From 0914e8d8f979aaf6e6f3b44d3317e6c76f180119 Mon Sep 17 00:00:00 2001 From: Thomas Burkhalter Date: Fri, 4 Oct 2024 09:24:05 +0200 Subject: [PATCH] Add github actions --- .github/actions/lint.yaml | 54 --------------- .github/actions/lint_test_build_update.yaml | 37 ----------- .github/actions/tests.yaml | 63 ------------------ .github/workflows/build-int-on-push.yaml | 13 ++-- .github/workflows/build-prod-on-release.yaml | 4 +- .github/workflows/manual-build.yaml | 2 +- .github/workflows/old/code-style-review.yaml | 59 ----------------- .github/workflows/old/rails-tests.yaml | 66 ------------------- .github/workflows/old/sbom.yml | 40 ----------- .../reusable_build.yaml} | 8 ++- .../reusable_copy-images.yaml} | 0 .github/workflows/reusable_lint.yaml | 42 ++++++++++++ .../reusable_lint_test_build_update.yaml | 50 ++++++++++++++ .../reusable_sbom.yaml} | 0 .github/workflows/reusable_tests.yaml | 45 +++++++++++++ .../reusable_update_image.yaml} | 15 ++++- .github/workflows/test-on-pr.yaml | 3 +- 17 files changed, 168 insertions(+), 333 deletions(-) delete mode 100644 .github/actions/lint.yaml delete mode 100644 .github/actions/lint_test_build_update.yaml delete mode 100644 .github/actions/tests.yaml delete mode 100644 .github/workflows/old/code-style-review.yaml delete mode 100644 .github/workflows/old/rails-tests.yaml delete mode 100644 .github/workflows/old/sbom.yml rename .github/{actions/build.yaml => workflows/reusable_build.yaml} (93%) rename .github/{actions/copy-images.yaml => workflows/reusable_copy-images.yaml} (100%) create mode 100644 .github/workflows/reusable_lint.yaml create mode 100644 .github/workflows/reusable_lint_test_build_update.yaml rename .github/{actions/sbom.yaml => workflows/reusable_sbom.yaml} (100%) create mode 100644 .github/workflows/reusable_tests.yaml rename .github/{actions/update_image.yaml => workflows/reusable_update_image.yaml} (83%) diff --git a/.github/actions/lint.yaml b/.github/actions/lint.yaml deleted file mode 100644 index 2e39053e..00000000 --- a/.github/actions/lint.yaml +++ /dev/null @@ -1,54 +0,0 @@ -name: 'Reusable: Code Style Review' - -on: - workflow_call: - -jobs: - lint: - runs-on: 'ubuntu-latest' - - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - - - name: 'Set up Ruby' - uses: actions/setup-ruby@v1 - with: - ruby-version: '2.7' - - - name: 'Set up Reviewdog' - env: - REVIEWDOG_INSTALLER: 'https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh' - run: | - mkdir -p $HOME/bin - curl -sfL ${REVIEWDOG_INSTALLER} | sh -s -- -b $HOME/bin - - - name: 'Set up Rubocop' - run: 'gem install rubocop rubocop-minitest rubocop-performance rubocop-rails' - - - name: 'Run Rubocop' - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - rubocop | - $HOME/bin/reviewdog \ - -f=rubocop \ - -name="Rubocop" \ - -reporter=github-pr-review \ - -level=error \ - -diff="git diff $DIFF_BRANCH" - - - name: 'Set up Haml-lint' - run: 'gem install haml-lint' - - - name: 'Run Haml-lint' - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - haml-lint | - $HOME/bin/reviewdog \ - -efm="%f:%l %m" \ - -name="Haml-lint" \ - -reporter=github-pr-review \ - -level=error \ - -diff="git diff $DIFF_BRANCH" diff --git a/.github/actions/lint_test_build_update.yaml b/.github/actions/lint_test_build_update.yaml deleted file mode 100644 index 8b92e5af..00000000 --- a/.github/actions/lint_test_build_update.yaml +++ /dev/null @@ -1,37 +0,0 @@ -name: 'Lint, test and build image. Push image tag to configmanagement' - -on: - workflow_call: - inputs: - image_repo: - description: "Image repo to push image to" - type: string - required: true - configmanagement: - description: "Configmanagement to write image tag to" - type: string - required: true - kustomization_path: - description: "Path to kustomization file" - type: string - required: true - -jobs: - lint: - uses: ./.github/actions/lint.yaml - test: - uses: ./.github/actions/tests.yaml - build: - needs: [lint, test] - uses: ./.github/actions/build.yaml - secrets: inherit - with: - repository_url: ${{ inputs.image_repo }} - update_tag: - needs: [build] - uses: ./.github/actions/update_image.yaml - secrets: inherit - with: - repository: ${{ inputs.configmanagement }} - file: ${{ inputs.kustomization_path }} - json: ${{ jobs.build.outputs.json }} diff --git a/.github/actions/tests.yaml b/.github/actions/tests.yaml deleted file mode 100644 index 6e3c2a3f..00000000 --- a/.github/actions/tests.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -name: 'Reusable: Rails Unit Tests' - -on: - workflow_call: - -jobs: - test: - runs-on: 'ubuntu-latest' - - strategy: - matrix: - ruby: ['2.7'] # TODO: Reenable 3.0 when it's compatible - - services: - postgres: - image: 'postgres:11' - env: - POSTGRES_PASSWORD: 'postgres' - ports: ['5432:5432'] - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 10s - --health-retries 10 - memcached: - image: 'memcached' - ports: ['11211:11211'] - - steps: - - name: 'Checkout' - uses: actions/checkout@v2 - - - name: 'Set up Ruby ${{ matrix.ruby }}' - uses: actions/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby }} - - - name: Install required package - run: | - sudo apt-get install libpq-dev - - name: Cache gems - id: cache - uses: actions/cache@v2 - with: - path: vendor/bundle - key: ruby-${{ matrix.ruby }}-gem-${{ hashFiles('**/Gemfile.lock') }} - restore-keys: | - ruby-${{ matrix.ruby }}-gem- - - - name: 'Build and run tests' - env: - RAILS_TEST_DB_NAME: 'postgres' - RAILS_TEST_DB_USERNAME: 'postgres' - RAILS_TEST_DB_PASSWORD: 'postgres' - RAILS_ENV: 'test' - run: | - gem install bundler --version '~> 2' - bundle config path vendor/bundle - bundle install --jobs 4 --retry 3 - bundle exec rails db:create - bundle exec rails db:migrate - bundle exec rails test diff --git a/.github/workflows/build-int-on-push.yaml b/.github/workflows/build-int-on-push.yaml index f40c1636..63eb8e62 100644 --- a/.github/workflows/build-int-on-push.yaml +++ b/.github/workflows/build-int-on-push.yaml @@ -4,13 +4,18 @@ on: push: branches: - 'master' + - 'feature/cloudscale' paths-ignore: - 'doc/**' - '**.md' + jobs: - build_image: - uses: ./.github/actions/lint_test_build_update.yaml + build-image: + uses: ./.github/workflows/reusable_lint_test_build_update.yaml with: - image_repo: "harbor.puzzle.ch/decidim/stzh/int/rails" - configmanagement: "gitlab.puzzle.ch/pitc_ruby/decidim-configmanagement" + image_repo: "https://harbor.puzzle.ch" + image_url: "harbor.puzzle.ch/decidim/stzh-int-rails" + configmanagement: "gitlab.puzzle.ch/pitc_ruby/decidim-configmanagement/" + configmanagement_branch: "feature/cloudscale" kustomization_path: "./deployments/pitc-stzh-decidim-int/kustomization.yaml" + secrets: inherit diff --git a/.github/workflows/build-prod-on-release.yaml b/.github/workflows/build-prod-on-release.yaml index e4fbb110..67bc2d2d 100644 --- a/.github/workflows/build-prod-on-release.yaml +++ b/.github/workflows/build-prod-on-release.yaml @@ -6,11 +6,11 @@ on: release: types: - released - branches: + branches: - master jobs: build_image: - uses: ./.github/actions/lint_test_build_update.yaml + uses: ./.github/workflows/lint_test_build_update.yaml secrets: inherit with: image_repo: "harbor.puzzle.ch/decidim/stzh/prod/rails" diff --git a/.github/workflows/manual-build.yaml b/.github/workflows/manual-build.yaml index dd60146d..172ae4a6 100644 --- a/.github/workflows/manual-build.yaml +++ b/.github/workflows/manual-build.yaml @@ -10,7 +10,7 @@ on: jobs: build: - uses: ./.github/actions/build.yaml + uses: ./.github/workflows/reusable_build.yaml secrets: inherit with: repository_url: ${{ inputs.image_repo }} diff --git a/.github/workflows/old/code-style-review.yaml b/.github/workflows/old/code-style-review.yaml deleted file mode 100644 index f3e25ac0..00000000 --- a/.github/workflows/old/code-style-review.yaml +++ /dev/null @@ -1,59 +0,0 @@ ---- -name: 'Code Style Review' - -on: - pull_request: - branches: - - 'master' - paths-ignore: - - 'doc/**' - - '**.md' - -jobs: - lint: - runs-on: 'ubuntu-latest' - - steps: - - name: 'Checkout' - uses: actions/checkout@v4 - - - name: 'Set up Ruby' - uses: ruby/setup-ruby@v1 # Uses .ruby-version || .tool-versions by default - - - name: 'Set up Reviewdog' - env: - REVIEWDOG_INSTALLER: 'https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh' - run: | - mkdir -p $HOME/bin - curl -sfL ${REVIEWDOG_INSTALLER} | sh -s -- -b $HOME/bin - - - name: 'Set up Rubocop' - run: 'gem install rubocop rubocop-minitest rubocop-performance rubocop-rails' - - - name: 'Run Rubocop' - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - rubocop | - $HOME/bin/reviewdog \ - -f=rubocop \ - -name="Rubocop" \ - -reporter=github-pr-review \ - -level=error \ - -diff="git diff $DIFF_BRANCH" - - - name: 'Set up Haml-lint' - run: 'gem install haml-lint' - - - name: 'Run Haml-lint' - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - haml-lint | - $HOME/bin/reviewdog \ - -efm="%f:%l %m" \ - -name="Haml-lint" \ - -reporter=github-pr-review \ - -level=error \ - -diff="git diff $DIFF_BRANCH" - ... diff --git a/.github/workflows/old/rails-tests.yaml b/.github/workflows/old/rails-tests.yaml deleted file mode 100644 index de25fccc..00000000 --- a/.github/workflows/old/rails-tests.yaml +++ /dev/null @@ -1,66 +0,0 @@ -name: 'Rails Unit Tests' - -on: - push: - branches: - - 'master' - paths-ignore: - - 'doc/**' - - '**.md' - pull_request: - branches: - - 'master' - paths-ignore: - - 'doc/**' - - '**.md' - -jobs: - build: - runs-on: 'ubuntu-latest' - - services: - postgres: - image: 'postgis/postgis:14-3.3-alpine' - env: - POSTGRES_PASSWORD: 'postgres' - ports: ['5432:5432'] - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 10s - --health-retries 10 - memcached: - image: 'memcached' - ports: ['11211:11211'] - - steps: - - name: 'Checkout' - uses: actions/checkout@v4 - - - name: 'Set up Ruby' - uses: ruby/setup-ruby@v1 - - - name: Install required package - run: | - sudo apt-get install libpq-dev - - - name: Cache gems - uses: actions/cache@v3 - with: - path: vendor/bundle - key: ruby-${{ matrix.ruby }}-gem-${{ hashFiles('**/Gemfile.lock') }} - restore-keys: | - ruby-${{ matrix.ruby }}-gem- - - - name: 'Build and test with Rake' - env: - RAILS_TEST_DB_USERNAME: 'postgres' - RAILS_TEST_DB_PASSWORD: 'postgres' - RAILS_ENV: 'test' - run: | - gem install bundler --version '~> 2' - bundle config path vendor/bundle - bundle install --jobs 4 --retry 3 - bundle exec rails db:create - bundle exec rails db:migrate - bundle exec rails test diff --git a/.github/workflows/old/sbom.yml b/.github/workflows/old/sbom.yml deleted file mode 100644 index 57e66f00..00000000 --- a/.github/workflows/old/sbom.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -name: SBOM Generator - -on: - push: - branches: - - 'master' - - workflow_dispatch: - -permissions: read-all - -jobs: - generate-and-push-sbom: - runs-on: ubuntu-latest - - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - - - name: Install cdxgen - run: | - npm install -g @cyclonedx/cdxgen - - - name: 'Generate SBOM for ruby dependencies' - run: | - cdxgen -o ./sbom-ruby.xml -t ruby . - - - name: 'Push SBOM to dependency track' - env: - PROJECT_NAME: decidim-zuerich - run: | - curl --verbose -s --location --request POST ${{ secrets.DEPENDENCY_TRACK_URL }} \ - --header "X-Api-Key: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}" \ - --header "Content-Type: multipart/form-data" \ - --form "autoCreate=true" \ - --form "projectName=${PROJECT_NAME:-$GITHUB_REPOSITORY}" \ - --form "projectVersion=latest" \ - --form "bom=@sbom-ruby.xml" - ... diff --git a/.github/actions/build.yaml b/.github/workflows/reusable_build.yaml similarity index 93% rename from .github/actions/build.yaml rename to .github/workflows/reusable_build.yaml index 754e027a..d140da9b 100644 --- a/.github/actions/build.yaml +++ b/.github/workflows/reusable_build.yaml @@ -16,7 +16,7 @@ on: images: description: 'Images arguments for docker/metadata-action' type: string - required: false + required: true flavor: description: 'Flavor argument for docker/metadata-action' type: string @@ -41,9 +41,11 @@ on: description: List of set tags value: ${{ jobs.build.outputs.tags }} labels: - description: + description: Label output value: ${{ jobs.build.outputs.labels }} - json: ${{ jobs.build.outputs.json }} + json: + description: JSON output + value: ${{ jobs.build.outputs.json }} jobs: build: diff --git a/.github/actions/copy-images.yaml b/.github/workflows/reusable_copy-images.yaml similarity index 100% rename from .github/actions/copy-images.yaml rename to .github/workflows/reusable_copy-images.yaml diff --git a/.github/workflows/reusable_lint.yaml b/.github/workflows/reusable_lint.yaml new file mode 100644 index 00000000..a29b4af2 --- /dev/null +++ b/.github/workflows/reusable_lint.yaml @@ -0,0 +1,42 @@ +name: 'Reusable: Code Style Review' + +on: + workflow_call: + +permissions: + contents: read + pull-requests: write + +jobs: + lint: + runs-on: 'ubuntu-latest' + + # services: + # postgres: + # image: 'postgis/postgis:14-3.3-alpine' + # env: + # POSTGRESQL_PASSWORD: 'postgres' + # ports: ['5432:5432'] + # options: >- + # --health-cmd pg_isready + # --health-interval 10s + # --health-timeout 10s + # --health-retries 10 + # memcached: + # image: 'memcached:alpine' + # ports: ['11211:11211'] + + env: + BUNDLE_PATH: 'vendor/bundle' + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + + steps: + - uses: actions/checkout@v4 + - uses: ruby/setup-ruby@v1 + - run: bundle install --jobs 4 --retry 3 + - uses: reviewdog/action-rubocop@v2.12.0 + with: + reporter: github-pr-review + level: error + reviewdog_flags: '-diff="git diff $DIFF_BRANCH"' + rubocop_extensions: rubocop-rails rubocop-performance rubocop-rspec rubocop-i18n rubocop-rake rubocop-faker \ No newline at end of file diff --git a/.github/workflows/reusable_lint_test_build_update.yaml b/.github/workflows/reusable_lint_test_build_update.yaml new file mode 100644 index 00000000..6af20307 --- /dev/null +++ b/.github/workflows/reusable_lint_test_build_update.yaml @@ -0,0 +1,50 @@ +name: 'Lint, test and build image. Push image tag to configmanagement' + +on: + workflow_call: + inputs: + image_repo: + description: "Image repo" + type: string + required: true + image_url: + description: "URL to push image to" + type: string + required: true + configmanagement: + description: "Configmanagement to write image tag to" + type: string + required: true + configmanagement_branch: + description: "Configmanagement branch to put the image tag into" + type: string + required: false + kustomization_path: + description: "Path to kustomization file" + type: string + required: true + +jobs: + lint: + uses: ./.github/workflows/reusable_lint.yaml + test: + uses: ./.github/workflows/reusable_tests.yaml + build: + needs: [lint, test] + uses: ./.github/workflows/reusable_build.yaml + secrets: + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} + REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} + with: + repository_url: ${{ inputs.image_repo }} + images: ${{ inputs.image_url }} + flavor: latest=true + update_tag: + needs: [build] + uses: ./.github/workflows/reusable_update_image.yaml + secrets: inherit + with: + repository: ${{ inputs.configmanagement }} + repository_branch: ${{ inputs.configmanagement_branch }} + file: ${{ inputs.kustomization_path }} + json: ${{ needs.build.outputs.json }} diff --git a/.github/actions/sbom.yaml b/.github/workflows/reusable_sbom.yaml similarity index 100% rename from .github/actions/sbom.yaml rename to .github/workflows/reusable_sbom.yaml diff --git a/.github/workflows/reusable_tests.yaml b/.github/workflows/reusable_tests.yaml new file mode 100644 index 00000000..279d72c3 --- /dev/null +++ b/.github/workflows/reusable_tests.yaml @@ -0,0 +1,45 @@ +--- +name: 'Reusable: Rails Unit Tests' + +on: + workflow_call: + +jobs: + test: + runs-on: 'ubuntu-latest' + + services: + postgres: + image: 'postgis/postgis:14-3.3-alpine' + env: + POSTGRES_PASSWORD: 'postgres' + ports: ['5432:5432'] + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 10s + --health-retries 10 + memcached: + image: 'memcached:alpine' + ports: ['11211:11211'] + + env: + BUNDLE_PATH: 'vendor/bundle' + RAILS_TEST_DB_NAME: 'postgres' + RAILS_TEST_DB_USERNAME: 'postgres' + RAILS_TEST_DB_PASSWORD: 'postgres' + RAILS_ENV: 'test' + + + steps: + - uses: actions/checkout@v4 + - uses: ruby/setup-ruby@v1 + with: + bundler-cache: true + - name: 'Install required libraries' + run: sudo apt-get install libpq-dev + - name: 'Run tests' + run: | + bundle exec rails db:create + bundle exec rails db:migrate + bundle exec rails test diff --git a/.github/actions/update_image.yaml b/.github/workflows/reusable_update_image.yaml similarity index 83% rename from .github/actions/update_image.yaml rename to .github/workflows/reusable_update_image.yaml index a9684b20..d91bb6b5 100644 --- a/.github/actions/update_image.yaml +++ b/.github/workflows/reusable_update_image.yaml @@ -15,8 +15,14 @@ on: required: true repository_username: description: 'Username for repository login' + type: string required: false default: 'git' + repository_branch: + description: "The branch that should be edited" + type: string + required: false + default: main file: description: 'File in the repo to update' type: string @@ -46,9 +52,11 @@ jobs: REPO_URL: ${{ inputs.repository }} REPO_USER: ${{ inputs.repository_username }} REPO_TOKEN: ${{ secrets.REPOSITORY_TOKEN }} + REPO_BRANCH: ${{ inputs.repository_branch }} run: | git clone https://${REPO_USER}:${REPO_TOKEN}@${REPO_URL} ./management_repo cd ./management_repo + git switch ${REPO_BRANCH} git config user.name "Decidim Github Action Image updater" git config user.email "robot@puzzle.ch" git remote set-url origin "https://${REPO_USER}:${REPO_TOKEN}@${REPO_URL}" @@ -60,9 +68,10 @@ jobs: JSON: ${{ inputs.json }} with: cmd: | - TAG=$(echo "${JSON}" | yq -r '.tags[] | select(. | test("sha-"))') - echo $TAG - yq -i '.images.[] | select(.name == env(IMAGE_REF)) += {"newTag": env(TAG)}' "${FILE}" + ls -lha + # TAG=$(echo "${JSON}" | yq -r '.tags[] | select(. | test("sha-"))') + # echo $TAG + # yq -i '.images.[] | select(.name == env(IMAGE_REF)) += {"newTag": env(TAG)}' "${FILE}" - name: Commit & push back to repository env: IMAGE_REF: ${{ inputs.image_ref }} diff --git a/.github/workflows/test-on-pr.yaml b/.github/workflows/test-on-pr.yaml index 5b47507a..c46dd95d 100644 --- a/.github/workflows/test-on-pr.yaml +++ b/.github/workflows/test-on-pr.yaml @@ -2,6 +2,7 @@ name: 'Lint and test on pull request' on: pull_request: + types: [opened, edited, reopened, synchronize] branches: - 'master' paths-ignore: @@ -12,4 +13,4 @@ jobs: lint: uses: ./.github/workflows/reusable-lint.yaml test: - uses: ./.github/workflows/reusable-tests.yaml + uses: ./.github/workflows/reusable-test.yaml