From 895da0d0bcd9535663f0adec9b833978fb626d72 Mon Sep 17 00:00:00 2001 From: Noel Georgi Date: Thu, 14 Sep 2023 23:14:13 +0200 Subject: [PATCH] chore: move to gh actions Move to GitHub actions. Signed-off-by: Noel Georgi --- .drone.yml | 163 ------------------------- .github/workflows/ci.yaml | 51 +++++++- .github/workflows/cron.yaml | 7 ++ .github/workflows/integration.yaml | 11 ++ .github/workflows/reproducibility.yaml | 34 ++++++ .github/workflows/slack-notify.yaml | 86 +++++++++++++ Makefile | 2 +- Pkgfile | 2 +- 8 files changed, 185 insertions(+), 171 deletions(-) delete mode 100644 .drone.yml create mode 100644 .github/workflows/cron.yaml create mode 100644 .github/workflows/integration.yaml create mode 100644 .github/workflows/reproducibility.yaml create mode 100644 .github/workflows/slack-notify.yaml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 9a7edd5..0000000 --- a/.drone.yml +++ /dev/null @@ -1,163 +0,0 @@ ---- -kind: pipeline -type: kubernetes -name: default - -steps: - - name: setup-ci - image: autonomy/build-container:latest - commands: - - git fetch --tags - - install-ci-key - - setup-buildx-amd64-arm64 - environment: - SSH_KEY: - from_secret: ssh_key - resources: - requests: - cpu: 24000 - memory: 48GiB - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: build-pull-request - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - commands: - - make - when: - event: - include: - - pull_request - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: reproducibility-test - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - commands: - - make reproducibility-test - when: - target: - include: - - integration-reproducibility - event: - exclude: - - pull_request - - tag - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: reproducibility-test-cron - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - commands: - - make reproducibility-test - when: - cron: - - weekly - event: - exclude: - - pull_request - - tag - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: build-and-publish - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - environment: - GHCR_USERNAME: - from_secret: ghcr_username - GHCR_PASSWORD: - from_secret: ghcr_token - commands: - - docker login ghcr.io --username "$${GHCR_USERNAME}" --password "$${GHCR_PASSWORD}" - - make PUSH=true - when: - event: - exclude: - - pull_request - - promote - - cron - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - -trigger: - branch: - exclude: - - renovate/* - - dependabot/* - -volumes: - - name: docker-socket - host: - path: /var/ci-docker - - name: docker - temp: {} - - name: ssh - temp: {} ---- -kind: pipeline -type: kubernetes -name: notify - -clone: - disable: true - -steps: - - name: slack - image: plugins/slack - settings: - webhook: - from_secret: slack_webhook - channel: proj-talos-maintainers - when: - status: - - success - - failure - -trigger: - branch: - exclude: - - renovate/* - - dependabot/* - status: - - success - - failure - -depends_on: - - default diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 05dd981..09a5f20 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,19 +1,58 @@ name: default -"on": +on: push: branches: - main + - release-* tags: - v* - pull_request: {} -env: - CI_ARGS: --cache-from=type=registry,ref=registry.dev.siderolabs.io/${GITHUB_REPOSITORY}:buildcache --cache-to=type=registry,ref=registry.dev.siderolabs.io/${GITHUB_REPOSITORY}:buildcache,mode=max + pull_request: + branches: + - main + - release-* jobs: default: + if: ${{ !startsWith(github.head_ref, 'renovate/') }} permissions: - contents: write packages: write - runs-on: self-hosted + runs-on: + - self-hosted + - pkgs + services: + buildkitd: + image: moby/buildkit:buildx-stable-1 + ports: + - 1234:1234 + options: --privileged + volumes: + - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit + - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml steps: - name: checkout uses: actions/checkout@v3 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://localhost:1234 + append: | + - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 + platforms: linux/arm64 + - name: build + if: github.event_name != 'schedule' + run: | + make + - name: Login to registry + if: github.event_name != 'schedule' && github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + username: ${{ github.repository_owner }} + - name: Push to registry + if: github.event_name != 'schedule' && github.event_name != 'pull_request' + run: | + make PUSH=true diff --git a/.github/workflows/cron.yaml b/.github/workflows/cron.yaml new file mode 100644 index 0000000..d2636c9 --- /dev/null +++ b/.github/workflows/cron.yaml @@ -0,0 +1,7 @@ +name: weekly +on: + schedule: + - cron: '30 1 * * 1' +jobs: + reproducibility: + uses: ./.github/workflows/reproducibility.yaml diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml new file mode 100644 index 0000000..88ee309 --- /dev/null +++ b/.github/workflows/integration.yaml @@ -0,0 +1,11 @@ +name: integration +on: + pull_request: + types: [labeled] + branches: + - main + - release-* +jobs: + reproducibility: + if: ${{ !startsWith(github.head_ref, 'renovate/') && contains(github.event.pull_request.labels.*.name, 'integration/reproducibility') }} + uses: ./.github/workflows/reproducibility.yaml diff --git a/.github/workflows/reproducibility.yaml b/.github/workflows/reproducibility.yaml new file mode 100644 index 0000000..af94ff9 --- /dev/null +++ b/.github/workflows/reproducibility.yaml @@ -0,0 +1,34 @@ +name: reproducibility +on: + workflow_call: +jobs: + integration: + runs-on: + - self-hosted + - pkgs + services: + buildkitd: + image: moby/buildkit:buildx-stable-1 + ports: + - 1234:1234 + options: --privileged + volumes: + - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit + - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml + steps: + - name: checkout + uses: actions/checkout@v3 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://localhost:1234 + append: | + - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 + platforms: linux/arm64 + - name: reproducibility + run: | + make reproducibility-test diff --git a/.github/workflows/slack-notify.yaml b/.github/workflows/slack-notify.yaml new file mode 100644 index 0000000..6d3ca1e --- /dev/null +++ b/.github/workflows/slack-notify.yaml @@ -0,0 +1,86 @@ +name: slack-notify +"on": + workflow_run: + workflows: + - default + types: + - completed +jobs: + slack-notify: + runs-on: + - self-hosted + if: ${{ github.event.workflow_run.conclusion != 'skipped' }} + steps: + - name: Retrieve Workflow Run Info + id: retrieve-workflow-run-info + uses: potiuk/get-workflow-origin@v1_5 + with: + sourceRunId: ${{ github.event.workflow_run.id }} + token: ${{ secrets.GITHUB_TOKEN }} + - name: Slack Notify + uses: slackapi/slack-github-action@v1 + with: + channel-id: proj-talos-maintainers + payload: | + { + "attachments": [ + { + "color": "${{ github.event.workflow_run.conclusion == 'success' && '#2EB886' || github.event.workflow_run.conclusion == 'failure' && '#A30002' || '#FFCC00' }}", + "fallback": "test", + "blocks": [ + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "${{ github.event.workflow_run.event == 'pull_request' && format('*Pull Request:* {0} (`{1}`)\n<{2}/pull/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, steps.retrieve-workflow-run-info.outputs.pullRequestNumber, github.event.workflow_run.display_title) || format('*Build:* {0}#{1} (`{2}`)', github.repository, github.sha, github.ref_name) }}" + }, + { + "type": "mrkdwn", + "text": "*Status:*\n`${{ github.event.workflow_run.conclusion }}`" + } + ] + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Author:*\n`${{ github.actor }}`" + }, + { + "type": "mrkdwn", + "text": "*Event:*\n`${{ github.event.workflow_run.event }}`" + } + ] + }, + { + "type": "divider" + }, + { + "type": "actions", + "elements": [ + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Logs" + }, + "url": "${{ github.event.workflow_run.html_url }}" + }, + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Commit" + }, + "url": "${{ github.event.repository.html_url }}/commit/${{ github.sha }}" + } + ] + } + ] + } + ] + } + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/Makefile b/Makefile index 2f12e18..a66b57e 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,7 @@ REGISTRY_AND_USERNAME := $(REGISTRY)/$(USERNAME) SOURCE_DATE_EPOCH ?= "1559497065" # Sync bldr image with Pkgfile -BLDR_IMAGE := ghcr.io/siderolabs/bldr:v0.2.0 +BLDR_IMAGE := ghcr.io/siderolabs/bldr:v0.2.2 BLDR ?= docker run --rm --volume $(PWD):/toolchain --entrypoint=/bldr \ $(BLDR_IMAGE) graph --root=/toolchain diff --git a/Pkgfile b/Pkgfile index 22a604b..eeebfcc 100644 --- a/Pkgfile +++ b/Pkgfile @@ -1,4 +1,4 @@ -# syntax = ghcr.io/siderolabs/bldr:v0.2.0 +# syntax = ghcr.io/siderolabs/bldr:v0.2.2 format: v1alpha2