chore: synced file(s) with honestbank/.github (#18)

honestbank · Jul 9, 2024 · a982e9c · a982e9c
1 parent 74b6707
commit a982e9c
Show file tree

Hide file tree

Showing 10 changed files with 413 additions and 32 deletions.
diff --git a/.github/workflows/secrets-loader.yaml b/.github/workflows/secrets-loader.yaml
@@ -0,0 +1,41 @@
+# Instructions to load new secrets
+## 1. Add secret names in the workflows_call -> secrets and mark it as required
+## 2. Export the secret name with value as JSON in the run section of the "Loading secrets" job
+
+name: Secrets Loader
+permissions:
+  contents: read
+
+on:
+  workflow_call:
+    outputs:
+      encrypted_secrets:
+        description: "Encrypt loaded secrets in base64 JSON format"
+        value: ${{ jobs.loading.outputs.encrypted_secrets }}
+    secrets:
+      APOLLO_KEY:
+        required: true
+      ## Add addition secrets here
+
+env:
+  GHA_GPG_PASSPHRASE: ${{ secrets.GHA_GPG_PASSPHRASE }}
+
+jobs:
+  loading:
+    name: loading
+    runs-on: ubuntu-latest
+    outputs:
+      encrypted_secrets: ${{ steps.loading.outputs.encrypted_secrets }}
+    steps:
+      - name: Loading secrets
+        id: loading
+        run: |
+          PLAINTEXT_JSON=$(cat <<EOM
+          {
+            "APOLLO_KEY": "${{ secrets.APOLLO_KEY }}"
+            ## Add addition secrets here (With comma separated JSON format)
+          }
+          EOM
+          )
+          ENCRYPTED_SECRET=$(echo "$PLAINTEXT_JSON" | gpg --symmetric --cipher-algo AES256 --batch --yes --passphrase "$GHA_GPG_PASSPHRASE" | base64 | tr -d '\n')
+          echo "encrypted_secrets=$ENCRYPTED_SECRET" >> $GITHUB_OUTPUT
diff --git a/.golangci.json b/.golangci.json
@@ -12,7 +12,7 @@
     },
     "issues":  {
         "exclude-rules": {
-            "path": "/",
+            "path": "_test.go",
             "linters": ["errcheck"]
         }
     },
@@ -28,7 +28,6 @@
             "goimports",
             "gosimple",
             "govet",
-            "ifshort",
             "ineffassign",
             "makezero",
             "misspell",

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,35 +1,60 @@
 # DO NOT CHANGE. This file is being managed from a central repository
 # To know more simply visit https://github.com/honestbank/.github/blob/main/docs/about.md
 
+default_install_hook_types: [ pre-commit, commit-msg ]
+
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.5.0
     hooks:
       - id: end-of-file-fixer
+        stages: [commit]
       - id: trailing-whitespace
+        stages: [commit]
       - id: check-yaml
-        args: [ '--allow-multiple-documents' ]
+        stages: [commit]
+        args: ["--allow-multiple-documents"]
       - id: detect-aws-credentials
-        args: [ '--allow-missing-credentials' ]
+        stages: [commit]
+        args: ["--allow-missing-credentials"]
   - repo: https://github.com/golangci/golangci-lint
-    rev: v1.54.2
+    rev: v1.57.2
     hooks:
       - id: golangci-lint
+        stages: [commit]
+        args: ["--timeout=10m"]
   - repo: https://github.com/TekWizely/pre-commit-golang
     rev: v1.0.0-rc.1
     hooks:
       - id: go-imports
+        stages: [commit]
   - repo: https://github.com/gitguardian/ggshield
-    rev: v1.19.1
+    rev: v1.26.0
     hooks:
       - id: ggshield
         language: python
         stages: [commit]
-        args: [ 'secret', 'scan', 'pre-commit' ]
+        args: ["secret", "scan", "pre-commit"]
   - repo: local
     hooks:
+      - id: generate-secrets-loader
+        name: generate-secrets-loader
+        entry: ./secrets-loader.generator.sh
+        language: script
+        stages: [commit]
       - id: generate-catalog
         name: generate-catalog
         entry: ./catalog-info.generator.sh
         language: script
         pass_filenames: false
+        stages: [commit]
+      - id: commit-msg-spell-check
+        name: commit-msg-spell-check
+        entry: ./spell-check.sh
+        language: script
+        stages: ["commit-msg"]
+      - id: append-ticket-id
+        name: Append Ticket ID to Commit Message
+        entry: ./append-ticket-id.sh
+        language: script
+        stages: [ commit-msg ]
diff --git a/append-ticket-id.sh b/append-ticket-id.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# Function to get the current branch name
+get_current_branch() {
+    git branch --show-current
+}
+
+# Function to get the commit message
+get_commit_message() {
+    cat "$1"
+}
+
+# Function to write the commit message
+write_commit_message() {
+    echo "$2" > "$1"
+}
+
+# Function to extract the ticket ID from the branch name
+extract_ticket_id() {
+    echo "$1" | grep -o -E '(acq|da|data|dec|devop|ds|it|mlops|nerds|qa|sec|spe|ss)-[0-9]+' | tr '[:lower:]' '[:upper:]'
+}
+
+# Main script
+main() {
+    if [ $# -eq 0 ]; then
+        echo "commit message file not found, are you sure you set the stage for this hook to be in stages: [ commit-msg ]?"
+        exit 1
+    fi
+
+    commit_message_file="$1"
+    branch_name=$(get_current_branch)
+    ticket_id=$(extract_ticket_id "$branch_name")
+
+    if [ -z "$ticket_id" ]; then
+        echo "Warning: No ticket ID found in branch name '$branch_name'"
+        exit 0
+    fi
+
+    commit_message=$(get_commit_message "$commit_message_file")
+    first_line=$(echo "$commit_message" | head -n 1)
+
+    # Check if the first line already contains the ticket_id
+    if ! echo "$first_line" | grep -qi "$ticket_id"; then
+        first_line="$first_line [$ticket_id]"
+        commit_message="$first_line$(echo "$commit_message" | tail -n +2)"
+        write_commit_message "$commit_message_file" "$commit_message"
+    fi
+}
+
+main "$@"
diff --git a/catalog-info.generator.sh b/catalog-info.generator.sh
@@ -10,11 +10,13 @@ if [ ! -f $META_DATA_FILE ]; then
   cat << EOF >> $META_DATA_FILE
 {
   "squad_name": "example-squad",
+  "dashboard": "https://example.com",
   "design_document": "https://example.com",
   "runbook": "https://example.com",
   "manual_dependencies": [],
   "type": "application",
   "lifecycle": "production",
+  "manual_service_names": [],
   "example-service-name": {
     "tags" : [
       "language:golang",
@@ -30,30 +32,49 @@ fi
 OUTPUT_FILE="catalog-info.yaml"
 : > $OUTPUT_FILE # Clear the output file before appending
 
+typeset -A SQUAD_ALIAS
+SQUAD_ALIAS[acquisition]=acquisition-squad
+SQUAD_ALIAS[decisioning]=mlops-squad
+SQUAD_ALIAS[decisioning-squad]=mlops-squad
+SQUAD_ALIAS[mlops]=mlops-squad
+SQUAD_ALIAS[self-service]=self-service-squad
+SQUAD_ALIAS[spend]=spend-squad
+
 typeset -A TEAM_MAP
 TEAM_MAP[acquisition-squad]=backend-engineers
-TEAM_MAP[acquisition]=backend-engineers
 TEAM_MAP[data-engineering]=data-squad
-TEAM_MAP[decisioning]=backend-engineers
 TEAM_MAP[devops]=devops-engineers
 TEAM_MAP[internal-infra]=devops-engineers
+TEAM_MAP[mlops-squad]=backend-engineers
 TEAM_MAP[self-service-squad]=backend-engineers
-TEAM_MAP[self-service]=backend-engineers
 TEAM_MAP[spend-squad]=backend-engineers
-TEAM_MAP[spend]=backend-engineers
 
-squad_exist_in_team() {
+get_squad_name() {
+    local raw_squad_name=$1
+    squad_name=${SQUAD_ALIAS[$raw_squad_name]}
+    if [[ -z $squad_name ]]; then
+      echo $raw_squad_name
+    fi
+    echo $squad_name
+}
+
+get_gh_team() {
     local pattern=$1
-    for key in "${(@k)TEAM_MAP}"; do
-        if [[ $key == $pattern ]]; then
-            return 0
-        fi
-    done
-    return 1
+    gh_team=${TEAM_MAP[$pattern]}
+    if [[ -z $gh_team ]]; then
+      echo null
+    fi
+    echo $gh_team
 }
 
 REPO_NAME=$(basename "$(pwd)")
 SERVICE_NAMES=(${(s: :)$(yq e '.jobs.repository-release-prod.with.helm_release_names' "$RELEASE_WORKFLOW")})
+if [[ ${#SERVICE_NAMES[@]} == 0 || "$SERVICE_NAMES" == "null" && -f "customized_helm_release_names.txt" ]]; then
+  SERVICE_NAMES=($(cat "customized_helm_release_names.txt"))
+fi
+if [[ ${#SERVICE_NAMES[@]} == 0 || "$SERVICE_NAMES" == "null" ]]; then
+  SERVICE_NAMES=(${(s: :)$(jq -r ".manual_service_names[]" $META_DATA_FILE)})
+fi
 if [[ ${#SERVICE_NAMES[@]} == 0 || "$SERVICE_NAMES" == "null" ]]; then
   SERVICE_NAMES=($REPO_NAME)
 fi
@@ -62,19 +83,18 @@ SQUAD_NAME=$(yq e '.jobs.repository-release-prod.with.argocd_state_repo' "$RELEA
 SQUAD_NAME=$(echo "$SQUAD_NAME" | cut -c 14-50)
 if [[ -z $SQUAD_NAME || "$SQUAD_NAME" == "null" ]]; then
   SQUAD_NAME=$(jq -r '.squad_name' $META_DATA_FILE)
-fi
-GH_TEAM=""
-if squad_exist_in_team "$SQUAD_NAME"; then
-  GH_TEAM=${TEAM_MAP[$SQUAD_NAME]}
 else
-  GH_TEAM="devops-engineers"
+  SQUAD_NAME="$SQUAD_NAME-squad"
 fi
+SQUAD_NAME=$(get_squad_name $SQUAD_NAME)
+GH_TEAM=$(get_gh_team $SQUAD_NAME)
 
-if [[ "$GH_TEAM" == "null" ]]; then
+if [[ "$GH_TEAM" == null ]]; then
   echo "couldn't find service owner"
   exit 1
 fi
 
+DASHBOARD=$(jq -r '.dashboard' $META_DATA_FILE)
 DESIGN_DOCUMENT=$(jq -r '.design_document' $META_DATA_FILE)
 RUNBOOK=$(jq -r '.runbook' $META_DATA_FILE)
 
@@ -95,6 +115,10 @@ fi
 
 # Loop through each subfolder in the charts directory
 for SERVICE in $SERVICE_NAMES; do
+    # Links
+    SERVICE_DASHBOARD=$(jq -r ".\"$SERVICE\".dashboard" $META_DATA_FILE)
+    SERVICE_DESIGN_DOCUMENT=$(jq -r ".\"$SERVICE\".design_document" $META_DATA_FILE)
+    SERVICE_RUNBOOK=$(jq -r ".\"$SERVICE\".runbook" $META_DATA_FILE)
     # Default dependencies
     DEPENDENCIES=(${(s: :)$(jq -r ".manual_dependencies[]" $META_DATA_FILE)})
     TOPICS=(${(s: :)$(grep Topic "config/config.go" | sed -n 's/.*default:"\([^"]*\)".*/\1/p')})
@@ -136,19 +160,22 @@ $(for tag in "${TAGS[@]}"; do
     echo "    - $tag"
 done)
   links:
-    - url: $DESIGN_DOCUMENT
-      title: Design Document
+    - title: Dashboard
+      url: $([[ "$SERVICE_DASHBOARD" != "null" ]] && echo $SERVICE_DASHBOARD || echo $DASHBOARD)
+      icon: dashboard
+    - title: Design Document
+      url: $([[ "$SERVICE_DESIGN_DOCUMENT" != "null" ]] && echo $SERVICE_DESIGN_DOCUMENT || echo $DESIGN_DOCUMENT)
       icon: menubook
-    - url: $RUNBOOK
-      title: Runbook
+    - title: Runbook
+      url: $([[ "$SERVICE_RUNBOOK" != "null" ]] && echo $SERVICE_RUNBOOK || echo $RUNBOOK)
       icon: help
 spec:
   type: $TYPE
   lifecycle: $LIFECYCLE
-  owner: group:$SQUAD_NAME-squad
+  owner: group:$SQUAD_NAME
 $(
  if (( ${#DEPENDENCIES[@]} > 0 )); then
-  echo "dependsOn:"
+  echo "  dependsOn:"
  fi
 )
 $(for resource in "${DEPENDENCIES[@]}"; do
@@ -163,4 +190,3 @@ fixed_content="${file_content%$'\n'}"
 echo "$fixed_content" > "$OUTPUT_FILE"
 
 echo "File generated: $OUTPUT_FILE"
-
diff --git a/docker-compose.integration.yaml b/docker-compose.integration.yaml
@@ -57,6 +57,14 @@ services:
       SCHEMA_REGISTRY_LISTENERS: "http://0.0.0.0:8082"
     ports:
       - 8082:8082
+  wiremock:
+    container_name: wiremock
+    hostname: wiremock
+    ports:
+      - "8085:8080"
+    image: wiremock/wiremock
+    volumes:
+      - ./wiremock/stubs:/home/wiremock
   gcs:
     image: oittaa/gcp-storage-emulator:latest
     ports:
@@ -72,3 +80,29 @@ services:
       KAFKA_BROKERCONNECT: "kafka:19092"
     depends_on:
       - "kafka"
+  s3:
+    image: adobe/s3mock
+    container_name: s3mock
+    environment:
+      - initialBuckets=bucket1
+      - root=containers3root
+      - debug=true
+    ports:
+      - 9090:9090
+  sftp:
+    container_name: sftp
+    image: atmoz/sftp
+    volumes:
+      - ./integration/sftp:/home/foo/upload
+    ports:
+      - "2222:22"
+    command: foo:pass:1001
+  redis:
+    image: redis:alpine
+    command: redis-server --appendonly yes --requirepass "redis"
+    ports:
+      - "6379:6379"
+  push_gateway:
+    image: prom/pushgateway:latest
+    ports:
+      - "9091:9091"