Skip to content

Commit

Permalink
🔥 wip: enhance structure
Browse files Browse the repository at this point in the history
  • Loading branch information
@zcubbs
zcubbs committed Oct 15, 2023
1 parent f4b0357 commit 4b19718
Show file tree
Hide file tree
Showing 67 changed files with 416 additions and 5,382 deletions.
52 changes: 52 additions & 0 deletions .github/workflows/chart-release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Release Charts

on:
workflow_dispatch:

permissions:
contents: write
packages: write

jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Install Helm
uses: azure/setup-helm@v3

- name: Publish chart
env:
HELM_EXPERIMENTAL_OCI: '1'
CHARTS_REPO: ghcr.io/${{ github.repository }}
VERSION: ${{ github.ref_name }}
# read chart version from Chart.yaml and increment it
# then update Chart.yaml and push it back to the repo
run: |
CURRENT_CHART_VERSION=$(yq e '.version' charts/hub/Chart.yaml)
CHART_VERSION=$(echo $CURRENT_CHART_VERSION | awk -F. '{$NF = $NF + 1;} 1' | sed 's/ /./g')
echo "Chart version: $CHART_VERSION"
cd charts/hub
helm dep up
helm package . --version ${CHART_VERSION} --app-version ${VERSION}
helm push hub-${CHART_VERSION}.tgz oci://${CHARTS_REPO}
sed -i "s/version: ${CURRENT_CHART_VERSION}/version: ${CHART_VERSION}/g" Chart.yaml
git add Chart.yaml
git commit -m "📦 Bump chart version to ${CHART_VERSION}"
git push origin ${{ github.ref_name }}
23 changes: 9 additions & 14 deletions .github/workflows/lint.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,36 +8,31 @@ on:
branches:
- main
paths-ignore:
- '*.http'
- 'README.md'
- 'docs/**'
- '.github/**'
- '.taskfiles/**'
- 'chart/**'
- 'charts/**'
- 'scripts/**'
- '.github/**'
- 'LICENSE'
- 'sqlc.yaml'
- 'Taskfile.yaml'
- '.gitignore'
- 'project.toml'
- '.gosec.config.json'
- '.editorconfig'

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
- '.goreleaser.yaml'
- 'examples/**'

jobs:
lint:
runs-on: ubuntu-latest

steps:
- name: Checkout Code
uses: actions/checkout@v3.5.3
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Set up Go
uses: actions/setup-go@v4.1.0
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '1.20'
go-version: '1.21'

- name: Install Task
uses: arduino/setup-task@v1.0.3
Expand All @@ -46,7 +41,7 @@ jobs:
repo-token: ${{ secrets.GITHUB_TOKEN }}

- name: Install Linter
run: task bootstrap_tasks:install:golangci-lint
run: task tools:install:golangci-lint

- name: Lint
run: task lint
114 changes: 92 additions & 22 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,100 @@
name: Release

# This ensures that the release is only created after the Docker Build Pipeline
# has successfully completed.
on:
workflow_run:
workflows: ["Build"]
types:
- completed

workflow_dispatch:
permissions:
contents: write
packages: write
# This is used for the identity challenge
# with sigstore/fulcio when outside PRs.
id-token: write
jobs:
release:
if : github.triggering_actor == 'zcubbs'

create-release:
permissions: write-all
runs-on: ubuntu-latest
# This if condition checks two things:
# 1. That the Build pipeline completed successfully.
# 2. That the current ref is a tag.
if: |
github.event.workflow_run.conclusion == 'success' &&
startsWith(github.ref, 'refs/tags/')
steps:
- name: Create GitHub Release
uses: actions/create-release@v1
- name: Set Static Major and Minor Versions
id: static_version
run: |
echo "::set-output name=major::0"
echo "::set-output name=minor::1"
- name: Get latest release version
id: latest_version
run: |
latest_tag=$(curl --silent "https://api.github.com/repos/${{ github.repository }}/releases/latest" | jq .tag_name -r)
echo "::set-output name=version::$latest_tag"
continue-on-error: true

- name: Calculate new version
id: new_version
run: |
static_minor=${{ steps.static_version.outputs.minor }}
latest_minor=$(echo "${{ steps.latest_version.outputs.version }}" | cut -d. -f2)
patch=$(echo "${{ steps.latest_version.outputs.version }}" | cut -d. -f3 | tr -d 'v')
if [[ "$static_minor" != "$latest_minor" ]]; then
patch=0
else
let "patch+=1"
fi
new_version="v${{ steps.static_version.outputs.major }}.$static_minor.${patch}"
echo "::set-output name=version::$new_version"
- name: Checkout Code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '1.21'

# remove tests in order to clean dependencies
- name: Remove xxx_test.go files
run: rm -rf *_test.go ./examples ./images

# cleanup test dependencies
- name: Cleanup dependencies
run: go mod tidy

- name: List files
run: tree -Cfi
- name: Write new go.mod into logs
run: cat go.mod
- name: Write new go.sum into logs
run: cat go.sum

- name: Create tag
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git config --global user.name '${{ github.triggering_actor }}'
git config --global user.email "${{ github.triggering_actor}}@users.noreply.github.com"
git add .
git commit --allow-empty -m 'bump ${{ steps.new_version.outputs.version }}'
git tag ${{ steps.new_version.outputs.version }}
git push origin ${{ steps.new_version.outputs.version }}
- name: Release
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
with:
name: ${{ steps.new_version.outputs.version }}
tag_name: ${{ steps.new_version.outputs.version }}

- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v3.0.0
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
draft: false
prerelease: false
distribution: goreleaser
version: latest
args: release -f .goreleaser.yaml --clean --verbose
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
36 changes: 24 additions & 12 deletions .github/workflows/scan.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,38 @@
name: Scan

defaults:
run:
shell: bash
on:
workflow_dispatch:
schedule:
# every day at 00:00 UTC
- cron: '0 0 * * *'
pull_request:
branches: [ main ]
push:
branches:
- main
paths-ignore:
- 'README.md'
- 'docs/**'
- 'chart/**'
- 'charts/**'
- 'scripts/**'
- '.github/**'
- 'LICENSE'
- 'Taskfile.yaml'
- '.gitignore'
- '.gosec.config.json'
- '.editorconfig'
- '.goreleaser.yaml'
- 'examples/**'

jobs:
scan:
runs-on: ubuntu-latest

steps:

- name: Checkout Code
uses: actions/checkout@v3.5.3
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Set up Go
uses: actions/setup-go@v4.1.0
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '1.20'
go-version: '1.21'

- name: Install Task
uses: arduino/setup-task@v1.0.3
Expand All @@ -29,7 +41,7 @@ jobs:
repo-token: ${{ secrets.GITHUB_TOKEN }}

- name: Install Security Scanner
run: task bootstrap_tasks:install:gosec
run: task tools:install:gosec

- name: Run Go Security Scanner
run: task scan
Loading

0 comments on commit 4b19718

Please sign in to comment.