feat: base files and workflows

devops-ia · Aug 16, 2024 · 55278cc · 55278cc
commit 55278cc
Show file tree

Hide file tree

Showing 18 changed files with 659 additions and 0 deletions.
diff --git a/.github/cr.yaml b/.github/cr.yaml
@@ -0,0 +1,2 @@
+generate-release-notes: true
+release-name-template: "v{{ .Version }}"
diff --git a/.github/ct.yaml b/.github/ct.yaml
@@ -0,0 +1,10 @@
+# See https://github.com/helm/chart-testing#configuration
+chart-dirs: charts
+check-version-increment: false
+debug: true
+remote: origin
+target-branch: main
+upgrade: true
+validate-chart-schema: true
+validate-maintainers: false
+validate-yaml: true
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: monthly
+  open-pull-requests-limit: 10
+  labels:
+  - enhancement
+  - dependency-management
diff --git a/.github/hack/prepare_body_pr.sh b/.github/hack/prepare_body_pr.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+DEFAULT_BASE_URL="https://github.com/bitnami/charts/releases/tag"
+
+awk -v default_base_url="$DEFAULT_BASE_URL" '
+/^[a-zA-Z]/ {
+    if (name && show && current_version && new_version && current_version != new_version) {
+        print name "\n" dashes "\n\n* **Current**: `" current_version "`\n* **Upgrade**: `" new_version "`"
+        if (name != "caldera") {
+            print "* **Changelog**: " default_base_url "/" name "/" new_version "\n"
+        }
+    }
+    name = $0;
+    getline; dashes = $0;
+    show = 1;  # Reset show flag
+    current_version = "";  # Reset current_version
+    new_version = "";  # Reset new_version
+}
+/change detected:/ {
+    getline;
+    if (match($0, /updated from "([^"]+)" to "([^"]+)"/, versions)) {
+        current_version = versions[1];
+        new_version = versions[2];
+    }
+}
+/no change detected:/ {
+    show = 0;  # Do not show this section
+}
+END {
+    if (name && show && current_version && new_version && current_version != new_version) {
+        print name "\n" dashes "\n\n* **Current**: `" current_version "`\n* **Upgrade**: `" new_version "`"
+        if (name != "caldera") {
+            print "* **Changelog**: " default_base_url "/" name "/" new_version "\n"
+        }
+    }
+}' "$1"
diff --git a/.github/updatecli/helm-appversion.yaml b/.github/updatecli/helm-appversion.yaml
@@ -0,0 +1,17 @@
+sources:
+  openbas:
+    kind: dockerimage
+    spec:
+      image: openbas/platform
+      architecture: linux/amd64
+      versionFilter:
+        kind: semver
+conditions: {}
+targets:
+  openbas:
+    name: bump chart appversion
+    kind: yaml
+    spec:
+      file: charts/openbas/Chart.yaml
+      key: $.appVersion
+    sourceid: openbas
diff --git a/.github/updatecli/helm-dependencies.yaml b/.github/updatecli/helm-dependencies.yaml
@@ -0,0 +1,66 @@
+sources:
+  caldera:
+    kind: dockerimage
+    spec:
+      image: openbas/caldera-server
+      architecture: linux/amd64
+      versionFilter:
+        kind: semver
+        pattern: '*'
+  minio:
+    kind: helmchart
+    spec:
+      url: https://charts.bitnami.com/bitnami
+      name: minio
+      versionFilter:
+        kind: semver
+        pattern: '*' # replace with CI/CD updatecli
+    sourceid: minio
+  postgresql:
+    kind: helmchart
+    spec:
+      url: https://charts.bitnami.com/bitnami
+      name: postgresql
+      versionFilter:
+        kind: semver
+        pattern: '*' # replace with CI/CD updatecli
+    sourceid: postgresql
+  rabbitmq:
+    kind: helmchart
+    spec:
+      url: https://charts.bitnami.com/bitnami
+      name: rabbitmq
+      versionFilter:
+        kind: semver
+        pattern: '*' # replace with CI/CD updatecli
+    sourceid: rabbitmq
+conditions: {}
+targets:
+  caldera:
+    name: bump chart caldera tag
+    kind: yaml
+    spec:
+      file: charts/openbas/values.yaml
+      key: $.caldera.image.tag
+    sourceid: caldera
+  minio:
+    name: bump chart dependencies
+    kind: yaml
+    spec:
+      file: charts/openbas/Chart.yaml
+      key: $.dependencies[0].version
+    sourceid: minio
+  postgresql:
+    name: bump chart dependencies
+    kind: yaml
+    spec:
+      file: charts/openbas/Chart.yaml
+      key: $.dependencies[1].version
+    sourceid: postgresql
+  rabbitmq:
+    name: bump chart dependencies
+    kind: yaml
+    spec:
+      file: charts/openbas/Chart.yaml
+      key: $.dependencies[2].version
+    sourceid: rabbitmq
diff --git a/.github/workflows/auto-assign.yaml b/.github/workflows/auto-assign.yaml
@@ -0,0 +1,20 @@
+name: Auto-assign Issue
+on:
+  issues:
+    types: [opened]
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+      - name: 'auto-assign issue'
+        uses: pozil/auto-assign-issue@v2
+        with:
+          repo-token: ${{ secrets.PAT_GITHUB }}
+          teams: devops-ia
+          removePreviousAssignees: true
diff --git a/.github/workflows/check-openbas-major-dependencies.yaml b/.github/workflows/check-openbas-major-dependencies.yaml
@@ -0,0 +1,83 @@
+name: Check OpenBAS major dependencies releases
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 1 * *' # first day of month
+
+jobs:
+  check-and-update-major-dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Prepare updatecli configuration
+        id: dependencies
+        run: |
+          # get name dependencies
+          dependencies=($(yq eval -o=json '.dependencies[] | .name' charts/openbas/Chart.yaml | xargs))
+
+          # replace version
+          for dependency in "${dependencies[@]}"; do
+            yq eval -i ".sources.${dependency}.spec.versionFilter.pattern = \"*\"" .github/updatecli/helm-dependencies.yaml
+          done
+
+      - name: Install updatecli
+        uses: updatecli/updatecli-action@v2
+
+      - name: Update dependencies
+        run: |
+          updatecli apply --config .github/updatecli/helm-dependencies.yaml --commit=false 2>&1 | tee > $GITHUB_WORKSPACE/tmp-major-output.log
+          awk '/TARGETS/{flag=1;next}/ACTIONS/{flag=0}flag' $GITHUB_WORKSPACE/tmp-major-output.log > $GITHUB_WORKSPACE/clean-major-output.log
+          chmod +x .github/hack/prepare_body_pr.sh
+          $GITHUB_WORKSPACE/.github/hack/prepare_body_pr.sh $GITHUB_WORKSPACE/clean-major-output.log > $GITHUB_WORKSPACE/major-output.log
+
+          # show PR body
+          cat major-output.log
+        shell: bash
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Update README.md Helm Chart
+        uses: losisin/helm-docs-github-action@v1
+        with:
+          chart-search-root: charts/openbas
+
+      - name: Get current date
+        id: date
+        run: |
+          echo "date=$(date -I)" >> $GITHUB_OUTPUT
+
+      - name: Create PR with changes (dry-run)
+        uses: peter-evans/create-pull-request@v6
+        if: github.event_name == 'workflow_dispatch'
+        with:
+          add-paths: charts/openbas
+          token: ${{ secrets.PAT_GITHUB }}
+          commit-message: "fix: update major dependencies version"
+          signoff: false
+          branch: fix/upgrade-openbas-major-dependencies-${{ steps.date.outputs.date }}
+          delete-branch: true
+          title: '[openbas] upgrade major dependencies (${{ steps.date.outputs.date }})'
+          body-path: major-output.log
+          draft: true
+          labels: |
+            auto-pr-bump-version
+
+      - name: Create PR with changes
+        uses: peter-evans/create-pull-request@v6
+        if: github.event_name == 'schedule'
+        with:
+          add-paths: charts/openbas
+          token: ${{ secrets.PAT_GITHUB }}
+          commit-message: "fix: update major dependencies version"
+          signoff: false
+          branch: fix/upgrade-openbas-major-dependencies-${{ steps.date.outputs.date }}
+          delete-branch: true
+          title: '[openbas] upgrade major dependencies (${{ steps.date.outputs.date }})'
+          body-path: major-output.log
+          labels: |
+            auto-pr-bump-version
diff --git a/.github/workflows/check-openbas-minor-dependencies.yaml b/.github/workflows/check-openbas-minor-dependencies.yaml
@@ -0,0 +1,85 @@
+name: Check OpenBAS minor dependencies releases
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 1' # every monday
+
+jobs:
+  check-and-update-minor-dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Prepare updatecli configuration
+        id: dependencies
+        run: |
+          # get name dependencies
+          dependencies=($(yq eval -o=json '.dependencies[] | .name' charts/openbas/Chart.yaml | xargs))
+
+          # replace version
+          for dependency in "${dependencies[@]}"; do
+            version="~$(yq eval -r ".dependencies[] | select(.name == \"${dependency}\") | .version" charts/openbas/Chart.yaml | cut -d'.' -f1)"
+            yq eval -i ".sources.${dependency}.spec.versionFilter.pattern = \"${version}\"" .github/updatecli/helm-dependencies.yaml
+          done
+
+      - name: Install updatecli
+        uses: updatecli/updatecli-action@v2
+
+      - name: Update dependencies
+        run: |
+          updatecli apply --config .github/updatecli/helm-dependencies.yaml --commit=false 2>&1 | tee > $GITHUB_WORKSPACE/tmp-minor-output.log
+          awk '/TARGETS/{flag=1;next}/ACTIONS/{flag=0}flag' $GITHUB_WORKSPACE/tmp-minor-output.log > $GITHUB_WORKSPACE/clean-minor-output.log
+          chmod +x .github/hack/prepare_body_pr.sh
+          $GITHUB_WORKSPACE/.github/hack/prepare_body_pr.sh $GITHUB_WORKSPACE/clean-minor-output.log > $GITHUB_WORKSPACE/minor-output.log
+
+          # show PR body
+          cat minor-output.log
+        shell: bash
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Update README.md Helm Chart
+        uses: losisin/helm-docs-github-action@v1
+        with:
+          chart-search-root: charts/openbas
+
+      - name: Get current date
+        id: date
+        run: |
+          echo "date=$(date -I)" >> $GITHUB_OUTPUT
+
+
+      - name: Create PR with changes (dry-run)
+        uses: peter-evans/create-pull-request@v6
+        if: github.event_name == 'workflow_dispatch'
+        with:
+          add-paths: charts/openbas
+          token: ${{ secrets.PAT_GITHUB }}
+          commit-message: "fix: update minor dependencies version"
+          signoff: false
+          branch: fix/upgrade-openbas-minor-dependencies-${{ steps.date.outputs.date }}
+          delete-branch: true
+          title: '[openbas] upgrade minor dependencies (${{ steps.date.outputs.date }})'
+          body-path: minor-output.log
+          draft: true
+          labels: |
+            auto-pr-bump-version
+
+      - name: Create PR with changes
+        uses: peter-evans/create-pull-request@v6
+        if: github.event_name == 'schedule'
+        with:
+          add-paths: charts/openbas
+          token: ${{ secrets.PAT_GITHUB }}
+          commit-message: "fix: update minor dependencies version"
+          signoff: false
+          branch: fix/upgrade-openbas-minor-dependencies-${{ steps.date.outputs.date }}
+          delete-branch: true
+          title: '[openbas] upgrade minor dependencies (${{ steps.date.outputs.date }})'
+          body-path: minor-output.log
+          labels: |
+            auto-pr-bump-version