diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f958d63..7306b39 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,243 +14,16 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - jobs: - audit: - name: Audit - runs-on: ubuntu-latest - timeout-minutes: 30 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Remove non-semver tags (from helmchart) for goreleaser to work properly - run: | - git tag -d $(git tag -l | grep -v "^v[0-9]*.[0-9]*.[0-9]*") - - - uses: actions/setup-go@v4 - with: - go-version: '1.21' - - - name: Audit - run: | - go mod download - make audit - - - name: Check Sonar Token - id: check-sonar - shell: bash - run: | - if [ "${{ secrets.SONAR_TOKEN }}" != '' ]; then - echo "available=true" >> $GITHUB_OUTPUT; - else - echo "available=false" >> $GITHUB_OUTPUT; - fi - - - name: SonarCloud Scan - if: ${{ steps.check-sonar.outputs.available == 'true' }} - uses: SonarSource/sonarcloud-github-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - build-images: - name: Build Docker Images - needs: - - audit - runs-on: ubuntu-latest - timeout-minutes: 60 - permissions: - contents: read - packages: write - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Remove non-semver tags (from helmchart) for goreleaser to work properly - run: | - git tag -d $(git tag -l | grep -v "^v[0-9]*.[0-9]*.[0-9]*") - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to the container registry - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - - name: Build and push Docker image - uses: docker/build-push-action@v5 - with: - context: ./ - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 - build-args: | - BUILD_SNAPSHOT=${{ !startsWith(github.ref, 'refs/tags/') }} - NAME=${{ github.repository }} - VERSION=${{ steps.meta.outputs.version }} - REVISION=${{ github.sha }} - - - name: Trigger test environment updates - run: | - curl -L \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{secrets.PAT_TOKEN_EXTENSION_DEPLOYER}}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/steadybit/extension-deployer/actions/workflows/extension-restart.yml/dispatches \ - -d '{"ref":"main","inputs":{"extension":"${{ github.repository }}","version":"${{ steps.meta.outputs.version }}","revision":"${{ github.sha }}"}}' - - build-packages: - name: Build Linux Packages - needs: - - audit - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Remove non-semver tags (from helmchart) for goreleaser to work properly - run: | - git tag -d $(git tag -l | grep -v "^v[0-9]*.[0-9]*.[0-9]*") - - - uses: actions/setup-go@v4 - with: - go-version: '1.21' - - - name: Export GPG key - run: | - mkdir -p gpg - echo -n "${{ secrets.MAVEN_GPG_PRIVATE_KEY }}" > gpg.key - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - with: - distribution: goreleaser - version: latest - args: release --clean ${{ !startsWith(github.ref, 'refs/tags/') && '--snapshot' || '' }} ${{ github.event_name == 'pull_request' && '--skip sign' || '' }} - env: - NFPM_KEY_FILE: gpg.key - NFPM_DEFAULT_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSWORD }} - GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }} - - - name: "[build] Upload packages to internal repositories" - if: github.event_name != 'pull_request' - run: | - REPO_USER="${{ secrets.STEADYBIT_ARTIFACT_SERVER_USERNAME }}:${{ secrets.STEADYBIT_ARTIFACT_SERVER_PASSWORD }}" - echo "Uploading deb packages to artifacts server" - find ./dist -name '*.deb' -type f | xargs -i curl -u "$REPO_USER" -X POST -H "Content-Type: multipart/form-data" --data-binary "@{}" https://artifacts.steadybit.io/repository/deb-internal/ - echo "Uploading rpm packages to artifacts server" - find ./dist -name '*.rpm' -type f | xargs -i curl -u "$REPO_USER" --upload-file {} https://artifacts.steadybit.io/repository/yum-internal/ - - - name: "[release] Upload packages to public repositories" - if: ${{ startsWith(github.ref, 'refs/tags/') }} - run: | - REPO_USER="${{ secrets.STEADYBIT_ARTIFACT_SERVER_USERNAME }}:${{ secrets.STEADYBIT_ARTIFACT_SERVER_PASSWORD }}" - echo "Uploading deb packages to artifacts server" - find ./dist -name '*.deb' -type f | xargs -i curl -u "$REPO_USER" -X POST -H "Content-Type: multipart/form-data" --data-binary "@{}" https://artifacts.steadybit.io/repository/deb/ - echo "Uploading rpm packages to artifacts server" - find ./dist -name '*.rpm' -type f | xargs -i curl -u "$REPO_USER" --upload-file {} https://artifacts.steadybit.io/repository/yum/ - - echo "Invalidating artifacts server cache" - curl -X POST -u $REPO_USER https://artifacts.steadybit.io/service/rest/v1/repositories/yum-proxy/invalidate-cache - curl -X POST -u $REPO_USER https://artifacts.steadybit.io/service/rest/v1/repositories/yum-public/invalidate-cache - curl -X POST -u $REPO_USER https://artifacts.steadybit.io/service/rest/v1/repositories/deb-public/invalidate-cache - - test-helm-charts: - name: "Test Helm Charts" - runs-on: ubuntu-latest - needs: - - audit - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@v3 - with: - version: v3.12.2 - - - name: Add dependency chart repos - run: | - helm repo add steadybit https://steadybit.github.io/helm-charts - - - uses: actions/setup-python@v4 - with: - python-version: "3.10" - - - name: Add unit testing plugin - run: | - helm plugin install https://github.com/helm-unittest/helm-unittest.git - - - name: Run unit tests - run: make charttesting - - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 - - - name: Run chart-testing (lint) - run: ct lint --config chartTesting.yaml - - release-helm-chart: - name: "Release Helm Chart" - runs-on: ubuntu-latest - needs: - - test-helm-charts - if: github.ref == 'refs/heads/main' - - permissions: - contents: write - - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Set up Helm - uses: azure/setup-helm@v3 - with: - version: v3.12.2 - - - name: Add dependency chart repos - run: | - helm repo add steadybit https://steadybit.github.io/helm-charts - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.6.0 - with: - charts_dir: charts - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + extension-ci: + uses: steadybit/extension-kit/.github/workflows/reusable-extension-ci.yml@main + with: + build_linux_packages: true + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + PAT_TOKEN_EXTENSION_DEPLOYER: ${{ secrets.PAT_TOKEN_EXTENSION_DEPLOYER }} + MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} + MAVEN_GPG_PRIVATE_KEY_PASSWORD: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSWORD }} + PAT_TOKEN_GORELEASER: ${{ secrets.PAT_TOKEN }} + STEADYBIT_ARTIFACT_SERVER_USERNAME: ${{ secrets.STEADYBIT_ARTIFACT_SERVER_USERNAME }} + STEADYBIT_ARTIFACT_SERVER_PASSWORD: ${{ secrets.STEADYBIT_ARTIFACT_SERVER_PASSWORD }}