.ch
+    secrets:
+      PUZZLE_REGISTRY_USERNAME: ${{ secrets.PUZZLE_REGISTRY_USERNAME }}
+      PUZZLE_REGISTRY_TOKEN: ${{ secrets.PUZZLE_REGISTRY_TOKEN }}
+
+  sbom-int:
+    needs: build-int
+    uses: ./.github/workflows/reusable-sbom.yaml
+    with:
+      project_name: pitc-ptime-int
+      artifact-prefix: int-
+    secrets:
+      dependency_track_url: ${{ secrets.DEPTRACK_URL }}
+      dependency_track_api_key: ${{ secrets.DEPTRACK_API_KEY }}
+
+  build-prod:
+    needs: [lint, test]
+    uses: ./.github/workflows/reusable-build.yaml
+    with:
+      environment: pitc-ptime-prod
+      project_name: pitc-ptime-prod
+      push: true
+      registry: registry.puzzle.ch
+    secrets:
+      PUZZLE_REGISTRY_USERNAME: ${{ secrets.PUZZLE_REGISTRY_USERNAME }}
+      PUZZLE_REGISTRY_TOKEN: ${{ secrets.PUZZLE_REGISTRY_TOKEN }}
+
+  sbom-prod:
+    needs: build-prod
+    uses: ./.github/workflows/reusable-sbom.yaml
+    with:
+      project_name: pitc-ptime-prod
+      artifact-prefix: prod-
+    secrets:
+      dependency_track_url: ${{ secrets.DEPTRACK_URL }}
+      dependency_track_api_key: ${{ secrets.DEPTRACK_API_KEY }}
+
+  build-pude:
+    needs: [lint, test]
+    uses: ./.github/workflows/reusable-build.yaml
+    with:
+      environment: pude-ptime-prod
+      project_name: pude-ptime-prod
+      push: true
+      registry: registry.puzzle.ch
+    secrets:
+      PUZZLE_REGISTRY_USERNAME: ${{ secrets.PUZZLE_REGISTRY_USERNAME }}
+      PUZZLE_REGISTRY_TOKEN: ${{ secrets.PUZZLE_REGISTRY_TOKEN }}
+
+  sbom-pude:
+    needs: build-pude
+    uses: ./.github/workflows/reusable-sbom.yaml
+    with:
+      project_name: pude-ptime-prod
+      artifact-prefix: pude-
+    secrets:
+      dependency_track_url: ${{ secrets.DEPTRACK_URL }}
+      dependency_track_api_key: ${{ secrets.DEPTRACK_API_KEY }}
diff --git a/.github/workflows/code-style-review.yaml b/.github/workflows/code-style-review.yaml
diff --git a/.github/workflows/rails-tests.yaml b/.github/workflows/rails-tests.yaml
diff --git a/.github/workflows/reusable-build.yaml b/.github/workflows/reusable-build.yaml
@@ -0,0 +1,55 @@
+name: 'Reusable: Build and push image'
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        description: "Environment to run in"
+        type: string
+        required: true
+      project_name:
+        description: "Project name, e.g. pitc-ptime-int"
+        type: string
+        required: true
+      push:
+        description: "Build and debug things without pushing to the registry"
+        type: boolean
+        default: false
+      registry:
+        description: 'FQDN of the registry'
+        type: string
+        required: true
+
+    secrets:
+      PUZZLE_REGISTRY_USERNAME:
+        description: 'Needed for the registry login'
+        required: true
+      PUZZLE_REGISTRY_TOKEN:
+        description: 'Needed for the registry login'
+        required: true
+
+jobs:
+  build:
+    environment: ${{ inputs.environment }}
+    runs-on: 'ubuntu-latest'
+    steps:
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ inputs.registry }}
+          username: ${{ secrets.PUZZLE_REGISTRY_USERNAME }}
+          password: ${{ secrets.PUZZLE_REGISTRY_TOKEN }}
+      - uses: docker/build-push-action@v4
+        with:
+          file: Dockerfile
+          build-args: |
+            BUILD_REPO=$GITHUB_REPOSITORY
+            BUILD_REF=$GITHUB_REF_NAME
+            BUILD_COMMIT=$GITHUB_SHA
+          target: app
+          tags: |
+            ${{ inputs.registry }}/ptime/${{ inputs.project_name }}:latest
+            ${{ inputs.registry }}/ptime/${{ inputs.project_name }}:${{ github.sha }}
+          push: ${{ inputs.push }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.github/workflows/reusable-lint.yaml b/.github/workflows/reusable-lint.yaml
@@ -0,0 +1,38 @@
+name: 'Code Style Review'
+
+on:
+  workflow_call:
+
+jobs:
+  lint:
+    runs-on: 'ubuntu-latest'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - uses: reviewdog/action-rubocop@v2
+        with:
+          rubocop_version: gemfile
+          rubocop_extensions: rubocop-minitest:gemfile rubocop-performance:gemfile rubocop-rails:gemfile
+          reporter: github-pr-review
+          level: error
+
+      - run: 'gem install haml-lint'
+
+      - uses: reviewdog/action-setup@v1
+
+      - name: 'Run Reviewdog HAML-Lint'
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }}
+        run: |
+          haml-lint |
+          reviewdog \
+          -efm="%f:%l %m" \
+          -name="HAML-Lint" \
+          -reporter=github-pr-review \
+          -level=error \
+          -diff="git diff $DIFF_BRANCH"