diff --git a/.github/actions/docker-login/action.yml b/.github/actions/docker-login/action.yml new file mode 100644 index 00000000..3eb6c14c --- /dev/null +++ b/.github/actions/docker-login/action.yml @@ -0,0 +1,11 @@ +name: 'Docker Hub Login' +description: 'Login to Docker Hub registry' +runs: + using: 'composite' + steps: + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + registry: docker.io + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PAT }} \ No newline at end of file diff --git a/.github/actions/github-token/action.yml b/.github/actions/github-token/action.yml new file mode 100644 index 00000000..4df916c0 --- /dev/null +++ b/.github/actions/github-token/action.yml @@ -0,0 +1,16 @@ +name: 'Generate GitHub App Token' +description: 'Generate GitHub App token for CI/CD operations' +outputs: + token: + description: 'Generated GitHub App token' + value: ${{ steps.generate_token.outputs.token }} +runs: + using: 'composite' + steps: + - name: Generate token + id: generate_token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ env.TEMPORAL_CICD_APP_ID }} + private-key: ${{ env.TEMPORAL_CICD_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} \ No newline at end of file diff --git a/.github/actions/setup-go/action.yml b/.github/actions/setup-go/action.yml new file mode 100644 index 00000000..9883bcf6 --- /dev/null +++ b/.github/actions/setup-go/action.yml @@ -0,0 +1,34 @@ +name: 'Setup Go Environment' +description: 'Sets up Go with optional caching, checkout, and dependency download' +inputs: + fetch-depth: + description: 'Depth of git fetch (0 for full history, default: 1)' + required: false + default: '1' + cache: + description: 'Enable Go module caching' + required: false + default: 'true' + download-deps: + description: 'Download Go module dependencies' + required: false + default: 'true' +runs: + using: 'composite' + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: ${{ inputs.fetch-depth }} + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + check-latest: true + cache: ${{ inputs.cache }} + + - name: Download dependencies + if: inputs.download-deps == 'true' + run: go mod download + shell: bash \ No newline at end of file diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index c0046060..9fa6a7f8 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -17,18 +17,17 @@ jobs: release: runs-on: ubuntu-latest steps: - - name: Generate token - id: generate_token - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} - private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} + - name: Generate GitHub App token + id: token + uses: ./.github/actions/github-token + env: + TEMPORAL_CICD_APP_ID: ${{ secrets.TEMPORAL_CICD_APP_ID }} + TEMPORAL_CICD_PRIVATE_KEY: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} - name: Checkout uses: actions/checkout@v4 with: - token: ${{ steps.generate_token.outputs.token }} + token: ${{ steps.token.outputs.token }} fetch-depth: 0 - name: Configure Git @@ -37,9 +36,9 @@ jobs: git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Install Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4 with: - version: v3.12.0 + version: v3.14.3 - name: Bump Chart Version id: bump_version @@ -81,11 +80,10 @@ jobs: git push - name: Login to Docker Hub - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 - with: - registry: docker.io - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PAT}} + uses: ./.github/actions/docker-login + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PAT: ${{ secrets.DOCKER_PAT }} - name: Package and Push Helm chart run: | diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index 03d9925c..4c091e73 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -1,83 +1,77 @@ -name: linters +name: Lint + on: pull_request: + permissions: contents: read + jobs: lint-actions: + name: Actions runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - uses: actions/setup-go@v5 - with: - go-version-file: 'go.mod' - check-latest: true + - name: Setup environment + uses: ./.github/actions/setup-go + with: + fetch-depth: '0' + download-deps: 'false' + + - name: Setup actionlint + run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) + shell: bash - - name: lint actions - run: | - bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) - make lint-actions - shell: bash + - name: Run Actions linter + run: make lint-actions fmt-imports: + name: Format Imports runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 + - name: Setup environment + uses: ./.github/actions/setup-go + with: + fetch-depth: '0' + download-deps: 'false' - - uses: actions/setup-go@v5 - with: - go-version-file: 'go.mod' - check-latest: true + - name: Run import formatter + run: make fmt-imports - - name: format golang import statements - run: | - make fmt-imports + - name: Check for uncommitted changes + run: | + if [[ -n $(git status --porcelain) ]]; then + echo "Detected uncommitted changes after Format Imports." + git status + git diff + exit 1 + fi - - name: check-is-dirty - run: | - if [[ -n $(git status --porcelain) ]]; then - echo "Detected uncommitted changes." - git status - git diff - exit 1 - fi - - golangci: + lint-code: + name: GolangCI runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 + - name: Setup environment + uses: ./.github/actions/setup-go + with: + fetch-depth: '0' + download-deps: 'false' - - uses: actions/setup-go@v5 - with: - go-version-file: 'go.mod' - check-latest: true - - - name: lint code - run: | - make GOLANGCI_LINT_FIX=false GOLANGCI_LINT_BASE_REV=HEAD~ lint-code + - name: Run code linter + run: make GOLANGCI_LINT_FIX=false GOLANGCI_LINT_BASE_REV=HEAD~ lint-code - - name: check-is-dirty - run: | - if [[ -n $(git status --porcelain) ]]; then - echo "Detected uncommitted changes." - git status - git diff - exit 1 - fi + - name: Check for uncommitted changes + run: | + if [[ -n $(git status --porcelain) ]]; then + echo "Detected uncommitted changes after GolangCI." + git status + git diff + exit 1 + fi + # Keep the final success check job as-is since it's needed for branch protection linters-succeed: name: All Linters Succeed - needs: - - lint-actions - - fmt-imports - - golangci + needs: [lint-actions, fmt-imports, lint-code] runs-on: ubuntu-latest if: always() env: diff --git a/.github/workflows/publish-main-image.yml b/.github/workflows/publish-main-image.yml index 4c2480c3..a66cd963 100644 --- a/.github/workflows/publish-main-image.yml +++ b/.github/workflows/publish-main-image.yml @@ -14,31 +14,24 @@ jobs: publish-main-image: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 + - name: Setup Go environment + uses: ./.github/actions/setup-go with: - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version-file: "go.mod" - check-latest: true + fetch-depth: '0' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 - with: - registry: docker.io - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PAT}} + uses: ./.github/actions/docker-login + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PAT: ${{ secrets.DOCKER_PAT }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 + uses: goreleaser/goreleaser-action@v6 with: - version: v2.11.2 + version: latest args: release --config .goreleaser.main.yml --snapshot --clean - name: Push snapshot images diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f3d67661..3e9b2994 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,41 +13,31 @@ jobs: release: runs-on: ubuntu-latest steps: + - name: Generate GitHub App token + id: token + uses: ./.github/actions/github-token + env: + TEMPORAL_CICD_APP_ID: ${{ secrets.TEMPORAL_CICD_APP_ID }} + TEMPORAL_CICD_PRIVATE_KEY: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} - - name: Generate token - id: generate_token - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} - private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} - - - name: Checkout - uses: actions/checkout@v4 - with: - token: ${{ steps.generate_token.outputs.token }} - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + - name: Setup Go environment + uses: ./.github/actions/setup-go with: - go-version-file: "go.mod" - check-latest: true + fetch-depth: '0' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 - with: - registry: docker.io - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PAT}} + uses: ./.github/actions/docker-login + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PAT: ${{ secrets.DOCKER_PAT }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 + uses: goreleaser/goreleaser-action@v6 with: - version: v2.11.2 + version: latest args: release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -56,40 +46,37 @@ jobs: needs: release runs-on: ubuntu-latest steps: - - - name: Generate token - id: generate_token - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }} - private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} - owner: ${{ github.repository_owner }} + - name: Generate GitHub App token + id: token + uses: ./.github/actions/github-token + env: + TEMPORAL_CICD_APP_ID: ${{ secrets.TEMPORAL_CICD_APP_ID }} + TEMPORAL_CICD_PRIVATE_KEY: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }} - name: Checkout uses: actions/checkout@v4 with: - token: ${{ steps.generate_token.outputs.token }} + token: ${{ steps.token.outputs.token }} ref: main fetch-depth: 0 - name: Configure Git run: | - echo ${{ steps.generate_token.outputs.token }} | gh auth login --with-token + echo ${{ steps.token.outputs.token }} | gh auth login --with-token gh auth status -a git config --global user.name "temporal-cicd[bot]" git config --global user.email "gh-action@users.noreply.github.com" - name: Install Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4 with: - version: v3.12.0 + version: v3.14.3 - name: Login to Docker Hub - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 - with: - registry: docker.io - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PAT}} + uses: ./.github/actions/docker-login + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PAT: ${{ secrets.DOCKER_PAT }} - name: Bump Helm Chart Version id: bump_version diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml deleted file mode 100644 index d4fe4055..00000000 --- a/.github/workflows/test-integration.yml +++ /dev/null @@ -1,113 +0,0 @@ -name: Integration Tests - -on: - push: - branches: [ main ] - pull_request: - -jobs: - test-integration: - name: Run Integration Tests - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: 'go.mod' - check-latest: true - cache: true - - - name: Install Temporal CLI - run: | - curl -sSf https://temporal.download/cli.sh | sh - echo "$HOME/.temporalio/bin" >> "$GITHUB_PATH" - - - name: Install kubectl - uses: azure/setup-kubectl@v3 - with: - version: 'latest' - - - name: Install Helm - uses: azure/setup-helm@v3 - with: - version: 'v3.14.3' - - - name: Install controller-gen - run: | - go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.2 - - - name: Install envtest - run: | - go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest - - - name: Download dependencies - run: go mod download - - - name: Run integration tests - run: make test-integration - - - name: Upload test results - if: always() - uses: actions/upload-artifact@v4 - with: - name: test-results - path: | - cover.out - bin/ - retention-days: 7 - - unit-test: - name: Run Unit Tests - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: 'go.mod' - check-latest: true - cache: true - - - name: Download dependencies - run: go mod download - - - name: Run unit tests - run: make test-unit - - - name: Upload test results - if: always() - uses: actions/upload-artifact@v4 - with: - name: unit-test-results - path: | - cover.out - bin/ - retention-days: 7 - - go-vet: - name: Run Go Vet - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: 'go.mod' - check-latest: true - cache: true - - - name: Download dependencies - run: go mod download - - - name: Run go vet - run: go vet ./... \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..d65a2ab6 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,83 @@ +name: Test + +on: + push: + branches: [ main ] + pull_request: + +jobs: + # Run unit tests and vet in parallel as separate jobs + test-unit: + name: Unit Tests + runs-on: ubuntu-latest + steps: + - name: Setup Go environment + uses: ./.github/actions/setup-go + + - name: Run unit tests + run: make test-unit + + - name: Upload test results + if: always() + uses: actions/upload-artifact@v4 + with: + name: unit-test-results + path: | + cover.out + bin/ + retention-days: 7 + + vet: + name: Go Vet + runs-on: ubuntu-latest + steps: + - name: Setup Go environment + uses: ./.github/actions/setup-go + with: + download-deps: 'false' + + - name: Run vet + run: make vet + + # Integration tests need special setup, keep separate + test-integration: + name: Integration + runs-on: ubuntu-latest + + steps: + - name: Setup Go environment + uses: ./.github/actions/setup-go + + - name: Install dependencies + run: | + + # Install Temporal CLI + curl -sSf https://temporal.download/cli.sh | sh + echo "$HOME/.temporalio/bin" >> "$GITHUB_PATH" + + # Install Go tools + go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.2 + go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest + + - name: Install kubectl + uses: azure/setup-kubectl@v3 + with: + version: 'latest' + + - name: Install Helm + uses: azure/setup-helm@v3 + with: + version: 'v3.14.3' + + - name: Integration tests + run: make test-integration + + - name: Upload test results + if: always() + uses: actions/upload-artifact@v4 + with: + name: integration-test-results + path: | + cover.out + bin/ + retention-days: 7