From 019c264c8df38d54ed280b99670493995479d10d Mon Sep 17 00:00:00 2001 From: Nikita Skrynnik Date: Thu, 5 May 2022 20:14:12 +0700 Subject: [PATCH 1/5] add reusable-workflows Signed-off-by: Nikita Skrynnik --- .github/workflows/automerge.yaml | 24 +--- .github/workflows/ci.yaml | 103 ++---------------- .github/workflows/codeql-analysis.yml | 56 +--------- .github/workflows/pr-for-updates.yaml | 20 +--- .github/workflows/release.yaml | 83 +------------- .../update-dependent-repositories-gomod.yaml | 67 +----------- 6 files changed, 32 insertions(+), 321 deletions(-) diff --git a/.github/workflows/automerge.yaml b/.github/workflows/automerge.yaml index 4d24fc01..2cb73f98 100644 --- a/.github/workflows/automerge.yaml +++ b/.github/workflows/automerge.yaml @@ -1,5 +1,5 @@ --- -name: automerge +name: Automerge on: workflow_run: types: @@ -8,23 +8,5 @@ on: - 'ci' jobs: automerge: - name: Automerge - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' }} - steps: - - name: Check out the code - uses: actions/checkout@v2 - - name: Fetch main - run: | - git remote -v - git fetch --depth=1 origin main - - name: Only allow go.mod, go.sum, *.gen.go files - run: | - find . -type f ! -name 'go.mod' ! -name 'go.sum' -exec git diff --exit-code origin/main -- {} + - - name: Merge PR - uses: ridedott/merge-me-action@master - with: - GITHUB_LOGIN: nsmbot - ENABLED_FOR_MANUAL_CHANGES: true - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - MAXIMUM_RETRIES: 25 + if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot'}} + uses: networkservicemesh/.github/.github/workflows/automerge.yaml@main diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8574d80d..bbec0612 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -7,16 +7,7 @@ on: - 'release/**' jobs: yamllint: - name: yamllint - runs-on: ubuntu-latest - steps: - - name: Check out code into the Go module directory - uses: actions/checkout@v2 - - name: yaml-lint - uses: ibiqlik/action-yamllint@v1 - with: - config_file: .ci/yamllint.yml - strict: true + uses: networkservicemesh/.github/.github/workflows/yamllint.yaml@main build-and-test: name: build and test @@ -38,91 +29,21 @@ jobs: run: sudo -E PATH="$PATH" bash -c "go test -race ./..." golangci-lint: - name: golangci-lint - runs-on: ubuntu-latest - steps: - - name: Check out code into the Go module directory - uses: actions/checkout@v2 - - name: Setup Go - uses: actions/setup-go@v1 - with: - go-version: 1.18.1 - - name: golangci-lint - uses: golangci/golangci-lint-action@v3 - with: - version: v1.45.2 + uses: networkservicemesh/.github/.github/workflows/golangci-lint.yaml@main - excludeFmtErrorf: - name: exclude fmt.Errorf - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Exclude fmt.Errorf - run: | - if grep -r --include=*.go fmt.Errorf . ; then - echo "Please use errors.Errorf (or errors.New or errors.Wrap or errors.Wrapf) as appropriate rather than fmt.Errorf" - exit 1 - fi + exclude-fmt-errorf: + uses: networkservicemesh/.github/.github/workflows/exclude-fmt-errorf.yaml@main - restrictNSMDeps: - name: Restrict dependencies on github.com/networkservicemesh/* - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Restrict dependencies on github.com/networkservicemesh/* - env: - ALLOWED_REPOSITORIES: "sdk, api" - run: | - for i in $(grep github.com/networkservicemesh/ go.mod | grep -v '^module' | sed 's;.*\(github.com\/networkservicemesh\/[^ ]*\).*;\1;g');do - if ! [ "$(echo ${ALLOWED_REPOSITORIES} | grep ${i#github.com/networkservicemesh/})" ]; then - echo Dependency on "${i}" is forbidden - exit 1 - fi - done + restrict-nsm-deps: + uses: networkservicemesh/.github/.github/workflows/restrict-nsm-deps.yaml@main + with: + allowed_repositories: "api, sdk" checkgomod: - name: check go.mod and go.sum - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v1 - with: - go-version: 1.18.1 - - run: go mod tidy - - name: Check for changes in go.mod or go.sum - run: | - git diff --name-only --exit-code go.mod || ( echo "Run go tidy" && false ) - git diff --name-only --exit-code go.sum || ( echo "Run go tidy" && false ) + uses: networkservicemesh/.github/.github/workflows/checkgomod.yaml@main gogenerate: - name: Check generated files - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: arduino/setup-protoc@master - with: - version: '3.8.0' - - uses: actions/setup-go@v1 - with: - go-version: 1.18.1 - - name: Install proto-gen-go - run: go install github.com/golang/protobuf/protoc-gen-go@v1.3.3 - - name: Install proto-gen-go - run: go install github.com/searKing/golang/tools/cmd/go-syncmap@v1.1.68 - - name: Generate files - run: go generate ./... - - name: Check for changes in generated code - run: | - git diff -- '*.pb.go' || ( echo "Rerun go generate ./... locally and resubmit" && false ) - git diff -- '*.gen.go' || ( echo "Rerun go generate ./... locally and resubmit" && false ) + uses: networkservicemesh/.github/.github/workflows/gogenerate.yaml@main - excludereplace: - name: Exclude replace in go.mod - runs-on: ubuntu-latest - steps: - - name: Check out the code - uses: actions/checkout@v2 - - name: Exclude replace in go.mod - run: | - grep ^replace go.mod || exit 0 - exit 1 + exclude-replace: + uses: networkservicemesh/.github/.github/workflows/exclude-replace.yaml@main diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6d85c641..4db9fd20 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -4,7 +4,7 @@ # # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. -name: "CodeQL" +name: CodeQL on: push: @@ -17,56 +17,4 @@ on: jobs: analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - # Override automatic language detection by changing the below list - # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] - language: ['go'] - # Learn more... - # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - # - run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: networkservicemesh/.github/.github/workflows/codeql-analysis.yaml@main diff --git a/.github/workflows/pr-for-updates.yaml b/.github/workflows/pr-for-updates.yaml index ed6ef4d8..86c9ea96 100644 --- a/.github/workflows/pr-for-updates.yaml +++ b/.github/workflows/pr-for-updates.yaml @@ -6,20 +6,6 @@ on: - update/** jobs: auto-pull-request: - name: Pull Request on update/* Branch Push - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Construct PR message - run: | - PULL_REQUEST_BODY=$(git log --pretty='format:%B' -1 | sed '/^$/d;$d' | sed 's/#/# /g') - echo "$PULL_REQUEST_BODY" - echo "PULL_REQUEST_BODY<> $GITHUB_ENV - echo "$PULL_REQUEST_BODY" >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - - name: pull-request-action - uses: vsoch/pull-request-action@1.0.12 - env: - GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - BRANCH_PREFIX: "update/" - PULL_REQUEST_BRANCH: "main" + uses: networkservicemesh/.github/.github/workflows/pr-for-updates.yaml@main + secrets: + token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7f3de0ec..1f0da617 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,81 +7,10 @@ on: workflows: - 'ci' jobs: - print-debug-info: - name: Print debug info for Release workflow - runs-on: ubuntu-latest - steps: - - uses: hmarr/debug-action@v2 - create-release: - name: Create release - runs-on: ubuntu-latest + release: if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }} - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - ref: refs/heads/${{github.event.workflow_run.head_branch}} - - name: Get tag - run: | - branch=${{github.event.workflow_run.head_branch}} - echo '::set-output name=tag::'${branch#release/} - id: get-tag-step - - name: Push tag ${{ steps.get-tag-step.outputs.tag }} - run: | - git status - git tag ${{ steps.get-tag-step.outputs.tag }} - git push origin ${{ steps.get-tag-step.outputs.tag }} -f - - name: Create release ${{ steps.get-tag-step.outputs.tag }} - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - with: - tag_name: refs/tags/${{ steps.get-tag-step.outputs.tag }} - release_name: ${{ steps.get-tag-step.outputs.tag }} - draft: false - prerelease: false - update-dependent-repositories: - strategy: - matrix: - repository: - - sdk-sriov - - sdk-vpp - - cmd-nse-istio-proxy - name: Update ${{ matrix.repository }} - needs: create-release - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }} - steps: - - name: Get tag - run: | - branch=${{github.event.workflow_run.head_branch}} - echo '::set-output name=tag::'${branch#release/} - id: get-tag-step - - name: Create commit - run: | - echo "Update go.mod and go.sum to ${{ github.repository }}@${{ steps.get-tag-step.outputs.tag }}" >> /tmp/commit-message - - name: Checkout networkservicemesh/${{ matrix.repository }} - uses: actions/checkout@v2 - with: - path: networkservicemesh/${{ matrix.repository }} - repository: networkservicemesh/${{ matrix.repository }} - token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - - uses: actions/setup-go@v1 - with: - go-version: 1.18.1 - - name: Update ${{ github.repository }} locally - working-directory: networkservicemesh/${{ matrix.repository }} - run: | - GOPRIVATE=github.com/networkservicemesh go get -u github.com/${{ github.repository }}@${{ steps.get-tag-step.outputs.tag }} - go mod tidy - git diff - - name: Push update to the ${{ matrix.repository }} - working-directory: networkservicemesh/${{ matrix.repository }} - run: | - echo Starting to update repositotry ${{ matrix.repository }} - git config --global user.email "nsmbot@networkservicmesh.io" - git config --global user.name "NSMBot" - git add go.mod go.sum - git commit -s -F /tmp/commit-message - git checkout -b ${{ github.event.workflow_run.head_branch }} - git push -f origin ${{ github.event.workflow_run.head_branch }} + uses: networkservicemesh/.github/.github/workflows/release.yaml@main + with: + dependent_repositories: '["sdk-vpp", "sdk-sriov"]' + secrets: + token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} diff --git a/.github/workflows/update-dependent-repositories-gomod.yaml b/.github/workflows/update-dependent-repositories-gomod.yaml index cea1b742..ec4869d6 100644 --- a/.github/workflows/update-dependent-repositories-gomod.yaml +++ b/.github/workflows/update-dependent-repositories-gomod.yaml @@ -10,65 +10,10 @@ on: workflows: - 'automerge' jobs: - update-dependent-repositories: - continue-on-error: true - strategy: - fail-fast: false - matrix: - repository: - - sdk-sriov - - sdk-vpp - - cmd-nse-istio-proxy - name: Update ${{ matrix.repository }} - runs-on: ubuntu-latest + release: if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' || github.event_name == 'push' }} - steps: - - name: Checkout ${{ github.repository }} - uses: actions/checkout@v2 - with: - path: ${{ github.repository }} - repository: ${{ github.repository }} - token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - - name: Find merged PR - uses: jwalton/gh-find-current-pr@v1.0.2 - id: findPr - with: - sha: ${{ github.sha }} - github-token: ${{ github.token }} - - name: Create commit message - working-directory: ${{ github.repository }} - run: | - echo "Update go.mod and go.sum to latest version from ${{ github.repository }}@main" >> /tmp/commit-message - echo "PR link: https://github.com/${{ github.repository }}/pull/${{ steps.findPr.outputs.pr }}" >> /tmp/commit-message - echo "" >> /tmp/commit-message - LOG_MSG=$(git log --date=iso --pretty='format:Commit: %h%nAuthor: %an%nDate: %ad%nMessage:%n - %B%n' -1 | sed '/^$/d;$d') - for((i=2;i<=18;i+=2)); do n=$(printf '%*s' $((i+2))) m=$(printf '%*s' $i) LOG_MSG=$(echo "$LOG_MSG" | tr '\n' '|' | sed "s/${m}-/${n}-/2g" | tr '|' '\n'); done - echo "$LOG_MSG" >> /tmp/commit-message - echo "Commit Message:" - cat /tmp/commit-message - - - name: Checkout networkservicemesh/${{ matrix.repository }} - uses: actions/checkout@v2 - with: - path: networkservicemesh/${{ matrix.repository }} - repository: networkservicemesh/${{ matrix.repository }} - token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} - - uses: actions/setup-go@v1 - with: - go-version: 1.18.1 - - name: Update ${{ github.repository }} locally - working-directory: networkservicemesh/${{ matrix.repository }} - run: | - GOPRIVATE=github.com/networkservicemesh go get -u github.com/${{ github.repository }}@main - go mod tidy - git diff - - name: Push update to the ${{ matrix.repository }} - working-directory: networkservicemesh/${{ matrix.repository }} - run: | - echo Starting to update repositotry ${{ matrix.repository }} - git config --global user.email "nsmbot@networkservicmesh.io" - git config --global user.name "NSMBot" - git add go.mod go.sum - git commit -s -F /tmp/commit-message - git checkout -b update/${{ github.repository }} - git push -f origin update/${{ github.repository }} + uses: networkservicemesh/.github/.github/workflows/update-dependent-repositories-gomod.yaml@main + with: + dependent_repositories: '["sdk-vpp", "sdk-sriov"]' + secrets: + token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} From 76254290b12f6437cb54d05217f48272534ec467 Mon Sep 17 00:00:00 2001 From: Nikita Skrynnik Date: Wed, 8 Jun 2022 16:19:41 +0700 Subject: [PATCH 2/5] improve release workflow Signed-off-by: Nikita Skrynnik --- .github/workflows/release.yaml | 36 +++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1f0da617..3c38fffd 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -5,12 +5,42 @@ on: types: - completed workflows: - - 'ci' + - "ci" jobs: - release: + print-debug-info: + name: Print debug info for Release workflow + runs-on: ubuntu-latest + steps: + - uses: hmarr/debug-action@v2 + + get-tag: + name: Get tag + runs-on: ubuntu-latest if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }} + outputs: + tag: ${{ steps.get-tag-step.outputs.tag }} + steps: + - name: Get tag + run: | + branch=${{github.event.workflow_run.head_branch}} + echo '::set-output name=tag::'${branch#release/} + id: get-tag-step + + create-release: + name: Create release + needs: get-tag uses: networkservicemesh/.github/.github/workflows/release.yaml@main with: - dependent_repositories: '["sdk-vpp", "sdk-sriov"]' + tag: ${{ needs.get-tag.outputs.tag }} secrets: token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} + + release-dependent-repositories: + name: Release dependent repositories + needs: [get-tag, create-release] + uses: networkservicemesh/.github/.github/workflows/release-dependent-repositories.yaml@main + with: + tag: ${{ needs.get-tag.outputs.tag }} + dependent_repositories: '["sdk-vpp", "sdk-sriov"]' + secrets: + token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }} \ No newline at end of file From c5b09d51cde197383b4f25c83d578c7704bac33d Mon Sep 17 00:00:00 2001 From: Nikita Skrynnik Date: Wed, 8 Jun 2022 16:44:53 +0700 Subject: [PATCH 3/5] fix link Signed-off-by: Nikita Skrynnik --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index bbec0612..e9fc0932 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -43,7 +43,7 @@ jobs: uses: networkservicemesh/.github/.github/workflows/checkgomod.yaml@main gogenerate: - uses: networkservicemesh/.github/.github/workflows/gogenerate.yaml@main + uses: networkservicemesh/.github/.github/workflows/sdk-gogenerate.yaml@main exclude-replace: uses: networkservicemesh/.github/.github/workflows/exclude-replace.yaml@main From a90537233f1a50354f78073a724bbc59f6119d05 Mon Sep 17 00:00:00 2001 From: Nikita Skrynnik Date: Thu, 16 Jun 2022 01:34:53 +0700 Subject: [PATCH 4/5] replace build-and-test job Signed-off-by: Nikita Skrynnik --- .github/workflows/ci.yaml | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e9fc0932..6defdd88 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -10,23 +10,7 @@ jobs: uses: networkservicemesh/.github/.github/workflows/yamllint.yaml@main build-and-test: - name: build and test - runs-on: ${{ matrix.os }} - strategy: - matrix: - # tests need to be run as root (with sudo), windows doesn't support it - os: [ubuntu-latest, macos-latest] - steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Setup Go - uses: actions/setup-go@v1 - with: - go-version: 1.18.1 - - name: Build - run: go build -race ./... - - name: Test - run: sudo -E PATH="$PATH" bash -c "go test -race ./..." + uses: networkservicemesh/.github/.github/workflows/build-and-test.yaml@main golangci-lint: uses: networkservicemesh/.github/.github/workflows/golangci-lint.yaml@main From 186fcf1aa05042e6586fa4422bce09e6e067b315 Mon Sep 17 00:00:00 2001 From: Nikita Skrynnik Date: Thu, 16 Jun 2022 01:41:04 +0700 Subject: [PATCH 5/5] fix job Signed-off-by: Nikita Skrynnik --- .github/workflows/ci.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6defdd88..68d283aa 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -11,6 +11,8 @@ jobs: build-and-test: uses: networkservicemesh/.github/.github/workflows/build-and-test.yaml@main + with: + os: '["ubuntu-latest", "macos-latest"]' golangci-lint: uses: networkservicemesh/.github/.github/workflows/golangci-lint.yaml@main