From 51144c9149e18edc55d87dfadde3276d0d572fd3 Mon Sep 17 00:00:00 2001 From: joe miller Date: Fri, 17 May 2024 22:53:59 +0000 Subject: [PATCH] ci(gha): workflows for planetscale fork --- .github/workflows/ci.yaml | 87 +++++++++++++++++++++++++++ .github/workflows/go.yml | 29 --------- .github/workflows/helm-chart.yaml | 19 ------ .github/workflows/helm-lint.yml | 39 ------------ .github/workflows/publish.yml | 98 ------------------------------- Dockerfile | 4 +- go.mod | 2 +- 7 files changed, 90 insertions(+), 188 deletions(-) create mode 100644 .github/workflows/ci.yaml delete mode 100644 .github/workflows/go.yml delete mode 100644 .github/workflows/helm-chart.yaml delete mode 100644 .github/workflows/helm-lint.yml delete mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..fd4272d --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,87 @@ +name: ci + +on: + push: + branches: + - main + pull_request: + types: + - opened + - reopened + - synchronize + +permissions: + contents: write + packages: write + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 + with: + go-version-file: go.mod + + - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4 + with: + args: --timeout=180m + + - name: Build + run: go build -v -trimpath . + + - name: test + run: go test -v -cover . + + # release will build docker images on all runs but will only push when running from main branch + release: + needs: [test] + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + + - name: set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Docker meta + id: docker_meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository_owner }}/k8s-pvc-tagger + + - name: login to ghcr.io + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: build and push + id: docker_build + uses: docker/build-push-action@v5 + with: + # only publish from main branch: + # push: ${{ github.ref == 'refs/heads/main' }} + push: true # TODO REMOVE + context: . + file: ./Dockerfile + build-args: VERSION=todo + # build-args: VERSION=${{ steps.docker_meta.outputs.version }} + platforms: linux/amd64 + # TODO: arm64 builds take a very long time on GHA's hosted runners + # platforms: linux/amd64,linux/arm64 + tags: ${{ steps.docker_meta.outputs.tags }} + labels: ${{ steps.docker_meta.outputs.labels }} + + - name: install cosign + uses: sigstore/cosign-installer@main + + - name: cosign the docker images + # if: ${{ github.event_name != 'pull_request' }} + run: cosign sign --yes -a "repo=${{ github.repository }}" -r ghcr.io/${{ github.repository_owner }}/k8s-pvc-tagger@${{ steps.docker_build.outputs.digest }} diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml deleted file mode 100644 index 1378bae..0000000 --- a/.github/workflows/go.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Go - -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -jobs: - - build: - name: Build - runs-on: ubuntu-latest - steps: - - - name: Set up Go 1.x - uses: actions/setup-go@v4 - with: - go-version: ^1.21 - id: go - - - name: Check out code into the Go module directory - uses: actions/checkout@v4 - - - name: Build - run: go build -v . - - - name: Test - run: go test -v . diff --git a/.github/workflows/helm-chart.yaml b/.github/workflows/helm-chart.yaml deleted file mode 100644 index fd5cedf..0000000 --- a/.github/workflows/helm-chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: helm-chart -on: - push: - # Publish `chart-*` tags as helm release. - tags: - - "chart-*" - -jobs: - release-chart: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Publish Helm chart - uses: stefanprodan/helm-gh-pages@master - with: - token: ${{ secrets.GHCR_PAT }} - charts_dir: charts - repository: helm-charts - branch: main diff --git a/.github/workflows/helm-lint.yml b/.github/workflows/helm-lint.yml deleted file mode 100644 index 643312e..0000000 --- a/.github/workflows/helm-lint.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Helm Chart Linting - -on: - pull_request: - branches: [ main ] - -jobs: - - helm-lint: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@v1 - with: - version: v3.12.1 - - - uses: actions/setup-python@v4 - with: - python-version: '3.10' - - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) - if [[ -n "$changed" ]]; then - echo "changed=true" >> "$GITHUB_OUTPUT" - fi - - - name: Run chart-testing (lint) - if: steps.list-changed.outputs.changed == 'true' - run: ct lint --target-branch ${{ github.event.repository.default_branch }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index 4360698..0000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,98 +0,0 @@ -name: Publish - -on: - push: - # Publish `v*` tags as releases. - tags: - - v* - pull_request: - -jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Set up Go 1.x - uses: actions/setup-go@v4 - with: - go-version: ^1.21 - id: go - - - name: Check out code into the Go module directory - uses: actions/checkout@v4 - - - name: Build - run: go build -v . - - - name: Test - run: go test -v . - publish: - runs-on: ubuntu-latest - if: github.event_name == 'push' - # Ensure test job passes before pushing image. - needs: test - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Docker meta - id: docker_meta - uses: docker/metadata-action@v5 - with: - images: ${{ secrets.DOCKER_HUB_USERNAME }}/k8s-pvc-tagger,ghcr.io/${{ github.repository_owner }}/k8s-pvc-tagger - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to DockerHub - uses: docker/login-action@v3 - if: github.event_name != 'pull_request' - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - if: github.event_name != 'pull_request' - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GHCR_PAT }} - - - name: Build and push - id: docker_build - uses: docker/build-push-action@v5 - with: - context: . - file: ./Dockerfile - build-args: VERSION=${{ steps.docker_meta.outputs.version }} - platforms: linux/amd64,linux/arm64 - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} - - - uses: sigstore/cosign-installer@main - - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. https://github.com/sigstore/cosign - - name: Sign the published Dockerhub image - if: ${{ github.event_name != 'pull_request' }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: cosign sign --yes -a "repo=${{ github.repository }}" -r ${{ secrets.DOCKER_HUB_USERNAME }}/k8s-pvc-tagger@${{ steps.docker_build.outputs.digest }} - - - name: Sign the published GitHub image - if: ${{ github.event_name != 'pull_request' }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: cosign sign --yes -a "repo=${{ github.repository }}" -r ghcr.io/${{ github.repository_owner }}/k8s-pvc-tagger@${{ steps.docker_build.outputs.digest }} diff --git a/Dockerfile b/Dockerfile index c5e0708..3d17a1d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21-alpine AS builder +FROM golang:1.22-alpine AS builder ARG VERSION=0.0.1 ARG TARGETARCH @@ -27,7 +27,7 @@ RUN APP_BUILD_TIME=$(cat buildtime); \ go build -ldflags="-X 'main.buildTime=${APP_BUILD_TIME}' -X 'main.buildVersion=${APP_VERSION}'" -o ${APP_NAME} . # Move to /dist directory as the place for resulting binary folder -WORKDIR /app +WORKDIR /app # Copy binary from build to main folder RUN cp /build/${APP_NAME} . diff --git a/go.mod b/go.mod index 7d013c0..a518cba 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/mtougeron/k8s-pvc-tagger -go 1.21 +go 1.22.3 require ( github.com/aws/aws-sdk-go v1.49.9