Skip to content

Commit

Permalink
Merge pull request #63 from janwillies/bundled-provider
Browse files Browse the repository at this point in the history 
update to bundled provider images
  • Loading branch information
@janwillies
janwillies authored Oct 12, 2022
2 parents 7824323 + afa20bb commit 59b5cee
Show file tree
Hide file tree
Showing 31 changed files with 2,797 additions and 1,038 deletions.
34 changes: 34 additions & 0 deletions .github/workflows/backport.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Backport

on:
# NOTE(negz): This is a risky target, but we run this action only when and if
# a PR is closed, then filter down to specifically merged PRs. We also don't
# invoke any scripts, etc from within the repo. I believe the fact that we'll
# be able to review PRs before this runs makes this fairly safe.
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
pull_request_target:
types: [closed]
# See also commands.yml for the /backport triggered variant of this workflow.

jobs:
# NOTE(negz): I tested many backport GitHub actions before landing on this
# one. Many do not support merge commits, or do not support pull requests with
# more than one commit. This one does. It also handily links backport PRs with
# new PRs, and provides commentary and instructions when it can't backport.
# The main gotchas with this action are that it _only_ supports merge commits,
# and that PRs _must_ be labelled before they're merged to trigger a backport.
open-pr:
runs-on: ubuntu-20.04
if: github.event.pull_request.merged
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Open Backport PR
uses: zeebe-io/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
github_workspace: ${{ github.workspace }}
version: v0.0.4
74 changes: 44 additions & 30 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,20 @@ on:

env:
# Common versions
GO_VERSION: '1.16'
GOLANGCI_VERSION: 'v1.38.0'
DOCKER_BUILDX_VERSION: 'v0.5.1'
GO_VERSION: '1.18'
GOLANGCI_VERSION: 'v1.47.1'
DOCKER_BUILDX_VERSION: 'v0.8.2'

# Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
# a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
# credentials have been provided before trying to run steps that need them.
DOCKER_USR: ${{ secrets.DOCKER_USR }}
CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }}
XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }}
AWS_USR: ${{ secrets.AWS_USR }}

jobs:
detect-noop:
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
outputs:
noop: ${{ steps.noop.outputs.should_skip }}
steps:
Expand All @@ -36,7 +37,7 @@ jobs:


lint:
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'

Expand All @@ -46,9 +47,14 @@ jobs:
with:
submodules: true

- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}

- name: Find the Go Build Cache
id: go
run: echo "::set-output name=cache::$(go env GOCACHE)"
run: echo "::set-output name=cache::$(make go.cachedir)"

- name: Cache the Go Build Cache
uses: actions/cache@v2
Expand All @@ -67,17 +73,15 @@ jobs:
- name: Vendor Dependencies
run: make vendor vendor.check

# This action uses its own setup-go, which always seems to use the latest
# stable version of Go. We could run 'make lint' to ensure our desired Go
# version, but we prefer this action because it leaves 'annotations' (i.e.
# it comments on PRs to point out linter violations).
# We could run 'make lint' but we prefer this action because it leaves
# 'annotations' (i.e. it comments on PRs to point out linter violations).
- name: Lint
uses: golangci/golangci-lint-action@v2
uses: golangci/golangci-lint-action@v3
with:
version: ${{ env.GOLANGCI_VERSION }}

check-diff:
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'

Expand All @@ -94,7 +98,7 @@ jobs:

- name: Find the Go Build Cache
id: go
run: echo "::set-output name=cache::$(go env GOCACHE)"
run: echo "::set-output name=cache::$(make go.cachedir)"

- name: Cache the Go Build Cache
uses: actions/cache@v2
Expand All @@ -117,7 +121,7 @@ jobs:
run: make check-diff

unit-tests:
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'

Expand All @@ -137,7 +141,7 @@ jobs:

- name: Find the Go Build Cache
id: go
run: echo "::set-output name=cache::$(go env GOCACHE)"
run: echo "::set-output name=cache::$(make go.cachedir)"

- name: Cache the Go Build Cache
uses: actions/cache@v2
Expand Down Expand Up @@ -166,7 +170,7 @@ jobs:
file: _output/tests/linux_amd64/coverage.txt

e2e-tests:
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'

Expand Down Expand Up @@ -197,7 +201,7 @@ jobs:

- name: Find the Go Build Cache
id: go
run: echo "::set-output name=cache::$(go env GOCACHE)"
run: echo "::set-output name=cache::$(make go.cachedir)"

- name: Cache the Go Build Cache
uses: actions/cache@v2
Expand All @@ -213,6 +217,7 @@ jobs:
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-pkg-
- name: Vendor Dependencies
run: make vendor vendor.check

Expand All @@ -227,7 +232,7 @@ jobs:
run: make e2e USE_HELM3=true

publish-artifacts:
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'

Expand Down Expand Up @@ -258,7 +263,7 @@ jobs:

- name: Find the Go Build Cache
id: go
run: echo "::set-output name=cache::$(go env GOCACHE)"
run: echo "::set-output name=cache::$(make go.cachedir)"

- name: Cache the Go Build Cache
uses: actions/cache@v2
Expand All @@ -283,33 +288,42 @@ jobs:
# We're using docker buildx, which doesn't actually load the images it
# builds by default. Specifying --load does so.
BUILD_ARGS: "--load"

- name: Publish Artifacts to GitHub
uses: actions/upload-artifact@v2
with:
name: output
path: _output/**

- name: Login to Docker
uses: docker/login-action@v1
if: env.DOCKER_USR != ''
if: env.CONTRIB_DOCKER_USR != ''
with:
username: ${{ secrets.DOCKER_USR }}
password: ${{ secrets.DOCKER_PSW }}

username: ${{ secrets.CONTRIB_DOCKER_USR }}
password: ${{ secrets.CONTRIB_DOCKER_PSW }}

- name: Login to Upbound
uses: docker/login-action@v1
if: env.XPKG_ACCESS_ID != ''
with:
registry: xpkg.upbound.io
username: ${{ secrets.XPKG_ACCESS_ID }}
password: ${{ secrets.XPKG_TOKEN }}

- name: Publish Artifacts to S3 and Docker Hub
run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/}
if: env.AWS_USR != '' && env.DOCKER_USR != ''
if: env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != ''
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}
GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Promote Artifacts in S3 and Docker Hub
if: github.ref == 'refs/heads/master' && env.AWS_USR != '' && env.DOCKER_USR != ''
if: github.ref == 'refs/heads/master' && env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != ''
run: make -j2 promote
env:
BRANCH_NAME: master
CHANNEL: master
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}

92 changes: 92 additions & 0 deletions .github/workflows/commands.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
name: Comment Commands

on: issue_comment

jobs:
points:
runs-on: ubuntu-20.04
if: startsWith(github.event.comment.body, '/points')

steps:
- name: Extract Command
id: command
uses: xt0rted/slash-command-action@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
command: points
reaction: "true"
reaction-type: "eyes"
allow-edits: "false"
permission-level: write
- name: Handle Command
uses: actions/github-script@v4
env:
POINTS: ${{ steps.command.outputs.command-arguments }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const points = process.env.POINTS
if (isNaN(parseInt(points))) {
console.log("Malformed command - expected '/points <int>'")
github.reactions.createForIssueComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: context.payload.comment.id,
content: "confused"
})
return
}
const label = "points/" + points
// Delete our needs-points-label label.
try {
await github.issues.deleteLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: ['needs-points-label']
})
console.log("Deleted 'needs-points-label' label.")
}
catch(e) {
console.log("Label 'needs-points-label' probably didn't exist.")
}
// Add our points label.
github.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: [label]
})
console.log("Added '" + label + "' label.")
# NOTE(negz): See also backport.yml, which is the variant that triggers on PR
# merge rather than on comment.
backport:
runs-on: ubuntu-20.04
if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/backport')
steps:
- name: Extract Command
id: command
uses: xt0rted/slash-command-action@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
command: backport
reaction: "true"
reaction-type: "eyes"
allow-edits: "false"
permission-level: write

- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Open Backport PR
uses: zeebe-io/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
github_workspace: ${{ github.workspace }}
version: v0.0.4
23 changes: 16 additions & 7 deletions .github/workflows/promote.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,37 +12,46 @@ on:
default: 'alpha'

env:
# Common versions
GO_VERSION: '1.18'

# Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
# a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
# credentials have been provided before trying to run steps that need them.
DOCKER_USR: ${{ secrets.DOCKER_USR }}
CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }}
AWS_USR: ${{ secrets.AWS_USR }}

jobs:
promote-artifacts:
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04

steps:
- name: Checkout
uses: actions/checkout@v2
with:
submodules: true

- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}

- name: Fetch History
run: git fetch --prune --unshallow

- name: Login to Docker
uses: docker/login-action@v1
if: env.DOCKER_USR != ''
if: env.CONTRIB_DOCKER_USR != ''
with:
username: ${{ secrets.DOCKER_USR }}
password: ${{ secrets.DOCKER_PSW }}
username: ${{ secrets.CONTRIB_DOCKER_USR }}
password: ${{ secrets.CONTRIB_DOCKER_PSW }}

- name: Promote Artifacts in S3 and Docker Hub
if: env.AWS_USR != '' && env.DOCKER_USR != ''
if: env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != ''
run: make -j2 promote BRANCH_NAME=${GITHUB_REF##*/}
env:
VERSION: ${{ github.event.inputs.version }}
CHANNEL: ${{ github.event.inputs.channel }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}

2 changes: 1 addition & 1 deletion .github/workflows/tag.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ on:

jobs:
create-tag:
runs-on: ubuntu-18.04
runs-on: ubuntu-20.04

steps:
- name: Checkout
Expand Down
Loading

0 comments on commit 59b5cee

Please sign in to comment.