ci: adds source code releasing (#51)

* ci: added vendir sync for common tasks

* ci: make bump pr update appVersion

* ci: add release job

* fix: remove yamls from being pettier checked, fixes action/check-code

.prettierignore

@@ -6,3 +6,6 @@ build/
 coverage/
 .vscode
 .gvars.json
+
+**/*.yaml
+**/*.yml

ci/config/vendor/git-cliff.toml

@@ -0,0 +1,54 @@
+# configuration file for git-cliff (0.1.0)
+
+[changelog]
+# changelog header
+header = """"""
+
+# template for the changelog body
+# https://tera.netlify.app/docs/#introduction
+body = """
+{% if version %}\
+    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
+{% endif %}\
+{% for group, commits in commits | group_by(attribute="group") %}
+    ### {{ group | upper_first }}
+    {% for commit in commits %}
+        - {% if commit.breaking %}[**breaking**] {% endif %}{{ commit.message | upper_first }}\
+    {% endfor %}
+{% endfor %}\n
+"""
+# remove the leading and trailing whitespaces from the template
+trim = true
+# changelog footer
+footer = """"""
+
+[git]
+# parse the commits based on https://www.conventionalcommits.org
+conventional_commits = true
+# filter out the commits that are not conventional
+filter_unconventional = true
+# regex for parsing and grouping commits
+commit_parsers = [
+    { message = "^feat", group = "Features"},
+    { message = "^fix", group = "Bug Fixes"},
+    { message = "^doc", group = "Documentation"},
+    { message = "^perf", group = "Performance"},
+    { message = "^refactor", group = "Refactor"},
+    { message = "^style", group = "Styling"},
+    { message = "^test", group = "Testing"},
+    { message = "^chore\\(release\\): prepare for", skip = true},
+    { message = "^chore", group = "Miscellaneous Tasks"},
+    { body = ".*security", group = "Security"},
+]
+# filter out the commits that are not matched by commit parsers
+filter_commits = true
+# glob pattern for matching git tags
+tag_pattern = "v[0-9]*"
+# regex for skipping tags
+skip_tags = "v0.1.0-beta.1"
+# regex for ignoring tags
+ignore_tags = ""
+# sort the tags topologically
+topo_order = false
+# sort the commits inside sections by oldest/newest order
+sort_commits = "newest"

ci/pipeline.yaml

@@ -8,6 +8,10 @@
 #@   return data.values.docker_registry + "/web-wallet"
 #@ end
 
+#@ def release_pipeline_image():
+#@   return data.values.docker_registry + "/release-pipeline"
+#@ end
+
 #@ def task_image_config():
 type: registry-image
 source:
@@ -16,6 +20,14 @@ source:
   repository: #@ pipeline_image()
 #@ end
 
+#@ def release_task_image_config():
+type: registry-image
+source:
+  username: #@ data.values.docker_registry_user
+  password: #@ data.values.docker_registry_password
+  repository: #@ release_pipeline_image()
+#@ end
+
 #@ def slack_failure_notification():
 #@ fail_url = "<$ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME| :face_with_symbols_on_mouth: $BUILD_JOB_NAME> failed!"
 put: slack
@@ -32,10 +44,49 @@ groups:
       - check-code
       - test
       - build-edge-image
+      - release
       - bump-image-in-chart
       - install-deps
 
 jobs:
+  - name: check-code
+    serial: true
+    plan:
+      - in_parallel:
+          - { get: repo, trigger: true }
+          - { get: pipeline-tasks }
+          - { get: bundled-deps, trigger: true }
+      - task: check-code
+        config:
+          platform: linux
+          image_resource: #@ task_image_config()
+          inputs:
+            - name: bundled-deps
+            - name: pipeline-tasks
+            - name: repo
+          run:
+            path: pipeline-tasks/ci/tasks/check-code.sh
+    on_failure: #@ slack_failure_notification()
+
+  - name: test
+    serial: true
+    plan:
+      - in_parallel:
+          - { get: repo, trigger: true }
+          - { get: pipeline-tasks }
+          - { get: bundled-deps, trigger: true }
+      - task: test
+        config:
+          platform: linux
+          image_resource: #@ task_image_config()
+          inputs:
+            - name: bundled-deps
+            - name: pipeline-tasks
+            - name: repo
+          run:
+            path: pipeline-tasks/ci/tasks/test.sh
+    on_failure: #@ slack_failure_notification()
+
   - name: build-edge-image
     serial: true
     plan:
@@ -73,17 +124,63 @@ jobs:
         params:
           image: image/image.tar
 
+  - name: release
+    serial: true
+    plan:
+    - in_parallel:
+      - get: repo
+        trigger: true
+        passed:
+          - build-edge-image
+          - test
+          - check-code
+      - get: edge-image
+        passed: [ build-edge-image ]
+        params:
+          format: oci
+      - get: pipeline-tasks
+      - get: version
+      - get: charts-repo
+    - task: prep-release
+      config:
+        platform: linux
+        image_resource: #@ release_task_image_config()
+        inputs:
+        - name: repo
+        - name: pipeline-tasks
+        - name: edge-image
+        - name: version
+        - name: charts-repo
+        outputs:
+        - name: version
+        - name: artifacts
+        run:
+          path: pipeline-tasks/ci/tasks/vendor/prep-release-src.sh
+    - in_parallel:
+      - put: versioned-image
+        params:
+          image: edge-image/image.tar
+          additional_tags: artifacts/gh-release-tag
+      - put: gh-release
+        params:
+          name: artifacts/gh-release-name
+          tag: artifacts/gh-release-tag
+          body: artifacts/gh-release-notes.md
+      - put: version
+        params:
+          file: version/version
+
   - name: bump-image-in-chart
     plan:
       - in_parallel:
           - get: edge-image
-            trigger: true
-            passed: [build-edge-image]
+            passed: [ release ]
             params: { skip_download: true }
           - get: repo
             trigger: true
-            passed:
-              - build-edge-image
+            passed: [ release ]
+          - get: version
+            passed: [ release ]
           - get: charts-repo
             params: { skip_download: true }
           - get: pipeline-tasks
@@ -96,6 +193,7 @@ jobs:
             - name: edge-image
             - name: pipeline-tasks
             - name: charts-repo
+            - name: version
           outputs:
             - name: charts-repo
           params:
@@ -121,44 +219,6 @@ jobs:
           run:
             path: pipeline-tasks/ci/tasks/open-charts-pr.sh
 
-  - name: check-code
-    serial: true
-    plan:
-      - in_parallel:
-          - { get: repo, trigger: true }
-          - { get: pipeline-tasks }
-          - { get: bundled-deps, trigger: true }
-      - task: check-code
-        config:
-          platform: linux
-          image_resource: #@ task_image_config()
-          inputs:
-            - name: bundled-deps
-            - name: pipeline-tasks
-            - name: repo
-          run:
-            path: pipeline-tasks/ci/tasks/check-code.sh
-    on_failure: #@ slack_failure_notification()
-
-  - name: test
-    serial: true
-    plan:
-      - in_parallel:
-          - { get: repo, trigger: true }
-          - { get: pipeline-tasks }
-          - { get: bundled-deps, trigger: true }
-      - task: test
-        config:
-          platform: linux
-          image_resource: #@ task_image_config()
-          inputs:
-            - name: bundled-deps
-            - name: pipeline-tasks
-            - name: repo
-          run:
-            path: pipeline-tasks/ci/tasks/test.sh
-    on_failure: #@ slack_failure_notification()
-
   - name: install-deps
     plan:
       - in_parallel:
@@ -191,6 +251,23 @@ resources:
       branch: #@ data.values.git_branch
       private_key: #@ data.values.github_private_key
 
+  - name: version
+    type: semver
+    source:
+      initial_version: 0.0.0
+      driver: git
+      file: version
+      uri: #@ data.values.git_uri
+      branch: #@ data.values.git_version_branch
+      private_key: #@ data.values.github_private_key
+
+  - name: gh-release
+    type: github-release
+    source:
+      owner: #@ data.values.gh_org
+      repository: #@ data.values.gh_repository
+      access_token: #@ data.values.github_token
+
   - name: charts-repo-bot-branch
     type: git
     source:
@@ -213,10 +290,17 @@ resources:
       password: #@ data.values.docker_registry_password
       repository: #@ web_wallet_image()
 
+  - name: versioned-image
+    type: registry-image
+    source:
+      username: #@ data.values.docker_registry_user
+      password: #@ data.values.docker_registry_password
+      repository: #@ web_wallet_image()
+
   - name: pipeline-tasks
     type: git
     source:
-      paths: [ci/tasks/*, Makefile]
+      paths: [ci/tasks/*, ci/config/*, Makefile]
       uri: #@ data.values.git_uri
       branch: #@ data.values.git_branch
       private_key: #@ data.values.github_private_key

ci/tasks/bump-image-digest.sh

@@ -4,11 +4,13 @@ set -eu
 
 export digest=$(cat ./edge-image/digest)
 export ref=$(cat ./repo/.git/short_ref)
+export app_version=$(cat version/version)
 
 pushd charts-repo
 
 yq -i e '.image.digest = strenv(digest)' ./charts/web-wallet/values.yaml
 yq -i e '.image.git_ref = strenv(ref)' ./charts/web-wallet/values.yaml
+yq -i e '.appVersion = strenv(app_version)' ./charts/web-wallet/Chart.yaml
 
 if [[ -z $(git config --global user.email) ]]; then
   git config --global user.email "bot@galoy.io"

ci/tasks/vendor/prep-release-src.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+set -eu
+
+# ------------ CHANGELOG ------------
+
+pushd repo
+
+# First time
+if [[ $(cat ../version/version) == "0.0.0" ]]; then
+  git cliff --config ../pipeline-tasks/ci/config/vendor/git-cliff.toml > ../artifacts/gh-release-notes.md
+
+# Fetch changelog from last ref
+else
+  export prev_ref=$(git rev-list -n 1 $(cat ../version/version))
+  export new_ref=$(git rev-parse HEAD)
+
+  git cliff --config ../pipeline-tasks/ci/config/vendor/git-cliff.toml $prev_ref..$new_ref > ../artifacts/gh-release-notes.md
+fi
+
+popd
+
+# Generate Changelog
+echo "CHANGELOG:"
+echo "-------------------------------"
+cat artifacts/gh-release-notes.md
+echo "-------------------------------"
+
+# ------------ BUMP VERSION ------------
+
+echo -n "Prev Version: "
+cat version/version
+echo ""
+
+# Initial Version
+if [[ $(cat version/version) == "0.0.0" ]]; then
+  echo "0.1.0" > version/version
+# Figure out proper version to release
+elif [[ $(cat artifacts/gh-release-notes.md | grep breaking) != '' ]] || [[ $(cat artifacts/gh-release-notes.md | grep feature) != '' ]]; then
+  echo "Breaking change / Feature Addition found, bumping minor version..."
+  bump2version minor --current-version $(cat version/version) --allow-dirty version/version
+else
+  echo "Only patches and fixes found - no breaking changes, bumping patch version..."
+  bump2version patch --current-version $(cat version/version) --allow-dirty version/version
+fi
+
+echo -n "Release Version: "
+cat version/version
+echo ""
+
+# ------------ ARTIFACTS ------------
+
+cat version/version > artifacts/gh-release-tag
+echo "v$(cat version/version) Release" > artifacts/gh-release-name

ci/values.yaml

@@ -12,6 +12,9 @@ docker_registry_user: ((docker-creds.username))
 docker_registry_password: ((docker-creds.password))
 artifacts_bucket_name: ((staging-gcp-creds.bucket_name))
 staging_inception_creds: ((staging-gcp-creds.creds_json))
+git_version_branch: version
+gh_org: GaloyMoney
+gh_repository: web-wallet
 
 slack_channel: web-wallet-github
 slack_username: concourse

ci/vendir.lock.yml

@@ -0,0 +1,15 @@
+apiVersion: vendir.k14s.io/v1alpha1
+directories:
+- contents:
+  - git:
+      commitTitle: 'fix: git cliff config should be pulled from pipeline-tasks (#4)'
+      sha: fc36c9834e4da8374728298ffd362b7bc1280bc5
+    path: .
+  path: tasks/vendor
+- contents:
+  - git:
+      commitTitle: 'fix: git cliff config should be pulled from pipeline-tasks (#4)'
+      sha: fc36c9834e4da8374728298ffd362b7bc1280bc5
+    path: .
+  path: config/vendor
+kind: LockConfig