Merge pull request #148 from NikitaSkrynnik/reusable-workflows

Reusable workflows
networkservicemesh · Jun 16, 2022 · 7fecfe4 · 7fecfe4
2 parents f258186 + 6e0ef1c
commit 7fecfe4
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 325 deletions.
diff --git a/.github/workflows/automerge.yaml b/.github/workflows/automerge.yaml
@@ -1,5 +1,5 @@
 ---
-name: automerge
+name: Automerge
 on:
   workflow_run:
     types:
@@ -8,23 +8,5 @@ on:
       - 'ci'
 jobs:
   automerge:
-    name: Automerge
-    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' }}
-    steps:
-      - name: Check out the code
-        uses: actions/checkout@v2
-      - name: Fetch main
-        run: |
-          git remote -v
-          git fetch --depth=1 origin main
-      - name: Only allow go.mod, go.sum, *.gen.go files
-        run: |
-          find . -type f ! -name 'go.mod' ! -name 'go.sum' -exec git diff --exit-code origin/main -- {} +
-      - name: Merge PR
-        uses: ridedott/merge-me-action@master
-        with:
-          GITHUB_LOGIN: nsmbot
-          ENABLED_FOR_MANUAL_CHANGES: true
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          MAXIMUM_RETRIES: 25
+    if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot'}}
+    uses: networkservicemesh/.github/.github/workflows/automerge.yaml@main
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -7,121 +7,29 @@ on:
       - "release/**"
 jobs:
   yamllint:
-    name: yamllint
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-      - name: yaml-lint
-        uses: ibiqlik/action-yamllint@v1
-        with:
-          config_file: .ci/yamllint.yml
-          strict: true
+    uses: networkservicemesh/.github/.github/workflows/yamllint.yaml@main
+
   build-and-test:
-    name: build and test
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v2
-      - name: Setup Go
-        uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.1
-      - name: Build
-        run: go build -race ./...
-      - name: Test
-        run: go test -race ./...
+    uses: networkservicemesh/.github/.github/workflows/build-and-test.yaml@main
+    with:
+      os: '["ubuntu-latest", "macos-latest", "windows-latest"]'
+
   golangci-lint:
-    name: golangci-lint
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Setup Go
-        uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.1
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: v1.45.2
-  excludeFmtErrorf:
-    name: exclude fmt.Errorf
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Exclude fmt.Errorf
-        run: |
-          if grep -r --include=*.go --exclude=*.pb.go fmt.Errorf . ; then
-           echo "Please use errors.Errorf (or errors.New or errors.Wrap or errors.Wrapf) as appropriate rather than fmt.Errorf"
-           exit 1
-          fi
+    uses: networkservicemesh/.github/.github/workflows/golangci-lint.yaml@main
 
-  restrictNSMDeps:
-    name: Restrict dependencies on github.com/networkservicemesh/*
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Restrict dependencies on github.com/networkservicemesh/*
-        env:
-          ALLOWED_REPOSITORIES: "sdk, api, sdk-sriov, sdk-kernel"
-        run: |
-          for i in $(grep github.com/networkservicemesh/ go.mod | grep -v '^module' | sed 's;.*\(github.com\/networkservicemesh\/[^ ]*\).*;\1;g');do
-            if ! [ "$(echo ${ALLOWED_REPOSITORIES} | grep ${i#github.com/networkservicemesh/})" ]; then
-              echo Dependency on "${i}" is forbidden
-              exit 1
-            fi
-          done
+  exclude-fmt-errorf:
+    uses: networkservicemesh/.github/.github/workflows/exclude-fmt-errorf.yaml@main
+
+  restrict-nsm-deps:
+    uses: networkservicemesh/.github/.github/workflows/restrict-nsm-deps.yaml@main
+    with:
+      allowed_repositories: "api, sdk, sdk-sriov, sdk-kernel"
 
   checkgomod:
-    name: check go.mod and go.sum
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.1
-      - run: go mod tidy
-      - name: Check for changes in go.mod or go.sum
-        run: |
-          git diff --name-only --exit-code go.mod || ( echo "Run go tidy" && false )
-          git diff --name-only --exit-code go.sum || ( echo "Run go tidy" && false )
+    uses: networkservicemesh/.github/.github/workflows/checkgomod.yaml@main
 
   gogenerate:
-    name: Check generated files
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: arduino/setup-protoc@master
-        with:
-          version: "3.8.0"
-      - uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.1
-      - name: Install proto-gen-go
-        run: go install github.com/golang/protobuf/protoc-gen-go@v1.4.2
-      - name: Install go-syncmap
-        run: go install github.com/searKing/golang/tools/cmd/go-syncmap@v1.1.68
-      - name: Generate files
-        run: go generate ./...
-      - name: Check for changes in generated code
-        run: |
-          if [[ $(git diff -- '*.gen.go') ]]; then
-            echo "Run go generate ./..." locally and commit changes
-            exit 1
-          fi
-  excludereplace:
-    name: Exclude Replace in go.mod
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out the code
-        uses: actions/checkout@v2
-      - name: Exclude replace in go.mod
-        run: |
-          grep ^replace go.mod || exit 0
-          exit 1
+    uses: networkservicemesh/.github/.github/workflows/sdk-gogenerate.yaml@main
+
+  exclude-replace:
+    uses: networkservicemesh/.github/.github/workflows/exclude-replace.yaml@main
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -4,7 +4,7 @@
 #
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
-name: "CodeQL"
+name: CodeQL
 
 on:
   push:
@@ -17,56 +17,4 @@ on:
 
 jobs:
   analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        # Override automatic language detection by changing the below list
-        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
-        language: ['go']
-        # Learn more...
-        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-        with:
-          # We must fetch at least the immediate parents so that if this is
-          # a pull request then we can checkout the head.
-          fetch-depth: 2
-
-      # If this run was triggered by a pull request event, then checkout
-      # the head of the pull request instead of the merge commit.
-      - run: git checkout HEAD^2
-        if: ${{ github.event_name == 'pull_request' }}
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
-        with:
-          languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
-          # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
-
-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 https://git.io/JvXDl
-
-      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-      #    and modify them (or add more) to build your code if your project
-      #    uses a compiled language
-
-      # - run: |
-      #    make bootstrap
-      #    make release
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+    uses: networkservicemesh/.github/.github/workflows/codeql-analysis.yaml@main
diff --git a/.github/workflows/pr-for-updates.yaml b/.github/workflows/pr-for-updates.yaml
@@ -6,20 +6,6 @@ on:
       - update/**
 jobs:
   auto-pull-request:
-    name: Pull Request on update/* Branch Push
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Construct PR message
-        run: |
-          PULL_REQUEST_BODY=$(git log --pretty='format:%B' -1 | sed '/^$/d;$d' | sed 's/#/# /g')
-          echo "$PULL_REQUEST_BODY"
-          echo "PULL_REQUEST_BODY<<EOF" >> $GITHUB_ENV
-          echo "$PULL_REQUEST_BODY" >> $GITHUB_ENV
-          echo "EOF" >> $GITHUB_ENV
-      - name: pull-request-action
-        uses: vsoch/pull-request-action@1.0.12
-        env:
-          GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-          BRANCH_PREFIX: "update/"
-          PULL_REQUEST_BRANCH: "main"
+    uses: networkservicemesh/.github/.github/workflows/pr-for-updates.yaml@main
+    secrets:
+      token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -5,81 +5,42 @@ on:
     types:
       - completed
     workflows:
-      - 'ci'
+      - "ci"
 jobs:
   print-debug-info:
     name: Print debug info for Release workflow
     runs-on: ubuntu-latest
     steps:
       - uses: hmarr/debug-action@v2
-  create-release:
-    name: Create release
-    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-        with:
-          ref: refs/heads/${{github.event.workflow_run.head_branch}}
-      - name: Get tag
-        run: |
-          branch=${{github.event.workflow_run.head_branch}}
-          echo '::set-output name=tag::'${branch#release/}
-        id: get-tag-step
-      - name: Push tag ${{ steps.get-tag-step.outputs.tag }}
-        run: |
-          git status
-          git tag ${{ steps.get-tag-step.outputs.tag }}
-          git push origin ${{ steps.get-tag-step.outputs.tag }} -f
-      - name: Create release ${{ steps.get-tag-step.outputs.tag }}
-        uses: actions/create-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-        with:
-          tag_name: refs/tags/${{ steps.get-tag-step.outputs.tag }}
-          release_name: ${{ steps.get-tag-step.outputs.tag }}
-          draft: false
-          prerelease: false
-  update-dependent-repositories:
-    strategy:
-      matrix:
-        repository:
-          - cmd-forwarder-ovs
-    name: Update ${{ matrix.repository }}
-    needs: create-release
+
+  get-tag:
+    name: Get tag
     runs-on: ubuntu-latest
     if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }}
+    outputs:
+      tag: ${{ steps.get-tag-step.outputs.tag }}
     steps:
       - name: Get tag
         run: |
           branch=${{github.event.workflow_run.head_branch}}
           echo '::set-output name=tag::'${branch#release/}
         id: get-tag-step
-      - name: Create commit
-        run: |
-          echo "Update go.mod and go.sum to ${{ github.repository }}@${{ steps.get-tag-step.outputs.tag }}" >> /tmp/commit-message
-      - name: Checkout networkservicemesh/${{ matrix.repository }}
-        uses: actions/checkout@v2
-        with:
-          path: networkservicemesh/${{ matrix.repository }}
-          repository: networkservicemesh/${{ matrix.repository }}
-          token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-      - uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.1
-      - name: Update ${{ github.repository }} locally
-        working-directory: networkservicemesh/${{ matrix.repository }}
-        run: |
-          GOPRIVATE=github.com/networkservicemesh go get -u github.com/${{ github.repository }}@${{ steps.get-tag-step.outputs.tag }}
-          go mod tidy
-          git diff
-      - name: Push update to the ${{ matrix.repository }}
-        working-directory: networkservicemesh/${{ matrix.repository }}
-        run: |
-          echo Starting to update repositotry ${{ matrix.repository }}
-          git config --global user.email "nsmbot@networkservicmesh.io"
-          git config --global user.name "NSMBot"
-          git add go.mod go.sum
-          git commit -s -F /tmp/commit-message
-          git checkout -b ${{ github.event.workflow_run.head_branch }}
-          git push -f origin ${{ github.event.workflow_run.head_branch }}
+
+  create-release:
+    name: Create release
+    needs: get-tag
+    uses: networkservicemesh/.github/.github/workflows/release.yaml@main
+    with:
+      tag: ${{ needs.get-tag.outputs.tag }}
+    secrets:
+      token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
+
+  release-dependent-repositories:
+    name: Release dependent repositories
+    needs: [get-tag, create-release]
+    uses: networkservicemesh/.github/.github/workflows/release-dependent-repositories.yaml@main
+    with:
+      tag: ${{ needs.get-tag.outputs.tag }}
+      dependent_repositories: '["cmd-forwarder-ovs"]'
+    secrets:
+      token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}