Skip to content

Commit

Permalink
Improve CI Pipeline on PRs
Browse files Browse the repository at this point in the history
* Checks for label on PRs
* Builds images from the branch
* Open new PR on component-appcat with new version added
* Will auto tag the release on merge
  • Loading branch information
Kidswiss committed Aug 26, 2024
1 parent 514a14c commit 239dd64
Show file tree
Hide file tree
Showing 6 changed files with 339 additions and 30 deletions.
16 changes: 16 additions & 0 deletions .cruft.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"template": "https://github.com/vshn/appcat-cookiecutter",
"commit": "18a75b54eca181d7b3d919f197f125003d7f927f",
"checkout": null,
"context": {
"cookiecutter": {
"app_name": "appcat",
"component_repo": "vshn/component-appcat",
"_copy_without_render": [
".github/workflows/cruft-update.yml"
],
"_template": "https://github.com/vshn/appcat-cookiecutter"
}
},
"directory": null
}
74 changes: 74 additions & 0 deletions .github/workflows/cruft-update.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# /.github/workflows/cruft-update.yml
name: Update repository with Cruft
permissions:
contents: write
pull-requests: write
on:
schedule:
- cron: "0 * * * *" # Once per hour
jobs:
update:
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
include:
- add-paths: .
body: Use this to merge the changes to this repository.
branch: cruft/update
commit-message: "chore: accept new Cruft update"
title: New updates detected with Cruft
- add-paths: .cruft.json
body: Use this to reject the changes in this repository.
branch: cruft/reject
commit-message: "chore: reject new Cruft update"
title: Reject new updates detected with Cruft
steps:
- uses: actions/checkout@v4

- uses: actions/setup-python@v5
with:
python-version: "3.10"

- name: Install Cruft
run: pip3 install cruft

- name: Check if update is available
continue-on-error: false
id: check
run: |
CHANGES=0
if [ -f .cruft.json ]; then
if ! cruft check; then
CHANGES=1
fi
else
echo "No .cruft.json file"
fi
echo "has_changes=$CHANGES" >> "$GITHUB_OUTPUT"
- name: Run update if available
if: steps.check.outputs.has_changes == '1'
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHubBot"
cruft update --skip-apply-ask --refresh-private-variables
git restore --staged .
- name: Create pull request
if: steps.check.outputs.has_changes == '1'
uses: peter-evans/create-pull-request@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
add-paths: ${{ matrix.add-paths }}
commit-message: ${{ matrix.commit-message }}
branch: ${{ matrix.branch }}
delete-branch: true
branch-suffix: timestamp
title: ${{ matrix.title }}
body: |
This is an autogenerated PR. ${{ matrix.body }}
[Cruft](https://cruft.github.io/cruft/) has detected updates from the Cookiecutter repository.
192 changes: 192 additions & 0 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,192 @@
name: PR Automation

on:
pull_request: {}
pull_request_target:
types:
- closed
branches:
- master

env:
APP_NAME: appcat
COMPONENT_REPO: vshn/component-appcat

jobs:
check-labels:
# Act doesn't set a pull request number by default, so we skip if it's 0
if: github.event.pull_request.number != 0
name: Check labels
runs-on: ubuntu-latest
steps:
- uses: docker://agilepathway/pull-request-label-checker:v1.6.51
with:
one_of: breaking,enhancement,bug
repo_token: ${{ secrets.GITHUB_TOKEN }}
publish-branch-images:
if: github.event.action != 'closed'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Determine Go version from go.mod
run: echo "GO_VERSION=$(grep "go 1." go.mod | cut -d " " -f 2)" >> $GITHUB_ENV

- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}

- uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build branch and push AppCat
run: make docker-push-branchtag

- name: Build branch and push Functions
run: make function-push-package-branchtag
open-pr-component:
if: github.event.action == 'opened'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
repository: ${{ env.COMPONENT_REPO }}
token: ${{ secrets.GITHUB_TOKEN }}

- name: Extract branch name
shell: bash
run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
id: extract_branch

- name: Update defaults.yml and create branch
run: |
yq e '.parameters.appcat.images.${{ env.APP_NAME }}.tag="${{ steps.extract_branch.outputs.branch }}"' class/defaults.yml | diff -B class/defaults.yml - | patch class/defaults.yml - || true
git --no-pager diff
- name: Generate new golden
# Act uses the host's docker to run containers, but then
# they can't access the files that were previously cloned.
if: github.event.pull_request.number != 0
run: |
make gen-golden-all
- name: Create Pull Request
uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.COMPONENT_ACCESS_TOKEN }}
title: 'PR for ${{ env.APP_NAME }} on ${{ steps.extract_branch.outputs.branch }}'
body: "${{ github.event.pull_request.body}}\nLink: ${{ github.event.pull_request.url }}"
branch: "${{ env.APP_NAME }}/${{ github.event.pull_request.number }}/${{ steps.extract_branch.outputs.branch }}"
base: master
draft: false
create-release:
if: github.event.pull_request.merged
runs-on: ubuntu-latest
steps:
- name: Check for bug label
if: contains(github.event.pull_request.labels.*.name, 'bug')
id: bug
run: |
echo "set=true" >> $GITHUB_OUTPUT
- name: Check for enhancement label
if: contains(github.event.pull_request.labels.*.name, 'enhancement')
id: enhancement
run: |
echo "set=true" >> $GITHUB_OUTPUT
- name: Check for breaking label
if: contains(github.event.pull_request.labels.*.name, 'breaking')
id: breaking
run: |
echo "set=true" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
with:
# Make sure we use the right commit to tag
ref: ${{ github.event.pull_request.merge_commit_sha }}
# We also need to use the personal access token here. As subsequent
# actions will not trigger by tags/pushes that use `GITHUB_TOKEN`
# https://github.com/orgs/community/discussions/25702#discussioncomment-3248819
token: ${{ secrets.COMPONENT_ACCESS_TOKEN }}
# This is broken in checkout@v4...
# https://github.com/actions/checkout/issues/1781
fetch-tags: true

- name: fetch tags
run: |
git fetch --tags
echo "latest tag: $(git describe --tags "$(git rev-list --tags --max-count=1)")"
echo "TAG_VERSION=$(git describe --tags "$(git rev-list --tags --max-count=1)")" >> $GITHUB_ENV
- name: Extract branch name
shell: bash
run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
id: extract_branch

- name: Increase Tag
id: tag
run: |
bug=${{ steps.bug.outputs.set }}
enhancement=${{ steps.enhancement.outputs.set }}
breaking=${{ steps.breaking.outputs.set }}
breaking_ver=$(echo '${{ env.TAG_VERSION }}' | cut -d "." -f1)
enhancement_ver=$(echo '${{ env.TAG_VERSION }}' | cut -d "." -f2)
bug_ver=$(echo '${{ env.TAG_VERSION }}' | cut -d "." -f3)
breaking_ver="${breaking_ver:1}"
# Check for bug label
[ ! -z "$bug" ] && [ -z "$enhancement" ] && [ -z "$breaking" ] && ((bug_ver++)) || true
# check for enhancement label
if [ ! -z "$enhancement" ] && [ -z "$breaking" ]; then
((enhancement_ver++))
bug_ver=0
fi
# Check for breaking label
if [ ! -z "$breaking" ]; then
((breaking_ver++))
enhancement_ver=0
bug_ver=0
fi
tag="v$breaking_ver.$enhancement_ver.$bug_ver"
echo "new tag $tag"
git tag $tag
git push --tags
echo tag=$tag >> $GITHUB_OUTPUT
- name: Checkout component
uses: actions/checkout@v4
with:
repository: ${{ env.COMPONENT_REPO }}
token: ${{ secrets.COMPONENT_ACCESS_TOKEN }}
ref: "${{ env.APP_NAME }}/${{ github.event.pull_request.number }}/${{ steps.extract_branch.outputs.branch }}"

- name: Update tag and run golden
run: |
yq e '.parameters.appcat.images.${{ env.APP_NAME }}.tag="${{ steps.tag.outputs.tag }}"' class/defaults.yml | diff -B class/defaults.yml - | patch class/defaults.yml - || true
make gen-golden-all
- name: Commit & Push changes
uses: actions-js/push@master
with:
github_token: ${{ secrets.COMPONENT_ACCESS_TOKEN }}
branch: "${{ env.APP_NAME }}/${{ github.event.pull_request.number }}/${{ steps.extract_branch.outputs.branch }}"
message: "Update tag"
repository: ${{ env.COMPONENT_REPO }}

7 changes: 5 additions & 2 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ on:
tags:
- "*"

env:
APP_NAME: appcat

jobs:
dist:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -42,10 +45,10 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

- name: Push docker image
run: make docker-push -e IMG_TAG=${GITHUB_REF##*/}
run: make docker-push -e IMG_TAG=${GITHUB_REF##*/} -e APP_NAME=${{ env.APP_NAME }}

- name: Build and push function package
run: make push-function-package -e IMG_TAG=${GITHUB_REF##*/}
run: make push-function-package -e IMG_TAG=${GITHUB_REF##*/} -e APP_NAME=${{ env.APP_NAME }}

- name: Build changelog from PRs with labels
id: build_changelog
Expand Down
32 changes: 4 additions & 28 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@

# Image URL to use all building/pushing image targets
IMG_TAG ?= latest
GHCR_IMG ?= ghcr.io/vshn/appcat:$(IMG_TAG)
DOCKER_CMD ?= docker
PROJECT_ROOT_DIR = .
PROJECT_NAME ?= appcat
PROJECT_OWNER ?= vshn

# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
Expand All @@ -18,14 +16,6 @@ else
sed ?= sed
endif

# For alpine image it is required the following env before building the application
DOCKER_IMAGE_GOOS = linux
DOCKER_IMAGE_GOARCH = amd64

PROJECT_ROOT_DIR = .
PROJECT_NAME ?= appcat
PROJECT_OWNER ?= vshn

PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
BIN_FILENAME ?= $(PROJECT_DIR)/appcat

Expand Down Expand Up @@ -58,6 +48,7 @@ $(protoc_bin): | $(go_bin)

-include docs/antora-preview.mk docs/antora-build.mk
-include package/package.mk
-include ci.mk

.PHONY: help
help: ## Display this help.
Expand Down Expand Up @@ -156,26 +147,11 @@ build:
test: ## Run tests
go test ./... -count=1

.PHONY: docker-build
docker-build:
env CGO_ENABLED=0 GOOS=$(DOCKER_IMAGE_GOOS) GOARCH=$(DOCKER_IMAGE_GOARCH) \
go build -o ${BIN_FILENAME}
docker build --platform $(DOCKER_IMAGE_GOOS)/$(DOCKER_IMAGE_GOARCH) -t ${GHCR_IMG} .

.PHONY: docker-build-branchtag
docker-build-branchtag: docker-build ## Build docker image with current branch name
tag=$$(git rev-parse --abbrev-ref HEAD) && \
docker tag ${GHCR_IMG} ghcr.io/vshn/appcat:"$${tag////_}"

.PHONY: kind-load-branch-tag
kind-load-branch-tag: ## load docker image with current branch tag into kind
tag=$$(git rev-parse --abbrev-ref HEAD) && \
kind load docker-image --name kindev ghcr.io/vshn/appcat:"$${tag////_}"

.PHONY: docker-push
docker-push: docker-build ## Push docker image with the manager.
docker push ${GHCR_IMG}

# Generate webhook certificates.
# This is only relevant when debugging.
# Component-appcat installs a proper certificate for this.
Expand Down
Loading

0 comments on commit 239dd64

Please sign in to comment.