Setup env-loader CI/CD and dev tooling

gravitational · Nov 4, 2024 · 9b6952d · 9b6952d
1 parent ff09e6b
commit 9b6952d
Show file tree

Hide file tree

Showing 16 changed files with 407 additions and 295 deletions.
diff --git a/.github/workflows/changelog-cd.yaml b/.github/workflows/changelog-cd.yaml
@@ -13,122 +13,13 @@ on:
     paths:
       - tools/changelog/workflows/cd.yaml
       - .github/workflows/changelog-cd.yaml
-
-env:
-  TOOL_DIRECTORY: tools/changelog
+      - tools/repo-release-tooling/workflows/reusable-cd.yaml
 
 jobs:
   release:
-    name: Release
-    runs-on: ubuntu-latest
+    uses: ./tools/repo-release-tooling/workflows/reusable-cd.yaml
     permissions:
-      contents: write # Needed to create the release
-      packages: write # Needed to upload the images to GHCR
-    steps:
-      # Setup
-      - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Create event-specific values
-        id: setup
-        run: |
-          # Determine if the workflow was triggered via a push to main or a tag
-          # and get the version based off of that
-          if [[ "${GITHUB_REF}" =~ refs/tags/.* ]]; then
-            # Transforms tag refs like refs/tags/tools/changelog/v1.2.3 into v1.2.3
-            echo "version=${GITHUB_REF#refs/tags/tools/changelog}" >> "${GITHUB_OUTPUT}"
-
-            # Eventually the parse-version action from the teleport.e repo
-            # should move into this repo and replace this logic
-            echo "should-release=true" >> "${GITHUB_OUTPUT}"
-            
-            # Any '-' character means in a tag ref means that it is a prerelease
-            if [[ "${GITHUB_REF}" == *-* ]]; then
-              echo "is-prerelease=true" >> "${GITHUB_OUTPUT}"
-            fi
-          fi
-
-      # Build the binaries
-      - name: Setup Go
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
-        with:
-          go-version-file: '${{ env.TOOL_DIRECTORY }}/go.mod'
-
-      - name: Build the project
-        working-directory: ${{ env.TOOL_DIRECTORY }}
-        run: |
-          make tarball OS=linux ARCH=amd64
-          make tarball OS=linux ARCH=arm64
-          make tarball OS=darwin ARCH=amd64
-          make tarball OS=darwin ARCH=arm64
-          make tarball OS=windows ARCH=arm64
-
-      # Build and push the image
-      - name: Install docker buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
-
-      - name: Login to GitHub Container Registry
-        id: login-ghcr
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Prepare container image labels and tags
-        id: meta
-        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
-        with:
-          images: |
-            ghcr.io/${{ github.repository_owner }}/changelog
-          flavor: |
-            latest=false
-          # Enable sha tag on branch push events and pull requests.
-          # Enable semver tags on tag push events, but don't overwrite major/minor tags for prereleases.
-          # Semver tags won't be generated except upon tag events.
-          tags: |
-            type=sha,prefix=v0.0.0-{{branch}}-,enable=${{ startsWith(github.ref, 'refs/heads/') }}
-            type=sha,prefix=v0.0.0-{{base_ref}}-,enable=${{ github.event_name == 'pull_request' }}
-            type=semver,pattern={{major}},value=${{ steps.setup.outputs.version }},enable=${{ steps.setup.outputs.is-prerelease != 'true' }}
-            type=semver,pattern={{major}}.{{minor}},value=${{ steps.setup.outputs.version }},enable=${{ steps.setup.outputs.is-prerelease != 'true' }}
-            type=semver,pattern={{version}},value=${{ steps.setup.outputs.version }}
-
-      - name: Build the container image and push
-        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
-        with:
-          context: ${{ env.TOOL_DIRECTORY }}
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          annotations: ${{ steps.meta.outputs.annotations }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          platforms: |
-            linux/amd64
-            linux/arm64
-          provenance: true
-          sbom: true
-
-      # File a new release with the tarballs attached
-      - name: Create a new GitHub release
-        if: ${{ steps.setup.outputs.should-release == 'true' }}
-        working-directory: ${{ env.TOOL_DIRECTORY }}
-        env:
-          VERSION: ${{ steps.setup.outputs.version }}
-          IS_PRERELEASE: ${{ steps.setup.outputs.is-prerelease }}
-        run: |
-          if [[ "${IS_PRERELEASE}" == 'true' ]]; then
-            EXTRA_FLAGS=("--prerelease")
-          else
-            EXTRA_FLAGS=("--latest")
-          fi
-
-          readarray -d '' RELEASE_TARBALLS < <(
-            find . -name '*.tar.gz' -print0
-          )
-
-          echo "Creating a release for ${VERSION} with files:"
-          ls -lh "${RELEASE_TARBALLS[@]}"
-
-          gh release create --title "changelog ${VERSION}" --verify-tag \
-            --generate-notes "${EXTRA_FLAGS[@]}" "${GITHUB_REF_NAME}" \
-            "${RELEASE_TARBALLS[@]}"
+      contents: write
+      packages: write
+    with:
+      tool-directory: ./tools/changelog
diff --git a/.github/workflows/changelog-ci.yaml b/.github/workflows/changelog-ci.yaml
@@ -4,50 +4,11 @@ name: Changelog generator CI
 on:
   pull_request:
 
-env:
-  TOOL_DIRECTORY: tools/changelog
-
 jobs:
-  test:
-    name: Run tests
-    runs-on: ubuntu-latest
-    steps:
-      # Determine if tests should run
-      # This is a monorepo and GH checks cannot be required for only specific
-      # paths, so this is required instead of a trigger `paths` filter.
-      - name: Check if relavent files have changed
-        id: changes
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        with:
-          filters: |
-            tool:
-              - 'tools/changelog/**'
-              - '.github/workflows/changelog-ci.yaml'
-
-      # Setup
-      - name: Checkout repository
-        if: steps.changes.outputs.tool == 'true'
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Setup Go
-        if: steps.changes.outputs.tool == 'true'
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
-        with:
-          go-version-file: "${{ env.TOOL_DIRECTORY }}/go.mod"
-
-      # Linting
-      - name: Install golangci-lint
-        if: steps.changes.outputs.tool == 'true'
-        run: go install github.com/golangci/golangci-lint/cmd/[email protected]
-      - name: Lint
-        if: steps.changes.outputs.tool == 'true'
-        working-directory: ${{ env.TOOL_DIRECTORY }}
-        run: make lint
-
-      # Tests
-      - name: Install gotestsum
-        if: steps.changes.outputs.tool == 'true'
-        run: go install gotest.tools/[email protected]
-      - name: Run tests
-        if: steps.changes.outputs.tool == 'true'
-        working-directory: ${{ env.TOOL_DIRECTORY }}
-        run: make test
+  release:
+    uses: ./tools/repo-release-tooling/workflows/reusable-ci.yaml
+    permissions:
+      contents: write
+      packages: write
+    with:
+      tool-directory: ./tools/changelog
diff --git a/.github/workflows/env-loader-cd.yaml b/.github/workflows/env-loader-cd.yaml
@@ -0,0 +1,25 @@
+---
+name: Environment value loader CD
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - tools/env-loader
+    tags:
+      - "tools/env-loader/v[0-9]+.[0-9]+.[0-9]+**"
+  pull_request:
+    paths:
+      - tools/env-loader/workflows/cd.yaml
+      - .github/workflows/env-loader-cd.yaml
+      - tools/repo-release-tooling/workflows/reusable-cd.yaml
+
+jobs:
+  release:
+    uses: ./tools/repo-release-tooling/workflows/reusable-cd.yaml
+    permissions:
+      contents: write
+      packages: write
+    with:
+      tool-directory: ./tools/env-loader
diff --git a/.github/workflows/env-loader-ci.yaml b/.github/workflows/env-loader-ci.yaml
@@ -0,0 +1,14 @@
+---
+name: Environment value loader CI
+
+on:
+  pull_request:
+
+jobs:
+  release:
+    uses: ./tools/repo-release-tooling/workflows/reusable-ci.yaml
+    permissions:
+      contents: write
+      packages: write
+    with:
+      tool-directory: ./tools/env-loader
diff --git a/tools/changelog/Makefile b/tools/changelog/Makefile
@@ -1,34 +1,3 @@
-OS ?= $(shell uname -s | tr '[[:upper:]]' '[[:lower:]]')
-ARCH ?= $(shell uname -m)
 TOOL_NAME = changelog
-BUILD_DIR = build/$(OS)/$(ARCH)
-VERSION = v0.0.0-dev
-BINARY_NAME = $(TOOL_NAME)
-ifeq ($(OS),windows)
-BINARY_NAME := $(BINARY_NAME).exe
-endif
 
-lint:
-	@golangci-lint run ./... --out-format colored-line-number
-
-test:
-	@gotestsum --format github-actions ./... -- -shuffle on -timeout 2m -race
-
-binary:
-	@echo "Building for $(OS)/$(ARCH) and writing to $(BUILD_DIR)"
-	@mkdir -p "$(BUILD_DIR)"
-	@GOOS=$(OS) GOARCH=$(ARCH) go build -o "$(BUILD_DIR)/" -ldflags="-s -w"
-
-tarball: TARBALL_NAME = $(TOOL_NAME)-$(VERSION)-$(OS)-$(ARCH).tar.gz
-tarball: binary
-	tar -C "$(BUILD_DIR)" -czvf "$(BUILD_DIR)/$(TARBALL_NAME)" "$(BINARY_NAME)" > /dev/null
-
-container-image: OS = linux
-container-image: binary
-	@docker buildx build --platform="linux/$(ARCH)" -t "$(TOOL_NAME)" .
-
-clean:
-	@rm -rf build/
-	@docker image rm -f "$(TOOL_NAME):$(VERSION)" 2> /dev/null
-
-.PHONY: lint test binary tarball container-image clean
+include ../repo-release-tooling/tooling.mk
diff --git a/tools/env-loader/Makefile b/tools/env-loader/Makefile
@@ -0,0 +1,4 @@
+TOOL_NAME = env-loader
+PACKAGE_PATH = ./cmd/env-loader.go
+
+include ../repo-release-tooling/tooling.mk
diff --git a/tools/env-loader/go.mod b/tools/env-loader/go.mod
@@ -1,6 +1,6 @@
 module github.com/gravitational/shared-workflows/tools/env-loader
 
-go 1.23.1
+go 1.23.2
 
 require (
 	github.com/alecthomas/kingpin/v2 v2.4.0
@@ -11,47 +11,47 @@ require (
 )
 
 require (
-	cel.dev/expr v0.16.2 // indirect
+	cel.dev/expr v0.18.0 // indirect
 	cloud.google.com/go v0.116.0 // indirect
-	cloud.google.com/go/auth v0.9.9 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/auth v0.10.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
-	cloud.google.com/go/iam v1.2.1 // indirect
-	cloud.google.com/go/kms v1.20.0 // indirect
-	cloud.google.com/go/longrunning v0.6.1 // indirect
-	cloud.google.com/go/monitoring v1.21.1 // indirect
-	cloud.google.com/go/storage v1.45.0 // indirect
+	cloud.google.com/go/iam v1.2.2 // indirect
+	cloud.google.com/go/kms v1.20.1 // indirect
+	cloud.google.com/go/longrunning v0.6.2 // indirect
+	cloud.google.com/go/monitoring v1.21.2 // indirect
+	cloud.google.com/go/storage v1.46.0 // indirect
 	filippo.io/age v1.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.3 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.3 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.3 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect
 	github.com/ProtonMail/go-crypto v1.1.0-beta.0-proton // indirect
 	github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b // indirect
-	github.com/aws/aws-sdk-go-v2 v1.32.2 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.32.3 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.28.0 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.41 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.33 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.28.1 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.42 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.22 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.37.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.66.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.37.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.66.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 // indirect
 	github.com/aws/smithy-go v1.22.0 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
@@ -121,12 +121,12 @@ require (
 	golang.org/x/term v0.25.0 // indirect
 	golang.org/x/text v0.19.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
-	google.golang.org/api v0.201.0 // indirect
-	google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 // indirect
+	google.golang.org/api v0.204.0 // indirect
+	google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
 	google.golang.org/grpc v1.67.1 // indirect
-	google.golang.org/grpc/stats/opentelemetry v0.0.0-20241022174616-4bb0170ac65f // indirect
+	google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3 // indirect
 	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 )