diff --git a/.github/.kodiak.toml b/.github/.kodiak.toml index ded81e43d..b64a5f6fc 100644 --- a/.github/.kodiak.toml +++ b/.github/.kodiak.toml @@ -15,4 +15,4 @@ strip_html_comments = true # default: false always = true # default: false [approve] -auto_approve_usernames = ["1gtm", "tamalsaha"] +auto_approve_usernames = ["tamalsaha", "1gtm", "1gtm-app[bot]"] \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 706c8650a..759e0a614 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ on: workflow_dispatch: concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-ci + group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} cancel-in-progress: true jobs: @@ -20,27 +20,18 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Set up Go 1.25 - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 with: go-version: '1.25' id: go - name: Check out code into the Go module directory - uses: actions/checkout@v4 - - - name: Set up QEMU - id: qemu - uses: docker/setup-qemu-action@v3 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: - cache-image: false - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + persist-credentials: false - name: Prepare Host run: | - sudo apt-get -qq update || true - sudo apt-get install -y bzr curl -LO https://dl.k8s.io/release/v1.32.1/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index ad811677b..06f9ed09d 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -12,41 +12,41 @@ on: workflow_dispatch: concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} + group: ${{ github.workflow }}-${{ github.event.issue.number || github.head_ref || github.ref }} cancel-in-progress: true jobs: build: - if: contains(github.event.issue.html_url, '/pull/') && startsWith(github.event.comment.body, '/ok-to-test') + if: | + contains(github.event.issue.html_url, '/pull/') && + startsWith(github.event.comment.body, '/ok-to-test') && + (github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'MEMBER') runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + with: + ref: refs/pull/${{ github.event.issue.number }}/merge - name: Set up QEMU id: qemu - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 with: cache-image: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - - name: Checkout pr - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR_NUMBER: ${{ github.event.issue.number }} - run: | - curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1 - sudo mv bin/hub /usr/local/bin - hub pr checkout $PR_NUMBER + - name: Login to GitHub Container Registry + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + with: + registry: ghcr.io + username: 1gtm + password: ${{ secrets.LGTM_GITHUB_TOKEN }} - name: Publish to GitHub Container Registry env: REGISTRY: ghcr.io/stashed - DOCKER_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} - USERNAME: 1gtm run: | - docker login ghcr.io --username ${USERNAME} --password ${DOCKER_TOKEN} make release - name: Build @@ -56,6 +56,10 @@ jobs: make push config: + if: | + contains(github.event.issue.html_url, '/pull/') && + startsWith(github.event.comment.body, '/ok-to-test') && + (github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'MEMBER') runs-on: ubuntu-24.04 needs: build outputs: @@ -63,11 +67,13 @@ jobs: steps: - id: set-matrix name: Generate test matrix + env: + COMMENT_BODY: ${{ github.event.comment.body }} run: | k8s=(v1.28.15 v1.34.0) IFS=' ' - read -ra COMMENT <<< "${{ github.event.comment.body }}" + read -ra COMMENT <<< "$COMMENT_BODY" if [ ! -z ${COMMENT[1]} ]; then k8s=(${COMMENT[1]}) fi @@ -81,33 +87,26 @@ jobs: function join { local IFS="$1"; shift; echo "$*"; } matrix=$(echo "{"include":[$(join , ${matrix[@]})]}") echo $matrix - echo "::set-output name=matrix::$matrix" + echo "matrix=$matrix" >> "$GITHUB_OUTPUT" kubernetes: name: Kubernetes - needs: config + needs: [build, config] runs-on: ubuntu-24.04 strategy: matrix: ${{ fromJson(needs.config.outputs.matrix) }} steps: - - uses: actions/checkout@v4 - - - name: Checkout pr - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR_NUMBER: ${{ github.event.issue.number }} - run: | - curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1 - sudo mv bin/hub /usr/local/bin - hub pr checkout $PR_NUMBER + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + with: + ref: refs/pull/${{ github.event.issue.number }}/merge - name: Create Kubernetes ${{ matrix.k8s }} cluster id: kind - uses: engineerd/setup-kind@v0.5.0 + uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0 with: version: v0.29.0 config: hack/kubernetes/kind.yaml - image: kindest/node:${{ matrix.k8s }} + node_image: kindest/node:${{ matrix.k8s }} - name: Prepare cluster for testing id: local-path diff --git a/.github/workflows/release-tracker.yml b/.github/workflows/release-tracker.yml index 06bee2c04..428663041 100644 --- a/.github/workflows/release-tracker.yml +++ b/.github/workflows/release-tracker.yml @@ -12,31 +12,25 @@ concurrency: jobs: build: + if: github.event.pull_request.merged == true runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - - name: Prepare git - env: - GITHUB_USER: 1gtm - GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} - run: | - git config --global user.name "${GITHUB_USER}" - git config --global user.email "${GITHUB_USER}@appscode.com" - git remote set-url origin https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git - - - name: Install GitHub CLI - run: | - curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1 - sudo mv bin/hub /usr/local/bin + - name: Generate LGTM App token + id: lgtm-app-token + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 + with: + client-id: ${{ secrets.LGTM_APP_CLIENT_ID }} + private-key: ${{ secrets.LGTM_APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + repositories: CHANGELOG + permission-pull-requests: write - name: Update release tracker - if: | - github.event.action == 'closed' && - github.event.pull_request.merged == true env: - GITHUB_USER: 1gtm - GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ steps.lgtm-app-token.outputs.token }} run: | ./hack/scripts/update-release-tracker.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4dc35dfa4..afdac2273 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,8 +15,12 @@ jobs: build: name: Build runs-on: ubuntu-24.04 + permissions: + contents: write steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + with: + fetch-depth: 0 - name: Print version info id: semver @@ -25,25 +29,29 @@ jobs: - name: Set up QEMU id: qemu - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 with: cache-image: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + + - name: Log in to the GitHub Container registry + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + with: + registry: ghcr.io + username: 1gtm + password: ${{ secrets.LGTM_GITHUB_TOKEN }} - name: Publish to GitHub Container Registry env: REGISTRY: ghcr.io/stashed - DOCKER_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} - USERNAME: 1gtm APPSCODE_ENV: prod run: | - docker login ghcr.io --username ${USERNAME} --password ${DOCKER_TOKEN} make release - name: Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2 if: startsWith(github.ref, 'refs/tags/') env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index 30a77ac37..ae79e5fee 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -8,7 +8,7 @@ on: workflow_dispatch: concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-docs + group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} cancel-in-progress: true jobs: @@ -17,35 +17,52 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Set up Go 1.25 - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 with: go-version: '1.25' id: go - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - - name: Install GitHub CLI + + - name: Parse docs repository + id: docs-repo + env: + DOCS_REPOSITORY: ${{ secrets.DOCS_REPOSITORY }} run: | - curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1 - sudo mv bin/hub /usr/local/bin + # DOCS_REPOSITORY is expected to be of the form: // + path="${DOCS_REPOSITORY#*/}" + echo "owner=${path%%/*}" >> "$GITHUB_OUTPUT" + echo "name=${path##*/}" >> "$GITHUB_OUTPUT" + + - name: Generate LGTM App token + id: lgtm-app-token + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 + with: + client-id: ${{ secrets.LGTM_APP_CLIENT_ID }} + private-key: ${{ secrets.LGTM_APP_PRIVATE_KEY }} + owner: ${{ steps.docs-repo.outputs.owner }} + repositories: ${{ steps.docs-repo.outputs.name }} + permission-contents: write + permission-pull-requests: write - name: Clone charts repository env: - GITHUB_USER: 1gtm - GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ steps.lgtm-app-token.outputs.token }} DOCS_REPOSITORY: ${{ secrets.DOCS_REPOSITORY }} run: | - url="https://${GITHUB_USER}:${GITHUB_TOKEN}@${DOCS_REPOSITORY}.git" + url="https://x-access-token:${GITHUB_TOKEN}@${DOCS_REPOSITORY}.git" cd $RUNNER_WORKSPACE git clone $url cd $(basename $DOCS_REPOSITORY) - git config user.name "${GITHUB_USER}" - git config user.email "${GITHUB_USER}@appscode.com" + git config user.name "1gtm" + git config user.email "1gtm@appscode.com" - name: Update docs env: - GITHUB_USER: 1gtm - GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ steps.lgtm-app-token.outputs.token }} DOCS_REPOSITORY: ${{ secrets.DOCS_REPOSITORY }} run: | export DOCS_ROOT=$RUNNER_WORKSPACE/$(basename $DOCS_REPOSITORY) diff --git a/Makefile b/Makefile index f25087c5c..319768c11 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ REGISTRY ?= stashed # This version-strategy uses git tags to set the version string git_branch := $(shell git rev-parse --abbrev-ref HEAD) -git_tag := $(shell git describe --exact-match --abbrev=0 2>/dev/null || echo "") +git_tag := $(shell git describe --tags --exact-match --abbrev=0 2>/dev/null || echo "") commit_hash := $(shell git rev-parse --verify HEAD) commit_timestamp := $(shell date --date="@$$(git show -s --format=%ct)" --utc +%FT%T) diff --git a/hack/scripts/update-release-tracker.sh b/hack/scripts/update-release-tracker.sh index 181aebfca..12fee4000 100755 --- a/hack/scripts/update-release-tracker.sh +++ b/hack/scripts/update-release-tracker.sh @@ -69,4 +69,4 @@ case $GITHUB_BASE_REF in ;; esac -hub api "$api_url" -f body="$msg" +gh api "$api_url" -f body="$msg"