From c03b7db669d03d631393a70f3989428e83b9455d Mon Sep 17 00:00:00 2001 From: Noel Georgi Date: Wed, 9 Apr 2025 19:46:19 +0530 Subject: [PATCH] feat: use kres to manage github actions Use kres to manage GitHub actions. Signed-off-by: Noel Georgi --- .conform.yaml | 17 +- .drone.yml | 188 --------------------- .github/renovate.json | 24 +++ .github/workflows/ci.yaml | 253 ++++++++++++++++++++++++++++ .github/workflows/slack-notify.yaml | 92 ++++++++++ .kres.yaml | 101 +++++++++++ Makefile | 12 +- hack/boilerplate.go.txt | 3 - 8 files changed, 492 insertions(+), 198 deletions(-) delete mode 100644 .drone.yml create mode 100644 .github/renovate.json create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/slack-notify.yaml create mode 100644 .kres.yaml delete mode 100644 hack/boilerplate.go.txt diff --git a/.conform.yaml b/.conform.yaml index 213e0d4..304a295 100644 --- a/.conform.yaml +++ b/.conform.yaml @@ -1,3 +1,7 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2025-04-09T14:21:53Z by kres d903dae. + policies: - type: commit spec: @@ -25,15 +29,22 @@ policies: - style - test - release - scopes: [".*"] + scopes: + - .* - type: license spec: skipPaths: - .git/ + - testdata/ includeSuffixes: - .go - excludeSuffixes: [] - allowPrecedingComments: true + excludeSuffixes: + - .pb.go + - _string.go + - _enumer.go + - _string_linux.go + - zz_generated.conversion.go + - zz_generated.deepcopy.go header: | // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 63d2117..0000000 --- a/.drone.yml +++ /dev/null @@ -1,188 +0,0 @@ ---- -kind: pipeline -type: kubernetes -name: default - -services: - - name: docker - image: docker:25.0.2-dind - entrypoint: [dockerd] - privileged: true - volumes: - - name: docker-socket - path: /var/run - -steps: - - name: setup-ci - image: autonomy/build-container:latest - commands: - - setup-ci - privileged: true - volumes: - - name: docker-socket - path: /var/run - - name: outerdockersock - path: /var/outer-run - - name: docker - path: /root/.docker/buildx - - - name: build-pull-request - image: autonomy/build-container:latest - pull: always - environment: - PLATFORM: linux/amd64,linux/arm64 - commands: - - make - - make check-dirty - when: - event: - include: - - pull_request - volumes: - - name: docker-socket - path: /var/run - - name: outerdockersock - path: /var/outer-run - - name: docker - path: /root/.docker/buildx - - - name: test-pull-request - image: autonomy/build-container:latest - pull: always - environment: - PLATFORM: linux/amd64 - INTEGRATION_SKIP_CLEANUP: 1 # make things a bit faster - commands: - - make env-up - - make release-manifests - - make test - when: - event: - include: - - pull_request - volumes: - - name: docker-socket - path: /var/run - - name: outerdockersock - path: /var/outer-run - - name: docker - path: /root/.docker/buildx - - - name: coverage - image: autonomy/build-container:latest - pull: always - commands: - - make coverage - environment: - CODECOV_TOKEN: - from_secret: CODECOV_TOKEN - when: - event: - include: - - pull_request - volumes: - - name: docker-socket - path: /var/run - - name: outerdockersock - path: /var/outer-run - - name: docker - path: /root/.docker/buildx - - - name: build-and-publish - image: autonomy/build-container:latest - pull: always - environment: - GHCR_USERNAME: - from_secret: ghcr_username - GHCR_PASSWORD: - from_secret: ghcr_token - PLATFORM: linux/amd64,linux/arm64 - commands: - - docker login --username "$${GHCR_USERNAME}" --password "$${GHCR_PASSWORD}" ghcr.io - - make PUSH=true - when: - event: - exclude: - - pull_request - volumes: - - name: docker-socket - path: /var/run - - name: outerdockersock - path: /var/outer-run - - name: docker - path: /root/.docker/buildx - - - name: build-release - image: autonomy/build-container:latest - pull: always - commands: - - make release - - make check-dirty - when: - event: - - tag - volumes: - - name: docker-socket - path: /var/run - - name: outerdockersock - path: /var/outer-run - - name: docker - path: /root/.docker/buildx - - - name: release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - checksum: - - sha256 - - sha512 - draft: true - files: - - _out/bootstrap-talos/*/* - note: _out/RELEASE_NOTES.md - when: - event: - - tag - -volumes: - - name: docker-socket - temp: {} - - name: outerdockersock - host: - path: /var/ci-docker - - name: docker - temp: {} ---- -kind: pipeline -type: kubernetes -name: notify - -clone: - disable: true - -steps: - - name: slack - image: plugins/slack - settings: - webhook: - from_secret: slack_webhook - channel: proj-talos-maintainers - when: - status: - - success - - failure - -trigger: - status: - - success - - failure - -depends_on: - - default - ---- -kind: signature -hmac: 5c1bc5de4536d2687cad4a32a3f244af6480bd306265dd11e146e1e0769f15a1 - -... diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..724fdc5 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,24 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "description": "THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.", + "prHeader": "Update Request | Renovate Bot", + "extends": [ + ":dependencyDashboard", + ":gitSignOff", + ":semanticCommitScopeDisabled", + "schedule:earlyMondays" + ], + "packageRules": [ + { + "groupName": "dependencies", + "matchUpdateTypes": [ + "major", + "minor", + "patch", + "pin", + "digest" + ] + } + ], + "separateMajorMinor": false +} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..65e68a7 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,253 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2025-04-09T14:20:29Z by kres d903dae. + +name: default +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + push: + branches: + - main + - release-* + tags: + - v* + pull_request: + branches: + - main + - release-* +jobs: + default: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && github.event_name == 'pull_request' + steps: + - name: gather-system-info + id: system-info + uses: kenchan0130/actions-system-info@v1.3.0 + continue-on-error: true + - name: print-system-info + run: | + MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024)) + + OUTPUTS=( + "CPU Core: ${{ steps.system-info.outputs.cpu-core }}" + "CPU Model: ${{ steps.system-info.outputs.cpu-model }}" + "Hostname: ${{ steps.system-info.outputs.hostname }}" + "NodeName: ${NODE_NAME}" + "Kernel release: ${{ steps.system-info.outputs.kernel-release }}" + "Kernel version: ${{ steps.system-info.outputs.kernel-version }}" + "Name: ${{ steps.system-info.outputs.name }}" + "Platform: ${{ steps.system-info.outputs.platform }}" + "Release: ${{ steps.system-info.outputs.release }}" + "Total memory: ${MEMORY_GB} GB" + ) + + for OUTPUT in "${OUTPUTS[@]}";do + echo "${OUTPUT}" + done + continue-on-error: true + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Mask secrets + run: | + echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: all + env: + PLATFORM: linux/amd64,linux/arm64 + run: | + make all + - name: check-dirty + run: | + make check-dirty + - name: env-up + env: + INTEGRATION_SKIP_CLEANUP: "1" + run: | + make env-up + - name: release-manifests + env: + INTEGRATION_SKIP_CLEANUP: "1" + run: | + make release-manifests + - name: test + env: + INTEGRATION_SKIP_CLEANUP: "1" + run: | + make test + - name: coverage + run: | + make coverage + - name: coverage + uses: codecov/codecov-action@v5 + with: + files: _out/coverage.txt + token: ${{ secrets.CODECOV_TOKEN }} + timeout-minutes: 3 + push: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && github.event_name != 'pull_request' && !startsWith(github.ref, 'refs/tags/') + steps: + - name: gather-system-info + id: system-info + uses: kenchan0130/actions-system-info@v1.3.0 + continue-on-error: true + - name: print-system-info + run: | + MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024)) + + OUTPUTS=( + "CPU Core: ${{ steps.system-info.outputs.cpu-core }}" + "CPU Model: ${{ steps.system-info.outputs.cpu-model }}" + "Hostname: ${{ steps.system-info.outputs.hostname }}" + "NodeName: ${NODE_NAME}" + "Kernel release: ${{ steps.system-info.outputs.kernel-release }}" + "Kernel version: ${{ steps.system-info.outputs.kernel-version }}" + "Name: ${{ steps.system-info.outputs.name }}" + "Platform: ${{ steps.system-info.outputs.platform }}" + "Release: ${{ steps.system-info.outputs.release }}" + "Total memory: ${MEMORY_GB} GB" + ) + + for OUTPUT in "${OUTPUTS[@]}";do + echo "${OUTPUT}" + done + continue-on-error: true + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: login-to-registry + uses: docker/login-action@v3 + with: + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + username: ${{ github.repository_owner }} + - name: push + env: + PLATFORM: linux/amd64,linux/arm64 + PUSH: "true" + run: | + make all + tag: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && startsWith(github.ref, 'refs/tags/') + steps: + - name: gather-system-info + id: system-info + uses: kenchan0130/actions-system-info@v1.3.0 + continue-on-error: true + - name: print-system-info + run: | + MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024)) + + OUTPUTS=( + "CPU Core: ${{ steps.system-info.outputs.cpu-core }}" + "CPU Model: ${{ steps.system-info.outputs.cpu-model }}" + "Hostname: ${{ steps.system-info.outputs.hostname }}" + "NodeName: ${NODE_NAME}" + "Kernel release: ${{ steps.system-info.outputs.kernel-release }}" + "Kernel version: ${{ steps.system-info.outputs.kernel-version }}" + "Name: ${{ steps.system-info.outputs.name }}" + "Platform: ${{ steps.system-info.outputs.platform }}" + "Release: ${{ steps.system-info.outputs.release }}" + "Total memory: ${MEMORY_GB} GB" + ) + + for OUTPUT in "${OUTPUTS[@]}";do + echo "${OUTPUT}" + done + continue-on-error: true + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Mask secrets + run: | + echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: release + run: | + make release + - name: check-dirty + run: | + make check-dirty + - name: login-to-registry + uses: docker/login-action@v3 + with: + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + username: ${{ github.repository_owner }} + - name: push + env: + PUSH: "true" + run: | + make all + - name: Generate Checksums + run: | + cd _out + sha256sum bootstrap-talos/*/* > sha256sum.txt + sha512sum bootstrap-talos/*/* > sha512sum.txt + - name: release + uses: crazy-max/ghaction-github-release@v2 + with: + body_path: _out/RELEASE_NOTES.md + draft: "true" + files: |- + _out/bootstrap-talos/*/* + _out/sha*.txt diff --git a/.github/workflows/slack-notify.yaml b/.github/workflows/slack-notify.yaml new file mode 100644 index 0000000..5b7ad7b --- /dev/null +++ b/.github/workflows/slack-notify.yaml @@ -0,0 +1,92 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2025-04-09T14:15:15Z by kres d903dae. + +name: slack-notify +"on": + workflow_run: + workflows: + - default + types: + - completed +jobs: + slack-notify: + runs-on: + - self-hosted + - generic + if: github.event.workflow_run.conclusion != 'skipped' + steps: + - name: Get PR number + id: get-pr-number + if: github.event.workflow_run.event == 'pull_request' + env: + GH_TOKEN: ${{ github.token }} + run: | + echo pull_request_number=$(gh pr view -R ${{ github.repository }} ${{ github.event.workflow_run.head_repository.owner.login }}:${{ github.event.workflow_run.head_branch }} --json number --jq .number) >> $GITHUB_OUTPUT + - name: Slack Notify + uses: slackapi/slack-github-action@v2 + with: + method: chat.postMessage + payload: | + { + "channel": "proj-talos-maintainers", + "attachments": [ + { + "color": "${{ github.event.workflow_run.conclusion == 'success' && '#2EB886' || github.event.workflow_run.conclusion == 'failure' && '#A30002' || '#FFCC00' }}", + "fallback": "test", + "blocks": [ + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "${{ github.event.workflow_run.event == 'pull_request' && format('*Pull Request:* {0} (`{1}`)\n<{2}/pull/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, steps.get-pr-number.outputs.pull_request_number, github.event.workflow_run.display_title) || format('*Build:* {0} (`{1}`)\n<{2}/commit/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, github.sha, github.event.workflow_run.display_title) }}" + }, + { + "type": "mrkdwn", + "text": "*Status:*\n`${{ github.event.workflow_run.conclusion }}`" + } + ] + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Author:*\n`${{ github.actor }}`" + }, + { + "type": "mrkdwn", + "text": "*Event:*\n`${{ github.event.workflow_run.event }}`" + } + ] + }, + { + "type": "divider" + }, + { + "type": "actions", + "elements": [ + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Logs" + }, + "url": "${{ github.event.workflow_run.html_url }}" + }, + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Commit" + }, + "url": "${{ github.event.repository.html_url }}/commit/${{ github.sha }}" + } + ] + } + ] + } + ] + } + token: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/.kres.yaml b/.kres.yaml new file mode 100644 index 0000000..a5c0fcc --- /dev/null +++ b/.kres.yaml @@ -0,0 +1,101 @@ +--- +kind: auto.CI +spec: + compileGHWorkflowsOnly: true +--- +kind: common.Repository +spec: + licenseChecks: + - skipPaths: + - .git/ + - testdata/ + includeSuffixes: + - .go + excludeSuffixes: + - .pb.go + - _string.go + - _enumer.go + - _string_linux.go + - zz_generated.conversion.go + - zz_generated.deepcopy.go + header: | + // This Source Code Form is subject to the terms of the Mozilla Public + // License, v. 2.0. If a copy of the MPL was not distributed with this + // file, You can obtain one at http://mozilla.org/MPL/2.0/. +--- +kind: common.GHWorkflow +spec: + jobs: + - name: default + sops: true + buildxOptions: + enabled: true + runners: + - self-hosted + - generic + conditions: + - on-pull-request + steps: + - name: all + environment: + PLATFORM: linux/amd64,linux/arm64 + - name: check-dirty + - name: env-up + environment: + INTEGRATION_SKIP_CLEANUP: 1 # make things a bit faster + - name: release-manifests + environment: + INTEGRATION_SKIP_CLEANUP: 1 # make things a bit faster + - name: test + environment: + INTEGRATION_SKIP_CLEANUP: 1 # make things a bit faster + - name: coverage + - name: coverage + coverageStep: + files: + - _out/coverage.txt + timeoutMinutes: 3 + - name: push + buildxOptions: + enabled: true + runners: + - self-hosted + - generic + conditions: + - except-pull-request + - not-on-tag + steps: + - name: login-to-registry + registryLoginStep: + registry: ghcr.io + - name: push + command: all + environment: + PLATFORM: linux/amd64,linux/arm64 + PUSH: true + - name: tag + sops: true + buildxOptions: + enabled: true + runners: + - self-hosted + - generic + conditions: + - only-on-tag + steps: + - name: release + - name: check-dirty + - name: login-to-registry + registryLoginStep: + registry: ghcr.io + - name: push + command: all + environment: + PUSH: true + - name: release + releaseStep: + baseDirectory: _out + artifacts: + - bootstrap-talos/*/* + generateChecksums: true + releaseNotes: RELEASE_NOTES.md diff --git a/Makefile b/Makefile index 8adb7d1..190b755 100644 --- a/Makefile +++ b/Makefile @@ -14,6 +14,8 @@ PKGS ?= v1.9.0 TALOS_VERSION ?= v1.9.0 K8S_VERSION ?= 1.31.4 +KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest + CONTROLLER_GEN_VERSION ?= v0.16.2 CONVERSION_GEN_VERSION ?= v0.31.3 @@ -134,10 +136,7 @@ conformance: ## Performs policy checks against the commit and source code. # Make `make test` behave just like `go test` regarding relative paths. test: ## Run tests. @$(MAKE) local-integration-test DEST=./internal/integration PLATFORM=linux/amd64 - cd internal/integration && KUBECONFIG=../../kubeconfig ./integration.test -test.v -test.coverprofile=../../coverage.txt -test.run $(TEST_RUN) - -coverage: ## Upload coverage data to codecov.io. - /usr/local/bin/codecov -f coverage.txt -X fix + cd internal/integration && KUBECONFIG=../../kubeconfig ./integration.test -test.v -test.coverprofile=../../_out/coverage.txt -test.run $(TEST_RUN) talosctl: curl -Lo talosctl https://github.com/siderolabs/talos/releases/download/$(TALOS_VERSION)/talosctl-$(shell uname -s | tr "[:upper:]" "[:lower:]")-amd64 @@ -160,3 +159,8 @@ env-down: talosctl ## Stop development environment. --talosconfig=talosconfig \ --name=cabpt-env rm -f talosconfig kubeconfig + +.PHONY: rekres +rekres: + @docker pull $(KRES_IMAGE) + @docker run --rm --net=host --user $(shell id -u):$(shell id -g) -v $(PWD):/src -w /src -e GITHUB_TOKEN $(KRES_IMAGE) diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt deleted file mode 100644 index 66e0819..0000000 --- a/hack/boilerplate.go.txt +++ /dev/null @@ -1,3 +0,0 @@ -// This Source Code Form is subject to the terms of the Mozilla Public -// License, v. 2.0. If a copy of the MPL was not distributed with this -// file, You can obtain one at http://mozilla.org/MPL/2.0/.