-
Notifications
You must be signed in to change notification settings - Fork 358
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gh actions v31 setup #128
Merged
Merged
Gh actions v31 setup #128
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
ff39159
Add CI/CD workflows for petstore-v31
micryc 8503b4b
CI - fix gitignore
micryc 7bfde2b
Fix deploy docker image name
micryc a1614e3
Update post/prepare release scripts
micryc b9d9ac0
Fix-CI scripts and references
micryc 6d476a1
Fix prepare/post release script
micryc 507c90a
Add 1.0.4-SNAPSHOT/sed syntax fix
micryc File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
name: "Code scanning - action" | ||
|
||
on: | ||
push: | ||
branches: ["v31"] | ||
pull_request: | ||
# The branches below must be a subset of the branches above | ||
branches: ["master"] | ||
schedule: | ||
- cron: '0 19 * * 1' | ||
|
||
jobs: | ||
CodeQL-Build: | ||
|
||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v2 | ||
with: | ||
# We must fetch at least the immediate parents so that if this is | ||
# a pull request then we can checkout the head. | ||
fetch-depth: 2 | ||
|
||
# If this run was triggered by a pull request event, then checkout | ||
# the head of the pull request instead of the merge commit. | ||
- run: git checkout HEAD^2 | ||
if: ${{ github.event_name == 'pull_request' }} | ||
|
||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v3 | ||
# Override language selection by uncommenting this and choosing your languages | ||
with: | ||
languages: java | ||
|
||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | ||
# If this step fails, then you should remove it and run the build manually (see below) | ||
- name: Autobuild | ||
uses: github/codeql-action/autobuild@v3 | ||
|
||
# ℹ️ Command-line programs to run using the OS shell. | ||
# 📚 https://git.io/JvXDl | ||
|
||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines | ||
# and modify them (or add more) to build your code if your project | ||
# uses a compiled language | ||
|
||
#- run: | | ||
# make bootstrap | ||
# make release | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
name: 'Dependency Review' | ||
on: [pull_request] | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
dependency-review: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: 'Checkout Repository' | ||
uses: actions/checkout@v4 | ||
- name: Dependency Review | ||
uses: actions/dependency-review-action@v3 | ||
with: | ||
fail-on-severity: high |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
name: Deploy Docker | ||
|
||
on: | ||
workflow_dispatch: | ||
branches: ["v31"] | ||
inputs: | ||
tag: | ||
description: tag/version to deploy | ||
required: true | ||
jobs: | ||
deploy: | ||
|
||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: deploy docker | ||
run: | | ||
SC_RELEASE_TAG="${{ env.TAG }}" | ||
echo "$SC_RELEASE_TAG" | ||
|
||
TOKEN="${{ secrets.RANCHER2_BEARER_TOKEN }}" | ||
RANCHER_HOST="rancher.tools.swagger.io" | ||
CLUSTER_ID="c-n8zp2" | ||
NAMESPACE_NAME="swagger-oss" | ||
K8S_OBJECT_TYPE="daemonsets" | ||
K8S_OBJECT_NAME="swagger-petstore-31" | ||
DEPLOY_IMAGE="swaggerapi/swagger-petstore31:$SC_RELEASE_TAG" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. check tags and image name in dockerhub, this is wrong, should be |
||
|
||
workloadStatus="" | ||
getStatus() { | ||
echo "Getting update status..." | ||
if ! workloadStatus="$(curl -s -X GET \ | ||
-H "Authorization: Bearer ${TOKEN}" \ | ||
-H 'Content-Type: application/json' \ | ||
"https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}/status")" | ||
then | ||
echo 'ERROR - get status k8s API call failed!' | ||
echo "Exiting build"... | ||
exit 1 | ||
fi | ||
} | ||
|
||
# $1 = image to deploy | ||
updateObject() { | ||
local image="${1}" | ||
echo "Updating image value..." | ||
|
||
if ! curl -s -X PATCH \ | ||
-H "Authorization: Bearer ${TOKEN}" \ | ||
-H 'Content-Type: application/json-patch+json' \ | ||
"https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}" \ | ||
-d "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/0/image\", \"value\": \"${image}\"}]" | ||
then | ||
echo 'ERROR - image update k8s API call failed!' | ||
echo "Exiting build..." | ||
exit 1 | ||
fi | ||
} | ||
|
||
|
||
# Check that the TAG is valid | ||
if [[ $SC_RELEASE_TAG =~ ^[vV]?[0-9]*\.[0-9]*\.[0-9]*$ ]]; then | ||
echo "" | ||
echo "This is a Valid TAG..." | ||
|
||
# Get current image/tag in case we need to rollback | ||
getStatus | ||
ROLLBACK_IMAGE="$(echo "${workloadStatus}" | jq -r '.spec.template.spec.containers[0].image')" | ||
echo "" | ||
echo "Current image: ${ROLLBACK_IMAGE}" | ||
|
||
# Update image and validate response | ||
echo "" | ||
updateObject "${DEPLOY_IMAGE}" | ||
echo "" | ||
|
||
echo "" | ||
echo "Waiting for pods to start..." | ||
echo "" | ||
sleep 60s | ||
|
||
# Get state of the k8s object. If numberReady == desiredNumberScheduled, consider the upgrade successful. Else raise error | ||
getStatus | ||
status="$(echo "${workloadStatus}" | jq '.status')" | ||
echo "" | ||
echo "${status}" | ||
echo "" | ||
|
||
numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')" | ||
numberReady="$(echo "${status}" | jq -r '.numberReady')" | ||
|
||
if (( numberReady == numberDesired )); then | ||
echo "${K8S_OBJECT_NAME} has been upgraded to ${DEPLOY_IMAGE}" | ||
|
||
# If pods are not starting, rollback the upgrade and exit the build with error | ||
else | ||
echo "state = error...rolling back upgrade" | ||
updateObject "${ROLLBACK_IMAGE}" | ||
echo "" | ||
|
||
echo "" | ||
echo "Waiting for rollback pods to start..." | ||
echo "" | ||
sleep 60s | ||
|
||
getStatus | ||
status="$(echo "${workloadStatus}" | jq '.status')" | ||
echo "" | ||
echo "${status}" | ||
echo "" | ||
|
||
numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')" | ||
numberReady="$(echo "${status}" | jq -r '.numberReady')" | ||
|
||
if (( numberReady == numberDesired )); then | ||
echo "Rollback to ${ROLLBACK_IMAGE} completed." | ||
else | ||
echo "FATAL - rollback failed" | ||
fi | ||
echo "Exiting Build..." | ||
exit 1 | ||
fi | ||
|
||
else | ||
echo "This TAG is not in a valid format..." | ||
echo "Exiting Build..." | ||
exit 0 | ||
fi | ||
echo "Exiting Build..." | ||
exit 0 | ||
env: | ||
ACTIONS_ALLOW_UNSECURE_COMMANDS: true | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
TAG: ${{ github.event.inputs.tag }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
name: Docker Release | ||
|
||
on: | ||
workflow_dispatch: | ||
branches: ["v31"] | ||
inputs: | ||
tag: | ||
description: tag/version to release | ||
required: true | ||
|
||
jobs: | ||
build: | ||
|
||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Set up Python 3.10 | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: '3.10' | ||
- name: Set up Java 11 | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: 11 | ||
- name: Run pre release script | ||
id: preRelease | ||
run: | | ||
# export GPG_TTY=$(tty) | ||
export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec` | ||
if [[ $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]]; | ||
then | ||
echo "not releasing snapshot version: " ${MY_POM_VERSION} | ||
echo "RELEASE_OK=no" >> $GITHUB_ENV | ||
else | ||
. ./CI/pre-release.sh | ||
echo "RELEASE_OK=yes" >> $GITHUB_ENV | ||
fi | ||
echo "SC_VERSION=$SC_VERSION" >> $GITHUB_ENV | ||
echo "SC_NEXT_VERSION=$SC_NEXT_VERSION" >> $GITHUB_ENV | ||
echo "SC_LAST_RELEASE=$SC_LAST_RELEASE" >> $GITHUB_ENV | ||
- name: docker login | ||
run: | | ||
docker login --username=${{ secrets.DOCKERHUB_SB_USERNAME }} --password=${{ secrets.DOCKERHUB_SB_PASSWORD }} | ||
set -e | ||
- name: Build generator image and push | ||
if: env.RELEASE_OK == 'yes' | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: true | ||
platforms: linux/amd64 | ||
provenance: false | ||
tags: swaggerapi/petstore31:${{ env.TAG }} | ||
env: | ||
ACTIONS_ALLOW_UNSECURE_COMMANDS: true | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
SC_VERSION: | ||
SC_NEXT_VERSION: | ||
TAG: ${{ github.event.inputs.tag }} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
name: Build Test PR | ||
|
||
on: | ||
pull_request: | ||
branches: ["v31"] | ||
|
||
jobs: | ||
build: | ||
|
||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
java: [ 11 ] | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Set up Java | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: ${{ matrix.java }} | ||
- name: Cache local Maven repository | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.m2/repository | ||
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | ||
restore-keys: | | ||
${{ runner.os }}-maven- | ||
- name: Build with Maven | ||
run: | | ||
mvn --no-transfer-progress -B install --file pom.xml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
name: Build Test master | ||
|
||
on: | ||
push: | ||
branches: ["v31"] | ||
|
||
jobs: | ||
build: | ||
|
||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
java: [ 11 ] | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Set up Java | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: ${{ matrix.java }} | ||
server-id: ossrh | ||
server-username: MAVEN_USERNAME | ||
server-password: MAVEN_PASSWORD | ||
- name: Cache local Maven repository | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.m2/repository | ||
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | ||
restore-keys: | | ||
${{ runner.os }}-maven- | ||
- name: Build with Maven | ||
run: | | ||
mvn --no-transfer-progress -B install --file pom.xml | ||
env: | ||
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | ||
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
name: Prepare Release | ||
|
||
on: | ||
workflow_dispatch: | ||
branches: ["v31"] | ||
|
||
jobs: | ||
build: | ||
|
||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: tibdex/github-app-token@v1 | ||
id: generate-token | ||
with: | ||
app_id: ${{ secrets.APP_ID }} | ||
private_key: ${{ secrets.APP_PRIVATE_KEY }} | ||
- name: Set up Python 3.10 | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: '3.10' | ||
- name: Set up Java 11 | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: 11 | ||
- name: Run prepare release script | ||
id: prepare-release | ||
run: | | ||
export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec` | ||
if [[ $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]]; | ||
then | ||
. ./CI/prepare-release.sh | ||
echo "PREPARE_RELEASE_OK=yes" >> $GITHUB_ENV | ||
else | ||
echo "not preparing release for release version: " ${MY_POM_VERSION} | ||
echo "PREPARE_RELEASE_OK=no" >> $GITHUB_ENV | ||
fi | ||
echo "SC_VERSION=$SC_VERSION" >> $GITHUB_ENV | ||
echo "SC_NEXT_VERSION=$SC_NEXT_VERSION" >> $GITHUB_ENV | ||
- name: Create Prepare Release Pull Request | ||
uses: peter-evans/create-pull-request@v4 | ||
if: env.PREPARE_RELEASE_OK == 'yes' | ||
with: | ||
token: ${{ steps.generate-token.outputs.token }} | ||
commit-message: prepare release ${{ env.SC_VERSION }} | ||
title: 'prepare release ${{ env.SC_VERSION }}' | ||
branch: prepare-release-${{ env.SC_VERSION }} | ||
env: | ||
ACTIONS_ALLOW_UNSECURE_COMMANDS: true | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
SC_VERSION: | ||
SC_NEXT_VERSION: | ||
|
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wrong branch?