From d72fdcaa7b91a9ca68f25f14b27bb235a2400f92 Mon Sep 17 00:00:00 2001 From: Dmytro Bondar Date: Mon, 4 Sep 2023 13:37:21 +0200 Subject: [PATCH] Update workflows (#998) * Add IPC_LOCK capability to vault containers Signed-off-by: Dmytro Bondar * Add github-actions to dependabot config Signed-off-by: Dmytro Bondar * Use one goreleaser workflow Signed-off-by: Dmytro Bondar * Update actions Signed-off-by: Dmytro Bondar * Update and move lint job to ci workflow Signed-off-by: Dmytro Bondar * Remove cache task, get go version from go.mod Signed-off-by: Dmytro Bondar * Reformat ci.yaml Signed-off-by: Dmytro Bondar * Update goreleaser changelog config Signed-off-by: Dmytro Bondar * Add workflow to cleanup PR caches Signed-off-by: Dmytro Bondar --------- Signed-off-by: Dmytro Bondar --- .github/dependabot.yml | 4 + .github/workflows/Makefile | 4 +- .github/workflows/cache.yaml | 26 +++ .github/workflows/ci.yaml | 241 ++++++++++------------ .github/workflows/images.yaml | 4 +- .github/workflows/lint.yaml | 30 --- .github/workflows/lock.yaml | 2 +- .github/workflows/publish_binaries.yaml | 29 --- .github/workflows/publish_v1_binaries.yml | 33 --- .github/workflows/releaser.yaml | 35 ++++ .github/workflows/test_binary_builds.yaml | 26 --- .goreleaser.yml | 16 +- 12 files changed, 195 insertions(+), 255 deletions(-) create mode 100644 .github/workflows/cache.yaml delete mode 100644 .github/workflows/lint.yaml delete mode 100644 .github/workflows/publish_binaries.yaml delete mode 100644 .github/workflows/publish_v1_binaries.yml create mode 100644 .github/workflows/releaser.yaml delete mode 100644 .github/workflows/test_binary_builds.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f6150ead..8cc3d758 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,7 @@ updates: directory: "/" schedule: interval: "daily" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/Makefile b/.github/workflows/Makefile index d3a8e0f7..846d4c88 100644 --- a/.github/workflows/Makefile +++ b/.github/workflows/Makefile @@ -57,8 +57,8 @@ minikube: vault: docker kill $$(docker ps -a --filter "name=vault" -q) || true docker run -d -p8200:8200 --rm --name vault vault:1.2.0 server -dev -dev-root-token-id=toor - docker run --rm --network="host" -e VAULT_ADDR=$$VAULT_ADDR -e VAULT_TOKEN=$$VAULT_TOKEN vault:1.2.0 secrets enable -path=sops transit - docker run --rm --network="host" -e VAULT_ADDR=$$VAULT_ADDR -e VAULT_TOKEN=$$VAULT_TOKEN vault:1.2.0 write sops/keys/key type=rsa-4096 + docker run --rm --network="host" --cap-add IPC_LOCK -e VAULT_ADDR=$$VAULT_ADDR -e VAULT_TOKEN=$$VAULT_TOKEN vault:1.2.0 secrets enable -path=sops transit + docker run --rm --network="host" --cap-add IPC_LOCK -e VAULT_ADDR=$$VAULT_ADDR -e VAULT_TOKEN=$$VAULT_TOKEN vault:1.2.0 write sops/keys/key type=rsa-4096 .PHONY: vault sops: diff --git a/.github/workflows/cache.yaml b/.github/workflows/cache.yaml new file mode 100644 index 00000000..717cc9e5 --- /dev/null +++ b/.github/workflows/cache.yaml @@ -0,0 +1,26 @@ +name: Cleanup cache + +on: + pull_request: + types: + - closed + +jobs: + cleanup-cache: + runs-on: ubuntu-latest + steps: + - run: | + gh extension install actions/gh-actions-cache + + echo "Fetching list of cache keys" + cacheKeys=$(gh actions-cache list -R $GITHUB_REPOSITORY -B $BRANCH | cut -f 1 ) + + echo "Deleting caches..." + for cacheKey in $cacheKeys; do + gh actions-cache delete $cacheKey -R $GITHUB_REPOSITORY -B $BRANCH --confirm + done + shell: bash + continue-on-error: true + env: + GH_TOKEN: ${{ github.token }} + BRANCH: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 980b46f0..c242d2de 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -9,144 +9,125 @@ on: paths-ignore: [ '**.md', '**/docs/**' ] jobs: + lint: + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version-file: go.mod + - uses: golangci/golangci-lint-action@v3 + with: + version: v1.54.2 tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Cache libraries - uses: actions/cache@v2 - env: - cache-name: cache-go - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-build-${{ env.cache-name }}- - ${{ runner.os }}-build- - ${{ runner.os }}- - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: '1.21' - - name: Env - run: go env - - name: Build - run: make build build-test-tools - - name: Test - run: make check test - - - name: Prepare tar to upload built binaries - run: tar -cvf built-binaries.tar helmfile diff-yamls dyff - - name: Upload built binaries - uses: actions/upload-artifact@v2 - with: - name: built-binaries-${{ github.run_id }} - path: built-binaries.tar - retention-days: 1 - - name: Display built binaries - run: ls -l helmfile diff-yamls dyff + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - uses: actions/setup-go@v4 + with: + go-version-file: go.mod + - name: Build + run: make build build-test-tools + - name: Test + run: make check test + - name: Archive built binaries + run: tar -cvf built-binaries.tar helmfile diff-yamls dyff + - uses: actions/upload-artifact@v3 + with: + name: built-binaries-${{ github.run_id }} + path: built-binaries.tar + retention-days: 1 + - name: Display built binaries + run: ls -l helmfile diff-yamls dyff integration_tests: needs: tests runs-on: ubuntu-latest strategy: matrix: - include: - # Helm maintains the latest minor version only and therefore each Helmfile version supports 2 Helm minor versions. - # That's why we cover only 2 Helm minor versions in this matrix. - # See https://github.com/helmfile/helmfile/pull/286#issuecomment-1250161182 for more context. - - helm-version: v3.11.3 - kustomize-version: v4.4.1 - plugin-secrets-version: 3.15.0 - plugin-diff-version: 3.7.0 - extra-helmfile-flags: - v1mode: - - helm-version: v3.11.3 - kustomize-version: v4.5.7 - # We assume that the helm-secrets plugin is supposed to - # work with the two most recent helm minor versions. - # Once it turned out to be not practically true, - # we will mark this combination as failable, - # and instruct users to upgrade helm and helm-secrets at once. - plugin-secrets-version: 4.0.0 - plugin-diff-version: 3.8.1 - extra-helmfile-flags: - v1mode: - - helm-version: v3.12.3 - kustomize-version: v4.4.1 - plugin-secrets-version: 3.15.0 - plugin-diff-version: 3.7.0 - extra-helmfile-flags: - v1mode: - - helm-version: v3.12.3 - kustomize-version: v4.5.7 - plugin-secrets-version: 4.0.0 - plugin-diff-version: 3.8.1 - extra-helmfile-flags: - v1mode: - # Helmfile v1 - - helm-version: v3.12.3 - kustomize-version: v4.5.7 - plugin-secrets-version: 4.0.0 - plugin-diff-version: 3.8.1 - extra-helmfile-flags: - v1mode: "true" - # In case you need to test some optional helmfile features, - # enable it via extra-helmfile-flags below. - - helm-version: v3.12.3 - kustomize-version: v4.5.7 - plugin-secrets-version: 4.0.0 - plugin-diff-version: 3.8.1 - extra-helmfile-flags: "--enable-live-output" - v1mode: + include: + # Helm maintains the latest minor version only and therefore each Helmfile version supports 2 Helm minor versions. + # That's why we cover only 2 Helm minor versions in this matrix. + # See https://github.com/helmfile/helmfile/pull/286#issuecomment-1250161182 for more context. + - helm-version: v3.11.3 + kustomize-version: v4.4.1 + plugin-secrets-version: 3.15.0 + plugin-diff-version: 3.7.0 + extra-helmfile-flags: '' + v1mode: '' + - helm-version: v3.11.3 + kustomize-version: v4.5.7 + # We assume that the helm-secrets plugin is supposed to + # work with the two most recent helm minor versions. + # Once it turned out to be not practically true, + # we will mark this combination as failable, + # and instruct users to upgrade helm and helm-secrets at once. + plugin-secrets-version: 4.0.0 + plugin-diff-version: 3.8.1 + extra-helmfile-flags: '' + v1mode: '' + - helm-version: v3.12.3 + kustomize-version: v4.4.1 + plugin-secrets-version: 3.15.0 + plugin-diff-version: 3.7.0 + extra-helmfile-flags: '' + v1mode: '' + - helm-version: v3.12.3 + kustomize-version: v4.5.7 + plugin-secrets-version: 4.0.0 + plugin-diff-version: 3.8.1 + extra-helmfile-flags: '' + v1mode: '' + # Helmfile v1 + - helm-version: v3.12.3 + kustomize-version: v4.5.7 + plugin-secrets-version: 4.0.0 + plugin-diff-version: 3.8.1 + extra-helmfile-flags: '' + v1mode: 'true' + # In case you need to test some optional helmfile features, + # enable it via extra-helmfile-flags below. + - helm-version: v3.12.3 + kustomize-version: v4.5.7 + plugin-secrets-version: 4.0.0 + plugin-diff-version: 3.8.1 + extra-helmfile-flags: '--enable-live-output' + v1mode: '' steps: - - uses: actions/checkout@v2 - - name: Cache libraries - uses: actions/cache@v2 - env: - cache-name: cache-go - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-build-${{ env.cache-name }}- - ${{ runner.os }}-build- - ${{ runner.os }}- - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: '1.21' - - name: Env - run: go env + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version-file: go.mod - - name: Download built binaries - uses: actions/download-artifact@v2 - with: - name: built-binaries-${{ github.run_id }} - - name: Extract tar to get built binaries - run: tar -xvf built-binaries.tar - - name: Display built binaries - run: ls -l helmfile diff-yamls dyff + - uses: actions/download-artifact@v3 + with: + name: built-binaries-${{ github.run_id }} + - name: Extract tar to get built binaries + run: tar -xvf built-binaries.tar + - name: Display built binaries + run: ls -l helmfile diff-yamls dyff + + - name: Install test dependencies + env: + HELM_VERSION: ${{ matrix.helm-version }} + KUSTOMIZE_VERSION: ${{ matrix.kustomize-version }} + run: make -C .github/workflows helm vault sops kustomize + - name: Start minikube + uses: medyagh/setup-minikube@latest + - name: Execute integration tests + run: make integration + env: + HELM_SECRETS_VERSION: ${{ matrix.plugin-secrets-version }} + HELM_DIFF_VERSION: ${{ matrix.plugin-diff-version }} + HELMFILE_HELM3: 1 + TERM: xterm + EXTRA_HELMFILE_FLAGS: ${{ matrix.extra-helmfile-flags }} + HELMFILE_V1MODE: ${{ matrix.v1mode }} - - name: Install test dependencies - env: - HELM_VERSION: ${{ matrix.helm-version }} - KUSTOMIZE_VERSION: ${{ matrix.kustomize-version }} - run: make -C .github/workflows helm vault sops kustomize - - name: Start minikube - uses: medyagh/setup-minikube@latest - - name: Execute integration tests - env: - HELM_SECRETS_VERSION: ${{ matrix.plugin-secrets-version }} - HELM_DIFF_VERSION: ${{ matrix.plugin-diff-version }} - HELMFILE_HELM3: 1 - TERM: xterm - EXTRA_HELMFILE_FLAGS: ${{ matrix.extra-helmfile-flags }} - HELMFILE_V1MODE: ${{ matrix.v1mode }} - run: make integration e2e_tests: needs: tests runs-on: ubuntu-latest @@ -154,18 +135,16 @@ jobs: - uses: actions/checkout@v3 with: fetch-depth: 0 - - name: Install package - run: | - sudo apt-get -y install expect - - name: Download built binaries - uses: actions/download-artifact@v2 + - uses: actions/download-artifact@v3 with: name: built-binaries-${{ github.run_id }} - name: Extract tar to get built binaries run: tar -xvf built-binaries.tar - name: Display built binaries run: ls -l helmfile diff-yamls dyff + - name: Install package + run: sudo apt-get -y install expect - name: Run helmfile init + run: bash test/e2e/helmfile-init/init_linux.sh env: TERM: xterm - run: bash test/e2e/helmfile-init/init_linux.sh diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index c85af04e..e36e6548 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -64,14 +64,14 @@ jobs: type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/') }} - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build / Push - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: context: . file: ${{ matrix.image.dockerfile }} diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml deleted file mode 100644 index 00d0f6e3..00000000 --- a/.github/workflows/lint.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: Lint - -on: - push: - branches: [ main ] - paths-ignore: [ '**.md', '**/docs/**' ] - pull_request: - branches: [ main ] - paths-ignore: [ '**.md', '**/docs/**' ] - -env: - GO_VERSION: 1.21 - -jobs: - lint: - name: Lint - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - uses: actions/setup-go@v3 - with: - go-version: '1.21' - - - name: Checkout code - uses: actions/checkout@v3 - - - name: Golangci lint - uses: golangci/golangci-lint-action@v3 - with: - version: v1.54.1 diff --git a/.github/workflows/lock.yaml b/.github/workflows/lock.yaml index db93a965..bc42a285 100644 --- a/.github/workflows/lock.yaml +++ b/.github/workflows/lock.yaml @@ -21,7 +21,7 @@ jobs: lock: runs-on: 'ubuntu-latest' steps: - - uses: 'dessant/lock-threads@v2' + - uses: 'dessant/lock-threads@v4' with: github-token: '${{ github.token }}' issue-lock-inactive-days: 1 diff --git a/.github/workflows/publish_binaries.yaml b/.github/workflows/publish_binaries.yaml deleted file mode 100644 index e50164ec..00000000 --- a/.github/workflows/publish_binaries.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Publish v0.x Binaries - -on: - push: - branches: - - "!*" - tags: - - "v0*" - -jobs: - goreleaser: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v1 - - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: '1.21' - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v1 - with: - version: latest - args: release --rm-dist - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/publish_v1_binaries.yml b/.github/workflows/publish_v1_binaries.yml deleted file mode 100644 index 39fc8708..00000000 --- a/.github/workflows/publish_v1_binaries.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Publish v1.x Binaries - -on: - push: - branches: - - "!*" - tags: - - "v1*" - -env: - # This is referenced from .goreleaser.yml - HELMFILE_V1MODE: "true" - -jobs: - goreleaser: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v1 - - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: '1.21' - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v1 - with: - version: latest - args: release --rm-dist - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/releaser.yaml b/.github/workflows/releaser.yaml new file mode 100644 index 00000000..b22fafed --- /dev/null +++ b/.github/workflows/releaser.yaml @@ -0,0 +1,35 @@ +name: GoReleaser + +on: + push: + tags: + - 'v0*' + - 'v1*' + branches: + - 'main' + pull_request: + branches: + - 'main' + +permissions: + contents: write + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + HELMFILE_V1MODE: ${{ startsWith(github.ref, 'refs/tags/v1') }} + SNAPSHOT: ${{ !startsWith(github.ref, 'refs/tags/v') && '--snapshot' || '' }} + +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - uses: actions/setup-go@v4 + with: + go-version-file: go.mod + - uses: goreleaser/goreleaser-action@v4 + with: + version: latest + args: release --clean ${{ env.SNAPSHOT }} diff --git a/.github/workflows/test_binary_builds.yaml b/.github/workflows/test_binary_builds.yaml deleted file mode 100644 index 0540774c..00000000 --- a/.github/workflows/test_binary_builds.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: Test Binary Builds - -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -jobs: - goreleaser: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v1 - - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: '1.21' - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v1 - with: - version: latest - args: release --rm-dist --snapshot diff --git a/.goreleaser.yml b/.goreleaser.yml index cd8517af..6ab4f145 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -23,5 +23,19 @@ builds: - amd64 - arm64 - "386" + changelog: - use: github-native + use: github + sort: asc + groups: + - title: Features + regexp: '^.*[Ff]eat[(\\w)]*:+.*$' + order: 0 + - title: "Fixes" + regexp: '^.*fix[(\\w)]*.*$' + order: 1 + - title: "Dependencies" + regexp: '^.*(deps|bump)[(\\w)]*.*$' + order: 2 + - title: Others + order: 999