Merge pull request #556 from jetstack/step1-makefile-modules

🔥 Migrating to Makefile Modules ALL AT ONCE 🔥

Author: maelvls

.github/actions/repo_access/action.yaml

@@ -0,0 +1,32 @@
+name: 'Setup repo access'
+description: 'Setups authenticate to GitHub repos'
+inputs:
+  DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB:
+    required: true
+    description: "DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB secret"
+outputs: {}
+runs:
+  using: "composite"
+  steps:
+    - name: Configure jetstack/venafi-connection-lib repo pull access
+      shell: bash
+      run: |
+        mkdir ~/.ssh
+        chmod 700 ~/.ssh
+        
+        echo "${{ inputs.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
+        chmod 600 ~/.ssh/venafi_connection_lib_id
+
+        cat <<EOT >> ~/.ssh/config          
+        Host venafi-connection-lib.github.com
+        HostName github.com
+        IdentityFile ~/.ssh/venafi_connection_lib_id
+        IdentitiesOnly yes
+        EOT
+        
+        cat <<EOT >> ~/.gitconfig
+        [url "[email protected]:jetstack/venafi-connection-lib"]
+          insteadOf = https://github.com/jetstack/venafi-connection-lib
+        EOT
+
+        echo "GOPRIVATE=github.com/jetstack/venafi-connection-lib" >> $GITHUB_ENV

.github/dependabot.yaml

@@ -1,3 +1,7 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/dependabot.yaml instead.
+
+# Update Go dependencies and GitHub Actions dependencies daily.
 version: 2
 updates:
 - package-ecosystem: gomod
@@ -14,10 +18,3 @@ updates:
   groups:
     all:
       patterns: ["*"]
-- package-ecosystem: docker
-  directory: /
-  schedule:
-    interval: daily
-  groups:
-    all:
-      patterns: ["*"]

.github/workflows/chart-test.yaml

@@ -0,0 +1,31 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/go/base/.github/workflows/govulncheck.yaml instead.
+
+# Run govulncheck at midnight every night on the main branch,
+# to alert us to recent vulnerabilities which affect the Go code in this
+# project.
+name: govulncheck
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 0 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - run: make verify-govulncheck

.github/workflows/govulncheck.yaml

@@ -0,0 +1,101 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml instead.
+
+name: make-self-upgrade
+concurrency: make-self-upgrade
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 0 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  self_upgrade:
+    runs-on: ubuntu-latest
+
+    if: github.repository_owner == 'cert-manager'
+
+    permissions:
+      contents: write
+      pull-requests: write
+    
+    env:
+      SOURCE_BRANCH: "${{ github.ref_name }}"
+      SELF_UPGRADE_BRANCH: "self-upgrade-${{ github.ref_name }}"
+
+    steps:
+      - name: Fail if branch is not head of branch.
+        if: ${{ !startsWith(github.ref, 'refs/heads/') && env.SOURCE_BRANCH != '' && env.SELF_UPGRADE_BRANCH != '' }}
+        run: |
+          echo "This workflow should not be run on a non-branch-head."
+          exit 1
+
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - run: |
+          git checkout -B "$SELF_UPGRADE_BRANCH"
+
+      - run: |
+          make -j upgrade-klone
+          make -j generate
+
+      - id: is-up-to-date
+        shell: bash
+        run: |
+          git_status=$(git status -s)
+          is_up_to_date="true"
+          if [ -n "$git_status" ]; then
+              is_up_to_date="false"
+              echo "The following changes will be committed:"
+              echo "$git_status"
+          fi
+          echo "result=$is_up_to_date" >> "$GITHUB_OUTPUT"
+
+      - if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
+        run: |
+          git config --global user.name "cert-manager-bot"
+          git config --global user.email "[email protected]"
+          git add -A && git commit -m "BOT: run 'make upgrade-klone' and 'make generate'" --signoff
+          git push -f origin "$SELF_UPGRADE_BRANCH"
+
+      - if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const { repo, owner } = context.repo;
+            const pulls = await github.rest.pulls.list({
+              owner: owner,
+              repo: repo,
+              head: owner + ':' + process.env.SELF_UPGRADE_BRANCH,
+              base: process.env.SOURCE_BRANCH,
+              state: 'open',
+            });
+            
+            if (pulls.data.length < 1) {
+              const result = await github.rest.pulls.create({
+                title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH,
+                owner: owner,
+                repo: repo,
+                head: process.env.SELF_UPGRADE_BRANCH,
+                base: process.env.SOURCE_BRANCH,
+                body: [
+                  'This PR is auto-generated to bump the Makefile modules.',
+                ].join('\n'),
+              });
+              await github.rest.issues.addLabels({
+                owner,
+                repo,
+                issue_number: result.data.number,
+                labels: ['skip-review']
+              });
+            }