diff --git a/.github/workflows/automerge.yaml b/.github/workflows/automerge.yaml index 070bf4d..29f554f 100644 --- a/.github/workflows/automerge.yaml +++ b/.github/workflows/automerge.yaml @@ -7,115 +7,28 @@ on: workflows: - "ci" jobs: - automerge: - name: Automerge + print-debug-info: + name: Print debug info runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' }} - outputs: - pr_branch_ref: ${{ steps.check_mergeability.outputs.pr_branch_ref }} steps: - - name: Find current PR - uses: jwalton/gh-find-current-pr@v1.0.2 - id: findPr - with: - sha: ${{ github.event.workflow_run.head_sha }} - github-token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - - name: Validate PR number - run: | - if [ -z ${{ steps.findPr.outputs.pr }} ]; then - echo "No opened PR was found for SHA ${{ github.event.workflow_run.head_sha }}" - exit 1 - fi - - name: Get PR Info - id: get_pull_request_info - uses: octokit/request-action@v2.x - with: - route: GET /repos/${{ github.repository }}/pulls/${{ steps.findPr.outputs.pr }} - env: - GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - - name: Check mergeability - id: check_mergeability - run: | - echo "Mergeable: ${{ fromJson(steps.get_pull_request_info.outputs.data).mergeable }}" - PR_BRANCH_REF=${{ fromJson(steps.get_pull_request_info.outputs.data).head.ref }} - echo "PR_BRANCH_REF: $PR_BRANCH_REF" - echo "::set-output name=pr_branch_ref::$PR_BRANCH_REF" - if [ "${{ fromJson(steps.get_pull_request_info.outputs.data).mergeable }}" != "true" ]; then - echo "PR has conflicts" - exit 1 - fi - - name: Check out the code - uses: actions/checkout@v2 - - name: Fetch main - run: | - git remote -v - git fetch --depth=1 origin main - - name: Only allow go.mod and go.sum changes - run: | - find . -type f ! -name 'go.mod' ! -name 'go.sum' ! -name '*.yaml' ! -name '*.yml' ! -name '*.txt' ! -name '*.md' ! -name '*.conf' -exec git diff --exit-code origin/main -- {} + - - name: Merge PR - uses: ridedott/merge-me-action@master - with: - GITHUB_LOGIN: nsmbot - ENABLED_FOR_MANUAL_CHANGES: true - GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} + - uses: hmarr/debug-action@v2 + + check-mergeability: + if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' }} + uses: networkservicemesh/.github/.github/workflows/check-mergeability.yaml@main + secrets: + token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} + + automerge: + needs: [check-mergeability] + if: ${{ needs.check-mergeability.result == 'success' }} + uses: networkservicemesh/.github/.github/workflows/automerge.yaml@main + resolve_conflicts: - name: Autoresolve Conflicts - needs: [automerge] - if: ${{ always() && needs.automerge.result == 'failure' && needs.automerge.outputs.pr_branch_ref != '' && github.actor == 'nsmbot' }} - runs-on: ubuntu-latest - steps: - - name: Checkout default branch - uses: actions/checkout@v2 - with: - fetch-depth: 0 - token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - - name: Checkout PR branch - uses: actions/checkout@v2 - with: - ref: ${{ needs.automerge.outputs.pr_branch_ref }} - fetch-depth: 0 - token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - - name: Verify conflicts only in go.mod/go.sum - run: | - CONFLICTING_FILES=$(git merge-tree $(git merge-base origin/main HEAD) origin/main HEAD | \ - awk 'BEGIN {is_conflict = 0} /changed in both/{is_conflict = 1; next} /base/{if (is_conflict) {print $4; is_conflict = 0} next }' | \ - { grep -vF "go.mod" || true; } | \ - { grep -vF "go.sum" || true; }) - if [[ -n $CONFLICTING_FILES ]]; then - echo "Conflicts can be resolved only in go.mod and go.sum files, but conflicts were found in other files: $CONFLICTING_FILES" - exit 1 - fi - - name: Check number of retries - run: | - if [ $(git log --oneline | head -n 10 | grep -Fc "Automatically resolving conflicts in go.mod") -ge 3 ]; then - echo "Couldn't automatically resolve conflicts (number of re-tries is >= 3). Please, resolve them manually." - exit 1 - fi - - name: Merge default branch - run: | - git config --global user.email "nsmbot@networkservicmesh.io" - git config --global user.name "NSMBot" - git config pull.rebase false - git pull -q origin main -s ort -X theirs - - name: Setup Go - uses: actions/setup-go@v1 - with: - go-version: 1.18.2 - - name: Update version manually - run: | - branch=${{ needs.automerge.outputs.pr_branch_ref }} - repository=${branch#update/networkservicemesh/} - echo Update ${repository} version in go.mod manually - go get -u github.com/networkservicemesh/${repository}@main - - name: Re-generate go.sum - run: go mod tidy - - name: Push changes - run: | - echo "Automatically resolving conflicts in go.mod and updating dependency versions to the latest" >> /tmp/commit-message - git config --global user.email "nsmbot@networkservicmesh.io" - git config --global user.name "NSMBot" - git add -- go.sum go.mod - git commit -s -F /tmp/commit-message - echo "Force-pushing changes to ${{ needs.automerge.outputs.pr_branch_ref }}" - git push -f origin ${{ needs.automerge.outputs.pr_branch_ref }} + needs: [check-mergeability] + if: ${{ always() && needs.check-mergeability.result == 'failure' && needs.check-mergeability.outputs.pr_branch_ref != '' }} + uses: networkservicemesh/.github/.github/workflows/resolve-conflicts.yaml@main + with: + pr_branch_ref: ${{ needs.check-mergeability.outputs.pr_branch_ref }} + secrets: + token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6d85c64..0d8199c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -17,56 +17,4 @@ on: jobs: analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - # Override automatic language detection by changing the below list - # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] - language: ['go'] - # Learn more... - # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - # - run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: networkservicemesh/.github/.github/workflows/codeql-analysis.yaml@main diff --git a/.github/workflows/docker-push-ghcr.yml b/.github/workflows/docker-push-ghcr.yml index a3ac114..f585d2a 100644 --- a/.github/workflows/docker-push-ghcr.yml +++ b/.github/workflows/docker-push-ghcr.yml @@ -1,5 +1,5 @@ --- -name: docker-push-ghcr +name: Docker push ghcr on: push: @@ -10,36 +10,6 @@ on: workflows: - 'automerge' jobs: - docker: - runs-on: ubuntu-latest + push: if: ${{ github.repository != 'networkservicemesh/cmd-template' && (github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' || github.event_name == 'push') }} - steps: - - name: "Checkout" - uses: actions/checkout@v2 - - - name: "Set up Docker Buildx" - uses: docker/setup-buildx-action@v1 - - - name: "Login to GitHub Container Registry" - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Docker meta - id: metaci - uses: docker/metadata-action@v3 - with: - images: ghcr.io/${{ github.repository_owner }}/ci/${{ github.event.repository.name }} - tags: | - type=ref,event=pr - type=sha,prefix= - - - name: "Build and push" - uses: docker/build-push-action@v2 - with: - file: Dockerfile - context: . - push: true - tags: ${{ steps.metaci.outputs.tags }} + uses: networkservicemesh/.github/.github/workflows/docker-push-ghcr.yaml@main diff --git a/.github/workflows/pr-for-updates.yaml b/.github/workflows/pr-for-updates.yaml index c33831d..86c9ea9 100644 --- a/.github/workflows/pr-for-updates.yaml +++ b/.github/workflows/pr-for-updates.yaml @@ -6,20 +6,6 @@ on: - update/** jobs: auto-pull-request: - name: Pull Request on update/sync Branch Push - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Construct PR message - run: | - PULL_REQUEST_BODY=$(git log --pretty='format:%B' -1 | sed '/^$/d;$d' | sed 's/#/# /g') - echo "$PULL_REQUEST_BODY" - echo "PULL_REQUEST_BODY<> $GITHUB_ENV - echo "$PULL_REQUEST_BODY" >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - - name: pull-request-action - uses: vsoch/pull-request-action@1.0.12 - env: - GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - BRANCH_PREFIX: "update/" - PULL_REQUEST_BRANCH: "main" + uses: networkservicemesh/.github/.github/workflows/pr-for-updates.yaml@main + secrets: + token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fa9d724..ae9fe34 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,8 +8,8 @@ on: workflows: - "ci" jobs: - check-gomod-deps: - name: Check go.mod Dependencies + get-tag: + name: Get tag runs-on: ubuntu-latest if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }} outputs: @@ -21,158 +21,43 @@ jobs: echo '::set-output name=tag::'${branch#release/} id: get-tag-step - - name: Check out code into the Go module directory - uses: actions/checkout@v2 - with: - ref: refs/heads/${{github.event.workflow_run.head_branch}} - - - name: Check go.mod deps - run: | - cat go.mod | - grep 'github.com/networkservicemesh/.* v' | - grep -v 'github.com/networkservicemesh/.* ${{ steps.get-tag-step.outputs.tag }}' || exit 0; - - exit 1; + check-gomod-deps: + needs: get-tag + uses: networkservicemesh/.github/.github/workflows/check-gomod-deps.yaml@main + with: + tag: ${{ needs.get-tag.outputs.tag }} create-release: - name: Create Release - needs: check-gomod-deps - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }} - outputs: - tag: ${{ needs.check-gomod-deps.outputs.tag }} - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - ref: refs/heads/${{github.event.workflow_run.head_branch}} - - - name: Push tag ${{ needs.check-gomod-deps.outputs.tag }} - run: | - git status - git tag ${{ needs.check-gomod-deps.outputs.tag }} - git push origin ${{ needs.check-gomod-deps.outputs.tag }} -f - - - name: Create release ${{ needs.check-gomod-deps.outputs.tag }} - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - with: - tag_name: refs/tags/${{ needs.check-gomod-deps.outputs.tag }} - release_name: ${{ needs.check-gomod-deps.outputs.tag }} - draft: false - prerelease: false + needs: [get-tag, check-gomod-deps] + uses: networkservicemesh/.github/.github/workflows/release.yaml@main + with: + tag: ${{ needs.get-tag.outputs.tag }} + secrets: + token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} docker: - needs: check-gomod-deps - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }} - steps: - - name: "Checkout" - uses: actions/checkout@v2 - with: - ref: refs/heads/${{github.event.workflow_run.head_branch}} - - - name: "Set up Docker Buildx" - uses: docker/setup-buildx-action@v1 - - - name: "Login to GitHub Container Registry" - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: "Build and push" - uses: docker/build-push-action@v2 - with: - file: Dockerfile - context: . - push: true - tags: "ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ needs.check-gomod-deps.outputs.tag }}" + needs: [get-tag, check-gomod-deps] + uses: networkservicemesh/.github/.github/workflows/release.yaml@main + with: + tag: ${{ needs.get-tag.outputs.tag }} + secrets: + token: ${{ secrets.GITHUB_TOKEN }} check-branch: name: Check release branch in deployments-k8s - needs: create-release - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }} - outputs: - tag: ${{ needs.create-release.outputs.tag }} - steps: - - name: Checkout networkservicemesh/deployments-k8s - uses: actions/checkout@v2 - with: - path: networkservicemesh/deployments-k8s - repository: networkservicemesh/deployments-k8s - token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - - - name: check-release-branch - working-directory: networkservicemesh/deployments-k8s - run: | - echo Starting to check release branch in deployments-k8s repository - branch=release/${{ needs.create-release.outputs.tag }} - echo branch to be checked - ${branch} - - if ! [ -z "$(git ls-remote --heads origin ${branch})" ]; then - echo Branch ${branch} is already presented in deployments-k8s repository - exit 0; - fi - - echo Branch ${branch} is not presented in repository - echo Starting to create ${branch} branch in deployments-k8s repository - - git config --global user.email "nsmbot@networkservicmesh.io" - git config --global user.name "NSMBot" - git checkout -b ${branch} - git push -u origin ${branch} || exit 0; + needs: [get-tag, create-release] + uses: networkservicemesh/.github/.github/workflows/check-release-branch.yaml@main + with: + tag: ${{ needs.get-tag.outputs.tag }} + secrets: + token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} update-deployments-k8s: name: Update deployments-k8s - needs: check-branch - runs-on: ubuntu-latest + needs: [get-tag, check-branch] if: ${{ github.repository != 'networkservicemesh/cmd-template' }} - steps: - - name: Checkout ${{ github.repository }} - uses: actions/checkout@v2 - with: - path: ${{ github.repository }} - repository: ${{ github.repository }} - - - name: Create commit message - working-directory: ${{ github.repository }} - run: | - echo "Update docker images to the latest tag ${{ needs.check-branch.outputs.tag }}" >> /tmp/commit-message - echo "" >> /tmp/commit-message - echo "Commit Message:" - cat /tmp/commit-message - - - name: Checkout networkservicemesh/deployments-k8s - uses: actions/checkout@v2 - with: - path: networkservicemesh/deployments-k8s - repository: networkservicemesh/deployments-k8s - token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - ref: release/${{ needs.check-branch.outputs.tag }} - - - name: Find and Replace ci/${{ github.repository }} version - uses: jacobtomlinson/gha-find-replace@master - with: - find: "ci/${{ github.event.repository.name }}:.*\n" - replace: "${{ github.event.repository.name }}:${{ needs.check-branch.outputs.tag }}\n" - - - name: Push update to the deployments-k8s - working-directory: networkservicemesh/deployments-k8s - run: | - echo Starting to update repositotry deployments-k8s - git add -- . - if ! [ -n "$(git diff --cached --exit-code)" ]; then - echo Repository already up to date - exit 0; - fi - - branch=release/${{ github.repository }}/${{ needs.check-branch.outputs.tag }} - git config --global user.email "nsmbot@networkservicmesh.io" - git config --global user.name "NSMBot" - git commit -s -F /tmp/commit-message - git checkout -b ${branch} - git push -f origin ${branch} + uses: networkservicemesh/.github/.github/workflows/release-deployments.yaml@main + with: + tag: ${{ needs.get-tag.outputs.tag }} + secrets: + token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} diff --git a/.github/workflows/update-deployments.yaml b/.github/workflows/update-deployments.yaml index a127a61..de1d4a1 100644 --- a/.github/workflows/update-deployments.yaml +++ b/.github/workflows/update-deployments.yaml @@ -1,5 +1,5 @@ --- -name: Update deployments-k8s reposiotry +name: Update deployments-k8s repository on: push: branches: @@ -11,64 +11,7 @@ on: - 'automerge' jobs: update-deployments-k8s: - name: Update deployments-k8s - runs-on: ubuntu-latest if: ${{ github.repository != 'networkservicemesh/cmd-template' && (github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' || github.event_name == 'push') }} - steps: - - name: Checkout ${{ github.repository }} - uses: actions/checkout@v2 - with: - path: ${{ github.repository }} - repository: ${{ github.repository }} - token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - - name: Find merged PR - uses: jwalton/gh-find-current-pr@v1.0.2 - id: findPr - with: - sha: ${{ github.sha }} - github-token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - - name: Create commit message - working-directory: ${{ github.repository }} - run: | - echo "Update go.mod and go.sum to latest version from ${{ github.repository }}@main" >> /tmp/commit-message - echo "PR link: https://github.com/${{ github.repository }}/pull/${{ steps.findPr.outputs.pr }}" >> /tmp/commit-message - echo "" >> /tmp/commit-message - LOG_MSG=$(git log --date=iso --pretty='format:Commit: %h%nAuthor: %an%nDate: %ad%nMessage:%n - %B%n' -1 | sed '/^$/d;$d') - for((i=2;i<=18;i+=2)); do n=$(printf '%*s' $((i+2))) m=$(printf '%*s' $i) LOG_MSG=$(echo "$LOG_MSG" | tr '\n' '|' | sed "s/${m}-/${n}-/2g" | tr '|' '\n'); done - echo "$LOG_MSG" >> /tmp/commit-message - echo "Commit Message:" - cat /tmp/commit-message - - uses: benjlevesque/short-sha@v1.2 - id: short-sha - with: - length: 7 - - name: Checkout networkservicemesh/deployments-k8s - uses: actions/checkout@v2 - with: - path: networkservicemesh/deployments-k8s - repository: networkservicemesh/deployments-k8s - token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - - name: Find and Replace version - uses: jacobtomlinson/gha-find-replace@v2 - with: - find: "${{ github.event.repository.name }}:.*\n" - replace: "${{ github.event.repository.name }}:${{ steps.short-sha.outputs.sha }}\n" - - name: Find and Replace ci/${{ github.event.repository.name }} version - uses: jacobtomlinson/gha-find-replace@v2 - with: - find: "ci/${{ github.event.repository.name }}:.*\n" - replace: "ci/${{ github.event.repository.name }}:${{ steps.short-sha.outputs.sha }}\n" - - name: Push update to the deployments-k8s - working-directory: networkservicemesh/deployments-k8s - run: | - echo Starting to update repositotry deployments-k8s - git add -- . - if ! [ -n "$(git diff --cached --exit-code)" ]; then - echo Repository already up to date - exit 0; - fi - git config --global user.email "nsmbot@networkservicmesh.io" - git config --global user.name "NSMBot" - git commit -s -F /tmp/commit-message - git checkout -b update/${{ github.repository }} - git push -f origin update/${{ github.repository }} + uses: networkservicemesh/.github/.github/workflows/update-deployments.yaml@main + secrets: + token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}