diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 014d4093..fa3feeff 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -13,7 +13,7 @@ { // use https://github.com/actions/runner/releases "fileMatch": [ - ".github/workflows/runners.yml" + ".github/workflows/runners.yaml" ], "matchStrings": ["RUNNER_VERSION: +(?.*?)\\n"], "depNameTemplate": "actions/runner", diff --git a/.github/workflows/release.yml b/.github/workflows/publish-arc.yaml similarity index 65% rename from .github/workflows/release.yml rename to .github/workflows/publish-arc.yaml index 3705b090..202d32dc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/publish-arc.yaml @@ -1,24 +1,21 @@ -name: Publish Controller Image +name: Publish ARC on: release: - types: [published] + types: + - published jobs: - build: - runs-on: ubuntu-latest + release-controller: name: Release + runs-on: ubuntu-latest env: DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }} steps: - - name: Set outputs - id: vars - run: echo ::set-output name=sha_short::${GITHUB_SHA::7} - - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@v3 - - uses: actions/setup-go@193b404f8a1d1dccaf6ed9bf03cdb68d2d02020f + - uses: actions/setup-go@v3 with: go-version: '1.18.2' @@ -39,25 +36,20 @@ jobs: - name: Upload artifacts env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: make github-release + run: | + make github-release - - name: Set up QEMU - uses: docker/setup-qemu-action@0522dcd2bf084920c411162fde334a308be75015 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@91cb32d715c128e5f0ede915cd7e196ab7799b83 + - name: Setup Docker Environment + id: vars + uses: ./.github/actions/setup-docker-environment with: - version: latest - - - name: Login to DockerHub - uses: docker/login-action@d398f07826957cd0a18ea1b059cf1207835e60bc - with: - username: ${{ secrets.DOCKER_USER }} + username: ${{ env.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKER_ACCESS_TOKEN }} + ghcr_username: ${{ github.actor }} + ghcr_password: ${{ secrets.GITHUB_TOKEN }} - name: Build and Push - uses: docker/build-push-action@c5e6528d5ddefc82f682165021e05edf58044bce + uses: docker/build-push-action@v3 with: file: Dockerfile platforms: linux/amd64,linux/arm64 @@ -66,4 +58,6 @@ jobs: ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:latest ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:${{ env.VERSION }} ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:${{ env.VERSION }}-${{ steps.vars.outputs.sha_short }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/.github/workflows/publish-canary.yaml b/.github/workflows/publish-canary.yaml new file mode 100644 index 00000000..0b08808f --- /dev/null +++ b/.github/workflows/publish-canary.yaml @@ -0,0 +1,55 @@ +name: Publish Canary Image + +on: + push: + branches: + - master + paths-ignore: + - '**.md' + - '.github/ISSUE_TEMPLATE/**' + - '.github/workflows/validate-chart.yaml' + - '.github/workflows/publish-chart.yaml' + - '.github/workflows/publish-arc.yaml' + - '.github/workflows/runners.yaml' + - '.github/workflows/validate-entrypoint.yaml' + - '.github/renovate.*' + - 'runner/**' + - '.gitignore' + - 'PROJECT' + - 'LICENSE' + - 'Makefile' + +permissions: + contents: read + +jobs: + canary-build: + name: Build and Publish Canary Image + runs-on: ubuntu-latest + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }} + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Docker Environment + id: vars + uses: ./.github/actions/setup-docker-environment + with: + username: ${{ env.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKER_ACCESS_TOKEN }} + ghcr_username: ${{ github.actor }} + ghcr_password: ${{ secrets.GITHUB_TOKEN }} + + # Considered unstable builds + # See Issue #285, PR #286, and PR #323 for more information + - name: Build and Push + uses: docker/build-push-action@v3 + with: + file: Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:canary + cache-from: type=gha,scope=arc-canary + cache-to: type=gha,mode=max,scope=arc-canary diff --git a/.github/workflows/on-push-master-publish-chart.yml b/.github/workflows/publish-chart.yaml similarity index 84% rename from .github/workflows/on-push-master-publish-chart.yml rename to .github/workflows/publish-chart.yaml index 9be9ae33..95a20f42 100644 --- a/.github/workflows/on-push-master-publish-chart.yml +++ b/.github/workflows/publish-chart.yaml @@ -1,4 +1,4 @@ -name: Publish helm chart +name: Publish Helm Chart on: push: @@ -6,7 +6,7 @@ on: - master paths: - 'charts/**' - - '.github/workflows/on-push-master-publish-chart.yml' + - '.github/workflows/publish-chart.yaml' - '!charts/actions-runner-controller/docs/**' - '!**.md' workflow_dispatch: @@ -20,18 +20,18 @@ permissions: jobs: lint-chart: - runs-on: ubuntu-latest name: Lint Chart + runs-on: ubuntu-latest outputs: publish-chart: ${{ steps.publish-chart-step.outputs.publish }} steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba + uses: azure/setup-helm@v2.1 with: version: ${{ env.HELM_VERSION }} @@ -52,12 +52,12 @@ jobs: --enable-optional-test container-security-context-readonlyrootfilesystem # python is a requirement for the chart-testing action below (supports yamllint among other tests) - - uses: actions/setup-python@fff15a21cc8b16191cb1249f621fa3a55b9005b8 + - uses: actions/setup-python@v3 with: - python-version: 3.7 + python-version: '3.7' - name: Set up chart-testing - uses: helm/chart-testing-action@62a185010be4cb08459f7acb19f37927235d5cf3 + uses: helm/chart-testing-action@v2.2.1 - name: Run chart-testing (list-changed) id: list-changed @@ -68,22 +68,23 @@ jobs: fi - name: Run chart-testing (lint) - run: ct lint --config charts/.ci/ct-config.yaml + run: | + ct lint --config charts/.ci/ct-config.yaml - name: Create kind cluster - uses: helm/kind-action@94729529f85113b88f4f819c17ce61382e6d8478 if: steps.list-changed.outputs.changed == 'true' + uses: helm/kind-action@v1.2.0 # We need cert-manager already installed in the cluster because we assume the CRDs exist - name: Install cert-manager + if: steps.list-changed.outputs.changed == 'true' run: | helm repo add jetstack https://charts.jetstack.io --force-update helm install cert-manager jetstack/cert-manager --set installCRDs=true --wait - if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) - run: ct install --config charts/.ci/ct-config.yaml if: steps.list-changed.outputs.changed == 'true' + run: ct install --config charts/.ci/ct-config.yaml # WARNING: This relies on the latest release being inat the top of the JSON from GitHub and a clean chart.yaml - name: Check if Chart Publish is Needed @@ -100,16 +101,17 @@ jobs: fi publish-chart: - permissions: - contents: write # for helm/chart-releaser-action to push chart release and create a release if: needs.lint-chart.outputs.publish-chart == 'true' needs: lint-chart - runs-on: ubuntu-latest name: Publish Chart + runs-on: ubuntu-latest + permissions: + contents: write # for helm/chart-releaser-action to push chart release and create a release + steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@v3 with: fetch-depth: 0 @@ -119,7 +121,7 @@ jobs: git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Run chart-releaser - uses: helm/chart-releaser-action@a3454e46a6f5ac4811069a381e646961dda2e1bf + uses: helm/chart-releaser-action@v1.4.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/codeql.yml b/.github/workflows/run-codeql.yaml similarity index 53% rename from .github/workflows/codeql.yml rename to .github/workflows/run-codeql.yaml index 941ec38c..908e864b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/run-codeql.yaml @@ -1,26 +1,32 @@ -name: "Code Scanning" +name: Run CodeQL on: push: - branches: [master] + branches: + - master pull_request: - branches: [master] + branches: + - master schedule: - cron: '30 1 * * 0' jobs: - CodeQL-Build: + analyze: + name: Analyze runs-on: ubuntu-latest permissions: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v3.0.2 + uses: actions/checkout@v3 + - name: Initialize CodeQL - uses: github/codeql-action/init@v2.1.11 + uses: github/codeql-action/init@v2 with: languages: go + - name: Autobuild - uses: github/codeql-action/autobuild@v2.1.11 + uses: github/codeql-action/autobuild@v2 + - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2.1.11 + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/stale.yaml b/.github/workflows/run-stale.yaml similarity index 79% rename from .github/workflows/stale.yaml rename to .github/workflows/run-stale.yaml index ad0c50f5..1f5a1b52 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/run-stale.yaml @@ -1,7 +1,6 @@ -name: 'Close stale issues and PRs' +name: Run Stale Bot on: schedule: - # 01:30 every day - cron: '30 1 * * *' permissions: @@ -9,12 +8,13 @@ permissions: jobs: stale: - permissions: - issues: write # for actions/stale to close stale issues - pull-requests: write # for actions/stale to close stale PRs + name: Run Stale runs-on: ubuntu-latest + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs steps: - - uses: actions/stale@65d24b70926a596b0f0098d7e1eb572175d73bc1 + - uses: actions/stale@v5 with: stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.' # turn off stale for both issues and PRs diff --git a/.github/workflows/runners.yml b/.github/workflows/runners.yaml similarity index 87% rename from .github/workflows/runners.yml rename to .github/workflows/runners.yaml index 1f884c7b..e0335ef3 100644 --- a/.github/workflows/runners.yml +++ b/.github/workflows/runners.yaml @@ -12,21 +12,21 @@ on: paths: - 'runner/**' - '!runner/Makefile' - - .github/workflows/runners.yml + - '.github/workflows/runners.yaml' - '!**.md' env: RUNNER_VERSION: 2.292.0 DOCKER_VERSION: 20.10.12 - DOCKERHUB_USERNAME: summerwind + DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }} jobs: - build: + build-runners: + name: Build ${{ matrix.name }}-${{ matrix.os-name }}-${{ matrix.os-version }} runs-on: ubuntu-latest permissions: packages: write contents: read - name: Build ${{ matrix.name }}-${{ matrix.os-name }}-${{ matrix.os-version }} strategy: fail-fast: false matrix: @@ -40,7 +40,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@v3 - name: Setup Docker Environment id: vars @@ -52,7 +52,7 @@ jobs: ghcr_password: ${{ secrets.GITHUB_TOKEN }} - name: Build and Push Versioned Tags - uses: docker/build-push-action@c5e6528d5ddefc82f682165021e05edf58044bce + uses: docker/build-push-action@v3 with: context: ./runner file: ./runner/${{ matrix.name }}.dockerfile @@ -68,5 +68,5 @@ jobs: ghcr.io/${{ github.repository }}/${{ matrix.name }}:latest ghcr.io/${{ github.repository }}/${{ matrix.name }}:v${{ env.RUNNER_VERSION }}-${{ matrix.os-name }}-${{ matrix.os-version }} ghcr.io/${{ github.repository }}/${{ matrix.name }}:v${{ env.RUNNER_VERSION }}-${{ matrix.os-name }}-${{ matrix.os-version }}-${{ steps.vars.outputs.sha_short }} - cache-from: type=gha - cache-to: type=gha,mode=max + cache-from: type=gha,scope=build-${{ matrix.name }} + cache-to: type=gha,mode=max,scope=build-${{ matrix.name }} diff --git a/.github/workflows/test.yaml b/.github/workflows/validate-arc.yaml similarity index 58% rename from .github/workflows/test.yaml rename to .github/workflows/validate-arc.yaml index e39ee415..73b5238a 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/validate-arc.yaml @@ -1,48 +1,59 @@ -name: CI +name: Validate ARC on: pull_request: branches: - master paths-ignore: - - .github/workflows/runners.yml - - .github/workflows/on-push-lint-charts.yml - - .github/workflows/on-push-master-publish-chart.yml - - .github/workflows/release.yml - - .github/workflows/test-entrypoint.yml - - .github/workflows/wip.yml - - 'runner/**' - '**.md' + - '.github/ISSUE_TEMPLATE/**' + - '.github/workflows/publish-canary.yaml' + - '.github/workflows/validate-chart.yaml' + - '.github/workflows/publish-chart.yaml' + - '.github/workflows/runners.yaml' + - '.github/workflows/publish-arc.yaml' + - '.github/workflows/validate-entrypoint.yaml' + - '.github/renovate.*' + - 'runner/**' - '.gitignore' + - 'PROJECT' + - 'LICENSE' + - 'Makefile' permissions: contents: read jobs: - test: + test-controller: + name: Test ARC runs-on: ubuntu-latest - name: Test steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: actions/setup-go@193b404f8a1d1dccaf6ed9bf03cdb68d2d02020f + uses: actions/checkout@v3 + + - name: Set-up Go + uses: actions/setup-go@v3 with: go-version: '1.18.2' check-latest: false - - run: go version - - uses: actions/cache@95f200e41cfa87b8e07f30196c0df17a67e67786 + + - uses: actions/cache@v3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- + - name: Install kubebuilder run: | curl -L -O https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_linux_amd64.tar.gz tar zxvf kubebuilder_2.3.2_linux_amd64.tar.gz sudo mv kubebuilder_2.3.2_linux_amd64 /usr/local/kubebuilder + - name: Run tests - run: make test + run: | + make test + - name: Verify manifests are up-to-date run: | make manifests diff --git a/.github/workflows/on-push-lint-charts.yml b/.github/workflows/validate-chart.yaml similarity index 78% rename from .github/workflows/on-push-lint-charts.yml rename to .github/workflows/validate-chart.yaml index 23e79803..db481302 100644 --- a/.github/workflows/on-push-lint-charts.yml +++ b/.github/workflows/validate-chart.yaml @@ -1,10 +1,10 @@ -name: Lint and Test Charts +name: Validate Helm Chart on: push: paths: - 'charts/**' - - '.github/workflows/on-push-lint-charts.yml' + - '.github/workflows/validate-chart.yaml' - '!charts/actions-runner-controller/docs/**' - '!**.md' workflow_dispatch: @@ -16,17 +16,17 @@ permissions: contents: read jobs: - lint-test: - runs-on: ubuntu-latest + validate-chart: name: Lint Chart + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba + uses: azure/setup-helm@v2.1 with: version: ${{ env.HELM_VERSION }} @@ -47,12 +47,12 @@ jobs: --enable-optional-test container-security-context-readonlyrootfilesystem # python is a requirement for the chart-testing action below (supports yamllint among other tests) - - uses: actions/setup-python@fff15a21cc8b16191cb1249f621fa3a55b9005b8 + - uses: actions/setup-python@v3 with: - python-version: 3.7 + python-version: '3.7' - name: Set up chart-testing - uses: helm/chart-testing-action@62a185010be4cb08459f7acb19f37927235d5cf3 + uses: helm/chart-testing-action@v2.2.1 - name: Run chart-testing (list-changed) id: list-changed @@ -63,18 +63,20 @@ jobs: fi - name: Run chart-testing (lint) - run: ct lint --config charts/.ci/ct-config.yaml + run: | + ct lint --config charts/.ci/ct-config.yaml - name: Create kind cluster - uses: helm/kind-action@94729529f85113b88f4f819c17ce61382e6d8478 + uses: helm/kind-action@v1.2.0 if: steps.list-changed.outputs.changed == 'true' # We need cert-manager already installed in the cluster because we assume the CRDs exist - name: Install cert-manager + if: steps.list-changed.outputs.changed == 'true' run: | helm repo add jetstack https://charts.jetstack.io --force-update helm install cert-manager jetstack/cert-manager --set installCRDs=true --wait - if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) - run: ct install --config charts/.ci/ct-config.yaml + run: | + ct install --config charts/.ci/ct-config.yaml diff --git a/.github/workflows/test-entrypoint.yaml b/.github/workflows/validate-runners.yaml similarity index 66% rename from .github/workflows/test-entrypoint.yaml rename to .github/workflows/validate-runners.yaml index 52a45f83..b7e081ec 100644 --- a/.github/workflows/test-entrypoint.yaml +++ b/.github/workflows/validate-runners.yaml @@ -1,4 +1,4 @@ -name: Unit tests for entrypoint +name: Validate Runners on: pull_request: @@ -13,12 +13,13 @@ permissions: contents: read jobs: - test: - runs-on: ubuntu-latest + test-runner-entrypoint: name: Test entrypoint + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - name: Run unit tests for entrypoint.sh + uses: actions/checkout@v3 + + - name: Run tests run: | make acceptance/runner/entrypoint diff --git a/.github/workflows/wip.yml b/.github/workflows/wip.yml deleted file mode 100644 index 8bb824f0..00000000 --- a/.github/workflows/wip.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Publish Canary Image - -on: - push: - branches: - - master - paths-ignore: - - .github/workflows/runners.yml - - .github/workflows/on-push-lint-charts.yml - - .github/workflows/on-push-master-publish-chart.yml - - .github/workflows/release.yml - - .github/workflows/test-entrypoint.yml - - "runner/**" - - "**.md" - - ".gitignore" - -permissions: - contents: read - -jobs: - build: - runs-on: ubuntu-latest - name: Build and Publish Canary Image - env: - DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }} - steps: - - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - - name: Set up QEMU - uses: docker/setup-qemu-action@0522dcd2bf084920c411162fde334a308be75015 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@91cb32d715c128e5f0ede915cd7e196ab7799b83 - with: - version: latest - - - name: Login to DockerHub - uses: docker/login-action@d398f07826957cd0a18ea1b059cf1207835e60bc - with: - username: ${{ secrets.DOCKER_USER }} - password: ${{ secrets.DOCKER_ACCESS_TOKEN }} - - # Considered unstable builds - # See Issue #285, PR #286, and PR #323 for more information - - name: Build and Push - uses: docker/build-push-action@c5e6528d5ddefc82f682165021e05edf58044bce - with: - file: Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: | - ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:canary