Skip to content

Commit

Permalink
switch to Makefile modules
Browse files Browse the repository at this point in the history 
Signed-off-by: Tim Ramlot <[email protected]>
  • Loading branch information
@inteon
inteon committed Sep 10, 2024
1 parent 3c80b0b commit ee7011d
Show file tree
Hide file tree
Showing 133 changed files with 5,953 additions and 1,537 deletions.
5 changes: 0 additions & 5 deletions .dockerignore
View file

This file was deleted.

20 changes: 20 additions & 0 deletions .github/dependabot.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/dependabot.yaml instead.

# Update Go dependencies and GitHub Actions dependencies daily.
version: 2
updates:
- package-ecosystem: gomod
directory: /
schedule:
interval: daily
groups:
all:
patterns: ["*"]
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily
groups:
all:
patterns: ["*"]
31 changes: 31 additions & 0 deletions .github/workflows/govulncheck.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/go/base/.github/workflows/govulncheck.yaml instead.

# Run govulncheck at midnight every night on the main branch,
# to alert us to recent vulnerabilities which affect the Go code in this
# project.
name: govulncheck
on:
workflow_dispatch: {}
schedule:
- cron: '0 0 * * *'

permissions:
contents: read

jobs:
govulncheck:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- id: go-version
run: |
make print-go-version >> "$GITHUB_OUTPUT"
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ steps.go-version.outputs.result }}

- run: make verify-govulncheck
101 changes: 101 additions & 0 deletions .github/workflows/make-self-upgrade.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml instead.

name: make-self-upgrade
concurrency: make-self-upgrade
on:
workflow_dispatch: {}
schedule:
- cron: '0 0 * * *'

permissions:
contents: read

jobs:
self_upgrade:
runs-on: ubuntu-latest

if: github.repository_owner == 'cert-manager'

permissions:
contents: write
pull-requests: write

env:
SOURCE_BRANCH: "${{ github.ref_name }}"
SELF_UPGRADE_BRANCH: "self-upgrade-${{ github.ref_name }}"

steps:
- name: Fail if branch is not head of branch.
if: ${{ !startsWith(github.ref, 'refs/heads/') && env.SOURCE_BRANCH != '' && env.SELF_UPGRADE_BRANCH != '' }}
run: |
echo "This workflow should not be run on a non-branch-head."
exit 1
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- id: go-version
run: |
make print-go-version >> "$GITHUB_OUTPUT"
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ steps.go-version.outputs.result }}

- run: |
git checkout -B "$SELF_UPGRADE_BRANCH"
- run: |
make -j upgrade-klone
make -j generate
- id: is-up-to-date
shell: bash
run: |
git_status=$(git status -s)
is_up_to_date="true"
if [ -n "$git_status" ]; then
is_up_to_date="false"
echo "The following changes will be committed:"
echo "$git_status"
fi
echo "result=$is_up_to_date" >> "$GITHUB_OUTPUT"
- if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
run: |
git config --global user.name "cert-manager-bot"
git config --global user.email "[email protected]"
git add -A && git commit -m "BOT: run 'make upgrade-klone' and 'make generate'" --signoff
git push -f origin "$SELF_UPGRADE_BRANCH"
- if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const { repo, owner } = context.repo;
const pulls = await github.rest.pulls.list({
owner: owner,
repo: repo,
head: owner + ':' + process.env.SELF_UPGRADE_BRANCH,
base: process.env.SOURCE_BRANCH,
state: 'open',
});
if (pulls.data.length < 1) {
const result = await github.rest.pulls.create({
title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH,
owner: owner,
repo: repo,
head: process.env.SELF_UPGRADE_BRANCH,
base: process.env.SOURCE_BRANCH,
body: [
'This PR is auto-generated to bump the Makefile modules.',
].join('\n'),
});
await github.rest.issues.addLabels({
owner,
repo,
issue_number: result.data.number,
labels: ['skip-review']
});
}
107 changes: 77 additions & 30 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,38 +1,85 @@
name: release
on:
release:
types: [published]
push:
tags:
- "v*"

env:
VERSION: ${{ github.ref_name }}

jobs:
build_push_and_publish:
runs-on: ubuntu-22.04
build_images:
runs-on: ubuntu-latest

permissions:
contents: read # needed for checkout
packages: write # needed for push images
id-token: write # needed for keyless signing

steps:
-
name: Checkout code
uses: actions/checkout@v2
- uses: actions/checkout@v4

- id: go-version
run: |
make print-go-version >> "$GITHUB_OUTPUT"
- uses: docker/login-action@v3
with:
fetch-depth: 0
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}

-
name: Log in to GitHub Container Registry
uses: docker/login-action@v1
- uses: actions/setup-go@v5
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Build Docker image
run: make docker-buildx

-
name: Create install.yaml file
run: make build/install.yaml
-
name: Upload install.yaml file
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
go-version: ${{ steps.go-version.outputs.result }}

- id: release
run: make release

- uses: actions/upload-artifact@v4
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ./build/install.yaml
asset_name: install.yaml
asset_content_type: text/yaml
name: ${{ steps.release.outputs.RELEASE_HELM_CHART_NAME }}-${{ steps.release.outputs.RELEASE_HELM_CHART_VERSION }}.tgz
path: ${{ steps.release.outputs.RELEASE_HELM_CHART_TAR }}
if-no-files-found: error

outputs:
RELEASE_OCI_MANAGER_IMAGE: ${{ steps.release.outputs.RELEASE_OCI_MANAGER_IMAGE }}
RELEASE_OCI_MANAGER_TAG: ${{ steps.release.outputs.RELEASE_OCI_MANAGER_TAG }}
RELEASE_HELM_CHART_NAME: ${{ steps.release.outputs.RELEASE_HELM_CHART_NAME }}
RELEASE_HELM_CHART_VERSION: ${{ steps.release.outputs.RELEASE_HELM_CHART_VERSION }}

github_release:
runs-on: ubuntu-latest

needs: build_images

permissions:
contents: write # needed for creating a PR
pull-requests: write # needed for creating a PR

steps:
- run: |
touch .notes-file
echo "OCI_MANAGER_IMAGE: ${{ needs.build_images.outputs.RELEASE_OCI_MANAGER_IMAGE }}" >> .notes-file
echo "OCI_MANAGER_TAG: ${{ needs.build_images.outputs.RELEASE_OCI_MANAGER_TAG }}" >> .notes-file
echo "HELM_CHART_NAME: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}" >> .notes-file
echo "HELM_CHART_VERSION: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}" >> .notes-file
- id: chart_download
uses: actions/download-artifact@v4
with:
name: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}-${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}.tgz

- env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release create "$VERSION" \
--repo="$GITHUB_REPOSITORY" \
--title="${VERSION}" \
--draft \
--verify-tag \
--notes-file .notes-file
gh release upload "$VERSION" \
--repo="$GITHUB_REPOSITORY" \
"${{ steps.chart_download.outputs.download-path }}/${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}-${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}.tgz"
26 changes: 0 additions & 26 deletions .github/workflows/test.yaml
View file

This file was deleted.

82 changes: 82 additions & 0 deletions .github/workflows/tests.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
name: tests
on:
push:
branches: [main]
pull_request:
branches: [main]

permissions:
contents: read

jobs:
verify:
runs-on: ubuntu-latest
timeout-minutes: 15

steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- id: go-version
run: |
make print-go-version >> "$GITHUB_OUTPUT"
- uses: actions/setup-go@v5
with:
go-version: ${{ steps.go-version.outputs.result }}

- uses: actions/cache@v4
with:
path: _bin/downloaded
key: downloaded-${{ runner.os }}-${{ hashFiles('klone.yaml') }}-verify

- run: make -j verify

test-unit:
runs-on: ubuntu-latest
timeout-minutes: 15

steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- id: go-version
run: |
make print-go-version >> "$GITHUB_OUTPUT"
- uses: actions/setup-go@v5
with:
go-version: ${{ steps.go-version.outputs.result }}

- uses: actions/cache@v4
with:
path: _bin/downloaded
key: downloaded-${{ runner.os }}-${{ hashFiles('klone.yaml') }}-test-unit

- run: make -j test-unit

test-e2e:
runs-on: ubuntu-latest
timeout-minutes: 15

steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- id: go-version
run: |
make print-go-version >> "$GITHUB_OUTPUT"
- uses: actions/setup-go@v5
with:
go-version: ${{ steps.go-version.outputs.result }}

- uses: actions/cache@v4
with:
path: _bin/downloaded
key: downloaded-${{ runner.os }}-${{ hashFiles('klone.yaml') }}-test-e2e

- run: make -j test-e2e
Loading

0 comments on commit ee7011d

Please sign in to comment.