add GH Actions CI/CD

sdr-enthusiasts · Dec 1, 2023 · 7b96563 · 7b96563
1 parent 9057f36
commit 7b96563
Show file tree

Hide file tree

Showing 10 changed files with 325 additions and 0 deletions.
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -0,0 +1,21 @@
+---
+version: 2
+
+updates:
+  # Maintain dependencies for Docker
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: weekly
+    assignees:
+      - "mikenye"
+      - "fredclausen"
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    assignees:
+      - "mikenye"
+      - "fredclausen"
diff --git a/.github/workflows/cancel_dupes.yml b/.github/workflows/cancel_dupes.yml
@@ -0,0 +1,20 @@
+name: Cancelling Duplicates
+on:
+  workflow_run:
+    workflows:
+      - "Deploy"
+      - "Check Linting"
+      - "Tests"
+    types: ["requested"]
+
+jobs:
+  cancel-duplicate-workflow-runs:
+    name: "Cancel duplicate workflow runs"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: potiuk/cancel-workflow-runs@master
+        name: "Cancel duplicate workflow runs"
+        with:
+          cancelMode: allDuplicates
+          token: ${{ secrets.GITHUB_TOKEN }}
+          sourceRunId: ${{ github.event.workflow_run.id }}
diff --git a/.github/workflows/check_versions.yml b/.github/workflows/check_versions.yml
@@ -0,0 +1,74 @@
+---
+name: Check container software versions
+
+on:
+  workflow_dispatch:
+  # Check for new versions in adsbx repos
+  schedule:
+    - cron: "0 12 * * *"
+
+env:
+  GHCR_IMAGE: ${{ github.repository }}:latest
+  GHCR_REGISTRY: ghcr.io
+  WORKFLOW_FILE_TO_TRIGGER: deploy.yml
+  WORKFLOW_AUTH_TOKEN: ${{ secrets.GH_PAT_KX1T }}
+
+jobs:
+  version_in_container:
+    name: Check versions in 'latest' image
+    runs-on: ubuntu-latest
+    outputs:
+      currverhash: ${{ steps.current-version.outputs.currverhash }}
+    steps:
+      - name: Get versions from ${{ env.GHCR_IMAGE }}
+        id: current-version
+        run: |
+          set -x
+          docker run --rm --entrypoint cat ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE }} /VERSIONS
+          echo "currverhash=$(docker run --rm --entrypoint md5sum ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE }} /VERSIONS)" >> $GITHUB_OUTPUT
+
+  latest_version:
+    name: Check latest versions
+    runs-on: ubuntu-latest
+    outputs:
+      latestverhash: ${{ steps.latest-version.outputs.latestverhash }}
+    steps:
+      - name: Build image
+        uses: docker/build-push-action@v5
+        with:
+          push: false
+          load: true
+          tags: local_image_for_versions:latest
+      - name: Get versions from newly built image
+        id: latest-version
+        run: |
+          set -x
+          docker run --rm --entrypoint cat local_image_for_versions /VERSIONS
+          echo "latestverhash=$(docker run --rm --entrypoint md5sum local_image_for_versions /VERSIONS)" >> $GITHUB_OUTPUT
+
+  display_versions:
+    name: Display versions
+    needs: [version_in_container, latest_version]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Display versions
+        run: |
+          echo "version hash in current latest image = ${{ needs.version_in_container.outputs.currverhash }}"
+          echo "version hash in image just built = ${{ needs.latest_version.outputs.latestverhash }}"
+          echo "will a deployment be triggered = ${{ needs.version_in_container.outputs.currverhash != needs.latest_version.outputs.latestverhash }}"
+
+  trigger_deploy:
+    name: Trigger deployment of image
+    needs: [version_in_container, latest_version]
+    if: ${{ needs.version_in_container.outputs.currverhash != needs.latest_version.outputs.latestverhash }}
+    runs-on: ubuntu-latest
+    env:
+      WORKFLOW_AUTH_TOKEN: ${{ secrets.GH_PAT_KX1T }}
+      WORKFLOW_REPO: sdr-enthusiasts/docker-tar1090
+      WORKFLOW_FILE: deploy.yml
+      WORKFLOW_REASON: "triggered via deploy_ghcr.yml in sdr-enthusiasts/docker-baseimage"
+    steps:
+      - name: Trigger ${{ env.WORKFLOW_FILE }} in ${{ env.WORKFLOW_REPO }}
+        run: |
+          echo "$WORKFLOW_AUTH_TOKEN" | gh auth login --with-token
+          gh workflow run --ref main --repo "$WORKFLOW_REPO" "$WORKFLOW_FILE" -f reason="$WORKFLOW_REASON"
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,67 @@
+name: Deploy
+
+on:
+  workflow_dispatch:
+    inputs:
+      reason:
+        required: false
+        description: "Reason for running this workflow"
+      use_test_image:
+        required: false
+        type: boolean
+        description: "Use base image testpr"
+        default: false
+
+  push:
+    branches:
+      - main
+    # Trigger only on specific files being updated.
+
+    paths:
+      - Dockerfile
+      - rootfs/**
+
+env:
+  GHCR_IMAGE: sdr-enthusiasts/docker-vesselalert
+  GHCR_REGISTRY: ghcr.io
+  GH_LABEL: main
+  GHCR_TAG: latest
+
+jobs:
+  workflow-dispatch:
+    name: Triggered via Workflow Dispatch?
+    # only run this step if workflow dispatch triggered
+    # log the reason the workflow dispatch was triggered
+    if: |
+      github.event_name == 'workflow_dispatch' &&
+      github.event.inputs.reason != ''
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log dispatch reason
+        env:
+          INPUTS_REASON: ${{ github.event.inputs.reason }}
+          INPUTS_USE_TEST_IMAGE: ${{ github.event.inputs.use_test_image }}
+        run: |
+          echo "Workflow dispatch reason: $INPUTS_REASON"
+          echo "Use test image: $INPUTS_USE_TEST_IMAGE"
+
+  deploy:
+    name: Deploy
+    uses: sdr-enthusiasts/common-github-workflows/.github/workflows/build_and_push_image.yml@main
+    with:
+      push_enabled: true
+      push_destinations: ghcr.io
+      ghcr_repo_owner: ${{ github.repository_owner }}
+      ghcr_repo: ${{ github.repository }}
+      get_version_method: git_commit_hash_short
+      # set build_latest to true if github.event.inputs.use_test_image is false
+      build_latest: ${{ github.event.inputs.use_test_image == 'false' || github.event.inputs.use_test_image == '' }}
+      build_baseimage_test: ${{ github.event.inputs.use_test_image == 'true' }}
+      # only build the entire stack if we are not using the test image
+      build_version_specific: ${{ github.event.inputs.use_test_image == 'false' || github.event.inputs.use_test_image == '' }}
+      build_platform_specific: ${{ github.event.inputs.use_test_image == 'false' || github.event.inputs.use_test_image == '' }}
+      build_nohealthcheck: ${{ github.event.inputs.use_test_image == 'false' || github.event.inputs.use_test_image == '' }}
+      build_baseimage_url: base/base-test-pr
+    secrets:
+      ghcr_token: ${{ secrets.GITHUB_TOKEN }}
+      dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }}
diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml
@@ -0,0 +1,21 @@
+---
+name: Linting (Hadolint)
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "Dockerfile"
+
+jobs:
+  hadolint:
+    name: Run hadolint against docker files
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Pull hadolint/hadolint:latest Image
+        run: docker pull hadolint/hadolint:latest
+      - name: Run hadolint against Dockerfiles
+        run: docker run --rm -i -v "$PWD":/workdir --workdir /workdir --entrypoint hadolint hadolint/hadolint --ignore SC2086 --ignore DL3003 --ignore DL3006 --ignore DL3010 --ignore DL4001 --ignore DL3007 --ignore DL3008 --ignore SC2068 --ignore DL3007 --ignore SC1091 --ignore DL3013 --ignore DL3010 $(find . -type f -iname "Dockerfile*")
diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml
@@ -0,0 +1,24 @@
+---
+name: Linting (Markdown)
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      # only run these if markdown files are updated
+    paths:
+      - "**.md"
+      - "**.MD"
+
+jobs:
+  markdownlint:
+    name: Run markdownlint against markdown files
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Pull markdownlint/markdownlint:latest Image
+        run: docker pull markdownlint/markdownlint:latest
+      - name: Run markdownlint against *.md files
+        run: docker run --rm -i -v "$(pwd)":/workdir --workdir /workdir markdownlint/markdownlint:latest --rules ~MD007,~MD013,~MD033,~MD026,~MD002,~MD022,~MD029 $(find . -type f -iname '*.md' | grep -v '/.git/')
diff --git a/.github/workflows/on_pr.yml b/.github/workflows/on_pr.yml
@@ -0,0 +1,28 @@
+---
+name: Pull Request
+
+on:
+  # Enable manual running of action if necessary
+  workflow_dispatch:
+  # Test build/deploy on PRs to main/master
+  pull_request:
+    # Only publish on push to main branch
+    branches:
+      - main
+    # Don't trigger if it's just a documentation update
+    paths-ignore:
+      - "**.md"
+      - "**.MD"
+      - "**.yml"
+      - "LICENSE"
+      - ".gitattributes"
+      - ".gitignore"
+      - ".dockerignore"
+
+jobs:
+  test-build:
+    name: Test
+    uses: sdr-enthusiasts/common-github-workflows/.github/workflows/build_and_push_image.yml@main
+    with:
+      push_enabled: false
+      get_version_method: git_commit_hash_short
diff --git a/.github/workflows/pre-commit-updates.yaml b/.github/workflows/pre-commit-updates.yaml
@@ -0,0 +1,23 @@
+name: Update pre-commit hooks
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: 0 0 * * 0
+
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4.1.1
+        with:
+          fetch-depth: 0
+      - uses: vrslev/pre-commit-autoupdate@v1.0.0
+      - uses: peter-evans/create-pull-request@v5
+        with:
+          branch: pre-commit-autoupdate
+          title: "chore(deps): Update pre-commit hooks"
+          commit-message: "chore(deps): Update pre-commit hooks"
+          body: Update pre-commit hooks
+          labels: dependencies
+          delete-branch: True
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
@@ -0,0 +1,20 @@
+---
+name: Linting (Shellcheck)
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      # only run these if markdown files are updated
+
+jobs:
+  shellcheck:
+    name: Run shellcheck against shell scripts
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Pull koalaman/shellcheck:stable Image
+        run: docker pull koalaman/shellcheck:stable
+      - name: Run Shellcheck against shell scripts
+        run: docker run --rm -i -v "$PWD:/mnt" koalaman/shellcheck:stable $(find . -type f -exec grep -m1 -l -E '^#!.*sh.*' {} \; | grep -v '/.git/')
diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml
@@ -0,0 +1,27 @@
+---
+name: Linting (YAML)
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      # only run when yaml files are updated
+    paths:
+      - "**.yml"
+
+jobs:
+  yamllint:
+    name: Run yamllint against YAML files
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: yaml-lint
+        uses: ibiqlik/action-yamllint@v3
+        with:
+          config_data: |
+            extends: default
+            rules:
+              line-length:
+                max: 120
+                level: warning