-
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: ITO Manaki (Colk) <53868423+Colk-tech@users.noreply.github.com>
- Loading branch information
1 parent
fe9c3f8
commit c2ae91f
Showing
15 changed files
with
481 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# From https://code.dblock.org/2021/09/03/generating-task-matrix-by-looping-over-repo-files-with-github-actions.html | ||
|
||
name: List Dockerfile | ||
description: List all Dockerfile as a matrix | ||
outputs: | ||
matrix: | ||
description: Matrix of all Dockerfile | ||
value: ${{ steps.set_matrix.outputs.matrix }} | ||
|
||
runs: | ||
using: composite | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- id: set_matrix | ||
shell: bash | ||
run: echo "matrix=$(find services -name Dockerfile -maxdepth 2 -print0 | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
name: Dockerfile lint | ||
|
||
on: | ||
pull_request: | ||
paths-ignore: | ||
- "Dockerfile" | ||
|
||
jobs: | ||
lint: | ||
name: Dockerfile lint | ||
runs-on: ubuntu-latest | ||
steps: | ||
- run: | | ||
echo "No Dockerfile updated" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
name: Dockerfile lint | ||
|
||
on: | ||
pull_request: | ||
paths: | ||
- "Dockerfile" | ||
|
||
jobs: | ||
list_dockerfile: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: "actions/checkout@v2" | ||
- uses: "./github/actions/list_dockerfile" | ||
id: set_matrix | ||
outputs: | ||
matrix: ${{ steps.set_matrix.outputs.matrix }} | ||
|
||
lint: | ||
needs: list_dockerfile | ||
name: Dockerfile lint by Hadolint Action | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
dockerfile: ${{ fromJson(needs.list_dockerfile.outputs.matrix) }} | ||
|
||
steps: | ||
- uses: "actions/checkout@v4" | ||
|
||
- uses: "hadolint/hadolint-action@v3.1.0" | ||
id: run_hadolint | ||
with: | ||
dockerfile: ${{ matrix.dockerfile }} | ||
no-color: false | ||
no-fail: false | ||
|
||
- name: Create pull request comment | ||
uses: "actions/github-script@v6" | ||
if: github.event_name == 'pull_request' | ||
with: | ||
script: | | ||
const hadolintOutput = ` | ||
#### Hadolint: \`${{ steps.run_hadolint.outcome }}\` | ||
\`\`\` | ||
${process.env.HADOLINT_RESULTS} | ||
\`\`\` | ||
`; | ||
github.rest.issues.createComment({ | ||
issue_number: context.issue.number, | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
body: hadolintOutput, | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
name: Staging Terraform Apply | ||
|
||
on: | ||
push: | ||
branches: | ||
- "main" | ||
|
||
env: | ||
TF_CLOUD_ORGANIZATION: "pulsate-dev" | ||
TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" | ||
TF_WORKSPACE: "pulsate-staging" | ||
CONFIG_DIRECTORY: "./staging/" | ||
|
||
jobs: | ||
list_dockerfile: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: ./github/actions/list_dockerfile | ||
id: set_matrix | ||
outputs: | ||
matrix: ${{ steps.set_matrix.outputs.matrix }} | ||
images: | ||
needs: list_dockerfile | ||
name: Push Docker images | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
dockerfile: ${{ fromJson(needs.list_dockerfile.outputs.matrix) }} | ||
|
||
steps: | ||
- uses: "actions/checkout@v4" | ||
- name: Docker meta | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: | | ||
ghcr.io/approvers/oreorebot2 | ||
tags: | | ||
${{ github.sha }} | ||
type=raw,value=latest,enable={{is_default_branch}} | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3.0.0 | ||
|
||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.repository_owner }} | ||
password: ${{ github.token }} | ||
- name: Build and push | ||
uses: docker/build-push-action@v5 | ||
with: | ||
push: true | ||
file: ${{ matrix.dockerfile }} | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
|
||
apply: | ||
needs: images | ||
if: github.repository == 'approvers/pulsate' | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
id-token: write | ||
steps: | ||
- uses: "actions/checkout@v4" | ||
|
||
- id: "auth" | ||
name: Authenticate to Google Cloud | ||
uses: "google-github-actions/auth@v1" | ||
with: | ||
workload_identity_provider: "projects/1065320521129/locations/global/workloadIdentityPools/ci-pool/providers/ci-provider" | ||
service_account: "staging-deploy-from-github-act@pulsate-staging-400117.iam.gserviceaccount.com" | ||
token_format: "access_token" | ||
|
||
- name: Upload Configuration | ||
uses: "hashicorp/tfc-workflows-github/actions/upload-configuration@v1.0.4" | ||
id: apply-upload | ||
with: | ||
workspace: ${{ env.TF_WORKSPACE }} | ||
directory: ${{ env.CONFIG_DIRECTORY }} | ||
- name: Create Apply Run | ||
uses: "hashicorp/tfc-workflows-github/actions/create-run@v1.0.4" | ||
id: apply-run | ||
with: | ||
workspace: ${{ env.TF_WORKSPACE }} | ||
configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }} | ||
env: | ||
TF_VAR_access_token: "\"${{ steps.auth.outputs.access_token }}\"" | ||
- name: Apply | ||
uses: "hashicorp/tfc-workflows-github/actions/apply-run@v1.0.4" | ||
if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable | ||
id: apply | ||
with: | ||
run: ${{ steps.apply-run.outputs.run_id }} | ||
comment: "Apply Run from GitHub Actions CI ${{ github.sha }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
name: Staging Terraform Plan | ||
|
||
on: | ||
pull_request: | ||
branches: | ||
- "main" | ||
|
||
env: | ||
TF_CLOUD_ORGANIZATION: "pulsate-dev" | ||
TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" | ||
TF_WORKSPACE: "pulsate-staging" | ||
CONFIG_DIRECTORY: "./staging/" | ||
|
||
jobs: | ||
plan: | ||
if: github.repository == 'approvers/pulsate' | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
pull-requests: write | ||
id-token: write | ||
steps: | ||
- uses: "actions/checkout@v4" | ||
|
||
- id: "auth" | ||
name: Authenticate to Google Cloud | ||
uses: "google-github-actions/auth@v1" | ||
with: | ||
workload_identity_provider: "projects/1065320521129/locations/global/workloadIdentityPools/ci-pool/providers/ci-provider" | ||
service_account: "staging-deploy-from-github-act@pulsate-staging-400117.iam.gserviceaccount.com" | ||
token_format: "access_token" | ||
|
||
- name: Upload Configuration | ||
uses: "hashicorp/tfc-workflows-github/actions/upload-configuration@v1.0.4" | ||
id: "plan-upload" | ||
with: | ||
workspace: ${{ env.TF_WORKSPACE }} | ||
directory: ${{ env.CONFIG_DIRECTORY }} | ||
speculative: true | ||
- name: Create Plan Run | ||
uses: "hashicorp/tfc-workflows-github/actions/create-run@v1.0.4" | ||
id: plan-run | ||
with: | ||
workspace: ${{ env.TF_WORKSPACE }} | ||
configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }} | ||
plan_only: true | ||
env: | ||
TF_VAR_access_token: "\"${{ steps.auth.outputs.access_token }}\"" | ||
- name: Get Plan Output | ||
uses: "hashicorp/tfc-workflows-github/actions/plan-output@v1.0.0" | ||
id: plan-output | ||
with: | ||
plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }} | ||
- name: Update PR | ||
uses: "actions/github-script@v6" | ||
id: plan-comment | ||
with: | ||
github-token: ${{ secrets.GITHUB_TOKEN }} | ||
script: | | ||
const { data: comments } = await github.rest.issues.listComments({ | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
issue_number: context.issue.number, | ||
}); | ||
const botComment = comments.find(comment => { | ||
return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output') | ||
}); | ||
const output = `#### Terraform Cloud Plan Output | ||
\`\`\` | ||
Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy. | ||
\`\`\` | ||
[Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }}) | ||
`; | ||
// 3. Delete previous comment so PR timeline makes sense | ||
if (botComment !== undefined) { | ||
github.rest.issues.updateComment({ | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
comment_id: botComment.id, | ||
body: output, | ||
}); | ||
} else { | ||
github.rest.issues.createComment({ | ||
issue_number: context.issue.number, | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
body: output, | ||
}); | ||
} | ||
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
*.env | ||
Dockerfile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
FROM denoland/deno:1.37.0 | ||
|
||
EXPOSE 8000 | ||
|
||
WORKDIR /app | ||
|
||
USER deno | ||
|
||
COPY . . | ||
|
||
RUN deno cache main.ts | ||
|
||
CMD ["run", "--allow-net", "main.ts"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
bucket = "tf-state-xxxxxxxxx" |
Oops, something went wrong.