From 0999a600d324d3e081de31985c6211a669c05884 Mon Sep 17 00:00:00 2001 From: Gavin Date: Fri, 12 May 2023 15:52:24 -0700 Subject: [PATCH] Update GHA to latest KBase versions --- .github/workflows/build_prodrc_pr.yaml | 28 ------------ .github/workflows/build_test_pr.yaml | 27 ------------ .github/workflows/manual-build.yaml | 11 +++++ .github/workflows/pr_build.yaml | 43 +++++++++++++++++++ .github/workflows/release-main.yaml | 25 +++++++++++ .github/workflows/scripts/build_prodrc_pr.sh | 16 ------- .github/workflows/scripts/build_test_pr.sh | 17 -------- .github/workflows/scripts/deploy_tag.sh | 34 --------------- .github/workflows/scripts/tag_environments.sh | 22 ---------- .github/workflows/scripts/tag_prod_latest.sh | 12 ------ .github/workflows/scripts/tag_test_latest.sh | 12 ------ .github/workflows/tag_environments.yaml | 19 -------- .github/workflows/tag_prod_latest.yaml | 27 ------------ .github/workflows/tag_test_latest.yaml | 26 ----------- 14 files changed, 79 insertions(+), 240 deletions(-) delete mode 100644 .github/workflows/build_prodrc_pr.yaml delete mode 100644 .github/workflows/build_test_pr.yaml create mode 100644 .github/workflows/manual-build.yaml create mode 100644 .github/workflows/pr_build.yaml create mode 100644 .github/workflows/release-main.yaml delete mode 100755 .github/workflows/scripts/build_prodrc_pr.sh delete mode 100755 .github/workflows/scripts/build_test_pr.sh delete mode 100755 .github/workflows/scripts/deploy_tag.sh delete mode 100755 .github/workflows/scripts/tag_environments.sh delete mode 100755 .github/workflows/scripts/tag_prod_latest.sh delete mode 100755 .github/workflows/scripts/tag_test_latest.sh delete mode 100644 .github/workflows/tag_environments.yaml delete mode 100644 .github/workflows/tag_prod_latest.yaml delete mode 100644 .github/workflows/tag_test_latest.yaml diff --git a/.github/workflows/build_prodrc_pr.yaml b/.github/workflows/build_prodrc_pr.yaml deleted file mode 100644 index 58a911fa..00000000 --- a/.github/workflows/build_prodrc_pr.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -name: Build Prod RC Image -'on': - pull_request: - branches: - - master - - main - types: - - opened - - synchronize - - ready_for_review -jobs: - docker_build: - runs-on: ubuntu-latest - steps: - - name: Check out GitHub Repo - if: github.event.pull_request.draft == false - with: - ref: "${{ github.event.pull_request.head.sha }}" - uses: actions/checkout@v2 - - name: Build and Push to Packages - if: github.event.pull_request.draft == false - env: - PR: "${{ github.event.pull_request.number }}" - SHA: "${{ github.event.pull_request.head.sha }}" - DOCKER_ACTOR: "${{ secrets.GHCR_USERNAME }}" - DOCKER_TOKEN: "${{ secrets.GHCR_TOKEN }}" - run: "./.github/workflows/scripts/build_prodrc_pr.sh\n" diff --git a/.github/workflows/build_test_pr.yaml b/.github/workflows/build_test_pr.yaml deleted file mode 100644 index b6b53286..00000000 --- a/.github/workflows/build_test_pr.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Build Test Image -'on': - pull_request: - branches: - - develop - types: - - opened - - synchronize - - ready_for_review -jobs: - docker_build: - runs-on: ubuntu-latest - steps: - - name: Check out GitHub Repo - if: github.event.pull_request.draft == false - with: - ref: "${{ github.event.pull_request.head.sha }}" - uses: actions/checkout@v2 - - name: Build and Push to Packages - if: github.event.pull_request.draft == false - env: - PR: "${{ github.event.pull_request.number }}" - SHA: "${{ github.event.pull_request.head.sha }}" - DOCKER_ACTOR: "${{ secrets.GHCR_USERNAME }}" - DOCKER_TOKEN: "${{ secrets.GHCR_TOKEN }}" - run: "./.github/workflows/scripts/build_test_pr.sh\n" diff --git a/.github/workflows/manual-build.yaml b/.github/workflows/manual-build.yaml new file mode 100644 index 00000000..944f9035 --- /dev/null +++ b/.github/workflows/manual-build.yaml @@ -0,0 +1,11 @@ +--- +name: Manual Build & Push +on: + workflow_dispatch: +jobs: + build-push: + uses: kbase/.github/.github/workflows/reusable_build-push.yml@main + with: + name: '${{ github.event.repository.name }}-develop' + tags: br-${{ github.ref_name }} + secrets: inherit diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml new file mode 100644 index 00000000..0fa1c464 --- /dev/null +++ b/.github/workflows/pr_build.yaml @@ -0,0 +1,43 @@ +--- +name: Pull Request Build, Tag, & Push +on: + pull_request: + branches: + - develop + - main + - master + types: + - opened + - reopened + - synchronize + - closed +jobs: + build-develop-open: + if: github.base_ref == 'develop' && github.event.pull_request.merged == false + uses: kbase/.github/.github/workflows/reusable_build.yml@main + secrets: inherit + build-develop-merge: + if: github.base_ref == 'develop' && github.event.pull_request.merged == true + uses: kbase/.github/.github/workflows/reusable_build-push.yml@main + with: + name: '${{ github.event.repository.name }}-develop' + tags: pr-${{ github.event.number }},latest + secrets: inherit + build-main-open: + if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == false + uses: kbase/.github/.github/workflows/reusable_build-push.yml@main + with: + name: '${{ github.event.repository.name }}' + tags: pr-${{ github.event.number }} + secrets: inherit + build-main-merge: + if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == true + uses: kbase/.github/.github/workflows/reusable_build-push.yml@main + with: + name: '${{ github.event.repository.name }}' + tags: pr-${{ github.event.number }},latest-rc + secrets: inherit + trivy-scans: + if: (github.base_ref == 'develop' || github.base_ref == 'main' || github.base_ref == 'master' ) && github.event.pull_request.merged == false + uses: kbase/.github/.github/workflows/reusable_trivy-scans.yml@main + secrets: inherit diff --git a/.github/workflows/release-main.yaml b/.github/workflows/release-main.yaml new file mode 100644 index 00000000..a2546781 --- /dev/null +++ b/.github/workflows/release-main.yaml @@ -0,0 +1,25 @@ +--- +name: Release - Build & Push Image +on: + release: + branches: + - main + - master + types: [ published ] +jobs: + check-source-branch: + uses: kbase/.github/.github/workflows/reusable_validate-branch.yml@main + with: + build_branch: '${{ github.event.release.target_commitish }}' + validate-release-tag: + needs: check-source-branch + uses: kbase/.github/.github/workflows/reusable_validate-release-tag.yml@main + with: + release_tag: '${{ github.event.release.tag_name }}' + build-push: + needs: validate-release-tag + uses: kbase/.github/.github/workflows/reusable_build-push.yml@main + with: + name: '${{ github.event.repository.name }}' + tags: '${{ github.event.release.tag_name }},latest' + secrets: inherit diff --git a/.github/workflows/scripts/build_prodrc_pr.sh b/.github/workflows/scripts/build_prodrc_pr.sh deleted file mode 100755 index d888fc9d..00000000 --- a/.github/workflows/scripts/build_prodrc_pr.sh +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash - -export MY_ORG=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $1}') -export MY_APP=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $2}') -export DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export COMMIT=$(echo "$SHA" | cut -c -7) - -docker login -u "$DOCKER_ACTOR" -p "$DOCKER_TOKEN" ghcr.io -docker build --build-arg BUILD_DATE="$DATE" \ - --build-arg COMMIT="$COMMIT" \ - --build-arg BRANCH="$GITHUB_HEAD_REF" \ - --build-arg PULL_REQUEST="$PR" \ - --label us.kbase.vcs-pull-req="$PR" \ - -t ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" . -docker push ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" diff --git a/.github/workflows/scripts/build_test_pr.sh b/.github/workflows/scripts/build_test_pr.sh deleted file mode 100755 index 546b1b42..00000000 --- a/.github/workflows/scripts/build_test_pr.sh +++ /dev/null @@ -1,17 +0,0 @@ -#! /usr/bin/env bash - -export MY_ORG=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $1}') -export MY_APP=$(echo $(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $2}')"-develop") -export DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export COMMIT=$(echo "$SHA" | cut -c -7) - -echo $DOCKER_TOKEN | docker login ghcr.io -u $DOCKER_ACTOR --password-stdin -docker build --build-arg BUILD_DATE="$DATE" \ - --build-arg COMMIT="$COMMIT" \ - --build-arg BRANCH="$GITHUB_HEAD_REF" \ - --build-arg PULL_REQUEST="$PR" \ - --label us.kbase.vcs-pull-req="$PR" \ - -t ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" . -docker push ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" - \ No newline at end of file diff --git a/.github/workflows/scripts/deploy_tag.sh b/.github/workflows/scripts/deploy_tag.sh deleted file mode 100755 index 5fb928ab..00000000 --- a/.github/workflows/scripts/deploy_tag.sh +++ /dev/null @@ -1,34 +0,0 @@ -#! /usr/bin/env bash - -# Usage: ./deploy_tag.sh -e TARGET -o ORG -r REPO -s DEV_PROD -t IMAGE_TAG -# -# Example 1: ./deploy_tag.sh -o "kbase" -r "narrative-traefiker" -s "dev" -t "pr-9001" -e "ci" -# Example 2: ./deploy_tag.sh -o "kbase" -r "narrative" -s "prod" -t "latest" -e "next" -# -# Where: -# -o ORG is the organization (`kbase`, `kbaseapps`, etc.) -# -r REPO is the repository (e.g. `narrative`) -# -s DEV_PROD determines whether to pull the development {APPNAME}-develop or production {APPNAME} image. -# -t IMAGE_TAG is the *current* Docker image tag, typically `pr-#` or `latest` -# -e TARGET is one of: `appdsshev`, `ci`, or `next` -# -# Be sure to set $TOKEN first! -# See: https://docs.github.com/en/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images#authenticating-with-the-container-registry - - -while getopts e:o:r:s:t: option - do - case "${option}" - in - e) TARGET=${OPTARG};; - o) ORG=${OPTARG};; - r) REPO=${OPTARG};; - s) DEV_PROD=${OPTARG};; - t) IMAGE_TAG=${OPTARG};; - esac -done - -curl -H "Authorization: token $TOKEN" \ - -H 'Accept: application/vnd.github.everest-preview+json' \ - "https://api.github.com/repos/$ORG/$REPO/dispatches" \ - -d '{"event_type":"Tag '"$DEV_PROD"' '"$IMAGE_TAG"' for '"$TARGET"'", "client_payload": {"image_tag": "'"$IMAGE_TAG"'","target": "'"$TARGET"'","dev_prod": "'"$DEV_PROD"'"}}' diff --git a/.github/workflows/scripts/tag_environments.sh b/.github/workflows/scripts/tag_environments.sh deleted file mode 100755 index b39732a0..00000000 --- a/.github/workflows/scripts/tag_environments.sh +++ /dev/null @@ -1,22 +0,0 @@ - -#! /usr/bin/env bash -# Add vars for PR & environments to yaml, as called from external script - -export MY_ORG=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $1}') -export MY_APP=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $2}') -export DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export COMMIT=$(echo "$SHA" | cut -c -7) - -if [ $DEV_PROD = "dev" ] || [ $DEV_PROD = "develop" ] -then - IMAGE=$MY_APP"-develop" -else - IMAGE=$MY_APP -fi - -echo "Dev or Prod:" $DEV_PROD -docker login -u "$DOCKER_ACTOR" -p "$DOCKER_TOKEN" ghcr.io -docker pull ghcr.io/"$MY_ORG"/"$IMAGE":"$IMAGE_TAG" -docker tag ghcr.io/"$MY_ORG"/"$IMAGE":"$IMAGE_TAG" ghcr.io/"$MY_ORG"/"$IMAGE":"$TARGET" -docker push ghcr.io/"$MY_ORG"/"$IMAGE":"$TARGET" diff --git a/.github/workflows/scripts/tag_prod_latest.sh b/.github/workflows/scripts/tag_prod_latest.sh deleted file mode 100755 index 1390fd16..00000000 --- a/.github/workflows/scripts/tag_prod_latest.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env bash - -export MY_ORG=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $1}') -export MY_APP=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $2}') -export DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export COMMIT=$(echo "$SHA" | cut -c -7) - -docker login -u "$DOCKER_ACTOR" -p "$DOCKER_TOKEN" ghcr.io -docker pull ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" -docker tag ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" ghcr.io/"$MY_ORG"/"$MY_APP":"latest" -docker push ghcr.io/"$MY_ORG"/"$MY_APP":"latest" diff --git a/.github/workflows/scripts/tag_test_latest.sh b/.github/workflows/scripts/tag_test_latest.sh deleted file mode 100755 index c0dc504a..00000000 --- a/.github/workflows/scripts/tag_test_latest.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env bash - -export MY_ORG=$(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $1}') -export MY_APP=$(echo $(echo "${GITHUB_REPOSITORY}" | awk -F / '{print $2}')"-develop") -export DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") -export COMMIT=$(echo "$SHA" | cut -c -7) - -docker login -u "$DOCKER_ACTOR" -p "$DOCKER_TOKEN" ghcr.io -docker pull ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" -docker tag ghcr.io/"$MY_ORG"/"$MY_APP":"pr-""$PR" ghcr.io/"$MY_ORG"/"$MY_APP":"latest" -docker push ghcr.io/"$MY_ORG"/"$MY_APP":"latest" diff --git a/.github/workflows/tag_environments.yaml b/.github/workflows/tag_environments.yaml deleted file mode 100644 index 6dba7431..00000000 --- a/.github/workflows/tag_environments.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -name: Tag Image For Deploy -'on': - repository_dispatch -jobs: - tag_environments: - runs-on: ubuntu-latest - steps: - - name: Check out GitHub Repo - uses: actions/checkout@v2 - - name: Tag Deploy Environments - env: - DOCKER_ACTOR: "${{ secrets.GHCR_USERNAME }}" - DOCKER_TOKEN: ${{ secrets.GHCR_TOKEN }} - IMAGE_TAG: ${{ github.event.client_payload.image_tag }} - SHA: ${{ github.event.pull_request.head.sha }} - TARGET: ${{ github.event.client_payload.target }} - DEV_PROD: ${{ github.event.client_payload.dev_prod }} - run: './.github/workflows/scripts/tag_environments.sh' diff --git a/.github/workflows/tag_prod_latest.yaml b/.github/workflows/tag_prod_latest.yaml deleted file mode 100644 index 12b23df0..00000000 --- a/.github/workflows/tag_prod_latest.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Tag Prod Latest -'on': - pull_request: - branches: - - master - - main - types: - - closed -jobs: - docker_tag: - runs-on: ubuntu-latest - steps: - - name: Check out GitHub Repo - if: github.event_name == 'pull_request' && github.event.action == 'closed' && - github.event.pull_request.merged == true - with: - ref: "${{ github.event.pull_request.head.sha }}" - uses: actions/checkout@v2 - - name: Build and Push to Packages - if: github.event.pull_request.draft == false - env: - PR: "${{ github.event.pull_request.number }}" - SHA: "${{ github.event.pull_request.head.sha }}" - DOCKER_ACTOR: "${{ secrets.GHCR_USERNAME }}" - DOCKER_TOKEN: "${{ secrets.GHCR_TOKEN }}" - run: "./.github/workflows/scripts/tag_prod_latest.sh\n" diff --git a/.github/workflows/tag_test_latest.yaml b/.github/workflows/tag_test_latest.yaml deleted file mode 100644 index d8cac465..00000000 --- a/.github/workflows/tag_test_latest.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -name: Tag Latest Test Image -'on': - pull_request: - branches: - - develop - types: - - closed -jobs: - docker_tag: - runs-on: ubuntu-latest - steps: - - name: Check out GitHub Repo - if: github.event_name == 'pull_request' && github.event.action == 'closed' && - github.event.pull_request.merged == true - with: - ref: "${{ github.event.pull_request.head.sha }}" - uses: actions/checkout@v2 - - name: Build and Push to Packages - if: github.event.pull_request.draft == false - env: - PR: "${{ github.event.pull_request.number }}" - SHA: "${{ github.event.pull_request.head.sha }}" - DOCKER_ACTOR: "${{ secrets.GHCR_USERNAME }}" - DOCKER_TOKEN: "${{ secrets.GHCR_TOKEN }}" - run: "./.github/workflows/scripts/tag_test_latest.sh\n"