networkservicemesh · NikitaSkrynnik · May 5, 2022 · Jun 8, 2022 · Jun 8, 2022 · Jun 8, 2022
diff --git a/.github/workflows/automerge.yaml b/.github/workflows/automerge.yaml
@@ -1,5 +1,5 @@
 ---
-name: automerge
+name: Automerge
 on:
   workflow_run:
     types:
@@ -8,23 +8,5 @@ on:
       - 'ci'
 jobs:
   automerge:
-    name: Automerge
-    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' }}
-    steps:
-      - name: Check out the code
-        uses: actions/checkout@v2
-      - name: Fetch main
-        run: |
-          git remote -v
-          git fetch --depth=1 origin main
-      - name: Only allow go.mod, go.sum, *.gen.go files
-        run: |
-          find . -type f ! -name 'go.mod' ! -name 'go.sum' -exec git diff --exit-code origin/main -- {} +
-      - name: Merge PR
-        uses: ridedott/merge-me-action@master
-        with:
-          GITHUB_LOGIN: nsmbot
-          ENABLED_FOR_MANUAL_CHANGES: true
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          MAXIMUM_RETRIES: 25
+    if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot'}}
+    uses: networkservicemesh/.github/.github/workflows/automerge.yaml@main
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -6,107 +6,11 @@ on:
     branches:
       - 'release/**'
 jobs:
-  yamllint:
-    name: yamllint
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-      - name: Setup Python
-        uses: actions/setup-python@v1
-      - name: Install yamllint
-        run: pip install --user yamllint
-      - name: Run yamllint
-        run: ~/.local/bin/yamllint -c .ci/yamllint.yml --strict .
   build-and-test:
-    name: build and test
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v2
-      - name: Setup Go
-        uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.1
-      - name: Build
-        run: go build -race  ./...
-      - name: Test
-        if: matrix.os != 'windows-latest'
-        run: sudo -E PATH="$PATH" bash -c "go test -race ./..."
-      - name: Test
-        if: matrix.os == 'windows-latest'
-        run: go test -race ./...
-  golangci-lint:
-    name: golangci-lint
-    runs-on: ubuntu-latest
-    if: github.repository != 'networkservicemesh/cmd-template'
-    steps:
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Setup Go
-        uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.1
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: v1.45.2
-  excludeFmtErrorf:
-    name: exclude fmt.Errorf
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Exclude fmt.Errorf
-        run: |
-          if grep -r --include=*.go fmt.Errorf . ; then
-           echo "Please use errors.Errorf (or errors.New or errors.Wrap or errors.Wrapf) as appropriate rather than fmt.Errorf"
-           exit 1
-          fi
+    uses: NikitaSkrynnik/.github/.github/workflows/build-and-test.yaml@cmd-workflow
+    with:
+      os: '["ubuntu-latest", "macos-latest", "windows-latest"]'
 
-  restrictNSMDeps:
-    name: Restrict dependencies on github.com/networkservicemesh/*
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Restrict dependencies on github.com/networkservicemesh/*
-        env:
-          ALLOWED_REPOSITORIES: "sdk, api, sdk-kernel"
-        run: |
-          for i in $(grep github.com/networkservicemesh/ go.mod | grep -v '^module' | sed 's;.*\(github.com\/networkservicemesh\/[^ ]*\).*;\1;g');do
-            if ! [ "$(echo ${ALLOWED_REPOSITORIES} | grep ${i#github.com/networkservicemesh/})" ]; then
-              echo Dependency on "${i}" is forbidden
-              exit 1
-            fi
-          done
-
-  checkgomod:
-    name: check go.mod and go.sum
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.1
-      - run: go mod tidy
-      - name: Check for changes in go.mod or go.sum
-        run: |
-          git diff --name-only --exit-code go.mod || ( echo "Run go tidy" && false )
-          git diff --name-only --exit-code go.sum || ( echo "Run go tidy" && false )
-  excludereplace:
-    name: Exclude replace in go.mod
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out the code
-        uses: actions/checkout@v2
-      - name: Exclude replace in go.mod
-        run: |
-          grep -v 'replace github.com/satori/go.uuid' go.mod | grep ^replace || exit 0
-          exit 1
   captureRunEnv:
     name: Capture CI Run Env
     runs-on: ubuntu-latest

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -4,7 +4,7 @@
 #
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
-name: "CodeQL"
+name: CodeQL
 
 on:
   push:
@@ -17,56 +17,4 @@ on:
 
 jobs:
   analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        # Override automatic language detection by changing the below list
-        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
-        language: ['go']
-        # Learn more...
-        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-        with:
-          # We must fetch at least the immediate parents so that if this is
-          # a pull request then we can checkout the head.
-          fetch-depth: 2
-
-      # If this run was triggered by a pull request event, then checkout
-      # the head of the pull request instead of the merge commit.
-      - run: git checkout HEAD^2
-        if: ${{ github.event_name == 'pull_request' }}
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
-        with:
-          languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
-          # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
-
-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 https://git.io/JvXDl
-
-      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-      #    and modify them (or add more) to build your code if your project
-      #    uses a compiled language
-
-      # - run: |
-      #    make bootstrap
-      #    make release
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+    uses: networkservicemesh/.github/.github/workflows/codeql-analysis.yaml@main
diff --git a/.github/workflows/pr-for-updates.yaml b/.github/workflows/pr-for-updates.yaml
@@ -6,20 +6,6 @@ on:
       - update/**
 jobs:
   auto-pull-request:
-    name: Pull Request on update/* Branch Push
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Construct PR message
-        run: |
-          PULL_REQUEST_BODY=$(git log --pretty='format:%B' -1 | sed '/^$/d;$d' | sed 's/#/# /g')
-          echo "$PULL_REQUEST_BODY"
-          echo "PULL_REQUEST_BODY<<EOF" >> $GITHUB_ENV
-          echo "$PULL_REQUEST_BODY" >> $GITHUB_ENV
-          echo "EOF" >> $GITHUB_ENV
-      - name: pull-request-action
-        uses: vsoch/pull-request-action@1.0.12
-        env:
-          GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-          BRANCH_PREFIX: "update/"
-          PULL_REQUEST_BRANCH: "main"
+    uses: networkservicemesh/.github/.github/workflows/pr-for-updates.yaml@main
+    secrets:
+      token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -12,80 +12,42 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: hmarr/debug-action@v2
-  create-release:
-    name: Create release
-    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-        with:
-          ref: refs/heads/${{github.event.workflow_run.head_branch}}
-      - name: Get tag
-        run: |
-          branch=${{github.event.workflow_run.head_branch}}
-          echo '::set-output name=tag::'${branch#release/}
-        id: get-tag-step
-      - name: Push tag ${{ steps.get-tag-step.outputs.tag }}
-        run: |
-          git status
-          git tag ${{ steps.get-tag-step.outputs.tag }}
-          git push origin ${{ steps.get-tag-step.outputs.tag }} -f
-      - name: Create release ${{ steps.get-tag-step.outputs.tag }}
-        uses: actions/create-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-        with:
-          tag_name: refs/tags/${{ steps.get-tag-step.outputs.tag }}
-          release_name: ${{ steps.get-tag-step.outputs.tag }}
-          draft: false
-          prerelease: false
-  update-dependent-repositories:
-    strategy:
-      matrix:
-        repository:
-          - cmd-forwarder-vpp
-          - cmd-nsc-vpp
-          - cmd-nse-icmp-responder-vpp
-          - cmd-nse-vlan-vpp
-          - cmd-nse-firewall-vpp
-          - cmd-nse-vl3-vpp
-          - cmd-nse-simple-vl3-docker
-    name: Update ${{ matrix.repository }}
-    needs: create-release
+
+  get-tag:
+    name: Get tag
     runs-on: ubuntu-latest
     if: ${{ github.event.workflow_run.conclusion == 'success' && contains(github.event.workflow_run.head_branch, 'release/') }}
+    outputs:
+      tag: ${{ steps.get-tag-step.outputs.tag }}
     steps:
       - name: Get tag
         run: |
           branch=${{github.event.workflow_run.head_branch}}
           echo '::set-output name=tag::'${branch#release/}
         id: get-tag-step
-      - name: Create commit
-        run: |
-          echo "Update go.mod and go.sum to ${{ github.repository }}@${{ steps.get-tag-step.outputs.tag }}" >> /tmp/commit-message
-      - name: Checkout networkservicemesh/${{ matrix.repository }}
-        uses: actions/checkout@v2
-        with:
-          path: networkservicemesh/${{ matrix.repository }}
-          repository: networkservicemesh/${{ matrix.repository }}
-          token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-      - uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.1
-      - name: Update ${{ github.repository }} locally
-        working-directory: networkservicemesh/${{ matrix.repository }}
-        run: |
-          GOPRIVATE=github.com/networkservicemesh go get -u github.com/${{ github.repository }}@${{ steps.get-tag-step.outputs.tag }}
-          go mod tidy
-          git diff
-      - name: Push update to the ${{ matrix.repository }}
-        working-directory: networkservicemesh/${{ matrix.repository }}
-        run: |
-          echo Starting to update repositotry ${{ matrix.repository }}
-          git config --global user.email "nsmbot@networkservicmesh.io"
-          git config --global user.name "NSMBot"
-          git add go.mod go.sum
-          git commit -s -F /tmp/commit-message
-          git checkout -b ${{ github.event.workflow_run.head_branch }}
-          git push -f origin ${{ github.event.workflow_run.head_branch }}
+
+  create-release:
+    name: Create release
+    needs: get-tag
+    uses: networkservicemesh/.github/.github/workflows/release.yaml@main
+    with:
+      tag: ${{ needs.get-tag.outputs.tag }}
+    secrets:
+      token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
+
+  release-dependent-repositories:
+    name: Release dependent repositories
+    needs: [get-tag, create-release]
+    uses: networkservicemesh/.github/.github/workflows/release-dependent-repositories.yaml@main
+    with:
+      tag: ${{ needs.get-tag.outputs.tag }}
+      dependent_repositories: |
+        ["cmd-forwarder-vpp",
+        "cmd-nsc-vpp",
+        "cmd-nse-icmp-responder-vpp",
+        "cmd-nse-vlan-vpp",
+        "cmd-nse-firewall-vpp",
+        "cmd-nse-vl3-vpp",
+        "cmd-nse-simple-vl3-docker"]
+    secrets:
+      token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}