Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gh actions v31 setup #128

Merged
merged 7 commits into from
Mar 26, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: "Code scanning - action"

on:
push:
branches: ["v31"]
pull_request:
# The branches below must be a subset of the branches above
branches: ["v31"]
schedule:
- cron: '0 19 * * 1'

jobs:
CodeQL-Build:

runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2

# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
# Override language selection by uncommenting this and choosing your languages
with:
languages: java

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

#- run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
16 changes: 16 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: 'Dependency Review'
on: [pull_request]

permissions:
contents: read

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v3
with:
fail-on-severity: high
134 changes: 134 additions & 0 deletions .github/workflows/deploy-docker.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
name: Deploy Docker

on:
workflow_dispatch:
branches: ["v31"]
inputs:
tag:
description: tag/version to deploy
required: true
jobs:
deploy:

runs-on: ubuntu-latest

steps:
- name: deploy docker
run: |
SC_RELEASE_TAG="${{ env.TAG }}"
echo "$SC_RELEASE_TAG"

TOKEN="${{ secrets.RANCHER2_BEARER_TOKEN }}"
RANCHER_HOST="rancher.tools.swagger.io"
CLUSTER_ID="c-n8zp2"
NAMESPACE_NAME="swagger-oss"
K8S_OBJECT_TYPE="daemonsets"
K8S_OBJECT_NAME="swagger-petstore-31"
DEPLOY_IMAGE="swaggerapi/petstore31:$SC_RELEASE_TAG"

workloadStatus=""
getStatus() {
echo "Getting update status..."
if ! workloadStatus="$(curl -s -X GET \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json' \
"https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}/status")"
then
echo 'ERROR - get status k8s API call failed!'
echo "Exiting build"...
exit 1
fi
}

# $1 = image to deploy
updateObject() {
local image="${1}"
echo "Updating image value..."

if ! curl -s -X PATCH \
-H "Authorization: Bearer ${TOKEN}" \
-H 'Content-Type: application/json-patch+json' \
"https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}" \
-d "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/0/image\", \"value\": \"${image}\"}]"
then
echo 'ERROR - image update k8s API call failed!'
echo "Exiting build..."
exit 1
fi
}


# Check that the TAG is valid
if [[ $SC_RELEASE_TAG =~ ^[vV]?[0-9]*\.[0-9]*\.[0-9]*$ ]]; then
echo ""
echo "This is a Valid TAG..."

# Get current image/tag in case we need to rollback
getStatus
ROLLBACK_IMAGE="$(echo "${workloadStatus}" | jq -r '.spec.template.spec.containers[0].image')"
echo ""
echo "Current image: ${ROLLBACK_IMAGE}"

# Update image and validate response
echo ""
updateObject "${DEPLOY_IMAGE}"
echo ""

echo ""
echo "Waiting for pods to start..."
echo ""
sleep 60s

# Get state of the k8s object. If numberReady == desiredNumberScheduled, consider the upgrade successful. Else raise error
getStatus
status="$(echo "${workloadStatus}" | jq '.status')"
echo ""
echo "${status}"
echo ""

numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')"
numberReady="$(echo "${status}" | jq -r '.numberReady')"

if (( numberReady == numberDesired )); then
echo "${K8S_OBJECT_NAME} has been upgraded to ${DEPLOY_IMAGE}"

# If pods are not starting, rollback the upgrade and exit the build with error
else
echo "state = error...rolling back upgrade"
updateObject "${ROLLBACK_IMAGE}"
echo ""

echo ""
echo "Waiting for rollback pods to start..."
echo ""
sleep 60s

getStatus
status="$(echo "${workloadStatus}" | jq '.status')"
echo ""
echo "${status}"
echo ""

numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')"
numberReady="$(echo "${status}" | jq -r '.numberReady')"

if (( numberReady == numberDesired )); then
echo "Rollback to ${ROLLBACK_IMAGE} completed."
else
echo "FATAL - rollback failed"
fi
echo "Exiting Build..."
exit 1
fi

else
echo "This TAG is not in a valid format..."
echo "Exiting Build..."
exit 0
fi
echo "Exiting Build..."
exit 0
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG: ${{ github.event.inputs.tag }}
61 changes: 61 additions & 0 deletions .github/workflows/dockerhub-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: Docker Release

on:
workflow_dispatch:
branches: ["v31"]
inputs:
tag:
description: tag/version to release
required: true

jobs:
build:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Set up Java 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Run pre release script
id: preRelease
run: |
# export GPG_TTY=$(tty)
export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec`
if [[ $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]];
then
echo "not releasing snapshot version: " ${MY_POM_VERSION}
echo "RELEASE_OK=no" >> $GITHUB_ENV
else
. ./CI/pre-release.sh
echo "RELEASE_OK=yes" >> $GITHUB_ENV
fi
echo "SC_VERSION=$SC_VERSION" >> $GITHUB_ENV
echo "SC_NEXT_VERSION=$SC_NEXT_VERSION" >> $GITHUB_ENV
echo "SC_LAST_RELEASE=$SC_LAST_RELEASE" >> $GITHUB_ENV
- name: docker login
run: |
docker login --username=${{ secrets.DOCKERHUB_SB_USERNAME }} --password=${{ secrets.DOCKERHUB_SB_PASSWORD }}
set -e
- name: Build generator image and push
if: env.RELEASE_OK == 'yes'
uses: docker/build-push-action@v5
with:
context: .
push: true
platforms: linux/amd64
provenance: false
tags: swaggerapi/petstore31:${{ env.TAG }}
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SC_VERSION:
SC_NEXT_VERSION:
TAG: ${{ github.event.inputs.tag }}

30 changes: 30 additions & 0 deletions .github/workflows/maven-pulls.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Build Test PR

on:
pull_request:
branches: ["v31"]

jobs:
build:

runs-on: ubuntu-latest
strategy:
matrix:
java: [ 11 ]

steps:
- uses: actions/checkout@v2
- name: Set up Java
uses: actions/setup-java@v1
with:
java-version: ${{ matrix.java }}
- name: Cache local Maven repository
uses: actions/cache@v2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Build with Maven
run: |
mvn --no-transfer-progress -B install --file pom.xml
36 changes: 36 additions & 0 deletions .github/workflows/maven.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: Build Test master

on:
push:
branches: ["v31"]

jobs:
build:

runs-on: ubuntu-latest
strategy:
matrix:
java: [ 11 ]

steps:
- uses: actions/checkout@v2
- name: Set up Java
uses: actions/setup-java@v1
with:
java-version: ${{ matrix.java }}
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
- name: Cache local Maven repository
uses: actions/cache@v2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Build with Maven
run: |
mvn --no-transfer-progress -B install --file pom.xml
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
54 changes: 54 additions & 0 deletions .github/workflows/prepare-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: Prepare Release

on:
workflow_dispatch:
branches: ["v31"]

jobs:
build:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- uses: tibdex/github-app-token@v1
id: generate-token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Set up Java 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Run prepare release script
id: prepare-release
run: |
export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec`
if [[ $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]];
then
. ./CI/prepare-release.sh
echo "PREPARE_RELEASE_OK=yes" >> $GITHUB_ENV
else
echo "not preparing release for release version: " ${MY_POM_VERSION}
echo "PREPARE_RELEASE_OK=no" >> $GITHUB_ENV
fi
echo "SC_VERSION=$SC_VERSION" >> $GITHUB_ENV
echo "SC_NEXT_VERSION=$SC_NEXT_VERSION" >> $GITHUB_ENV
- name: Create Prepare Release Pull Request
uses: peter-evans/create-pull-request@v4
if: env.PREPARE_RELEASE_OK == 'yes'
with:
token: ${{ steps.generate-token.outputs.token }}
commit-message: prepare release ${{ env.SC_VERSION }}
title: 'prepare release ${{ env.SC_VERSION }}'
branch: prepare-release-${{ env.SC_VERSION }}
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SC_VERSION:
SC_NEXT_VERSION:

Loading
Loading