chore: move to kres

Use kres to manage GH actions. Signed-off-by: Noel Georgi <[email protected]>
siderolabs · May 20, 2024 · 35fa5ed · 35fa5ed
1 parent 4ca5b87
commit 35fa5ed
Show file tree

Hide file tree

Showing 4 changed files with 115 additions and 8 deletions.
diff --git a/.conform.yaml b/.conform.yaml
@@ -1,3 +1,7 @@
+# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
+#
+# Generated on 2024-05-20T10:56:28Z by kres dccd292-dirty.
+
 policies:
   - type: commit
     spec:
@@ -22,7 +26,23 @@ policies:
           - docs
           - perf
           - refactor
+          - style
           - test
           - release
         scopes:
           - .*
+  - type: license
+    spec:
+      root: .
+      skipPaths:
+        - .git/
+        - testdata/
+      includeSuffixes:
+        - .go
+      excludeSuffixes:
+        - .pb.go
+        - .pb.gw.go
+      header: |
+        // This Source Code Form is subject to the terms of the Mozilla Public
+        // License, v. 2.0. If a copy of the MPL was not distributed with this
+        // file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-05-09T12:19:43Z by kres 1e986af.
+# Generated on 2024-05-20T11:06:38Z by kres dccd292-dirty.
 
 name: default
 concurrency:
@@ -28,7 +28,7 @@ jobs:
     runs-on:
       - self-hosted
       - generic
-    if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
+    if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && github.event_name == 'pull_request'
     services:
       buildkitd:
         image: moby/buildkit:v0.13.2
@@ -53,17 +53,55 @@ jobs:
               platforms: linux/arm64
           driver: remote
           endpoint: tcp://127.0.0.1:1234
-      - name: Build
+      - name: build
         run: |
           make
-      - name: Login to registry
-        if: startsWith(github.ref, 'refs/tags/')
+  tag:
+    permissions:
+      actions: read
+      contents: write
+      issues: read
+      packages: write
+      pull-requests: read
+    runs-on:
+      - self-hosted
+      - generic
+    if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && startsWith(github.ref, 'refs/tags/')
+    services:
+      buildkitd:
+        image: moby/buildkit:v0.13.2
+        options: --privileged
+        ports:
+          - 1234:1234
+        volumes:
+          - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
+          - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: Unshallow
+        run: |
+          git fetch --prune --unshallow
+      - name: Set up Docker Buildx
+        id: setup-buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          append: |
+            - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234
+              platforms: linux/arm64
+          driver: remote
+          endpoint: tcp://127.0.0.1:1234
+      - name: build
+        run: |
+          make
+      - name: login-to-registry
         uses: docker/login-action@v3
         with:
           password: ${{ secrets.GITHUB_TOKEN }}
           registry: ghcr.io
           username: ${{ github.repository_owner }}
-      - name: Push to registry
-        if: startsWith(github.ref, 'refs/tags/')
+      - name: push
+        env:
+          PUSH: "true"
         run: |
-          make PUSH=true
+          make
diff --git a/.kres.yaml b/.kres.yaml
@@ -0,0 +1,42 @@
+---
+kind: auto.CI
+spec:
+  compileGHWorkflowsOnly: true
+---
+kind: common.GHWorkflow
+spec:
+  jobs:
+    - name: default
+      buildxOptions:
+        enabled: true
+        crossBuilder: true
+      runners:
+        - self-hosted
+        - generic
+      conditions:
+        - on-pull-request
+      steps:
+        - name: build
+          nonMakeStep: true
+          command: make
+    - name: tag
+      buildxOptions:
+        enabled: true
+        crossBuilder: true
+      runners:
+        - self-hosted
+        - generic
+      conditions:
+        - only-on-tag
+      steps:
+        - name: build
+          nonMakeStep: true
+          command: make
+        - name: login-to-registry
+          registryLoginStep:
+            registry: ghcr.io
+        - name: push
+          nonMakeStep: true
+          command: make
+          environment:
+            PUSH: true
diff --git a/Makefile b/Makefile
@@ -24,6 +24,8 @@ COMMON_ARGS += --build-arg=KUBELET_VER=$(KUBELET_VER)
 COMMON_ARGS += --build-arg=KUBELET_SHA512_AMD64=$(KUBELET_SHA512_AMD64)
 COMMON_ARGS += --build-arg=KUBELET_SHA512_ARM64=$(KUBELET_SHA512_ARM64)
 
+KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest
+
 all: container
 
 target-%: ## Builds the specified target defined in the Dockerfile. The build result will remain only in the build cache.
@@ -48,3 +50,8 @@ update-sha: update-sha-amd64 update-sha-arm64 ## Updates the kubelet sha512 chec
 update-sha-%:
 	sha512=`curl -sL https://dl.k8s.io/release/$(KUBELET_VER)/bin/linux/${*}/kubelet.sha512`; \
 		sed -i "s/KUBELET_SHA512_$(shell echo '$*' | tr '[:lower:]' '[:upper:]') := .*/KUBELET_SHA512_$(shell echo '$*' | tr '[:lower:]' '[:upper:]') := $${sha512}/" Makefile
+
+.PHONY: rekres
+rekres:
+	@docker pull $(KRES_IMAGE)
+	@docker run --rm --net=host --user $(shell id -u):$(shell id -g) -v $(PWD):/src -w /src -e GITHUB_TOKEN $(KRES_IMAGE)