ci: align pipeline files and setups (#1484)

* ci: align pipeline files and setups * ci: more changes * ci: various changes * ci: fix setup-helm action ref * ci: better pipeline name * ci: more format aligning * ci: more format aligning * ci: better job name * ci: supports multiple languages * ci: better pipeline and job names * ci: do a verb-noun thing for consistency * ci: use 'arc' when talking holistically * ci: add caching scope * ci: put canary in a scope * ci: fix syntax error * ci: better pipeline and job names * ci: better job name Co-authored-by: toast-gear <toast-gear@users.noreply.github.com>
2022-06-08 02:04:14 +01:00 · 2022-06-08 02:04:14 +01:00 · 0cd13fe51d
parent 01c8dc237e
commit 0cd13fe51d
11 changed files with 168 additions and 151 deletions
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@ -13,7 +13,7 @@
    {
      // use https://github.com/actions/runner/releases
      "fileMatch": [
-        ".github/workflows/runners.yml"
+        ".github/workflows/runners.yaml"
      ],
      "matchStrings": ["RUNNER_VERSION: +(?<currentValue>.*?)\\n"],
      "depNameTemplate": "actions/runner",
--- a/.github/workflows/publish-arc.yaml
+++ b/.github/workflows/publish-arc.yaml
@ -1,24 +1,21 @@
-name: Publish Controller Image
+name: Publish ARC

 on:
  release:
-    types: [published]
+    types:
+      - published

 jobs:
-  build:
-    runs-on: ubuntu-latest
+  release-controller:
    name: Release
+    runs-on: ubuntu-latest
    env:
      DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }}
    steps:
-      - name: Set outputs
-        id: vars
-        run: echo ::set-output name=sha_short::${GITHUB_SHA::7}
-
      - name: Checkout
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        uses: actions/checkout@v3

-      - uses: actions/setup-go@193b404f8a1d1dccaf6ed9bf03cdb68d2d02020f
+      - uses: actions/setup-go@v3
        with:
          go-version: '1.18.2'

@ -39,25 +36,20 @@ jobs:
      - name: Upload artifacts
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: make github-release
+        run: |
+          make github-release

-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@0522dcd2bf084920c411162fde334a308be75015
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@91cb32d715c128e5f0ede915cd7e196ab7799b83
+      - name: Setup Docker Environment
+        id: vars
+        uses: ./.github/actions/setup-docker-environment
        with:
-          version: latest
-
-      - name: Login to DockerHub
-        uses: docker/login-action@d398f07826957cd0a18ea1b059cf1207835e60bc
-        with:
-          username: ${{ secrets.DOCKER_USER }}
+          username: ${{ env.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+          ghcr_username: ${{ github.actor }}
+          ghcr_password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and Push
-        uses: docker/build-push-action@c5e6528d5ddefc82f682165021e05edf58044bce
+        uses: docker/build-push-action@v3
        with:
          file: Dockerfile
          platforms: linux/amd64,linux/arm64
@ -66,4 +58,6 @@ jobs:
            ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:latest
            ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:${{ env.VERSION }}
            ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:${{ env.VERSION }}-${{ steps.vars.outputs.sha_short }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

--- a/.github/workflows/publish-canary.yaml
+++ b/.github/workflows/publish-canary.yaml
@ -0,0 +1,55 @@
+name: Publish Canary Image
+
+on:
+  push:
+    branches:
+      - master
+    paths-ignore:
+      - '**.md'
+      - '.github/ISSUE_TEMPLATE/**'
+      - '.github/workflows/validate-chart.yaml'
+      - '.github/workflows/publish-chart.yaml'
+      - '.github/workflows/publish-arc.yaml'
+      - '.github/workflows/runners.yaml'
+      - '.github/workflows/validate-entrypoint.yaml'
+      - '.github/renovate.*'
+      - 'runner/**'
+      - '.gitignore'
+      - 'PROJECT'
+      - 'LICENSE'
+      - 'Makefile'
+
+permissions:
+  contents: read
+
+jobs:
+  canary-build:
+    name: Build and Publish Canary Image  
+    runs-on: ubuntu-latest
+    env:
+      DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Docker Environment
+        id: vars
+        uses: ./.github/actions/setup-docker-environment
+        with:
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+          ghcr_username: ${{ github.actor }}
+          ghcr_password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Considered unstable builds
+      # See Issue #285, PR #286, and PR #323 for more information
+      - name: Build and Push
+        uses: docker/build-push-action@v3
+        with:
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:canary
+          cache-from: type=gha,scope=arc-canary
+          cache-to: type=gha,mode=max,scope=arc-canary
--- a/.github/workflows/on-push-master-publish-chart.yml
+++ b/.github/workflows/on-push-master-publish-chart.yml
@ -1,4 +1,4 @@
-name: Publish helm chart
+name: Publish Helm Chart

 on:
  push:
@ -6,7 +6,7 @@ on:
      - master
    paths:
      - 'charts/**'
-      - '.github/workflows/on-push-master-publish-chart.yml'
+      - '.github/workflows/publish-chart.yaml'
      - '!charts/actions-runner-controller/docs/**'
      - '!**.md'
  workflow_dispatch:
@ -20,18 +20,18 @@ permissions:

 jobs:
  lint-chart:
-    runs-on: ubuntu-latest
    name: Lint Chart
+    runs-on: ubuntu-latest
    outputs:
      publish-chart: ${{ steps.publish-chart-step.outputs.publish }}
    steps:
      - name: Checkout
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set up Helm
-        uses: azure/setup-helm@217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba
+        uses: azure/setup-helm@v2.1
        with:
          version: ${{ env.HELM_VERSION }}

@ -52,12 +52,12 @@ jobs:
              --enable-optional-test container-security-context-readonlyrootfilesystem

      # python is a requirement for the chart-testing action below (supports yamllint among other tests)
-      - uses: actions/setup-python@fff15a21cc8b16191cb1249f621fa3a55b9005b8
+      - uses: actions/setup-python@v3
        with:
-          python-version: 3.7
+          python-version: '3.7'

      - name: Set up chart-testing
-        uses: helm/chart-testing-action@62a185010be4cb08459f7acb19f37927235d5cf3
+        uses: helm/chart-testing-action@v2.2.1

      - name: Run chart-testing (list-changed)
        id: list-changed
@ -68,22 +68,23 @@ jobs:
          fi

      - name: Run chart-testing (lint)
-        run: ct lint --config charts/.ci/ct-config.yaml
+        run: |
+          ct lint --config charts/.ci/ct-config.yaml

      - name: Create kind cluster
-        uses: helm/kind-action@94729529f85113b88f4f819c17ce61382e6d8478
        if: steps.list-changed.outputs.changed == 'true'
+        uses: helm/kind-action@v1.2.0

      # We need cert-manager already installed in the cluster because we assume the CRDs exist
      - name: Install cert-manager
+        if: steps.list-changed.outputs.changed == 'true'      
        run: |
          helm repo add jetstack https://charts.jetstack.io --force-update
          helm install cert-manager jetstack/cert-manager --set installCRDs=true --wait
-        if: steps.list-changed.outputs.changed == 'true'

      - name: Run chart-testing (install)
-        run: ct install --config charts/.ci/ct-config.yaml
        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --config charts/.ci/ct-config.yaml

      # WARNING: This relies on the latest release being inat the top of the JSON from GitHub and a clean chart.yaml
      - name: Check if Chart Publish is Needed
@ -100,16 +101,17 @@ jobs:
          fi

  publish-chart:
-    permissions:
-      contents: write  # for helm/chart-releaser-action to push chart release and create a release
    if: needs.lint-chart.outputs.publish-chart == 'true'
    needs: lint-chart
-    runs-on: ubuntu-latest
    name: Publish Chart
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write  # for helm/chart-releaser-action to push chart release and create a release
+    

    steps:
      - name: Checkout
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0

@ -119,7 +121,7 @@ jobs:
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@a3454e46a6f5ac4811069a381e646961dda2e1bf
+        uses: helm/chart-releaser-action@v1.4.0
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

--- a/.github/workflows/run-codeql.yaml
+++ b/.github/workflows/run-codeql.yaml
@ -1,26 +1,32 @@
-name: "Code Scanning"
+name: Run CodeQL

 on:
  push:
-    branches: [master]
+    branches: 
+      - master
  pull_request:
-    branches: [master]
+    branches:
+      - master
  schedule:
    - cron: '30 1 * * 0'

 jobs:
-  CodeQL-Build:
+  analyze:
+    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3
+
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2.1.11
+        uses: github/codeql-action/init@v2
        with:
          languages: go
+
      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2.1.11
+        uses: github/codeql-action/autobuild@v2
+
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2.1.11
+        uses: github/codeql-action/analyze@v2
--- a/.github/workflows/run-stale.yaml
+++ b/.github/workflows/run-stale.yaml
@ -1,7 +1,6 @@
-name: 'Close stale issues and PRs'
+name: Run Stale Bot
 on:
  schedule:
-    # 01:30 every day
    - cron: '30 1 * * *'

 permissions:
@ -9,12 +8,13 @@ permissions:

 jobs:
  stale:
+    name: Run Stale
+    runs-on: ubuntu-latest
    permissions:
      issues: write         # for actions/stale to close stale issues
      pull-requests: write  # for actions/stale to close stale PRs
-    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@65d24b70926a596b0f0098d7e1eb572175d73bc1
+      - uses: actions/stale@v5
        with:
          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
          # turn off stale for both issues and PRs
--- a/.github/workflows/runners.yaml
+++ b/.github/workflows/runners.yaml
@ -12,21 +12,21 @@ on:
    paths:
      - 'runner/**'
      - '!runner/Makefile'
-      - .github/workflows/runners.yml
+      - '.github/workflows/runners.yaml'
      - '!**.md'

 env:
  RUNNER_VERSION: 2.292.0
  DOCKER_VERSION: 20.10.12
-  DOCKERHUB_USERNAME: summerwind
+  DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }}

 jobs:
-  build:
+  build-runners:
+    name: Build ${{ matrix.name }}-${{ matrix.os-name }}-${{ matrix.os-version }}
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
-    name: Build ${{ matrix.name }}-${{ matrix.os-name }}-${{ matrix.os-version }}
    strategy:
      fail-fast: false
      matrix:
@ -40,7 +40,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        uses: actions/checkout@v3

      - name: Setup Docker Environment
        id: vars
@ -52,7 +52,7 @@ jobs:
          ghcr_password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and Push Versioned Tags
-        uses: docker/build-push-action@c5e6528d5ddefc82f682165021e05edf58044bce
+        uses: docker/build-push-action@v3
        with:
          context: ./runner
          file: ./runner/${{ matrix.name }}.dockerfile
@ -68,5 +68,5 @@ jobs:
            ghcr.io/${{ github.repository }}/${{ matrix.name }}:latest
            ghcr.io/${{ github.repository }}/${{ matrix.name }}:v${{ env.RUNNER_VERSION }}-${{ matrix.os-name }}-${{ matrix.os-version }}
            ghcr.io/${{ github.repository }}/${{ matrix.name }}:v${{ env.RUNNER_VERSION }}-${{ matrix.os-name }}-${{ matrix.os-version }}-${{ steps.vars.outputs.sha_short }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=gha,scope=build-${{ matrix.name }}
+          cache-to: type=gha,mode=max,scope=build-${{ matrix.name }}
--- a/.github/workflows/validate-arc.yaml
+++ b/.github/workflows/validate-arc.yaml
@ -1,48 +1,59 @@
-name: CI
+name: Validate ARC

 on:
  pull_request:
    branches:
      - master
    paths-ignore:
-      - .github/workflows/runners.yml
-      - .github/workflows/on-push-lint-charts.yml
-      - .github/workflows/on-push-master-publish-chart.yml
-      - .github/workflows/release.yml
-      - .github/workflows/test-entrypoint.yml
-      - .github/workflows/wip.yml
-      - 'runner/**'
      - '**.md'
+      - '.github/ISSUE_TEMPLATE/**'
+      - '.github/workflows/publish-canary.yaml'
+      - '.github/workflows/validate-chart.yaml'
+      - '.github/workflows/publish-chart.yaml'
+      - '.github/workflows/runners.yaml'
+      - '.github/workflows/publish-arc.yaml'
+      - '.github/workflows/validate-entrypoint.yaml'
+      - '.github/renovate.*'
+      - 'runner/**'
      - '.gitignore'
+      - 'PROJECT'
+      - 'LICENSE'
+      - 'Makefile'

 permissions:
  contents: read

 jobs:
-  test:
+  test-controller:
+    name: Test ARC
    runs-on: ubuntu-latest
-    name: Test
    steps:
    - name: Checkout
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
-    - uses: actions/setup-go@193b404f8a1d1dccaf6ed9bf03cdb68d2d02020f
+      uses: actions/checkout@v3
+
+    - name: Set-up Go
+      uses: actions/setup-go@v3
      with:
        go-version: '1.18.2'
        check-latest: false
-    - run: go version
-    - uses: actions/cache@95f200e41cfa87b8e07f30196c0df17a67e67786
+    
+    - uses: actions/cache@v3
      with:
        path: ~/go/pkg/mod
        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
        restore-keys: |
          ${{ runner.os }}-go-
+
    - name: Install kubebuilder
      run: |
        curl -L -O https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_linux_amd64.tar.gz
        tar zxvf kubebuilder_2.3.2_linux_amd64.tar.gz
        sudo mv kubebuilder_2.3.2_linux_amd64 /usr/local/kubebuilder
+
    - name: Run tests
-      run: make test
+      run: |
+        make test
+
    - name: Verify manifests are up-to-date
      run: |
        make manifests
--- a/.github/workflows/on-push-lint-charts.yml
+++ b/.github/workflows/on-push-lint-charts.yml
@ -1,10 +1,10 @@
-name: Lint and Test Charts
+name: Validate Helm Chart

 on:
  push:
    paths:
      - 'charts/**'
-      - '.github/workflows/on-push-lint-charts.yml'
+      - '.github/workflows/validate-chart.yaml'
      - '!charts/actions-runner-controller/docs/**'
      - '!**.md'
  workflow_dispatch:
@ -16,17 +16,17 @@ permissions:
  contents: read

 jobs:
-  lint-test:
-    runs-on: ubuntu-latest
+  validate-chart:
    name: Lint Chart
+    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set up Helm
-        uses: azure/setup-helm@217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba
+        uses: azure/setup-helm@v2.1
        with:
          version: ${{ env.HELM_VERSION }}

@ -47,12 +47,12 @@ jobs:
              --enable-optional-test container-security-context-readonlyrootfilesystem

      # python is a requirement for the chart-testing action below (supports yamllint among other tests)
-      - uses: actions/setup-python@fff15a21cc8b16191cb1249f621fa3a55b9005b8
+      - uses: actions/setup-python@v3
        with:
-          python-version: 3.7
+          python-version: '3.7'

      - name: Set up chart-testing
-        uses: helm/chart-testing-action@62a185010be4cb08459f7acb19f37927235d5cf3
+        uses: helm/chart-testing-action@v2.2.1

      - name: Run chart-testing (list-changed)
        id: list-changed
@ -63,18 +63,20 @@ jobs:
          fi

      - name: Run chart-testing (lint)
-        run: ct lint --config charts/.ci/ct-config.yaml
+        run: |
+          ct lint --config charts/.ci/ct-config.yaml

      - name: Create kind cluster
-        uses: helm/kind-action@94729529f85113b88f4f819c17ce61382e6d8478
+        uses: helm/kind-action@v1.2.0
        if: steps.list-changed.outputs.changed == 'true'

      # We need cert-manager already installed in the cluster because we assume the CRDs exist
      - name: Install cert-manager
+        if: steps.list-changed.outputs.changed == 'true'
        run: |
          helm repo add jetstack https://charts.jetstack.io --force-update
          helm install cert-manager jetstack/cert-manager --set installCRDs=true --wait
-        if: steps.list-changed.outputs.changed == 'true'

      - name: Run chart-testing (install)
-        run: ct install --config charts/.ci/ct-config.yaml
+        run: |
+          ct install --config charts/.ci/ct-config.yaml
--- a/.github/workflows/validate-runners.yaml
+++ b/.github/workflows/validate-runners.yaml
@ -1,4 +1,4 @@
-name: Unit tests for entrypoint
+name: Validate Runners

 on:
  pull_request:
@ -13,12 +13,13 @@ permissions:
  contents: read

 jobs:
-  test:
-    runs-on: ubuntu-latest
+  test-runner-entrypoint:
    name: Test entrypoint
+    runs-on: ubuntu-latest
    steps:
    - name: Checkout
-      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
-    - name: Run unit tests for entrypoint.sh
+      uses: actions/checkout@v3
+
+    - name: Run tests
      run: |
        make acceptance/runner/entrypoint
--- a/.github/workflows/wip.yml
+++ b/.github/workflows/wip.yml
@ -1,54 +0,0 @@
-name: Publish Canary Image
-
-on:
-  push:
-    branches:
-      - master
-    paths-ignore:
-      - .github/workflows/runners.yml
-      - .github/workflows/on-push-lint-charts.yml
-      - .github/workflows/on-push-master-publish-chart.yml
-      - .github/workflows/release.yml
-      - .github/workflows/test-entrypoint.yml
-      - "runner/**"
-      - "**.md"
-      - ".gitignore"
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    name: Build and Publish Canary Image
-    env:
-      DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@0522dcd2bf084920c411162fde334a308be75015
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@91cb32d715c128e5f0ede915cd7e196ab7799b83
-        with:
-          version: latest
-
-      - name: Login to DockerHub
-        uses: docker/login-action@d398f07826957cd0a18ea1b059cf1207835e60bc
-        with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
-
-      # Considered unstable builds
-      # See Issue #285, PR #286, and PR #323 for more information
-      - name: Build and Push
-        uses: docker/build-push-action@c5e6528d5ddefc82f682165021e05edf58044bce
-        with:
-          file: Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: |
-            ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:canary