From 8a1a66d652826efc0f5972ab88dc504fd024317a Mon Sep 17 00:00:00 2001 From: Aliaksandr Stsiapanay Date: Mon, 9 Oct 2023 15:06:51 +0300 Subject: [PATCH] Add github actions --- .github/pr-title-checker-config.json | 14 ++ .github/workflows/integration_tests.yml | 12 ++ .github/workflows/pr_check_tests.yml | 16 ++ .github/workflows/release.yml | 13 ++ .gitlab-ci.yml | 257 ------------------------ helm/development.yaml | 47 ----- helm/review.yaml | 45 ----- 7 files changed, 55 insertions(+), 349 deletions(-) create mode 100644 .github/pr-title-checker-config.json create mode 100644 .github/workflows/integration_tests.yml create mode 100644 .github/workflows/pr_check_tests.yml create mode 100644 .github/workflows/release.yml delete mode 100644 .gitlab-ci.yml delete mode 100644 helm/development.yaml delete mode 100644 helm/review.yaml diff --git a/.github/pr-title-checker-config.json b/.github/pr-title-checker-config.json new file mode 100644 index 0000000..bd52ea3 --- /dev/null +++ b/.github/pr-title-checker-config.json @@ -0,0 +1,14 @@ +{ + "LABEL": { + "name": "", + "color": "EEEEEE" + }, + "CHECKS": { + "prefixes": ["fix: ", "feat: ", "feature: ", "chore: ", "hotfix: "] + }, + "MESSAGES": { + "success": "All OK", + "failure": "Missing prefix", + "notice": "" + } +} diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml new file mode 100644 index 0000000..44ae689 --- /dev/null +++ b/.github/workflows/integration_tests.yml @@ -0,0 +1,12 @@ +name: Integration tests + +on: + pull_request: + branches: [ development, release-* ] + issue_comment: + types: [created] + +jobs: + integration_tests: + uses: epam/ai-dial-ci/.github/workflows/trigger_integration_tests.yml@0.1.0 + secrets: inherit diff --git a/.github/workflows/pr_check_tests.yml b/.github/workflows/pr_check_tests.yml new file mode 100644 index 0000000..0861737 --- /dev/null +++ b/.github/workflows/pr_check_tests.yml @@ -0,0 +1,16 @@ +name: Code checks - tests + +on: + pull_request: + branches: + - development + - release-* + +jobs: + run_tests: + uses: epam/ai-dial-ci/.github/workflows/test_gradle_docker.yml@0.1.0 + secrets: inherit + with: + bypass_checks: false + java_version: 17 + java_distribution: temurin diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..0797a4c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,13 @@ +name: Release version + +on: + push: + branches: [ development, release-* ] + +env: + IMAGE_NAME: ${{ github.repository }} + +jobs: + release: + uses: epam/ai-dial-ci/.github/workflows/publish_gradle_docker.yml@0.1.0 + secrets: inherit diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 66f7f60..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,257 +0,0 @@ -include: - - template: Jobs/Container-Scanning.gitlab-ci.yml - - project: Gitlab/ci - ref: 0.2.22 - file: helm/helm-environment.gitlab-ci.yml - -variables: - DOCKER_PATH: "ai/dial/dial-authproxy" - DOCKER_REGISTRY_SERVER: "registry-dev.deltixhub.com" - HELM_REPO: https://nexus.deltixhub.com/repository/epm-rtc-helm - SECRET_NAME: "epm-rtc-registry-dev" - CHART: "dial-application" # Helm chart name, e.g. "gitlab-runner" - VERSION: "0.1.2" # Helm chart version - NAMESPACE: ${CI_PROJECT_NAME} - HELM_EXTRA_ARGS: "-f ${HELM_SECRET_FILE}" - RELEASE: ${CI_PROJECT_NAME} - DOCKERFILE_PATH: "./src/main/docker" - - development_ENV_ID: "staging" - development_HELM_VALUES_FILE: "helm/development.yaml" - development_ENV_URL: "https://dial-authproxy.staging.deltixhub.io" - development_AWS_ACCESS_KEY_ID: ${staging_AWS_ACCESS_KEY_ID} - development_AWS_SECRET_ACCESS_KEY: ${staging_AWS_SECRET_ACCESS_KEY} - - staging_DEPLOY_ENV: "false" - - review_DEPLOY_ENV: "true" - review_ENV_ID: "staging" - review_HELM_VALUES_FILE: "helm/review.yaml" - review_ENV_URL: "https://${CI_PROJECT_NAME}-mr-${CI_MERGE_REQUEST_IID}.staging.deltixhub.io" - review_HELM_CUSTOM_VALUES: "ingress.hosts[0]=${CI_PROJECT_NAME}-mr-${CI_MERGE_REQUEST_IID}.staging.deltixhub.io,fullnameOverride=mr-${CI_MERGE_REQUEST_IID},image.tag=mr-${CI_MERGE_REQUEST_IID},env.SERVER_HOSTURL=mr-${CI_MERGE_REQUEST_IID}.${NAMESPACE}" - review_RELEASE: ${CI_PROJECT_NAME}-mr-${CI_MERGE_REQUEST_IID} - review_SECRET_NAME: "epm-rtc-registry-test" - review_DOCKER_REGISTRY_SERVER: "registry-test.deltixhub.com" - - JAVA_IMAGE: registry-dev.deltixhub.com/gitlabci.docker/openjdk11-gradle:7.4.2 - PROJECT_NAME: "dial-auth-proxy" - -stages: - - tag - - build - - publish # publush docker images - - deploy - - promote # copy docker image to public repo - - production # Stage name used in include. Not used. ToDo - delete this - -deploy_development: - image: "registry.deltixhub.com/deltix.docker/devops/kubernetes-tools:0.17.1" - stage: deploy - rules: - - if: $CI_COMMIT_BRANCH == "development" - -destroy_development: - image: "registry.deltixhub.com/deltix.docker/devops/kubernetes-tools:0.17.1" - stage: deploy - rules: - - if: $CI_COMMIT_BRANCH == "development" - when: manual - allow_failure: true - -deploy_staging: - stage: deploy - -destroy_staging: - stage: deploy - -deploy_review: - image: "registry.deltixhub.com/deltix.docker/devops/kubernetes-tools:0.17.1" - stage: deploy - rules: - - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "development" && $review_DEPLOY_ENV == "true"' - -destroy_review: - image: "registry.deltixhub.com/deltix.docker/devops/kubernetes-tools:0.17.1" - stage: deploy - rules: - - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "development" && $review_DEPLOY_ENV == "true"' - when: manual - allow_failure: true - -"Build Java": - stage: build - image: ${JAVA_IMAGE} - script: - - ./gradlew build --parallel - artifacts: - expire_in: 1 day - paths: - - build/distributions/aidial-auth-helper-*.tar - cache: - key: ${PROJECT_NAME}"-gradle-java" - paths: - - /root/.gradle/caches - policy: pull-push - rules: - - if: $CI_COMMIT_TAG - - if: $CI_COMMIT_BRANCH == "development" - - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "development"' - tags: - - AWS - - DockerExecutor - -publish: - image: dockerhub.deltixhub.com/docker:23.0.6 - stage: publish - variables: - DOCKER_HOST: tcp://docker:2375 - DOCKER_TLS_CERTDIR: "" - cache: {} - services: - - docker:23.0.6-dind - before_script: - - mkdir -p $HOME/.docker - # Use DOCKER_AUTH_CONFIG for login to deltix repo - - echo $DOCKER_AUTH_CONFIG > $HOME/.docker/config.json - script: - - imageUrl=$REPOSITORY/${DOCKER_PATH} - - docker build -t $imageUrl:${DOCKER_TAG} -t $imageUrl:${DOCKER_ADDITIONAL_TAG} . - - docker push $imageUrl:${DOCKER_TAG} - - docker push $imageUrl:${DOCKER_ADDITIONAL_TAG} - rules: - - if: $CI_COMMIT_TAG - variables: - DOCKER_TAG: ${CI_COMMIT_TAG} - DOCKER_ADDITIONAL_TAG: latest - REPOSITORY: ${ARTIFACTORY_DOCKER_DEV_REPOSITORY} - - if: $CI_COMMIT_BRANCH == "development" - variables: - DOCKER_TAG: ${CI_COMMIT_REF_SLUG} - DOCKER_ADDITIONAL_TAG: alpha - REPOSITORY: ${ARTIFACTORY_DOCKER_DEV_REPOSITORY} - - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "development"' - variables: - DOCKER_TAG: gitlab-mr${CI_MERGE_REQUEST_ID} - DOCKER_ADDITIONAL_TAG: mr-${CI_MERGE_REQUEST_IID} - REPOSITORY: ${ARTIFACTORY_DOCKER_TEST_REPOSITORY} - tags: - - AWS - - DockerExecutor - -"Tag branch": - image: alpine/git:v2.32.0 - stage: tag - script: - - ver=$(echo -n $CI_COMMIT_REF_NAME | cut -f 2 -d '-') || ver=0.0 - - minor_tag=$(git describe --abbrev=0 --tags | cut -f 3 -d '.') || minor_tag=0 - - release_tag=${ver}.$(( minor_tag+1 )) - - git remote set-url origin https://$GITLAB_ROBOT_NAME:$GITLAB_ROBOT_PUSH_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git - - git config user.name $GITLAB_ROBOT_NAME - - git config user.email ${GITLAB_ROBOT_EMAIL} - - git diff --quiet && git diff --staged --quiet || git commit -am "RobotBuild ${release_tag}" - - git tag ${release_tag} - - git push origin HEAD:${CI_COMMIT_REF_NAME} --tags - dependencies: [] - rules: - - if: "$CI_COMMIT_REF_SLUG =~ /^release-/ && $CI_COMMIT_MESSAGE !~ /^RobotBuild/" - tags: - - kubernetes - -container_scanning: - stage: promote - variables: - GIT_STRATEGY: none - CS_IMAGE: ${ARTIFACTORY_DOCKER_DEV_REPOSITORY}/${DOCKER_PATH}:$CI_COMMIT_TAG - CS_REGISTRY_USER: ${ARTIFACTORY_USER} - CS_REGISTRY_PASSWORD: ${ARTIFACTORY_PASS} - dependencies: [] - rules: - - if: $CI_COMMIT_TAG - tags: - - AWS - - DockerExecutor - -### Copy frontend and backend docker images to public repository. Run on git tag manually -promote: - image: dockerhub.deltixhub.com/curlimages/curl:7.88.1 - stage: promote - variables: - GIT_STRATEGY: none - script: - - 'curl --retry 6 --retry-all-errors --no-progress-meter --fail -X POST "${ARTIFACTORY_URL}/api/docker/epm-rtc-docker/v2/promote" -H "Content-Type: application/json" -u${ARTIFACTORY_USER}:${ARTIFACTORY_PASS} -d ''{ "targetRepo": "epm-rtc-public-docker", "dockerRepository": "''"${DOCKER_PATH}"''", "tag" : "''"$CI_COMMIT_TAG"''", "copy": true }''' - - > - if [ ! -z "$DOCKER_ADDITIONAL_TAG" ]; then - curl --retry 6 --retry-all-errors --no-progress-meter --fail -X POST "${ARTIFACTORY_URL}/api/docker/epm-rtc-docker/v2/promote" -H "Content-Type: application/json" -u${ARTIFACTORY_USER}:${ARTIFACTORY_PASS} -d '{ "targetRepo": "epm-rtc-public-docker", "dockerRepository": '\"${DOCKER_PATH}\"', "tag" : '\"$DOCKER_ADDITIONAL_TAG\"', "copy": true }'; - fi - dependencies: [] - rules: - - if: $CI_COMMIT_TAG - when: manual - variables: - DOCKER_ADDITIONAL_TAG: latest - tags: - - AWS - - DockerExecutor - -"Dependency Check: Java": - stage: promote - image: ${JAVA_IMAGE} - script: -# - ./gradlew -PfailOnHighCVSS=true dependencyCheckAggregate - - ./gradlew dependencyCheckAggregate - artifacts: - paths: - - build/reports/dependency-check-report.html - cache: - key: ${PROJECT_NAME}"-gradle-java" - paths: - - /root/.gradle/caches - policy: pull-push - dependencies: [] - rules: - - if: $CI_COMMIT_TAG - tags: - - AWS - - DockerExecutor - -"Static Check: Java": - stage: promote - image: ${JAVA_IMAGE} - script: -# - ./gradlew -PfailOnSpotBugs check -x test - - ./gradlew check -x test --parallel - - ./gradlew collectSpotbugs - artifacts: - paths: - - build/reports/spotbugs - cache: - key: ${PROJECT_NAME}"-gradle-java" - paths: - - /root/.gradle/caches - policy: pull-push - dependencies: [] - rules: - - if: $CI_COMMIT_TAG - tags: - - AWS - - DockerExecutor - -"License Check: Java": - stage: promote - image: ${JAVA_IMAGE} - script: - - ./gradlew downloadLicenses - artifacts: - paths: - - build/reports/license/license-dependency.html - cache: - key: ${PROJECT_NAME}"-gradle-java" - paths: - - /root/.gradle/caches - policy: pull-push - dependencies: [] - rules: - - if: $CI_COMMIT_TAG - tags: - - AWS - - DockerExecutor \ No newline at end of file diff --git a/helm/development.yaml b/helm/development.yaml deleted file mode 100644 index 9973aa8..0000000 --- a/helm/development.yaml +++ /dev/null @@ -1,47 +0,0 @@ -image: - pullPolicy: Always - registry: registry-dev.deltixhub.com - repository: ai/dial/dial-authproxy - tag: development - pullSecrets: - - epm-rtc-registry-dev - - -fullnameOverride: "dial-authproxy" - -containerPorts: - http: 4088 - -containerSecurityContext: - runAsUser: 1801 - -podSecurityContext: - fsGroup: 1801 - -podAnnotations: - autorestart: '{{ dateInZone "2006-01-02 15:04:05Z" (now) "UTC" }}' - -ingress: - enabled: true - ingressClassName: alb - annotations: - alb.ingress.kubernetes.io/scheme: "internet-facing" - alb.ingress.kubernetes.io/target-type: "ip" - alb.ingress.kubernetes.io/backend-protocol: "HTTP" - alb.ingress.kubernetes.io/healthcheck-path: "/aiproxy/status200" - alb.ingress.kubernetes.io/healthcheck-protocol: "HTTP" - alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "5" - alb.ingress.kubernetes.io/healthy-threshold-count: "2" - alb.ingress.kubernetes.io/target-group-attributes: "stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=86400" - alb.ingress.kubernetes.io/load-balancer-attributes: "routing.http2.enabled=true" - alb.ingress.kubernetes.io/listen-ports: '[{ "HTTP" : 80, "HTTPS" : 443 }]' - alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS-1-2-Ext-2018-06" - alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-north-1:725751206603:certificate/373e8fd1-088e-4022-adf1-5f3e7820fb4a" - alb.ingress.kubernetes.io/ssl-redirect: "443" - alb.ingress.kubernetes.io/group.name: "allow-all" - hosts: - - dial-authproxy.staging.deltixhub.io - -env: - SERVER_HOSTURL: "https://dial-authproxy.staging.deltixhub.io" - OAUTH2_PROVIDERURI: "https://kc.staging.deltixhub.io/realms/DIAL" diff --git a/helm/review.yaml b/helm/review.yaml deleted file mode 100644 index 44472e5..0000000 --- a/helm/review.yaml +++ /dev/null @@ -1,45 +0,0 @@ -image: - pullPolicy: Always - registry: registry-test.deltixhub.com - repository: ai/dial/dial-authproxy -# tag: development - pullSecrets: - - epm-rtc-registry-test - - -containerPorts: - http: 4088 - -containerSecurityContext: - runAsUser: 1801 - -podSecurityContext: - fsGroup: 1801 - -podAnnotations: - autorestart: '{{ dateInZone "2006-01-02 15:04:05Z" (now) "UTC" }}' - -ingress: - enabled: true - ingressClassName: alb - annotations: - alb.ingress.kubernetes.io/scheme: "internet-facing" - alb.ingress.kubernetes.io/target-type: "ip" - alb.ingress.kubernetes.io/backend-protocol: "HTTP" - alb.ingress.kubernetes.io/healthcheck-path: "/aiproxy/status200" - alb.ingress.kubernetes.io/healthcheck-protocol: "HTTP" - alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "5" - alb.ingress.kubernetes.io/healthy-threshold-count: "2" - alb.ingress.kubernetes.io/target-group-attributes: "stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=86400" - alb.ingress.kubernetes.io/load-balancer-attributes: "routing.http2.enabled=true" - alb.ingress.kubernetes.io/listen-ports: '[{ "HTTP" : 80, "HTTPS" : 443 }]' - alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS-1-2-Ext-2018-06" - alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-north-1:725751206603:certificate/373e8fd1-088e-4022-adf1-5f3e7820fb4a" - alb.ingress.kubernetes.io/ssl-redirect: "443" - alb.ingress.kubernetes.io/group.name: "allow-all" - hosts: - - dial-proxy.staging.deltixhub.io - -env: - OAUTH2_PROVIDERURI: "https://kc.staging.deltixhub.io/realms/DIAL" - # SERVER_HOSTURL: "http://dial-authproxy.dial-authproxy" \ No newline at end of file