From 7e26ccf5311d3c68a13b693c5e2b05c61e31f398 Mon Sep 17 00:00:00 2001 From: Syndamia Date: Tue, 13 Aug 2024 14:27:49 +0300 Subject: feat!: Major workflow rename, reorder, restructure and README updates --- .github/workflows/cd-dev.yml | 31 ++++++++++++ .github/workflows/cd.yml | 88 +++++++++++++++++++++++++++++++++ .github/workflows/ci.yml | 62 +++++++++++++++++++++++ .github/workflows/dev-branch.yml | 90 ---------------------------------- .github/workflows/feature-branch.yml | 43 ---------------- .github/workflows/main-branch.yml | 88 --------------------------------- .github/workflows/main-pr-label.yml | 16 ++++++ .github/workflows/main-pr-redirect.yml | 26 ++++++++++ .github/workflows/main-pr-release.yml | 16 ------ .github/workflows/main-pr.yml | 26 ---------- 10 files changed, 223 insertions(+), 263 deletions(-) create mode 100644 .github/workflows/cd-dev.yml create mode 100644 .github/workflows/cd.yml create mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/dev-branch.yml delete mode 100644 .github/workflows/feature-branch.yml delete mode 100644 .github/workflows/main-branch.yml create mode 100644 .github/workflows/main-pr-label.yml create mode 100644 .github/workflows/main-pr-redirect.yml delete mode 100644 .github/workflows/main-pr-release.yml delete mode 100644 .github/workflows/main-pr.yml (limited to '.github/workflows') diff --git a/.github/workflows/cd-dev.yml b/.github/workflows/cd-dev.yml new file mode 100644 index 0000000..9610ca9 --- /dev/null +++ b/.github/workflows/cd-dev.yml @@ -0,0 +1,31 @@ +name: Create and release development container +on: + workflow_run: + workflows: ["Build, test, security"] + types: + - completed + branches: + - dev +jobs: + Create-and-release-dev-container: + name: Build the dev docker container image and push it to dockerhub + runs-on: ubuntu-latest + needs: Build + steps: + - uses: actions/checkout@v4 + - uses: dawidd6/action-download-artifact@v6 + with: + github_token: ${{ secrets.TOKEN_GITHUB }} + workflow: ${{ github.workflow_run.id }} + name: dev-build-files + path: ./build + - uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/build-push-action@v5 + with: + push: true + context: . + file: ./docker/dev/Dockerfile + tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-dev:latest diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 0000000..2419fe2 --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,88 @@ +name: Release and deploy new version +on: + push: + branches: + - main +jobs: + Build-docker-and-push: + name: Build the production docker container image and push it to dockerhub + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/build-push-action@v5 + with: + push: true + context: . + file: ./docker/prod/Dockerfile + tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-server:latest + + Release: + name: Make github release + runs-on: ubuntu-latest + needs: Build-docker-and-push + steps: + - uses: actions/checkout@v4 + - uses: rymndhng/release-on-push-action@master + env: + GITHUB_TOKEN: ${{ secrets.TOKEN_GITHUB }} + with: + bump_version_scheme: norelease # PR must have one of these labels: release:major, release:minor, release:patch + + # This emulates deploying to an actual (remote) cluster by first setting up the cluster on older commit and then rolling out current one + Deploy-kubernetes: + name: Deploy kubernetes cluster locally to an action + runs-on: ubuntu-latest + needs: Build-docker-and-push + steps: + # Setup dependencies + - name: Install socat + run: sudo apt-get install -y socat + - uses: medyagh/setup-minikube@master + - uses: actions/checkout@v2 + with: + fetch-depth: 2 + - name: Pull (release) docker image + run: | + docker pull ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-server:latest + - name: Configure demo data + run: | + minikube cp ./demo/index.md /usr/share/demo/ + + # Setup old deployment + - name: Checkout previous commit + run: | + git checkout HEAD^ + # Deploy previous version + - name: Minikube deploy + run: | + kubectl apply -f kubernetes/ + kubectl rollout status deployment/pico-web-server-deployment + - name: Using cluster + run: | + kubectl get all + echo -ne 'demo@/' | socat STDIO TCP:$(minikube service pico-web-server-service --url | cut -d/ -f3-) + + # Setup current deployment + - name: Checkout current + run: | + git checkout main + # Deploy current version + - name: Minikube deploy + run: | + kubectl apply -f kubernetes/ + kubectl rollout status deployment/pico-web-server-deployment + - name: Using cluster + run: | + kubectl get all + echo -ne 'demo@/' | socat STDIO TCP:$(minikube service pico-web-server-service --url | cut -d/ -f3-) + + # End + - name: Minikube stop + run: | + minikube stop diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..0765ada --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,62 @@ +name: Build, test, security +on: + push: + branches-ignore: + - main +jobs: + Clone-repo: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/upload-artifact@v3 + with: + name: source-code + path: . + + SAST-Unit-tests: + runs-on: ubuntu-latest + needs: Clone-repo + steps: + - uses: actions/download-artifact@v3 + with: + name: source-code + path: . + - run: make tests + + SAST-clang: + runs-on: ubuntu-latest + needs: Clone-repo + steps: + - uses: actions/download-artifact@v3 + with: + name: source-code + path: . + - run: make static-analysis + + SAST-flawfinder: + runs-on: ubuntu-latest + needs: Clone-repo + steps: + - uses: actions/download-artifact@v3 + with: + name: source-code + path: . + - run: sudo apt-get install -y flawfinder + - run: make security-analysis + + Build: + runs-on: ubuntu-latest + needs: [ SAST-Unit-tests, SAST-clang, SAST-flawfinder ] + steps: + - uses: actions/download-artifact@v3 + with: + name: source-code + path: . + - name: Build server and browser + run: make dev + - uses: actions/upload-artifact@v3 + with: + name: dev-build-files + path: ./build diff --git a/.github/workflows/dev-branch.yml b/.github/workflows/dev-branch.yml deleted file mode 100644 index 7198d8e..0000000 --- a/.github/workflows/dev-branch.yml +++ /dev/null @@ -1,90 +0,0 @@ -name: Tests, analysis and push to dev dockerhub -on: - push: - branches: - - dev -jobs: - # This is done to prevent potential race conditions; - # multiple jobs start with the source code, but since - # they have no "needs", one could start a little bit later, - # and in meantime a commit could be pushed - Clone-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - submodules: recursive - - uses: actions/upload-artifact@v3 - with: - name: source-code - path: . - - Tests: - runs-on: ubuntu-latest - needs: Clone-repo - steps: - - uses: actions/download-artifact@v3 - with: - name: source-code - path: . - - name: Run tests - run: make tests - - Static-analysis: - runs-on: ubuntu-latest - needs: Clone-repo - steps: - - uses: actions/download-artifact@v3 - with: - name: source-code - path: . - - name: Run satic analysis - run: make static-analysis - - Security-analysis: - runs-on: ubuntu-latest - needs: Clone-repo - steps: - - uses: actions/download-artifact@v3 - with: - name: source-code - path: . - - run: sudo apt-get install -y flawfinder - - name: Run security analysis - run: make security-analysis - - Build: - runs-on: ubuntu-latest - needs: [ Tests, Static-analysis, Security-analysis ] - steps: - - uses: actions/download-artifact@v3 - with: - name: source-code - path: . - - name: Build server and browser - run: make dev - - uses: actions/upload-artifact@v3 - with: - name: dev-build-files - path: ./build - - Build-docker-and-push: - name: Build the docker container image and push it to dockerhub - runs-on: ubuntu-latest - needs: Build - steps: - - uses: actions/checkout@v4 - - uses: actions/download-artifact@v3 - with: - name: dev-build-files - path: ./build - - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - uses: docker/build-push-action@v5 - with: - push: true - context: . - file: ./docker/dev/Dockerfile - tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-dev:latest diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml deleted file mode 100644 index 3ff1833..0000000 --- a/.github/workflows/feature-branch.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Tests and static analysis -on: - push: - branches-ignore: - - main - - dev -jobs: - # This is done to prevent potential race conditions; - # multiple jobs start with the source code, but since - # they have no "needs", one could start a little bit later, - # and in meantime a commit could be pushed - Clone-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - submodules: recursive - - uses: actions/upload-artifact@v3 - with: - name: source-code - path: . - - Tests: - runs-on: ubuntu-latest - needs: Clone-repo - steps: - - uses: actions/download-artifact@v3 - with: - name: source-code - path: . - - name: Run tests - run: make tests - - Static-analysis: - runs-on: ubuntu-latest - needs: Clone-repo - steps: - - uses: actions/download-artifact@v3 - with: - name: source-code - path: . - - name: Run static analysis - run: make static-analysis diff --git a/.github/workflows/main-branch.yml b/.github/workflows/main-branch.yml deleted file mode 100644 index aaf378c..0000000 --- a/.github/workflows/main-branch.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: Create release and push production server image to dockerhub -on: - push: - branches: - - main -jobs: - Build-docker-and-push: - name: Build the production docker container image and push it to dockerhub - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - submodules: recursive - - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - uses: docker/build-push-action@v5 - with: - push: true - context: . - file: ./docker/prod/Dockerfile - tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-server:latest - - Release: - name: Make github release - runs-on: ubuntu-latest - needs: Build-docker-and-push - steps: - - uses: actions/checkout@v4 - - uses: rymndhng/release-on-push-action@master - env: - GITHUB_TOKEN: ${{ secrets.TOKEN_GITHUB }} - with: - bump_version_scheme: norelease # PR must have one of these labels: release:major, release:minor, release:patch - - # This emulates deploying to an actual (remote) cluster by first setting up the cluster on older commit and then rolling out current one - Deploy-kubernetes: - name: Deploy kubernetes cluster locally to an action - runs-on: ubuntu-latest - needs: Build-docker-and-push - steps: - # Setup dependencies - - name: Install socat - run: sudo apt-get install -y socat - - uses: medyagh/setup-minikube@master - - uses: actions/checkout@v2 - with: - fetch-depth: 2 - - name: Pull (release) docker image - run: | - docker pull ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-server:latest - - name: Configure demo data - run: | - minikube cp ./demo/index.md /usr/share/demo/ - - # Setup old deployment - - name: Checkout previous commit - run: | - git checkout HEAD^ - # Deploy previous version - - name: Minikube deploy - run: | - kubectl apply -f kubernetes/ - kubectl rollout status deployment/pico-web-server-deployment - - name: Using cluster - run: | - kubectl get all - echo -ne 'demo@/' | socat STDIO TCP:$(minikube service pico-web-server-service --url | cut -d/ -f3-) - - # Setup current deployment - - name: Checkout current - run: | - git checkout main - # Deploy current version - - name: Minikube deploy - run: | - kubectl apply -f kubernetes/ - kubectl rollout status deployment/pico-web-server-deployment - - name: Using cluster - run: | - kubectl get all - echo -ne 'demo@/' | socat STDIO TCP:$(minikube service pico-web-server-service --url | cut -d/ -f3-) - - # End - - name: Minikube stop - run: | - minikube stop diff --git a/.github/workflows/main-pr-label.yml b/.github/workflows/main-pr-label.yml new file mode 100644 index 0000000..73518b9 --- /dev/null +++ b/.github/workflows/main-pr-label.yml @@ -0,0 +1,16 @@ +name: Check for release label inside PR to main +on: + pull_request: + types: [opened, edited, reopened, labeled, unlabeled, ready_for_review, review_requested, synchronize] + branches: + - 'main' +jobs: + has_release_label: + if: | + github.head_ref == 'dev' && + ! contains(github.event.pull_request.labels.*.name, 'release:major') && + ! contains(github.event.pull_request.labels.*.name, 'release:minor') && + ! contains(github.event.pull_request.labels.*.name, 'release:patch') + runs-on: ubuntu-latest + steps: + - run: exit 1 diff --git a/.github/workflows/main-pr-redirect.yml b/.github/workflows/main-pr-redirect.yml new file mode 100644 index 0000000..52779a6 --- /dev/null +++ b/.github/workflows/main-pr-redirect.yml @@ -0,0 +1,26 @@ +name: Redirect PR base when it's main and head isn't dev +on: + pull_request: + types: [opened, edited, reopened, synchronize] + branches: + - 'main' +jobs: + pr_to_main_from_dev: + if: github.head_ref != 'dev' + permissions: + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: Add comment + uses: peter-evans/create-or-update-comment@v4 + with: + token: ${{ secrets.TOKEN_GITHUB }} + issue-number: ${{ github.event.pull_request.number }} + body: | + Tried to create a pull request to `main` from a branch that isn't `dev`! + **Changing destinaton branch to `dev`!** + - name: Change base to dev + run: gh pr edit $PR --base 'dev' + env: + GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} + PR: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/main-pr-release.yml b/.github/workflows/main-pr-release.yml deleted file mode 100644 index cc37dc7..0000000 --- a/.github/workflows/main-pr-release.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Check for release label inside pull request -on: - pull_request: - types: [opened, edited, reopened, labeled, unlabeled, ready_for_review, review_requested, synchronize] - branches: - - 'main' -jobs: - has_release_label: - if: | - github.head_ref == 'dev' && - ! contains(github.event.pull_request.labels.*.name, 'release:major') && - ! contains(github.event.pull_request.labels.*.name, 'release:minor') && - ! contains(github.event.pull_request.labels.*.name, 'release:patch') - runs-on: ubuntu-latest - steps: - - run: exit 1 diff --git a/.github/workflows/main-pr.yml b/.github/workflows/main-pr.yml deleted file mode 100644 index f68aaaf..0000000 --- a/.github/workflows/main-pr.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Force to dev PRs not from dev to main -on: - pull_request: - types: [opened, edited, reopened, synchronize] - branches: - - 'main' -jobs: - pr_to_main_from_dev: - if: github.head_ref != 'dev' - permissions: - pull-requests: write - runs-on: ubuntu-latest - steps: - - name: Add comment - uses: peter-evans/create-or-update-comment@v4 - with: - token: ${{ secrets.TOKEN_GITHUB }} - issue-number: ${{ github.event.pull_request.number }} - body: | - Tried to create a pull request to `main` from a branch that isn't `dev`! - **Changing destinaton branch to `dev`!** - - name: Change base to dev - run: gh pr edit $PR --base 'dev' - env: - GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} - PR: ${{ github.event.pull_request.html_url }} -- cgit v1.2.3