diff --git a/.github/workflows/build_prodrc_pr.yaml b/.github/workflows/build_prodrc_pr.yaml deleted file mode 100644 index 2e5034e7..00000000 --- a/.github/workflows/build_prodrc_pr.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -name: Build Prod RC Image -'on': - pull_request: - branches: - - master - - main - types: - - opened - - synchronize - - ready_for_review -jobs: - docker_build: - runs-on: ubuntu-latest - steps: - - name: Verify merge is develop -> main - if: github.head_ref != 'develop' - run: echo "Must merge from develop -> main/master"; exit 1 - - name: Check out GitHub Repo - if: github.event.pull_request.draft == false && github.head_ref == 'develop' - with: - ref: "${{ github.event.pull_request.head.sha }}" - uses: actions/checkout@v2 - - name: Build and Push to Packages - if: github.event.pull_request.draft == false && github.head_ref == 'develop' - env: - PR: "${{ github.event.pull_request.number }}" - SHA: "${{ github.event.pull_request.head.sha }}" - DOCKER_ACTOR: "${{ secrets.GHCR_USERNAME }}" - DOCKER_TOKEN: "${{ secrets.GHCR_TOKEN }}" - run: "./.github/workflows/scripts/build_prodrc_pr.sh\n" diff --git a/.github/workflows/build_test_pr.yaml b/.github/workflows/build_test_pr.yaml deleted file mode 100644 index b6b53286..00000000 --- a/.github/workflows/build_test_pr.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Build Test Image -'on': - pull_request: - branches: - - develop - types: - - opened - - synchronize - - ready_for_review -jobs: - docker_build: - runs-on: ubuntu-latest - steps: - - name: Check out GitHub Repo - if: github.event.pull_request.draft == false - with: - ref: "${{ github.event.pull_request.head.sha }}" - uses: actions/checkout@v2 - - name: Build and Push to Packages - if: github.event.pull_request.draft == false - env: - PR: "${{ github.event.pull_request.number }}" - SHA: "${{ github.event.pull_request.head.sha }}" - DOCKER_ACTOR: "${{ secrets.GHCR_USERNAME }}" - DOCKER_TOKEN: "${{ secrets.GHCR_TOKEN }}" - run: "./.github/workflows/scripts/build_test_pr.sh\n" diff --git a/.github/workflows/manual-build.yml b/.github/workflows/manual-build.yml new file mode 100644 index 00000000..c7fa0487 --- /dev/null +++ b/.github/workflows/manual-build.yml @@ -0,0 +1,11 @@ +--- +name: Manual Build & Push +on: + workflow_dispatch: +jobs: + build-push: + uses: ./.github/workflows/reusable_build-push.yml + with: + name: '${{ github.event.repository.name }}-develop' + tags: br-${{ github.ref_name }} + secrets: inherit diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml new file mode 100644 index 00000000..935a13e6 --- /dev/null +++ b/.github/workflows/pr_build.yml @@ -0,0 +1,39 @@ +--- +name: Pull Request Build, Tag, & Push +on: + pull_request: + branches: + - develop + - main + - master + types: + - opened + - reopened + - synchronize + - closed +jobs: + build-develop-open: + if: github.base_ref == 'develop' && github.event.pull_request.merged == false + uses: ./.github/workflows/reusable_build.yml + secrets: inherit + build-develop-merge: + if: github.base_ref == 'develop' && github.event.pull_request.merged == true + uses: ./.github/workflows/reusable_build-push.yml + with: + name: '${{ github.event.repository.name }}-develop' + tags: pr-${{ github.event.number }},latest + secrets: inherit + build-main-open: + if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == false + uses: ./.github/workflows/reusable_build-push.yml + with: + name: '${{ github.event.repository.name }}' + tags: pr-${{ github.event.number }} + secrets: inherit + build-main-merge: + if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == true + uses: ./.github/workflows/reusable_build-push.yml + with: + name: '${{ github.event.repository.name }}' + tags: pr-${{ github.event.number }},latest-rc + secrets: inherit diff --git a/.github/workflows/prod_release.yaml b/.github/workflows/prod_release.yaml deleted file mode 100644 index ffa14533..00000000 --- a/.github/workflows/prod_release.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -name: Publish Release Image -'on': - release: - branches: - - main - - master - types: - - published -jobs: - docker_build: - runs-on: ubuntu-latest - steps: - - name: Check Tag - id: check-tag - run: |- - if [[ ${{ github.ref_name }} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo ::set-output name=match::true - fi - - name: Report SemVer Check - if: steps.check-tag.outputs.match != 'true' - run: echo "Release version must follow semantic naming (e.g. 1.0.2)"; exit 1 - - name: Check Source Branch - if: github.event.release.target_commitish != 'master' && github.event.release.target_commitish != 'main' - run: echo "Releases must be built from master/main branch"; exit 1 - - name: Check out GitHub Repo - with: - ref: "${{ github.event.pull_request.head.sha }}" - uses: actions/checkout@v2 - - name: Build and Push to Packages - env: - ISH: "${{ github.event.release.target_commitish }}" - PR: "${{ github.event.pull_request.number }}" - SHA: "${{ github.event.pull_request.head.sha }}" - VER: "${{ github.event.release.tag_name }}" - DOCKER_ACTOR: "${{ secrets.GHCR_USERNAME }}" - DOCKER_TOKEN: "${{ secrets.GHCR_TOKEN }}" - run: "./.github/workflows/scripts/prod_release.sh\n" diff --git a/.github/workflows/release-main.yml b/.github/workflows/release-main.yml new file mode 100644 index 00000000..08e2a3a2 --- /dev/null +++ b/.github/workflows/release-main.yml @@ -0,0 +1,25 @@ +--- +name: Release - Build & Push Image +on: + release: + branches: + - main + - master + types: [ published ] +jobs: + check-source-branch: + uses: kbase/.github/.github/workflows/reusable_validate-branch.yml@main + with: + build_branch: '${{ github.event.release.target_commitish }}' + validate-release-tag: + needs: check-source-branch + uses: kbase/.github/.github/workflows/reusable_validate-release-tag.yml@main + with: + release_tag: '${{ github.event.release.tag_name }}' + build-push: + needs: validate-release-tag + uses: ./.github/workflows/reusable_build-push.yml + with: + name: '${{ github.event.repository.name }}' + tags: '${{ github.event.release.tag_name }},latest' + secrets: inherit diff --git a/.github/workflows/reusable_build-push.yml b/.github/workflows/reusable_build-push.yml new file mode 100644 index 00000000..05ef6d05 --- /dev/null +++ b/.github/workflows/reusable_build-push.yml @@ -0,0 +1,78 @@ +--- +name: Build & Push Image to GHCR +on: + workflow_call: + inputs: + name: + description: The image name + required: true + type: string + tags: + description: The image tags + required: true + type: string +jobs: + build-push-image: + runs-on: ubuntu-latest + container: jsfillman/kb-sdk + steps: + - name: Check out GitHub Repo + uses: actions/checkout@v2 + + - name: Get current date + id: date + run: echo "::set-output name=date::$(date -u +'%Y-%m-%dT%H:%M:%SZ')" + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to GHCR + uses: docker/login-action@v1 + with: + registry: ghcr.io + # note that the calling workflow must set `secrets: inherit` + username: '${{ secrets.GHCR_USERNAME }}' + password: '${{ secrets.GHCR_TOKEN }}' + + - name: Create github action tags from image tags + id: tags + uses: actions/github-script@v6 + with: + result-encoding: string + script: | + const tags = '${{ inputs.tags }}'.split(','); + const username = '${{ github.event.repository.owner.login }}'; + const repoName = '${{ inputs.name }}'; + return tags.map((tag) => { + return `ghcr.io/${username}/${repoName}:${tag}`; + }).join(','); + + - name: Check file existence + id: check_files + uses: andstor/file-existence-action@v1 + with: + files: "kbase.yml, Makefile, *.spec" + + - name: Run kb-sdk compile + if: steps.check_files.outputs.files_exists == 'true' + run: | + cd $GITHUB_WORKSPACE; + if [ -f kbase.yml ] && [ -f Makefile ] && [ -f *.spec ] ; then + make compile; + else + echo "Not a kb-sdk dependent app, skipping." + fi + + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + pull: true + push: true + build-args: | + BUILD_DATE=${{ steps.date.outputs.date }} + VCS_REF=${{ github.sha }} + BRANCH='${{ github.ref }}' + TAG='${{ github.ref }}' + tags: '${{ steps.tags.outputs.result }}' diff --git a/.github/workflows/reusable_build.yml b/.github/workflows/reusable_build.yml new file mode 100644 index 00000000..7210ed3a --- /dev/null +++ b/.github/workflows/reusable_build.yml @@ -0,0 +1,38 @@ +--- +name: Build Image without pushing +on: + workflow_call: +jobs: + build-image: + runs-on: ubuntu-latest + container: jsfillman/kb-sdk + steps: + - name: Check out GitHub Repo + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Check file existence + id: check_files + uses: andstor/file-existence-action@v1 + with: + files: "kbase.yml, Makefile, *.spec" + + - name: Run kb-sdk compile + if: steps.check_files.outputs.files_exists == 'true' + run: | + cd $GITHUB_WORKSPACE; + if [ -f kbase.yml ] && [ -f Makefile ] && [ -f *.spec ] ; then + make compile; + else + echo "Not a kb-sdk dependent app, skipping." + fi + + - name: Build without push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + pull: true + push: false diff --git a/.github/workflows/scripts/build_prodrc_pr.sh b/.github/workflows/scripts/build_prodrc_pr.sh deleted file mode 100755 index 4c7bdf27..00000000 --- a/.github/workflows/scripts/build_prodrc_pr.sh +++ /dev/null @@ -1,17 +0,0 @@ -#! /usr/bin/env bash - -export MY_ORG=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $1}') -export MY_APP=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $2}') -export DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export COMMIT=$(echo "$SHA" | cut -c -7) - -echo "Branch is:" ${GITHUB_HEAD_REF} -docker login -u "$DOCKER_ACTOR" -p "$DOCKER_TOKEN" ghcr.io -docker build --build-arg BUILD_DATE="$DATE" \ - --build-arg COMMIT="$COMMIT" \ - --build-arg BRANCH="$GITHUB_HEAD_REF" \ - --build-arg PULL_REQUEST="$PR" \ - --label us.kbase.vcs-pull-req="$PR" \ - -t ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" . -docker push ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" diff --git a/.github/workflows/scripts/build_test_pr.sh b/.github/workflows/scripts/build_test_pr.sh deleted file mode 100755 index 546b1b42..00000000 --- a/.github/workflows/scripts/build_test_pr.sh +++ /dev/null @@ -1,17 +0,0 @@ -#! /usr/bin/env bash - -export MY_ORG=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $1}') -export MY_APP=$(echo $(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $2}')"-develop") -export DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export COMMIT=$(echo "$SHA" | cut -c -7) - -echo $DOCKER_TOKEN | docker login ghcr.io -u $DOCKER_ACTOR --password-stdin -docker build --build-arg BUILD_DATE="$DATE" \ - --build-arg COMMIT="$COMMIT" \ - --build-arg BRANCH="$GITHUB_HEAD_REF" \ - --build-arg PULL_REQUEST="$PR" \ - --label us.kbase.vcs-pull-req="$PR" \ - -t ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" . -docker push ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" - \ No newline at end of file diff --git a/.github/workflows/scripts/deploy_tag.sh b/.github/workflows/scripts/deploy_tag.sh deleted file mode 100755 index 5fb928ab..00000000 --- a/.github/workflows/scripts/deploy_tag.sh +++ /dev/null @@ -1,34 +0,0 @@ -#! /usr/bin/env bash - -# Usage: ./deploy_tag.sh -e TARGET -o ORG -r REPO -s DEV_PROD -t IMAGE_TAG -# -# Example 1: ./deploy_tag.sh -o "kbase" -r "narrative-traefiker" -s "dev" -t "pr-9001" -e "ci" -# Example 2: ./deploy_tag.sh -o "kbase" -r "narrative" -s "prod" -t "latest" -e "next" -# -# Where: -# -o ORG is the organization (`kbase`, `kbaseapps`, etc.) -# -r REPO is the repository (e.g. `narrative`) -# -s DEV_PROD determines whether to pull the development {APPNAME}-develop or production {APPNAME} image. -# -t IMAGE_TAG is the *current* Docker image tag, typically `pr-#` or `latest` -# -e TARGET is one of: `appdsshev`, `ci`, or `next` -# -# Be sure to set $TOKEN first! -# See: https://docs.github.com/en/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images#authenticating-with-the-container-registry - - -while getopts e:o:r:s:t: option - do - case "${option}" - in - e) TARGET=${OPTARG};; - o) ORG=${OPTARG};; - r) REPO=${OPTARG};; - s) DEV_PROD=${OPTARG};; - t) IMAGE_TAG=${OPTARG};; - esac -done - -curl -H "Authorization: token $TOKEN" \ - -H 'Accept: application/vnd.github.everest-preview+json' \ - "https://api.github.com/repos/$ORG/$REPO/dispatches" \ - -d '{"event_type":"Tag '"$DEV_PROD"' '"$IMAGE_TAG"' for '"$TARGET"'", "client_payload": {"image_tag": "'"$IMAGE_TAG"'","target": "'"$TARGET"'","dev_prod": "'"$DEV_PROD"'"}}' diff --git a/.github/workflows/scripts/prod_release.sh b/.github/workflows/scripts/prod_release.sh deleted file mode 100755 index 46d008c6..00000000 --- a/.github/workflows/scripts/prod_release.sh +++ /dev/null @@ -1,24 +0,0 @@ -#! /usr/bin/env bash - -export MY_ORG=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $1}') -export MY_APP=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $2}') -export DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export COMMIT=$(echo "$SHA" | cut -c -7) - -echo "ISH is:" $ISH -echo "GITHUB_REF is:" $GITHUB_REF -echo "HEAD_REF is:" $GITHUB_HEAD_REF -echo "BASE_REF is:" $GITHUB_BASE_REF -echo "Release is:" $GITHUB_REF_NAME -echo $DOCKER_TOKEN | docker login ghcr.io -u $DOCKER_ACTOR --password-stdin -docker build --build-arg BUILD_DATE="$DATE" \ - --build-arg COMMIT="$COMMIT" \ - --build-arg BRANCH="$GITHUB_HEAD_REF" \ - --build-arg PULL_REQUEST="$PR" \ - --build-arg VERSION="$VER" \ - --label us.kbase.vcs-pull-req="$PR" \ - -t ghcr.io/"$MY_ORG"/"$MY_APP":"$VER" \ - -t ghcr.io/"$MY_ORG"/"$MY_APP":"latest" . -docker push ghcr.io/"$MY_ORG"/"$MY_APP":"$VER" -docker push ghcr.io/"$MY_ORG"/"$MY_APP":"latest" diff --git a/.github/workflows/scripts/tag_environments.sh b/.github/workflows/scripts/tag_environments.sh deleted file mode 100755 index b39732a0..00000000 --- a/.github/workflows/scripts/tag_environments.sh +++ /dev/null @@ -1,22 +0,0 @@ - -#! /usr/bin/env bash -# Add vars for PR & environments to yaml, as called from external script - -export MY_ORG=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $1}') -export MY_APP=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $2}') -export DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export COMMIT=$(echo "$SHA" | cut -c -7) - -if [ $DEV_PROD = "dev" ] || [ $DEV_PROD = "develop" ] -then - IMAGE=$MY_APP"-develop" -else - IMAGE=$MY_APP -fi - -echo "Dev or Prod:" $DEV_PROD -docker login -u "$DOCKER_ACTOR" -p "$DOCKER_TOKEN" ghcr.io -docker pull ghcr.io/"$MY_ORG"/"$IMAGE":"$IMAGE_TAG" -docker tag ghcr.io/"$MY_ORG"/"$IMAGE":"$IMAGE_TAG" ghcr.io/"$MY_ORG"/"$IMAGE":"$TARGET" -docker push ghcr.io/"$MY_ORG"/"$IMAGE":"$TARGET" diff --git a/.github/workflows/scripts/tag_prod_latest.sh b/.github/workflows/scripts/tag_prod_latest.sh deleted file mode 100755 index c3c42252..00000000 --- a/.github/workflows/scripts/tag_prod_latest.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env bash - -export MY_ORG=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $1}') -export MY_APP=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $2}') -export DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export COMMIT=$(echo "$SHA" | cut -c -7) - -docker login -u "$DOCKER_ACTOR" -p "$DOCKER_TOKEN" ghcr.io -docker pull ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" -docker tag ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" ghcr.io/"$MY_ORG"/"$MY_APP":"latest-rc" -docker push ghcr.io/"$MY_ORG"/"$MY_APP":"latest-rc" diff --git a/.github/workflows/scripts/tag_test_latest.sh b/.github/workflows/scripts/tag_test_latest.sh deleted file mode 100755 index c0dc504a..00000000 --- a/.github/workflows/scripts/tag_test_latest.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env bash - -export MY_ORG=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $1}') -export MY_APP=$(echo $(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $2}')"-develop") -export DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export COMMIT=$(echo "$SHA" | cut -c -7) - -docker login -u "$DOCKER_ACTOR" -p "$DOCKER_TOKEN" ghcr.io -docker pull ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" -docker tag ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" ghcr.io/"$MY_ORG"/"$MY_APP":"latest" -docker push ghcr.io/"$MY_ORG"/"$MY_APP":"latest" diff --git a/.github/workflows/tag_environments.yaml b/.github/workflows/tag_environments.yaml deleted file mode 100644 index 6dba7431..00000000 --- a/.github/workflows/tag_environments.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -name: Tag Image For Deploy -'on': - repository_dispatch -jobs: - tag_environments: - runs-on: ubuntu-latest - steps: - - name: Check out GitHub Repo - uses: actions/checkout@v2 - - name: Tag Deploy Environments - env: - DOCKER_ACTOR: "${{ secrets.GHCR_USERNAME }}" - DOCKER_TOKEN: ${{ secrets.GHCR_TOKEN }} - IMAGE_TAG: ${{ github.event.client_payload.image_tag }} - SHA: ${{ github.event.pull_request.head.sha }} - TARGET: ${{ github.event.client_payload.target }} - DEV_PROD: ${{ github.event.client_payload.dev_prod }} - run: './.github/workflows/scripts/tag_environments.sh' diff --git a/.github/workflows/tag_prod_latest.yaml b/.github/workflows/tag_prod_latest.yaml deleted file mode 100644 index 12b23df0..00000000 --- a/.github/workflows/tag_prod_latest.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Tag Prod Latest -'on': - pull_request: - branches: - - master - - main - types: - - closed -jobs: - docker_tag: - runs-on: ubuntu-latest - steps: - - name: Check out GitHub Repo - if: github.event_name == 'pull_request' && github.event.action == 'closed' && - github.event.pull_request.merged == true - with: - ref: "${{ github.event.pull_request.head.sha }}" - uses: actions/checkout@v2 - - name: Build and Push to Packages - if: github.event.pull_request.draft == false - env: - PR: "${{ github.event.pull_request.number }}" - SHA: "${{ github.event.pull_request.head.sha }}" - DOCKER_ACTOR: "${{ secrets.GHCR_USERNAME }}" - DOCKER_TOKEN: "${{ secrets.GHCR_TOKEN }}" - run: "./.github/workflows/scripts/tag_prod_latest.sh\n" diff --git a/.github/workflows/tag_test_latest.yaml b/.github/workflows/tag_test_latest.yaml deleted file mode 100644 index d8cac465..00000000 --- a/.github/workflows/tag_test_latest.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -name: Tag Latest Test Image -'on': - pull_request: - branches: - - develop - types: - - closed -jobs: - docker_tag: - runs-on: ubuntu-latest - steps: - - name: Check out GitHub Repo - if: github.event_name == 'pull_request' && github.event.action == 'closed' && - github.event.pull_request.merged == true - with: - ref: "${{ github.event.pull_request.head.sha }}" - uses: actions/checkout@v2 - - name: Build and Push to Packages - if: github.event.pull_request.draft == false - env: - PR: "${{ github.event.pull_request.number }}" - SHA: "${{ github.event.pull_request.head.sha }}" - DOCKER_ACTOR: "${{ secrets.GHCR_USERNAME }}" - DOCKER_TOKEN: "${{ secrets.GHCR_TOKEN }}" - run: "./.github/workflows/scripts/tag_test_latest.sh\n"