Improve CI Pipeline on PRs

.github/workflows/pr.yml

@@ -0,0 +1,191 @@
+name: PR Automation
+
+on:
+  pull_request: {}
+  pull_request_target:
+    types:
+      - closed
+    branches:
+      - master
+
+env:
+  APP_NAME: appcat
+  COMPONENT_REPO: kidswiss/component-appcat
+
+jobs:
+  check-labels:
+    # Act doesn't set a pull request number by default, so we skip if it's 0
+    if: github.event.pull_request.number != 0
+    name: Check labels
+    runs-on: ubuntu-latest
+    steps:
+      - uses: docker://agilepathway/pull-request-label-checker:v1.6.51
+        with:
+          one_of: breaking,enhancement,bug
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+  publish-branch-images:
+    if: github.event.action != 'closed'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Determine Go version from go.mod
+        run: echo "GO_VERSION=$(grep "go 1." go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
+
+      - uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - uses: actions/cache@v3
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build branch and push AppCat
+        run: make docker-push-branchtag
+
+      - name: Build branch and push Functions
+        run: make function-push-package-branchtag
+  open-pr-component:
+    if: github.event.action == 'opened'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ env.COMPONENT_REPO }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
+        id: extract_branch
+
+      - name: Update defaults.yml and create branch
+        run: |
+          yq e '.parameters.appcat.images.${{ env.APP_NAME }}.tag="${{ steps.extract_branch.outputs.branch }}"' class/defaults.yml | diff -B class/defaults.yml - | patch class/defaults.yml - || true
+
+          git --no-pager diff
+
+      - name: Generate new golden
+        # Act uses the host's docker to run containers, but then
+        # they can't access the files that were previously cloned.
+        if: github.event.pull_request.number != 0
+        run: |
+          make gen-golden-all
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.COMPONENT_ACCESS_TOKEN }}
+          title: 'PR for ${{ env.APP_NAME }} on ${{ steps.extract_branch.outputs.branch }}'
+          body: "${{ github.event.pull_request.body}}\nLink: ${{ github.event.pull_request.url }}"
+          branch: "${{ env.APP_NAME }}/${{ github.event.pull_request.number }}/${{ steps.extract_branch.outputs.branch }}"
+          base: master
+          draft: false
+  create-release:
+    if: github.event.pull_request.merged
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check for bug label
+        if: contains(github.event.pull_request.labels.*.name, 'bug')
+        id: bug
+        run: |
+          echo "set=true" >> $GITHUB_OUTPUT
+      - name: Check for enhancement label
+        if: contains(github.event.pull_request.labels.*.name, 'enhancement')
+        id: enhancement
+        run: |
+          echo "set=true" >> $GITHUB_OUTPUT
+      - name: Check for breaking label
+        if: contains(github.event.pull_request.labels.*.name, 'breaking')
+        id: breaking
+        run: |
+          echo "set=true" >> $GITHUB_OUTPUT
+
+      - uses: actions/checkout@v4
+        with:
+          # Make sure we use the right commit to tag
+          ref: ${{ github.event.pull_request.merge_commit_sha }}
+          # We also need to use the personal access token here. As subsequent
+          # actions will not trigger by tags/pushes that use `GITHUB_TOKEN`
+          # https://github.com/orgs/community/discussions/25702#discussioncomment-3248819
+          token: ${{ secrets.COMPONENT_ACCESS_TOKEN }}
+          # This is broken in checkout@v4...
+          # https://github.com/actions/checkout/issues/1781
+          fetch-tags: true
+
+      - name: fetch tags
+        run: |
+          git fetch --tags
+          echo "latest tag: $(git describe --tags "$(git rev-list --tags --max-count=1)")"
+          echo "TAG_VERSION=$(git describe --tags "$(git rev-list --tags --max-count=1)")" >>  $GITHUB_ENV
+
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
+        id: extract_branch
+
+      - name: Increase Tag
+        id: tag
+        run: |
+          bug=${{ steps.bug.outputs.set }}
+          enhancement=${{ steps.enhancement.outputs.set }}
+          breaking=${{ steps.breaking.outputs.set }}
+
+          breaking_ver=$(echo '${{ env.TAG_VERSION }}' | cut -d "." -f1)
+          enhancement_ver=$(echo '${{ env.TAG_VERSION }}' | cut -d "." -f2)
+          bug_ver=$(echo '${{ env.TAG_VERSION }}' | cut -d "." -f3)
+
+          breaking_ver="${breaking_ver:1}"
+
+          # Check for bug label
+          [ ! -z "$bug" ] && [ -z "$enhancement" ] && [ -z "$breaking" ] && ((bug_ver++)) || true
+
+          # check for enhancement label
+          if [ ! -z "$enhancement" ] && [ -z "$breaking" ]; then
+            ((enhancement_ver++))
+            bug_ver=0
+          fi
+
+          # Check for breaking label
+          if [ ! -z "$breaking" ]; then
+            ((breaking_ver++))
+            enhancement_ver=0
+            bug_ver=0
+          fi
+
+          tag="v$breaking_ver.$enhancement_ver.$bug_ver"
+          echo "new tag $tag"
+          git tag $tag
+          git push --tags
+          echo tag=$tag >> $GITHUB_OUTPUT
+
+      - name: Checkout component
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ env.COMPONENT_REPO }}
+          token: ${{ secrets.COMPONENT_ACCESS_TOKEN }}
+          ref: "${{ env.APP_NAME }}/${{ github.event.pull_request.number }}/${{ steps.extract_branch.outputs.branch }}"
+
+      - name: Update tag and run golden
+        run: |
+          yq e '.parameters.appcat.images.${{ env.APP_NAME }}.tag="${{ steps.tag.outputs.tag }}"' class/defaults.yml | diff -B class/defaults.yml - | patch class/defaults.yml - || true
+          make gen-golden-all
+
+      - name: Commit & Push changes
+        uses: actions-js/push@master
+        with:
+          github_token: ${{ secrets.COMPONENT_ACCESS_TOKEN }}
+          branch: "${{ env.APP_NAME }}/${{ github.event.pull_request.number }}/${{ steps.extract_branch.outputs.branch }}"
+          message: "Update tag"
+          repository: ${{ env.COMPONENT_REPO }}

.github/workflows/release.yml

@@ -5,6 +5,9 @@ on:
     tags:
       - "*"
 
+env:
+  APP_NAME: appcat
+
 jobs:
   dist:
     runs-on: ubuntu-latest
@@ -42,10 +45,10 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Push docker image
-        run: make docker-push -e IMG_TAG=${GITHUB_REF##*/}
+        run: make docker-push -e IMG_TAG=${GITHUB_REF##*/} -e APP_NAME=${{ env.APP_NAME }}
 
       - name: Build and push function package
-        run: make push-function-package -e IMG_TAG=${GITHUB_REF##*/}
+        run: make push-function-package -e IMG_TAG=${GITHUB_REF##*/} -e APP_NAME=${{ env.APP_NAME }}
 
       - name: Build changelog from PRs with labels
         id: build_changelog

Makefile

@@ -1,8 +1,6 @@
-
-# Image URL to use all building/pushing image targets
-IMG_TAG ?= latest
-GHCR_IMG ?= ghcr.io/vshn/appcat:$(IMG_TAG)
-DOCKER_CMD ?= docker
+PROJECT_ROOT_DIR = .
+PROJECT_NAME ?= appcat
+PROJECT_OWNER ?= vshn
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -18,14 +16,6 @@ else
 	sed ?= sed
 endif
 
-# For alpine image it is required the following env before building the application
-DOCKER_IMAGE_GOOS = linux
-DOCKER_IMAGE_GOARCH = amd64
-
-PROJECT_ROOT_DIR = .
-PROJECT_NAME ?= appcat
-PROJECT_OWNER ?= vshn
-
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
 BIN_FILENAME ?= $(PROJECT_DIR)/appcat
 
@@ -58,6 +48,7 @@ $(protoc_bin): | $(go_bin)
 
 -include docs/antora-preview.mk docs/antora-build.mk
 -include package/package.mk
+-include ci.mk
 
 .PHONY: help
 help: ## Display this help.
@@ -156,26 +147,11 @@ build:
 test: ## Run tests
 	go test ./... -count=1
 
-.PHONY: docker-build
-docker-build:
-	env CGO_ENABLED=0 GOOS=$(DOCKER_IMAGE_GOOS) GOARCH=$(DOCKER_IMAGE_GOARCH) \
-		go build -o ${BIN_FILENAME}
-	docker build --platform $(DOCKER_IMAGE_GOOS)/$(DOCKER_IMAGE_GOARCH) -t ${GHCR_IMG} .
-
-.PHONY: docker-build-branchtag
-docker-build-branchtag: docker-build ## Build docker image with current branch name
-	tag=$$(git rev-parse --abbrev-ref HEAD) && \
-	docker tag ${GHCR_IMG} ghcr.io/vshn/appcat:"$${tag////_}"
-
 .PHONY: kind-load-branch-tag
 kind-load-branch-tag: ## load docker image with current branch tag into kind
 	tag=$$(git rev-parse --abbrev-ref HEAD) && \
 	kind load docker-image --name kindev ghcr.io/vshn/appcat:"$${tag////_}"
 
-.PHONY: docker-push
-docker-push: docker-build ## Push docker image with the manager.
-	docker push ${GHCR_IMG}
-
 # Generate webhook certificates.
 # This is only relevant when debugging.
 # Component-appcat installs a proper certificate for this.

ci.mk

@@ -0,0 +1,54 @@
+# Image URL to use all building/pushing image targets
+IMG_TAG ?= latest
+APP_NAME ?= appcat
+ORG ?= vshn
+GHCR_IMG ?= ghcr.io/$(ORG)/$(APP_NAME):$(IMG_TAG)
+DOCKER_CMD ?= docker
+
+# For alpine image it is required the following env before building the application
+DOCKER_IMAGE_GOOS = linux
+DOCKER_IMAGE_GOARCH = amd64
+
+COMPONENT_REPO ?= https://github.com/vshn/component-appcat
+
+.PHONY: docker-build
+docker-build:
+	env CGO_ENABLED=0 GOOS=$(DOCKER_IMAGE_GOOS) GOARCH=$(DOCKER_IMAGE_GOARCH) \
+		go build -o ${BIN_FILENAME}
+	docker build --platform $(DOCKER_IMAGE_GOOS)/$(DOCKER_IMAGE_GOARCH) -t ${GHCR_IMG} .
+
+.PHONY: docker-build-branchtag
+IMG_TAG =  $(shell git rev-parse --abbrev-ref HEAD | sed 's/\//_/g')
+docker-build-branchtag: docker-build ## Build docker image with current branch name
+
+.PHONY: docker-push
+docker-push: docker-build ## Push docker image with the manager.
+	docker push ${GHCR_IMG}
+
+.PHONY: docker-push-branchtag
+IMG_TAG =  $(shell git rev-parse --abbrev-ref HEAD | sed 's/\//_/g')
+docker-push-branchtag: docker-build-branchtag docker-push ## Push docker image with current branch name
+
+.PHONY: function-build
+function-build: docker-build
+	yq e '.spec.image="${GHCR_IMG}"' package/crossplane.yaml.template > package/crossplane.yaml
+	rm -f package/*.xpkg
+	go run github.com/crossplane/crossplane/cmd/[email protected] xpkg build -f package --verbose --embed-runtime-image=${GHCR_IMG} -o package/package-function-appcat.xpkg
+	git checkout package/crossplane.yaml
+
+.PHONY: function-push-package
+function-push-package: function-build
+	go run github.com/crossplane/crossplane/cmd/[email protected] xpkg push -f package/package-function-appcat.xpkg ghcr.io/vshn/appcat:${IMG_TAG}-func --verbose
+
+.PHONY: function-build-branchtag
+IMG_TAG =  $(shell git rev-parse --abbrev-ref HEAD | sed 's/\//_/g')
+function-build-branchtag: docker-build-branchtag
+	yq e '.spec.image="${GHCR_IMG}"' package/crossplane.yaml.template > package/crossplane.yaml
+	rm -f package/*.xpkg
+	go run github.com/crossplane/crossplane/cmd/[email protected] xpkg build -f package --verbose --embed-runtime-image=${GHCR_IMG} -o package/package-function-appcat.xpkg
+	git checkout package/crossplane.yaml
+
+.PHONY: function-push-package-branchtag
+IMG_TAG =  $(shell git rev-parse --abbrev-ref HEAD | sed 's/\//_/g')
+function-push-package-branchtag: function-build-branchtag
+	go run github.com/crossplane/crossplane/cmd/[email protected] xpkg push -f package/package-function-appcat.xpkg ${GHCR_IMG}-func --verbose

event.json

@@ -0,0 +1,11 @@
+{
+  "action": "opened",
+  "pull_request": {
+    "merged": true,
+    "labels": [
+      {
+        "name": "bug"
+      }
+    ]
+  }
+}