Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: 53 update ci workflows for best practices and standards #62

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
b9d163f
ci: added dependabot.yml, updated codeowners began workflow update
rbarkerSL Apr 5, 2024
08a704a
ci: updated the actions to pin to commits
rbarkerSL Apr 5, 2024
46b2131
ci: Updated the workflows
rbarkerSL Apr 5, 2024
1ae1b10
Updated runners for the actions.
rbarkerSL Apr 5, 2024
a14b2a5
Added the hardened runner step
rbarkerSL Apr 18, 2024
15f086c
Merge branch 'main' into 53-update-ci-workflows-for-best-practices-an…
rbarkerSL Apr 24, 2024
e48ddb9
Updated everything to for best practices/security.
rbarkerSL Apr 24, 2024
8941112
Added workflow-dispatch triggers on the non-release workflows
rbarkerSL Apr 25, 2024
04ac6df
updated dependabot
rbarkerSL Apr 26, 2024
3dfe687
Merge branch 'main' into 53-update-ci-workflows-for-best-practices-an…
rbarkerSL Apr 26, 2024
6f63b78
Updated the install for k3d.
rbarkerSL Apr 26, 2024
5ebcaf2
reverted to using curl instead of brew
rbarkerSL Apr 26, 2024
203fcfb
Include kubectl
rbarkerSL Apr 26, 2024
2ae6039
Updated htg chart install file to bring in kubectl
rbarkerSL Apr 26, 2024
fbb7c43
Playing with the lua install. Removed unnecessary workflow_dispatch:
rbarkerSL Apr 26, 2024
e770dd9
Playing with the lua install further
rbarkerSL Apr 26, 2024
19822cd
Manually calling sudo apt-get install on liblua
rbarkerSL Apr 26, 2024
cb05150
manually installing lua 5.3 round 2
rbarkerSL Apr 26, 2024
d305f79
round three lua install
rbarkerSL Apr 26, 2024
8d19352
Reverted to lua action
rbarkerSL Apr 26, 2024
7e345d1
Selected the explicit latest of lua 5.3 (5.3.6)
rbarkerSL Apr 26, 2024
4e4a4d1
manually prepping the lua install
rbarkerSL Apr 26, 2024
a84ae07
Updating apt-get first
rbarkerSL Apr 26, 2024
9961959
Playing with lua still :|
rbarkerSL Apr 26, 2024
4578c27
found issue with leafo/gh-actions-lua on self-hosted runner.
rbarkerSL Apr 26, 2024
c635bc6
Added explicitly lua path for luarocks
rbarkerSL Apr 26, 2024
901807c
Updated lua path
rbarkerSL Apr 26, 2024
7067add
added luac to manual install props
rbarkerSL Apr 26, 2024
dd843d3
Updated lua install paths
rbarkerSL Apr 26, 2024
ebcb437
added priority on sudo update-alternatives calls
rbarkerSL Apr 26, 2024
a4ef984
Removed lua alternative location
rbarkerSL Apr 26, 2024
2e1c668
Debug info added
rbarkerSL Apr 26, 2024
de601be
Using the path specified on which lua with lua -v
rbarkerSL Apr 26, 2024
d180ffe
More debug
rbarkerSL Apr 26, 2024
9ed5144
manually going after luarocks
rbarkerSL Apr 26, 2024
72cf3dd
luarocks install attempt #2
rbarkerSL Apr 26, 2024
94accd2
Verifiying luarocks info
rbarkerSL Apr 26, 2024
a6ac5c1
Updated path to luarocks
rbarkerSL Apr 26, 2024
992c5bb
run luarocks as sudoer
rbarkerSL Apr 26, 2024
f0bb493
Revisited how i'm pulling in lua
rbarkerSL Apr 26, 2024
0f363ca
Installing lua from source and luarocks
rbarkerSL Apr 27, 2024
f5a7fe3
Forgot to add the -y flag on the apt-get install
rbarkerSL Apr 27, 2024
fbd8d14
back to pulling lua from apt-get
rbarkerSL Apr 27, 2024
0436438
switched protocol from curl to wget
rbarkerSL Apr 27, 2024
0416aa5
Playing with lua continues.
rbarkerSL Apr 27, 2024
b246169
adding liblua5.3-dev
rbarkerSL Apr 27, 2024
80acc94
Added a little bit of code cleanup
rbarkerSL Apr 27, 2024
6c9b9c5
Updates made per PR
rbarkerSL Apr 29, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 31 additions & 5 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,47 @@
##### Global Protection Rule ######
###################################
# NOTE: This rule is overriden by the more specific rules below. This is the catch-all rule for all files not covered by the more specific rules below
* @hashgraph/hedera-smart-contracts
* @hashgraph/hedera-smart-contracts @hashgraph/release-engineering @hashgraph/release-engineering-managers

#############################
##### Auth-Layer-Proxy ######
#############################
/auth-layer-proxy/ @AlfredoG87 @Nana-EC @hashgraph/hedera-smart-contracts
/charts/auth-layer-proxy/ @AlfredoG87 @Nana-EC @beeradb @hashgraph/hedera-smart-contracts
/auth-layer-proxy/ @AlfredoG87 @Nana-EC @hashgraph/hedera-smart-contracts @hashgraph/release-engineering @hashgraph/release-engineering-managers
/charts/auth-layer-proxy/ @AlfredoG87 @Nana-EC @beeradb @hashgraph/hedera-smart-contracts @hashgraph/release-engineering @hashgraph/release-engineering-managers

###############################
##### Charts ######
###############################
/charts/ @AlfredoG87 @Nana-EC @beeradb @hashgraph/hedera-smart-contracts
/charts/ @AlfredoG87 @Nana-EC @beeradb @hashgraph/hedera-smart-contracts @hashgraph/release-engineering @hashgraph/release-engineering-managers

###############################
##### Subgraphs ######
###############################
/subgraphs/ @AlfredoG87 @Nana-EC @hashgraph/hedera-smart-contracts
/subgraphs/ @AlfredoG87 @Nana-EC @hashgraph/hedera-smart-contracts @hashgraph/release-engineering @hashgraph/release-engineering-managers

#########################
##### Core Files ######
#########################

# NOTE: Must be placed last to ensure enforcement over all other rules

# Protection Rules for Github Configuration Files and Actions Workflows
/.github/ @hashgraph/release-engineering @hashgraph/release-engineering-managers

# Codacy Tool Configurations
/config/ @hashgraph/release-engineering @hashgraph/release-engineering-managers
.remarkrc @hashgraph/release-engineering @hashgraph/release-engineering-managers

# Self-protection for root CODEOWNERS files (this file should not exist and should definitely require approval)
/CODEOWNERS @hashgraph/release-engineering @hashgraph/release-engineering-managers

# Protect the repository root files
/README.md @hashgraph/release-engineering @hashgraph/release-engineering-managers
**/LICENSE @hashgraph/release-engineering @hashgraph/release-engineering-managers

# CodeCov configuration
**/codecov.yml @hashgraph/release-engineering @hashgraph/release-engineering-managers

# Git Ignore definitions
**/.gitignore @hashgraph/release-engineering @hashgraph/release-engineering-managers
**/.gitignore.* @hashgraph/release-engineering @hashgraph/release-engineering-managers
16 changes: 16 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily

- package-ecosystem: docker
directory: /auth-layer-proxy
schedule:
interval: daily

- package-ecosystem: npm
directory: /subgraphs/
schedule:
interval: daily
32 changes: 28 additions & 4 deletions .github/workflows/auth-layer-chart-install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,39 @@ on:
branches: [ main, release/*]
tags: [ v* ]

defaults:
run:
shell: bash

permissions:
contents: read

jobs:
install:
runs-on: ubuntu-latest
name: Install
runs-on: [ self-hosted, Linux, medium, ephemeral ]
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit

- name: Setup Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.10"

- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
fetch-depth: 0

- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0

- name: Install kubectl
uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0

- name: Install k3d
run: curl --retry 3 -fsL https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash

Expand All @@ -24,10 +48,10 @@ jobs:
timeout-minutes: 3

- name: Set up Docker Qemu
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0

- name: Install ct
uses: helm/[email protected]
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

- name: Install chart
run: ct install --helm-extra-args="--timeout 10m" --helm-extra-set-args="--set=global.auth.clientSecret=abcd1234" --charts charts/hedera-the-graph-auth-layer --config .github/ct.yaml
27 changes: 24 additions & 3 deletions .github/workflows/charts-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,36 @@ on:
branches: [ main, release/*]
tags: [ v* ]

defaults:
run:
shell: bash

permissions:
contents: read

jobs:
lint:
runs-on: ubuntu-latest
name: Lint
runs-on: [ self-hosted, Linux, medium, ephemeral ]
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit

- name: Setup Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.10"

- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3

- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0

- name: Install ct
uses: helm/[email protected]
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

- name: Run lint
run: ct lint --config .github/ct.yaml --all
34 changes: 29 additions & 5 deletions .github/workflows/hedera-the-graph-chart-install.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Hedera-TheGraph Charts
name: Charts

on:
pull_request:
Expand All @@ -7,15 +7,39 @@ on:
branches: [ main, release/*]
tags: [ v* ]

defaults:
run:
shell: bash

permissions:
contents: read

jobs:
install:
runs-on: ubuntu-latest
name: Install
runs-on: [self-hosted, Linux, medium, ephemeral]
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit

- name: Setup Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.10"

- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
fetch-depth: 0

- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0

- name: Install kubectl
uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0

- name: Install k3d
run: curl --retry 3 -fsL https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash

Expand All @@ -24,10 +48,10 @@ jobs:
timeout-minutes: 3

- name: Set up Docker Qemu
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0

- name: Install ct
uses: helm/[email protected]
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

- name: Install chart
run: ct install --helm-extra-args="--timeout 10m" --charts charts/hedera-the-graph --config .github/ct.yaml
Expand Down
58 changes: 44 additions & 14 deletions .github/workflows/proxy-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,37 +5,67 @@ on:
branches: [ main, release/**]
push:
branches: [ main, release/*]
tags: [ v* ]
tags: [ v*, v*.*.* ]

defaults:
run:
shell: bash

permissions:
contents: read

jobs:
proxy-tests:
runs-on: ubuntu-latest
name: Proxy Tests
runs-on: [self-hosted, Linux, medium, ephemeral]
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3

- name: Install Lua
uses: leafo/gh-actions-lua@v8
with:
luaVersion: '5.3'
#############
# Note: leafo/gh-actions-lua doesn't seem to work with self-hosted runners
rbarkerSL marked this conversation as resolved.
Show resolved Hide resolved
# See issue #33 https://github.com/leafo/gh-actions-lua/issues/33

#- name: Install Lua
# uses: leafo/gh-actions-lua@35bcb06abec04ec87df82e08caa84d545348536e # v10.0.0
# with:
# luaVersion: '5.3'

#- name: Install LuaRocks
# uses: leafo/gh-actions-luarocks@e65774a6386cb4f24e293dca7fc4ff89165b64c5 # v4.3.0
##############

- name: Lua Install
run: |
sudo apt-get update
sudo apt-get install build-essential libreadline-dev lua5.3 liblua5.3-dev -y

- name: Install LuaRocks
uses: leafo/gh-actions-luarocks@v4
- name: Luarocks Install
run: |
sudo apt-get update && sudo apt-get install wget -y
wget https://luarocks.org/releases/luarocks-3.8.0.tar.gz
tar xzfp luarocks-3.8.0.tar.gz; cd luarocks-3.8.0
./configure && make && sudo make install

- name: Install lunatest
run: luarocks install lunatest
run: sudo luarocks install lunatest
rbarkerSL marked this conversation as resolved.
Show resolved Hide resolved

- name: Install luacov
run: luarocks install luacov
run: sudo luarocks install luacov

- name: Install luacov-console
run: luarocks install luacov-console
run: sudo luarocks install luacov-console

- name: Install cjson
run: luarocks install lua-cjson
run: sudo luarocks install lua-cjson

- name: Install luasocket
run: luarocks install luasocket
run: sudo luarocks install luasocket

- name: Run tests
run: lua test.lua
Expand Down
25 changes: 19 additions & 6 deletions .github/workflows/release-integration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,35 +5,48 @@ on:
branches: [ main ]
workflow_dispatch:

defaults:
run:
shell: bash

permissions:
contents: read

env:
OWNER: hashgraph
REGISTRY: ghcr.io

jobs:
publish:
runs-on: ubuntu-latest
name: Publish
runs-on: [self-hosted, Linux, medium, ephemeral]

steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3

- name: Login to GitHub Container Registry
uses: docker/login-action@v2
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Qemu
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
with:
driver-opts: network=host

- name: Build and push images
uses: docker/build-push-action@v2
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: ./auth-layer-proxy
file: ./auth-layer-proxy/Dockerfile
Expand Down
Loading