Skip to content

Commit

Permalink
Simplify and update CI configuration files
Browse files Browse the repository at this point in the history
Signed-off-by: Chris Doherty <[email protected]>
  • Loading branch information
chrisdoherty4 committed Dec 23, 2022
1 parent f820d1d commit 32d00ee
Show file tree
Hide file tree
Showing 4 changed files with 84 additions and 83 deletions.
45 changes: 29 additions & 16 deletions .github/mergify.yml
Original file line number Diff line number Diff line change
@@ -1,27 +1,40 @@
# The `check-success` should be specifying the final job in the CI workflow assuming it depends
# directly or indirectly on all other jobs passing.

shared:
# Rules applicable to both queueing and merge requests.
compulsory: &compulsory

# Ensure the minimal CI checks have passed.
- check-success=DCO
- check-success=Package

# Ensure we're targetting the default branch.
- base=main

# Ensure we have adequete reviews.
- "#approved-reviews-by>=1"
- "#changes-requested-reviews-by=0"

# Ensure we aren't being explicitly blocked with a label.
- label!=do-not-merge

queue_rules:
- name: default
- name: Automatic queue merge
conditions:
# Conditions to get out of the queue (= merged)
- check-success=DCO
- check-success~=docker-images.*tink-server
- check-success~=docker-images.*tink-worker
- and: *compulsory

pull_request_rules:
- name: Automatic merge on approval
- name: Automatic merge
conditions:
- base=main
- "#approved-reviews-by>=1"
- "#changes-requested-reviews-by=0"
- "#review-requested=0"
- check-success=DCO
- check-success~=docker-images.*tink-server
- check-success~=docker-images.*tink-worker
- check-success=crosscompile
- label!=do-not-merge
- and: *compulsory

# Ensure the review is opted in using labels.
- label=ready-to-merge

actions:
queue:
method: merge
name: default
commit_message_template: |
{{ title }} (#{{ number }})
Expand Down
96 changes: 42 additions & 54 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: For each commit and PR
name: Tink
on:
push:
branches:
Expand All @@ -8,80 +8,72 @@ on:
pull_request:
env:
CGO_ENABLED: 0
GO_VERSION: 1.18
jobs:
verify:
name: Verify
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Go
uses: actions/setup-go@v2
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: "1.18.5"
- name: make verify
run: make verify
go-version: "${{ env.GO_VERSION }}"
- run: make verify
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Go
uses: actions/setup-go@v2
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: "1.18.5"
go-version: "${{ env.GO_VERSION }}"
- name: Install nix
uses: cachix/install-nix-action@v16
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Fetch Nix Packages
- name: Install required nix packages
run: nix-shell --run 'true'
- name: Generate
run: nix-shell --run 'make generate'
- name: go test
run: make test
- name: upload codecov
- run: make test
- name: Upload codecov
run: bash <(curl -s https://codecov.io/bash)
ci-checks:
checks:
name: CI Checks
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Install nix
uses: cachix/install-nix-action@v16
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Fetch Nix Packages
run: nix-shell --run 'true'
- run: nix-shell --run 'true'
- run: PATH=$PWD/bin/:$PATH ./ci-checks.sh
# We preemptively build the binaries for efficiency instead of waiting on unit tests to pass
# hence this doesn't depend on anything.
crosscompile:
build:
name: Build
runs-on: ubuntu-latest
strategy:
matrix:
platform: [amd64, arm64]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Go
uses: actions/setup-go@v2
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: "1.18.5"
go-version: "${{ env.GO_VERSION }}"
- name: Build linux/${{ matrix.platform }}
run: |
make build -j$(nproc) GOOS=linux GOARCH=${{ matrix.platform }}
- name: Upload binaries
uses: actions/upload-artifact@v2
run: make build -j$(nproc) GOOS=linux GOARCH=${{ matrix.platform }}
- uses: actions/upload-artifact@v3
with:
name: binaries
path: bin/*
docker-images:
package:
name: Package
runs-on: ubuntu-latest
needs:
- verify
- test
- ci-checks
- crosscompile
- checks
- build
strategy:
matrix:
include:
Expand All @@ -92,36 +84,32 @@ jobs:
- repository: quay.io/tinkerbell/tink-controller
binary: tink-controller
steps:
- name: Docker Image Tag for Sha
- name: Create docker image tags
id: docker-image-tag
run: |
echo ::set-output name=tags::${{ matrix.repository }}:latest,${{ matrix.repository }}:sha-${GITHUB_SHA::8}
- name: Checkout code
uses: actions/checkout@v2
run: echo ::set-output name=tags::${{ matrix.repository }}:latest,${{ matrix.repository }}:sha-${GITHUB_SHA::8}
- uses: actions/checkout@v3
- name: Login to quay.io
uses: docker/login-action@v1
uses: docker/login-action@v2
if: ${{ startsWith(github.ref, 'refs/heads/main') }}
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Download binaries
uses: docker/setup-buildx-action@v2
- name: Download all binaries
uses: actions/download-artifact@v2
with:
name: binaries
path: ./bin
- run: |
ls -l .
ls -l bin/
file bin/
- name: Fix Permissions
# Artifact upload doesn't preserve permissions so we need to fix them before use in
# the Dockerfiles.
- name: Fix permissions
run: chmod +x bin/*
- name: ${{ matrix.repository }}
uses: docker/build-push-action@v2
- name: Build ${{ matrix.repository }} and push
uses: docker/build-push-action@v3
with:
context: .
file: cmd/${{ matrix.binary }}/Dockerfile
Expand Down
24 changes: 11 additions & 13 deletions .github/workflows/tags.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,16 @@ on:
push:
tags:
- "v*"
name: Create release
name: Release
env:
REGISTRY: quay.io
IMAGE_NAME: ${{ github.repository }}
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Generate Release Notes
- uses: actions/checkout@v3
- name: Generate release notes
run: |
release_notes=$(gh api repos/{owner}/{repo}/releases/generate-notes -F tag_name=${{ github.ref }} --jq .body)
echo 'RELEASE_NOTES<<EOF' >> $GITHUB_ENV
Expand All @@ -22,39 +21,38 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OWNER: ${{ github.repository_owner }}
REPO: ${{ github.event.repository.name }}
- name: Docker manager metadata
- name: Generate Docker image metadata
id: meta
uses: docker/metadata-action@v3
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
flavor: latest=false
tags: type=ref,event=tag
- name: Set the from image tag
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Set the FROM_TAG variable
run: echo "FROM_TAG=sha-${GITHUB_SHA::8}" >> $GITHUB_ENV
# This is for tink server. quay.io/tinkerbell/tink
- name: Copy the image using skopeo
- name: Create tink-server image
run: skopeo copy --all --dest-creds="${DST_REG_USER}":"${DST_REG_PASS}" docker://"${SRC_IMAGE}" docker://"${DST_IMAGE}"
env:
SRC_IMAGE: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.FROM_TAG }}
DST_IMAGE: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
DST_REG_USER: ${{ secrets.QUAY_USERNAME }}
DST_REG_PASS: ${{ secrets.QUAY_PASSWORD }}
- name: Copy the tink-controller image using skopeo
- name: Create tink-controller image
run: skopeo copy --all --dest-creds="${DST_REG_USER}":"${DST_REG_PASS}" docker://"${SRC_IMAGE}" docker://"${DST_IMAGE}"
env:
SRC_IMAGE: ${{ env.REGISTRY }}/tinkerbell/tink-controller:${{ env.FROM_TAG }}
DST_IMAGE: ${{ env.REGISTRY }}/tinkerbell/tink-controller:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
DST_REG_USER: ${{ secrets.QUAY_USERNAME }}
DST_REG_PASS: ${{ secrets.QUAY_PASSWORD }}
- name: Copy the tink-worker image using skopeo
- name: Create tink-worker image
run: skopeo copy --all --dest-creds="${DST_REG_USER}":"${DST_REG_PASS}" docker://"${SRC_IMAGE}" docker://"${DST_IMAGE}"
env:
SRC_IMAGE: ${{ env.REGISTRY }}/tinkerbell/tink-worker:${{ env.FROM_TAG }}
DST_IMAGE: ${{ env.REGISTRY }}/tinkerbell/tink-worker:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
DST_REG_USER: ${{ secrets.QUAY_USERNAME }}
DST_REG_PASS: ${{ secrets.QUAY_PASSWORD }}
- name: Create Release
id: create_release
- name: Create release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
2 changes: 2 additions & 0 deletions .yamlfmt
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
exclude:
- .github/**

0 comments on commit 32d00ee

Please sign in to comment.