cicd: Workflow updates (#2)

Workflow updates * Change s3 cp to sync with delete, so that the bucket matches what is in code * Add issue templates for bug reports and feature requests * Add docker flows for ghcr.io and hub.docker.com * Add creating release * Switch bucket setting to use a secret
softrams · Jul 27, 2022 · 3117ba8 · 3117ba8
1 parent ea7aca1
commit 3117ba8
Show file tree

Hide file tree

Showing 11 changed files with 311 additions and 4 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug-report.yaml b/.github/ISSUE_TEMPLATE/bug-report.yaml
@@ -0,0 +1,44 @@
+name: 🐞 Bug
+description: File a bug/issue
+title: "[BUG] <title>"
+labels: [bug]
+body:
+  - type: checkboxes
+    attributes:
+      label: Is there an existing issue for this?
+      description: Please search to see if an issue already exists for the bug you encountered.
+      options:
+      - label: I have searched the existing issues
+        required: true
+  - type: textarea
+    attributes:
+      label: Current Behavior
+      description: A concise description of what you're experiencing.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: A concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: Steps to reproduce the behavior.
+      placeholder: |
+        1. In this environment...
+        2. With this config...
+        3. Run '...'
+        4. See error...
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Anything else?
+      description: |
+        Links? References? Anything that will give us more context about the issue you are encountering!
+
+        Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+    validations:
+      required: false
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1 @@
+blank_issues_enabled: false
diff --git a/.github/ISSUE_TEMPLATE/feature-request.yaml b/.github/ISSUE_TEMPLATE/feature-request.yaml
@@ -0,0 +1,29 @@
+name: Feature Request
+description: Suggest an idea for this project
+title: "[FEATURE] <title>"
+labels: 'enhancement'
+body:
+  - type: textarea
+    attributes:
+      label: Describe the Feature
+      description: A concise description of what you're experiencing.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Use Case
+      description: Is your feature request related to a problem/challenge you are trying to solve? Please provide some additional context of why this feature or capability will be valuable.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe Ideal Solution
+      description: A clear and concise description of what you want to happen. If you don't know, that's okay.
+    validations:
+      required: false
+  - type: markdown
+    attributes:
+      value: |
+        ## Community Note
+        * Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request
+        * If you are interested in working on this issue or have submitted a pull request, please leave a comment
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  # Maintain dependencies for docker
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/commit-issue.yml b/.github/workflows/commit-issue.yml
@@ -0,0 +1,10 @@
+name: Commit Issue Commenter
+on: push
+jobs:
+  checkCommit:
+    name: Comment From Commit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: adamzolyak/commit-issue-commenter-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
@@ -0,0 +1,11 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v2
diff --git a/.github/workflows/docker-pr-clean-up.yaml b/.github/workflows/docker-pr-clean-up.yaml
@@ -0,0 +1,19 @@
+name: 'Docker PR Clean Up'
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  purge-image:
+    name: Delete image from ghcr.io
+    runs-on: ubuntu-latest
+    steps:
+      - name: Prune
+        uses: vlaurin/action-ghcr-prune@main
+        with:
+          token: ${{ secrets.ACTIONS_TOKEN }}
+          container: ${{ github.event.repository.name }}
+          dry-run: false
+          tag-regex: pr-${{github.event.pull_request.number}}
+          untagged: true
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,68 @@
+name: Docker Build and Publish
+
+on:
+  push:
+    branches:
+      - 'master'
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ${{ github.repository }}
+            ghcr.io/${{ github.repository }}
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=ref,event=pr
+            type=semver,pattern=v{{version}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=semver,pattern=v{{major}}
+            type=edge,branch=main
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          # Due to build time, only building the one currently needed.
+          # If needed, we can add more platforms when requested.
+          platforms: "linux/amd64"
+          # Do not push pull requests
+          #push: ${{ github.event_name != 'pull_request' }}
+          # Push pull requests so they can be tested
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,8 +1,9 @@
-name: Publish former2.com
+name: Publish Former2 to S3
 
 on:
   push:
-    branches: [ master ]
+    tags:
+      - 'v*'
 
 jobs:
   deploy:
@@ -20,6 +21,7 @@ jobs:
         aws-secret-access-key: ${{ secrets.FORMER2_AWS_SECRET_ACCESS_KEY }}
         aws-region: us-east-1
 
-    - name: Copy files to origin S3 bucket
+    - name: Sync files to origin S3 bucket
       run: |
-        aws s3 cp --cache-control max-age=300 --recursive . s3://former2.com/ --exclude ".git/*" --exclude "cli/*" --exclude ".*" --exclude "notes.txt" --exclude "*.md" --exclude "Dockerfile" --exclude "LICENSE" --exclude "*.yml" --exclude ".gitignore" --exclude "util/*" --exclude "lib/*"
+        aws s3 sync --delete --cache-control max-age=300 --recursive . s3://${{ secrets.FORMER2_AWS_S3_BUCKET }}/ --exclude ".git/*" --exclude "cli/*" --exclude ".*" --exclude "notes.txt" --exclude "*.md" --exclude "Dockerfile" --exclude "LICENSE" --exclude "*.yml" --exclude ".gitignore" --exclude "util/*" --exclude "lib/*" && \
+        aws cloudfront create-invalidation --distribution-id ${{ secrets.FORMER2_AWS_CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"
diff --git a/.github/workflows/release-please-branches.yml b/.github/workflows/release-please-branches.yml
@@ -0,0 +1,70 @@
+name: Create Releases From Branches
+
+on:
+  push:
+    branches:
+      # See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
+      - releases/v[0-9]+
+jobs:
+  create-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Extract branch name
+        shell: bash
+        run: echo "##[set-output name=branch;]${GITHUB_REF#refs/heads/}"
+        id: extract_branch
+
+      - uses: GoogleCloudPlatform/[email protected]
+        id: release
+        with:
+          release-type: simple
+          default-branch: ${{ steps.extract_branch.outputs.branch }}
+          token: "${{ secrets.ACTIONS_TOKEN }}"
+
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: '0'
+
+      - name: Tag major and patch versions
+        if: ${{ steps.release.outputs.release_created }}
+        run: |
+          git config user.name github-actions[bot]
+          git config user.email 41898282+github-actions[bot]@users.noreply.github.com
+          git remote add gh-token "https://${{ secrets.ACTIONS_TOKEN}}@github.com/google-github-actions/release-please-action.git"
+          git tag -d v${{ steps.release.outputs.major }} || true
+          git tag -d v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} || true
+          git push origin :v${{ steps.release.outputs.major }} || true
+          git push origin :v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} || true
+          git tag -a v${{ steps.release.outputs.major }} -m "Release v${{ steps.release.outputs.major }}"
+          git tag -a v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} -m "Release v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}"
+          git push origin v${{ steps.release.outputs.major }}
+          git push origin v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}
+
+      - name: Recreate latest tags for release ordering
+        if: ${{ steps.release.outputs.release_created }}
+        id: recreate-latest-tags
+        run: |
+          git fetch -avtf
+          LATEST="$(git tag -l|tail -1)"
+          LATEST_MAJOR="$(git tag -l|tail -1|awk -F"." '{print $1}')"
+          LATEST_MINOR="$(git tag -l|tail -1|awk -F"." '{print $1"."$2}')"
+          git checkout main
+          git tag -d "${LATEST}"
+          git tag -d "${LATEST_MAJOR}"
+          git tag -d "${LATEST_MINOR}"
+          git push origin :"${LATEST}"
+          git push origin :"${LATEST_MAJOR}"
+          git push origin :"${LATEST_MINOR}"
+          git tag -a "${LATEST}" -m "Release ${LATEST}"
+          git tag -a "${LATEST_MAJOR}" -m "Release ${LATEST_MAJOR}"
+          git tag -a "${LATEST_MINOR}" -m "Release ${LATEST_MINOR}"
+          git push origin "${LATEST}"
+          git push origin "${LATEST_MAJOR}"
+          git push origin "${LATEST_MINOR}"
+          echo "::set-output name=LATEST_RELEASE::${LATEST}"
+
+      - name: Publish release on GitHub
+        if: ${{ steps.release.outputs.release_created }}
+        uses: test-room-7/action-publish-release-drafts@v0
+        with:
+          tag-name: ${{ steps.recreate-latest-tags.outputs.LATEST_RELEASE }}
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -0,0 +1,40 @@
+name: Create Releases From Default Branch
+
+on:
+  push:
+    branches:
+      - master
+jobs:
+  create-release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: GoogleCloudPlatform/[email protected]
+        id: release
+        with:
+          token: "${{ secrets.ACTIONS_TOKEN }}"
+          release-type: simple
+
+      - uses: actions/checkout@v2
+
+      - name: Create major branch and tag also patch tag versions
+        if: ${{ steps.release.outputs.release_created }}
+        run: |
+          git config user.name github-actions[bot]
+          git config user.email 41898282+github-actions[bot]@users.noreply.github.com
+          git remote add gh-token "https://${{ secrets.ACTIONS_TOKEN}}@github.com/google-github-actions/release-please-action.git"
+          git tag -d v${{ steps.release.outputs.major }} || true
+          git tag -d v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} || true
+          git push origin :v${{ steps.release.outputs.major }} || true
+          git push origin :v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} || true
+          git tag -a v${{ steps.release.outputs.major }} -m "Release v${{ steps.release.outputs.major }}"
+          git tag -a v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} -m "Release v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}"
+          git push origin v${{ steps.release.outputs.major }}
+          git push origin v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}
+          OLD_MAJOR="$( echo ${{ steps.release.outputs.major }} - 1 | bc )"
+          if ! git branch -r | grep "releases/v${OLD_MAJOR}"; then
+            git fetch -avt
+            if git tag -l | grep -x "^v${OLD_MAJOR}"; then
+              git branch releases/v${OLD_MAJOR} v${OLD_MAJOR}
+              git push origin releases/v${OLD_MAJOR}
+            fi
+          fi