ci: configure CI/CD and release pipelines (#11)

Set up CI/CD pipeline

This is a 3 step ci:
* on PRs (or workflow dispatches) run the CI to catch problems,
  build testing images and attach manifest to the workflow
* on pushes on main, run release-please to prepare releases,
  and build testing images for main
* on releases, publish official images and attach a manifest to the release

---------

Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Co-authored-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Co-authored-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>

.github/workflows/ci.yml

@@ -0,0 +1,41 @@
+name: CI
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        # We need the full history for the commitlint task
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Install Task
+        uses: arduino/setup-task@v2
+      - name: Install Dagger
+        env:
+          # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
+          DAGGER_VERSION: 0.12.4
+        run: |
+          curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=$HOME/.local/bin sh
+      - name: Run CI task
+        run: |
+          task ci
+      - name: Write manifest
+        run: |
+          task manifest
+      - name: Publish images
+        env:
+          REGISTRY_USER: ${{ github.actor }}
+          REGISTRY_PASSWORD: ${{ secrets.REPO_PAT }}
+        run: |
+          task publish
+      - name: Attach manifest to workflow run
+        uses: actions/upload-artifact@v4
+        with:
+          name: manifest.yaml
+          path: ./manifest.yaml

.github/workflows/release-please.yml

@@ -0,0 +1,59 @@
+name: release-please
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      # TODO: googleapis/release-please-action cannot sign commits yet.
+      #   We'll use the cli until there's a fix for
+      #   https://github.com/googleapis/release-please/issues/2280.
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install Task
+        uses: arduino/setup-task@v2
+      - name: Install Dagger
+        env:
+          # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
+          DAGGER_VERSION: 0.12.2
+        run: |
+          curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=$HOME/.local/bin sh
+      - name: Create image and manifest
+        env:
+          REGISTRY_USER: ${{ github.actor }}
+          REGISTRY_PASSWORD: ${{ secrets.REPO_PAT }}
+        run: |
+          task publish
+          task manifest
+      - name: Attach manifest to workflow run
+        uses: actions/upload-artifact@v4
+        with:
+          name: manifest.yaml
+          path: ./manifest.yaml
+      # TODO: remove bump-minor-pre-major when in production. It prevents
+      #   release-please from bumping the major version on breaking changes.
+      # TODO: remove release-as after first release. Used to set the first
+      #   release version, which would default to 1.0.0. Set the version
+      #   manually also for 1.0.0.
+      - name: Run release-please
+        run: |
+          npx release-please release-pr \
+            --token="${{ secrets.REPO_PAT }}" \
+            --repo-url="${{ github.repository }}" \
+            --bump-minor-pre-major=true \
+            --release-as=0.1.0 \
+            --signoff "Peggie <info@cloudnative-pg.io>";
+          npx release-please github-release \
+            --token="${{ secrets.REPO_PAT }}" \
+            --repo-url="${{ github.repository }}"

.github/workflows/release-publish.yml

@@ -0,0 +1,31 @@
+name: Release Publish Artifacts
+on:
+  release:
+    types: [published]
+
+jobs:
+  release-publish-artifacts:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install Task
+        uses: arduino/setup-task@v2
+      - name: Install Dagger
+        env:
+          # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
+          DAGGER_VERSION: 0.12.4
+        run: |
+          curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=$HOME/.local/bin sh
+      - name: Create image and manifest
+        env:
+          REGISTRY_USER: ${{ github.actor }}
+          REGISTRY_PASSWORD: ${{ secrets.REPO_PAT }}
+        run: |
+          task publish
+          task manifest
+      - name: Attach manifest to release
+        env:
+          GITHUB_TOKEN: ${{ secrets.REPO_PAT }}
+        run: |
+          task upload-manifest-to-release

.gitignore

@@ -3,4 +3,5 @@ dist/
 .env
 .vscode/
 .idea/
-cnpg-i-hello-world
+.task/
+manifest.yaml

.golangci.yml

@@ -8,108 +8,30 @@ linters-settings:
       - prefix(github.com/cloudnative-pg/cnpg-i-hello-world)
       - blank
       - dot
+  nlreturn:
+    # Size of the block (including return statement that is still "OK")
+    # so no return split required.
+    # Default: 1
+    block-size: 3
 
 linters:
-  # please, do not use `enable-all`: it's deprecated and will be removed soon.
-  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
-  disable-all: true
-  enable:
-    - asciicheck
-    - bodyclose
-    - dogsled
-    - dupl
-    - durationcheck
-    - errcheck
-    - exportloopref
-    - gci
-    - gocognit
-    - goconst
-    - gocritic
-    - gocyclo
-    - gofmt
-    - gofumpt
-    - goheader
-    - goimports
-    - gomoddirectives
-    - gomodguard
-    - goprintffuncname
-    - gosec
-    - gosimple
-    - govet
-    - importas
-    - ineffassign
-    - lll
-    - makezero
-    - misspell
-    - nakedret
-    - nestif
-    - prealloc
-    - predeclared
-    - revive
-    - rowserrcheck
-    - sqlclosecheck
-    - staticcheck
-    - stylecheck
-    - thelper
-    - tparallel
-    - typecheck
-    - unconvert
-    - unparam
-    - unused
-    - wastedassign
-    - whitespace
-
-  # to be checked:
-  # - errorlint
-  # - forbidigo
-  # - forcetypeassert
-  # - goerr113
-  # - ifshort
-  # - nilerr
-  # - nlreturn
-  # - noctx
-  # - nolintlint
-  # - paralleltest
-  # - promlinter
-  # - tagliatelle
-  # - wrapcheck
-
-  # don't enable:
-  # - cyclop
-  # - depguard
-  # - exhaustive
-  # - exhaustivestruct
-  # - funlen
-  # - gochecknoglobals
-  # - gochecknoinits
-  # - godot
-  # - godox
-  # - gomnd
-  # - testpackage
-  # - wsl
-
-  # deprecated:
-  # - deadcode
-  # - golint
-  # - interfacer
-  # - maligned
-  # - scopelint
-  # - structcheck
-  # - varcheck
+  enable-all: true
+  disable:
+    - depguard
+    - execinquery
+    - exhaustive
+    - exhaustruct
+    - err113
+    - forbidigo
+    - funlen
+    - gochecknoglobals
+    - gochecknoinits
+    - godot
+    - gomnd
+    - ireturn
+    - varnamelen
+    - wrapcheck
+    - wsl
 
 run:
-  skip-files: "zz_generated.*"
-
-issues:
-  exclude-rules:
-    # Exclude lll issues for lines with long annotations
-    - linters:
-      - lll
-      source: "//\\s*\\+"
-    # We have no control of this in zz_generated files and it looks like that excluding those files is not enough
-    # so we disable "ST1016: methods on the same type should have the same receiver name" in api directory
-    - linters:
-      - stylecheck
-      text: "ST1016:"
-      path: api/
-  exclude-use-default: false
+  timeout: 10m

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.0.0"
+}

.spellcheck.yaml

@@ -1,26 +1,19 @@
 matrix:
-- name: Python Source
-  sources:
-  - ./**/*.go
-  - ./**/*.md
-  dictionary:
-    wordlists:
-    - .wordlist.txt
-  aspell:
-    lang: en
-    d: en_US
-  pipeline:
-  - pyspelling.filters.python:
-  - pyspelling.filters.context:
-      context_visible_first: true
-      escapes: \\[\\`~]
-      delimiters:
-      # Ignore multiline content between fences (fences can have 3 or more back ticks)
-      # ```
-      # content
-      # ```
-      - open: '(?s)^(?P<open> *`{3,})$'
-        close: '^(?P=open)$'
-      # Ignore text between inline back ticks
-      - open: '(?P<open>`+)'
-        close: '(?P=open)'
+  - name: Markdown
+    sources:
+      # Ignore the autogenerated markdown files
+      - ./**/*.md|!./CHANGELOG.md|!./vendor/**
+    dictionary:
+      wordlists:
+        - .wordlist.txt
+    aspell:
+      lang: en
+      d: en_US
+    pipeline:
+      - pyspelling.filters.markdown:
+      - pyspelling.filters.html:
+          comments: false
+          ignores:
+            - ':matches(code, pre)'
+            - 'code'
+            - 'pre'

.wordlist.txt

@@ -1,4 +1,25 @@
-sidebarToggle
-pvc
-ClientConn
-NewStream
+ClusterLifecycle
+CloudNativePG
+CNPG
+finalizers
+GRPC
+kubernetes
+Kubernetes
+lifecycle
+MutateCluster
+OperatorMutateClusterRequest
+OperatorMutateClusterResult
+OperatorValidateClusterChangeRequest
+OperatorValidateClusterChangeResult
+OperatorValidateClusterCreateRequest
+OperatorValidateClusterCreateResult
+pluginhelper
+Postgres
+reconcilers
+rpc
+struct
+ValidateClusterChange
+ValidateClusterCreate
+ValidateCreate
+webhook
+webhooks

README.md

@@ -1,7 +1,7 @@
 # CNPG-I-EXAMPLE
 
 A "hello world" example implementation of the
-[Cloud Native Postgres](https://github.com/cloudnative-pg/cloudnative-pg/)
+[CloudNativePG](https://github.com/cloudnative-pg/cloudnative-pg/)
 plugin interface [CNPG-I](https://github.com/cloudnative-pg/cnpg-i).
 
 - [Concepts](doc/concepts.md)