ci(dhall): build the github actions workflows with dhall 🏗 (#591)

.bats/common.bats.bash

@@ -0,0 +1,27 @@
+#
+
+common::setup() {
+  load "${BATS_ROOT}/../bats-support/load.bash"
+
+  load "${BATS_ROOT}/../bats-assert/load.bash"
+  load "${BATS_ROOT}/../bats-file/load.bash"
+
+  # NODE(douglasduteil): manual bail mode
+  [ ! -f "${BATS_PARENT_TMPNAME}.skip" ] || skip "skip remaining tests"
+}
+
+
+common::teardown() {
+  # NODE(douglasduteil): manual bail mode
+  [ -n "$BATS_TEST_COMPLETED" ] || touch "${BATS_PARENT_TMPNAME}.skip"
+}
+
+#
+
+setup() {
+  common::setup
+}
+
+teardown() {
+  common::teardown
+}

.editorconfig

@@ -19,3 +19,6 @@ insert_final_newline = true
 
 [*.md]
 trim_trailing_whitespace = false
+
+[Makefile]
+indent_style = tab

.github/dhall/jobs/ContainerTest.dhall

@@ -0,0 +1,42 @@
+let GithubActions =
+      https://raw.githubusercontent.com/SocialGouv/.github/master/dhall/github-actions/package.dhall sha256:327d499ebf1ec63e5c3b0b0d5285b78a07be4ad1a941556eb35f67547004545f
+
+let SocailGouvSteps =
+      https://raw.githubusercontent.com/SocialGouv/.github/master/dhall/socialgouv/steps.dhall sha256:4428b6517f7b8677a4b93205111c25ae9c2010428677c1b198d5d690216f28e5
+
+let ContainerTest =
+      λ(args_0 : { package : Text }) →
+        GithubActions.Job::{
+        , name = Some "Container Test"
+        , needs = Some [ "Build" ]
+        , runs-on = GithubActions.RunsOn.Type.ubuntu-latest
+        , steps =
+          [ GithubActions.steps.actions/checkout
+          , SocailGouvSteps.container-structure-test.`v1.10.0`
+              (     " "
+                ++  " --config ${args_0.package}/tests/container-structure-test.yml -v debug"
+                ++  " --image ghcr.io/socialgouv/docker/${args_0.package}@\${{ needs.Build.outputs.digest }}"
+                ++  " --pull"
+              )
+          ]
+        }
+
+let __test__foo =
+        assert
+      :   ContainerTest { package = "foo" }
+        ≡ GithubActions.Job::{
+          , name = Some "Container Test"
+          , needs = Some [ "Build" ]
+          , runs-on = GithubActions.RunsOn.Type.ubuntu-latest
+          , steps =
+            [ GithubActions.steps.actions/checkout
+            , SocailGouvSteps.container-structure-test.`v1.10.0`
+                (     " "
+                  ++  " --config foo/tests/container-structure-test.yml -v debug"
+                  ++  " --image ghcr.io/socialgouv/docker/foo@\${{ needs.Build.outputs.digest }}"
+                  ++  " --pull"
+                )
+            ]
+          }
+
+in  ContainerTest

.github/dhall/jobs/DockerBuild.dhall

@@ -0,0 +1,40 @@
+let GithubActions =
+      https://raw.githubusercontent.com/SocialGouv/.github/master/dhall/github-actions/package.dhall sha256:327d499ebf1ec63e5c3b0b0d5285b78a07be4ad1a941556eb35f67547004545f
+
+let SocailGouvSteps =
+      https://raw.githubusercontent.com/SocialGouv/.github/master/dhall/socialgouv/steps.dhall sha256:4428b6517f7b8677a4b93205111c25ae9c2010428677c1b198d5d690216f28e5
+
+in  λ(package : Text) →
+      GithubActions.Job::{
+      , name = Some "Build"
+      , runs-on = GithubActions.RunsOn.Type.ubuntu-latest
+      , needs = Some [ "Lint" ]
+      , outputs = Some
+          (toMap { digest = "\${{ steps.docker_push.outputs.digest }}" })
+      , steps =
+        [ GithubActions.steps.actions/checkout
+        ,   SocailGouvSteps.docker-meta { image_name = package }
+          ⫽ { id = Some "docker_meta" }
+        , SocailGouvSteps.docker-buildx ⫽ { id = Some "docker_buildx" }
+        , SocailGouvSteps.docker-login
+        , GithubActions.steps.actions/cache
+            { path = "/tmp/.buildx-cache"
+            , key = "${package}-buildx"
+            , hashFiles = [ "${package}/Dockerfile" ]
+            }
+        ,   SocailGouvSteps.docker-build-push
+              { cache_path = "/tmp/.buildx-cache"
+              , context = package
+              , docker_buildx_step_id = "docker_buildx"
+              , docker_meta_step_id = "docker_meta"
+              }
+          ⫽ { id = Some "docker_push" }
+        , GithubActions.Step::{
+          , name = Some "Image digest"
+          , run = Some
+              ''
+              echo "''${{ steps.docker_push.outputs.digest }}"
+              ''
+          }
+        ]
+      }

.github/dhall/jobs/Hadolint.dhall

@@ -0,0 +1,35 @@
+let GithubActions =
+      https://raw.githubusercontent.com/SocialGouv/.github/master/dhall/github-actions/package.dhall sha256:327d499ebf1ec63e5c3b0b0d5285b78a07be4ad1a941556eb35f67547004545f
+
+let HadolintJob =
+      λ(package : Text) →
+        GithubActions.Job::{
+        , name = Some "Lint"
+        , runs-on = GithubActions.RunsOn.Type.ubuntu-latest
+        , container = Some "hadolint/hadolint:v1.22.1-alpine"
+        , steps =
+          [ GithubActions.steps.actions/checkout
+          , GithubActions.Step::{
+            , run = Some "hadolint ./Dockerfile"
+            , working-directory = Some package
+            }
+          ]
+        }
+
+let __test__foo =
+        assert
+      :   HadolintJob "foo"
+        ≡ GithubActions.Job::{
+          , name = Some "Lint"
+          , runs-on = GithubActions.RunsOn.Type.ubuntu-latest
+          , container = Some "hadolint/hadolint:v1.22.1-alpine"
+          , steps =
+            [ GithubActions.steps.actions/checkout
+            , GithubActions.Step::{
+              , run = Some "hadolint ./Dockerfile"
+              , working-directory = Some "foo"
+              }
+            ]
+          }
+
+in  HadolintJob

.github/dhall/jobs/Inception.dhall

@@ -0,0 +1,32 @@
+let GithubActions =
+      https://raw.githubusercontent.com/SocialGouv/.github/master/dhall/github-actions/package.dhall sha256:327d499ebf1ec63e5c3b0b0d5285b78a07be4ad1a941556eb35f67547004545f
+
+let InceptionJob =
+      λ(args_0 : { package : Text }) →
+      λ(args_1 : { name : Text, steps : List GithubActions.types.Step }) →
+        GithubActions.Job::{
+        , name = Some args_1.name
+        , needs = Some [ "Build" ]
+        , runs-on = GithubActions.RunsOn.Type.ubuntu-latest
+        , container = Some
+            "docker://ghcr.io/socialgouv/docker/${args_0.package}:sha-\${{ github.sha }}"
+        , steps = args_1.steps
+        }
+
+let __test__foo =
+        assert
+      :   InceptionJob
+            { package = "foo" }
+            { name = "Test foo version"
+            , steps = [ GithubActions.Step::{ run = Some "foo --version" } ]
+            }
+        ≡ GithubActions.Job::{
+          , name = Some "Test foo version"
+          , needs = Some [ "Build" ]
+          , runs-on = GithubActions.RunsOn.Type.ubuntu-latest
+          , container = Some
+              "docker://ghcr.io/socialgouv/docker/foo:sha-\${{ github.sha }}"
+          , steps = [ GithubActions.Step::{ run = Some "foo --version" } ]
+          }
+
+in  InceptionJob

.github/dhall/steps/crazy-max/ghaction-docker-meta/Input.dhall

@@ -0,0 +1,69 @@
+{-
+This dhall input is mapping a fixed version of the crazy-max/ghaction-docker-meta
+https://github.com/crazy-max/ghaction-docker-meta/tree/v2.3.0
+commit/2e1a5c7fa42123697f82d479b551a1bbdb1bef88
+-}
+let Input/Required = { images : Text }
+
+let Input/Optional =
+      { github-token : Optional Text
+      , flavor : Optional Text
+      , labels : Optional Text
+      , sep-labels : Optional Text
+      , sep-tags : Optional Text
+      , tags : Optional Text
+      }
+
+let Input/default =
+      { github-token = None Text
+      , flavor = None Text
+      , labels = None Text
+      , sep-labels = None Text
+      , sep-tags = None Text
+      , tags = None Text
+      }
+
+let Input/Type = Input/Required ⩓ Input/Optional
+
+let Input = { Type = Input/Type, default = Input/default }
+
+let __test__basic_input =
+        assert
+      :   Input::{ images = "name/app" }
+        ≡ { flavor = None Text
+          , github-token = None Text
+          , images = "name/app"
+          , labels = None Text
+          , sep-labels = None Text
+          , sep-tags = None Text
+          , tags = None Text
+          }
+
+let __test__semver_input =
+        assert
+      :   Input::{
+          , images = "name/app"
+          , tags = Some
+              ''
+              type=ref,event=branch
+              type=ref,event=pr
+              type=semver,pattern={{version}}
+              type=semver,pattern={{major}}.{{minor}}
+              ''
+          }
+        ≡ { flavor = None Text
+          , github-token = None Text
+          , images = "name/app"
+          , labels = None Text
+          , sep-labels = None Text
+          , sep-tags = None Text
+          , tags = Some
+              ''
+              type=ref,event=branch
+              type=ref,event=pr
+              type=semver,pattern={{version}}
+              type=semver,pattern={{major}}.{{minor}}
+              ''
+          }
+
+in  Input

.github/dhall/steps/crazy-max/ghaction-docker-meta/action.dhall

@@ -0,0 +1,64 @@
+let GithubActions =
+      https://raw.githubusercontent.com/SocialGouv/.github/master/dhall/github-actions/package.dhall sha256:327d499ebf1ec63e5c3b0b0d5285b78a07be4ad1a941556eb35f67547004545f
+
+let Input =
+      ./Input.dhall sha256:0f0b7f02193300dd1fb74da365542d2244ad42b5c5b5cbb22968552dfb62fae8
+
+let utils =
+      ../../utils.dhall sha256:52b53ac4f7bfc0ac42b2147a16166eea9b4ed92ab303c1e6ba255c450747d3da
+
+let step
+    : ∀(ref : Text) → ∀(opts : Input.Type) → GithubActions.Step.Type
+    = λ(ref : Text) →
+      λ(opts : Input.Type) →
+        GithubActions.Step::{
+        , uses = Some "crazy-max/ghaction-docker-meta@${ref}"
+        , `with` = Some
+            ( utils.withInputs
+                (toMap opts.{ images })
+                ( toMap
+                    (opts ⫽ { images = None Text, action_version = None Text })
+                )
+            )
+        }
+
+let __test__minimal =
+        assert
+      :   step "vX.Y.Z" Input::{ images = "ghcr.io/foo/bar" }
+        ≡ GithubActions.Step::{
+          , uses = Some "crazy-max/[email protected]"
+          , `with` = Some (toMap { images = "ghcr.io/foo/bar" })
+          }
+
+let __test__tags_options =
+        assert
+      :   step
+            "vX.Y.Z"
+            Input::{ images = "ghcr.io/foo/bar", tags = Some "vX.Y.Z" }
+        ≡ GithubActions.Step::{
+          , uses = Some "crazy-max/[email protected]"
+          , `with` = Some
+            [ { mapKey = "tags", mapValue = "vX.Y.Z" }
+            , { mapKey = "images", mapValue = "ghcr.io/foo/bar" }
+            ]
+          }
+
+let __test__step_id =
+        assert
+      :     step "vX.Y.Z" Input::{ images = "ghcr.io/foo/bar" }
+          ⫽ { id = Some "docker_meta" }
+        ≡ GithubActions.Step::{
+          , id = Some "docker_meta"
+          , uses = Some "crazy-max/[email protected]"
+          , `with` = Some (toMap { images = "ghcr.io/foo/bar" })
+          }
+
+let `v2.3.0` =
+    {-
+    This dhall is mapping a fixed version of the crazy-max/ghaction-docker-meta
+    https://github.com/crazy-max/ghaction-docker-meta/tree/v2.3.0
+    commit/2e1a5c7fa42123697f82d479b551a1bbdb1bef88
+    -}
+      "2e1a5c7fa42123697f82d479b551a1bbdb1bef88"
+
+in  { `v2.3.0` = step `v2.3.0`, step }

.github/dhall/steps/crazy-max/ghaction-docker-meta/package.dhall

@@ -0,0 +1,4 @@
+  ./action.dhall sha256:fc9c86ad5e974c57675938e91a566949c644aced362229a0bf16eaa3823b1b2f
+∧ { Input =
+      ./Input.dhall sha256:0f0b7f02193300dd1fb74da365542d2244ad42b5c5b5cbb22968552dfb62fae8
+  }