-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #49 from vshn/add/ci_improvements
Add CI Improvement
- Loading branch information
Showing
14 changed files
with
462 additions
and
118 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
{ | ||
"template": "https://github.com/vshn/appcat-cookiecutter", | ||
"commit": "5309ae05edb3c118e23e64e8ec0bed2b6768ac86", | ||
"checkout": null, | ||
"context": { | ||
"cookiecutter": { | ||
"app_name": "provider-minio", | ||
"component_repo": "vshn/component-appcat", | ||
"push_upbound": true, | ||
"push_package": true, | ||
"push_image": false, | ||
"_copy_without_render": [ | ||
".github/workflows/cruft-update.yml", | ||
".github/changelog-configuration.json" | ||
], | ||
"_template": "https://github.com/vshn/appcat-cookiecutter" | ||
} | ||
}, | ||
"directory": null | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# /.github/workflows/cruft-update.yml | ||
name: Update repository with Cruft | ||
permissions: | ||
contents: write | ||
pull-requests: write | ||
actions: write | ||
on: | ||
schedule: | ||
- cron: "0 * * * *" # Once per hour | ||
workflow_dispatch: {} | ||
|
||
jobs: | ||
update: | ||
runs-on: ubuntu-latest | ||
strategy: | ||
fail-fast: true | ||
matrix: | ||
include: | ||
- add-paths: . | ||
body: Use this to merge the changes to this repository. | ||
branch: cruft/update | ||
commit-message: "chore: accept new Cruft update" | ||
title: New updates detected with Cruft | ||
- add-paths: .cruft.json | ||
body: Use this to reject the changes in this repository. | ||
branch: cruft/reject | ||
commit-message: "chore: reject new Cruft update" | ||
title: Reject new updates detected with Cruft | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
token: ${{ secrets.COMPONENT_ACCESS_TOKEN }} | ||
|
||
- uses: actions/setup-python@v5 | ||
with: | ||
python-version: "3.10" | ||
|
||
- name: Install Cruft | ||
run: pip3 install cruft | ||
|
||
- name: Check if update is available | ||
continue-on-error: false | ||
id: check | ||
run: | | ||
CHANGES=0 | ||
if [ -f .cruft.json ]; then | ||
if ! cruft check; then | ||
CHANGES=1 | ||
fi | ||
else | ||
echo "No .cruft.json file" | ||
fi | ||
echo "has_changes=$CHANGES" >> "$GITHUB_OUTPUT" | ||
- name: Run update if available | ||
if: steps.check.outputs.has_changes == '1' | ||
run: | | ||
git config --global user.email "githubbot@vshn.ch" | ||
git config --global user.name "GitHubBot" | ||
cruft update --skip-apply-ask --refresh-private-variables | ||
git restore --staged . | ||
- name: Create pull request | ||
if: steps.check.outputs.has_changes == '1' | ||
uses: peter-evans/create-pull-request@v6 | ||
with: | ||
token: ${{ secrets.COMPONENT_ACCESS_TOKEN }} | ||
add-paths: ${{ matrix.add-paths }} | ||
commit-message: ${{ matrix.commit-message }} | ||
branch: ${{ matrix.branch }} | ||
delete-branch: true | ||
title: ${{ matrix.title }} | ||
labels: dependency | ||
body: | | ||
This is an autogenerated PR. ${{ matrix.body }} | ||
[Cruft](https://cruft.github.io/cruft/) has detected updates from the Cookiecutter repository. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,217 @@ | ||
name: PR Automation | ||
|
||
on: | ||
pull_request: {} | ||
pull_request_target: | ||
types: | ||
- closed | ||
branches: | ||
- master | ||
|
||
env: | ||
APP_NAME: provider-minio | ||
COMPONENT_REPO: vshn/component-appcat | ||
PUSH_UPBOUND: "True" | ||
PUSH_PACKAGE: "True" | ||
PUSH_IMAGE: "False" | ||
|
||
jobs: | ||
check-labels: | ||
# Act doesn't set a pull request number by default, so we skip if it's 0 | ||
if: github.event.pull_request.number != 0 | ||
name: Check labels | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: docker://agilepathway/pull-request-label-checker:v1.6.51 | ||
with: | ||
one_of: major,minor,patch,documentation,dependency | ||
repo_token: ${{ secrets.GITHUB_TOKEN }} | ||
publish-branch-images: | ||
if: github.event.action != 'closed' | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Determine Go version from go.mod | ||
run: echo "GO_VERSION=$(grep "go 1." go.mod | cut -d " " -f 2)" >> $GITHUB_ENV | ||
|
||
- uses: actions/setup-go@v5 | ||
with: | ||
go-version: ${{ env.GO_VERSION }} | ||
|
||
- uses: actions/cache@v4 | ||
with: | ||
path: ~/go/pkg/mod | ||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | ||
restore-keys: | | ||
${{ runner.os }}-go- | ||
- name: Extract escaped branch name | ||
shell: bash | ||
run: echo "branch=$(echo ${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} | sed 's/\//_/g' )" >> $GITHUB_OUTPUT | ||
id: extract_branch | ||
|
||
- name: Login to GHCR | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.repository_owner }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Build branch and push image | ||
if: env.PUSH_IMAGE == 'true' | ||
run: make docker-push-branchtag -e IMG_TAG="${{ steps.extract_branch.outputs.branch }}" | ||
|
||
- name: Build branch and push package | ||
if: env.PUSH_PACKAGE == 'True' | ||
run: make package-push-branchtag -e IMG_TAG="${{ steps.extract_branch.outputs.branch }}" | ||
|
||
- name: Login to Upbound | ||
if: env.PUSH_UPBOUND == 'true' | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: xpkg.upbound.io | ||
username: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }} | ||
password: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_PSW }} | ||
|
||
- name: Build branch and push package to upbound | ||
if: env.PUSH_UPBOUND == 'true' && env.PUSH_PACKAGE == 'true' | ||
run: make package-push-branchtag -e IMG_TAG="${{ steps.extract_branch.outputs.branch }}" -e IMG_REPO=xpkg.upbound.io | ||
|
||
open-pr-component: | ||
if: github.event.action == 'opened' | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
with: | ||
repository: ${{ env.COMPONENT_REPO }} | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Extract branch name | ||
shell: bash | ||
run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT | ||
id: extract_branch | ||
|
||
- name: Update defaults.yml and create branch | ||
run: | | ||
yq e '.parameters.appcat.images.${{ env.APP_NAME }}.tag="${{ steps.extract_branch.outputs.branch }}"' class/defaults.yml | diff -B class/defaults.yml - | patch class/defaults.yml - || true | ||
git --no-pager diff | ||
- name: Generate new golden | ||
# Act uses the host's docker to run containers, but then | ||
# they can't access the files that were previously cloned. | ||
if: github.event.pull_request.number != 0 | ||
run: | | ||
make gen-golden-all | ||
- name: Create Pull Request | ||
uses: peter-evans/create-pull-request@v6 | ||
with: | ||
token: ${{ secrets.COMPONENT_ACCESS_TOKEN }} | ||
title: 'PR for ${{ env.APP_NAME }} on ${{ steps.extract_branch.outputs.branch }}' | ||
body: "${{ github.event.pull_request.body}}\nLink: ${{ github.event.pull_request.url }}" | ||
branch: "${{ env.APP_NAME }}/${{ github.event.pull_request.number }}/${{ steps.extract_branch.outputs.branch }}" | ||
base: master | ||
draft: false | ||
create-release: | ||
if: github.event.pull_request.merged | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check for patch label | ||
if: contains(github.event.pull_request.labels.*.name, 'patch') || contains(github.event.pull_request.labels.*.name, 'dependency') || contains(github.event.pull_request.labels.*.name, 'documentation') | ||
id: patch | ||
run: | | ||
echo "set=true" >> $GITHUB_OUTPUT | ||
- name: Check for minor label | ||
if: contains(github.event.pull_request.labels.*.name, 'minor') | ||
id: minor | ||
run: | | ||
echo "set=true" >> $GITHUB_OUTPUT | ||
- name: Check for major label | ||
if: contains(github.event.pull_request.labels.*.name, 'major') | ||
id: major | ||
run: | | ||
echo "set=true" >> $GITHUB_OUTPUT | ||
- uses: actions/checkout@v4 | ||
with: | ||
# Make sure we use the right commit to tag | ||
ref: ${{ github.event.pull_request.merge_commit_sha }} | ||
# We also need to use the personal access token here. As subsequent | ||
# actions will not trigger by tags/pushes that use `GITHUB_TOKEN` | ||
# https://github.com/orgs/community/discussions/25702#discussioncomment-3248819 | ||
token: ${{ secrets.COMPONENT_ACCESS_TOKEN }} | ||
# This is broken in checkout@v4... | ||
# https://github.com/actions/checkout/issues/1781 | ||
fetch-tags: true | ||
|
||
- name: fetch tags | ||
run: | | ||
git fetch --tags | ||
echo "latest tag: $(git describe --tags "$(git rev-list --tags --max-count=1)")" | ||
echo "TAG_VERSION=$(git describe --tags "$(git rev-list --tags --max-count=1)")" >> $GITHUB_ENV | ||
- name: Extract branch name | ||
shell: bash | ||
run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT | ||
id: extract_branch | ||
|
||
# We only run this if any of the release tags is set. | ||
# For docs and deps we don't do automagic releases | ||
- name: Increase Tag | ||
id: tag | ||
run: | | ||
patch=${{ steps.patch.outputs.set }} | ||
minor=${{ steps.minor.outputs.set }} | ||
major=${{ steps.major.outputs.set }} | ||
major_ver=$(echo '${{ env.TAG_VERSION }}' | cut -d "." -f1) | ||
minor_ver=$(echo '${{ env.TAG_VERSION }}' | cut -d "." -f2) | ||
patch_ver=$(echo '${{ env.TAG_VERSION }}' | cut -d "." -f3) | ||
major_ver="${major_ver:1}" | ||
# Check for patch label | ||
[ ! -z "$patch" ] && [ -z "$minor" ] && [ -z "$major" ] && ((patch_ver++)) || true | ||
# check for minor label | ||
if [ ! -z "$minor" ] && [ -z "$major" ]; then | ||
((minor_ver++)) | ||
patch_ver=0 | ||
fi | ||
# Check for major label | ||
if [ ! -z "$major" ]; then | ||
((major_ver++)) | ||
minor_ver=0 | ||
patch_ver=0 | ||
fi | ||
tag="v$major_ver.$minor_ver.$patch_ver" | ||
echo "new tag $tag" | ||
git tag $tag | ||
git push --tags | ||
echo tag=$tag >> $GITHUB_OUTPUT | ||
- name: Checkout component | ||
uses: actions/checkout@v4 | ||
with: | ||
repository: ${{ env.COMPONENT_REPO }} | ||
token: ${{ secrets.COMPONENT_ACCESS_TOKEN }} | ||
ref: "${{ env.APP_NAME }}/${{ github.event.pull_request.number }}/${{ steps.extract_branch.outputs.branch }}" | ||
|
||
- name: Update tag and run golden | ||
run: | | ||
yq e '.parameters.appcat.images.${{ env.APP_NAME }}.tag="${{ steps.tag.outputs.tag }}"' class/defaults.yml | diff -B class/defaults.yml - | patch class/defaults.yml - || true | ||
make gen-golden-all | ||
- name: Commit & Push changes | ||
uses: actions-js/push@master | ||
with: | ||
github_token: ${{ secrets.COMPONENT_ACCESS_TOKEN }} | ||
branch: "${{ env.APP_NAME }}/${{ github.event.pull_request.number }}/${{ steps.extract_branch.outputs.branch }}" | ||
message: "Update tag" | ||
repository: ${{ env.COMPONENT_REPO }} | ||
|
Oops, something went wrong.