-
Notifications
You must be signed in to change notification settings - Fork 74
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Thomas Schuetz <thomas.schuetz@t-sc.eu>
- Loading branch information
Showing
8 changed files
with
540 additions
and
0 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# CODEOWNERS file indicates code owners for certain files | ||
# | ||
# Code owners will automatically be added as a reviewer for PRs that touch | ||
# the owned files. | ||
# | ||
|
||
# Default owners for everything in the repo | ||
# | ||
# Unless a later match takes precedence, these owners will be requested for | ||
# review when someone opens a pull request. | ||
|
||
/.github/settings.yml @k8sgpt-ai/maintainers | ||
|
||
* @k8sgpt-ai/maintainers @k8sgpt-ai/operator-maintainers @k8sgpt-ai/operator-approvers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
repository: | ||
# See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings. | ||
|
||
# The name of the repository. Changing this will rename the repository | ||
name: k8sgpt-operator | ||
|
||
# A short description of the repository that will show up on GitHub | ||
description: Automatic SRE Superpowers within your Kubernetes cluster | ||
|
||
# A URL with more information about the repository | ||
homepage: https://k8sgpt.ai | ||
|
||
# A comma-separated list of topics to set on the repository | ||
topics: kubernetes, devops, tooling, openai, sre | ||
|
||
# Either `true` to make the repository private, or `false` to make it public. | ||
private: false | ||
|
||
# Either `true` to enable issues for this repository, `false` to disable them. | ||
has_issues: true | ||
|
||
# Either `true` to enable projects for this repository, or `false` to disable them. | ||
# If projects are disabled for the organization, passing `true` will cause an API error. | ||
has_projects: true | ||
|
||
# Either `true` to enable the wiki for this repository, `false` to disable it. | ||
has_wiki: false | ||
|
||
# Either `true` to enable downloads for this repository, `false` to disable them. | ||
has_downloads: true | ||
|
||
# Updates the default branch for this repository. | ||
default_branch: main | ||
|
||
# Either `true` to allow squash-merging pull requests, or `false` to prevent | ||
# squash-merging. | ||
allow_squash_merge: true | ||
|
||
# Either `true` to allow merging pull requests with a merge commit, or `false` | ||
# to prevent merging pull requests with merge commits. | ||
allow_merge_commit: true | ||
|
||
# Either `true` to allow rebase-merging pull requests, or `false` to prevent | ||
# rebase-merging. | ||
allow_rebase_merge: true | ||
|
||
# Either `true` to enable automatic deletion of branches on merge, or `false` to disable | ||
delete_branch_on_merge: true | ||
|
||
# Either `true` to enable automated security fixes, or `false` to disable | ||
# automated security fixes. | ||
enable_automated_security_fixes: true | ||
|
||
# Either `true` to enable vulnerability alerts, or `false` to disable | ||
# vulnerability alerts. | ||
enable_vulnerability_alerts: true | ||
|
||
# Labels: define labels for Issues and Pull Requests | ||
labels: | ||
- name: bug | ||
color: CC0000 | ||
description: An issue with the system 🐛. | ||
|
||
- name: feature | ||
# If including a `#`, make sure to wrap it with quotes! | ||
color: '#336699' | ||
description: New functionality. | ||
|
||
- name: Help Wanted | ||
# Provide a new name to rename an existing label | ||
new_name: first-timers-only | ||
|
||
# Milestones: define milestones for Issues and Pull Requests | ||
milestones: | ||
- title: v0.1.0 | ||
description: v0.1.0 | ||
# The state of the milestone. Either `open` or `closed` | ||
state: open | ||
|
||
# See https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions for available options | ||
teams: | ||
- name: maintainers | ||
permission: admin | ||
- name: operator-maintainers | ||
permission: maintain | ||
- name: contributors | ||
permission: push | ||
|
||
branches: | ||
- name: main | ||
# https://docs.github.com/en/rest/reference/repos#update-branch-protection | ||
# Branch Protection settings. Set to null to disable | ||
protection: | ||
# Required. Require at least one approving review on a pull request, before merging. Set to null to disable. | ||
required_pull_request_reviews: | ||
# The number of approvals required. (1-6) | ||
required_approving_review_count: 1 | ||
# Dismiss approved reviews automatically when a new commit is pushed. | ||
dismiss_stale_reviews: true | ||
# Blocks merge until code owners have reviewed. | ||
require_code_owner_reviews: true | ||
# Specify which users and teams can dismiss pull request reviews. Pass an empty dismissal_restrictions object to disable. User and team dismissal_restrictions are only available for organization-owned repositories. Omit this parameter for personal repositories. | ||
# Required. Require status checks to pass before merging. Set to null to disable | ||
required_status_checks: | ||
# Required. Require branches to be up to date before merging. | ||
strict: true | ||
# Required. The list of status checks to require in order to merge into this branch | ||
contexts: [ "DCO" ] | ||
# Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable. | ||
enforce_admins: true | ||
# Prevent merge commits from being pushed to matching branches | ||
required_linear_history: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,147 @@ | ||
name: Build container | ||
|
||
on: | ||
push: | ||
branches: | ||
- 'main' | ||
- '[0-9]+.[1-9][0-9]*.x' | ||
pull_request: | ||
branches: | ||
- 'main' | ||
- '[0-9]+.[1-9][0-9]*.x' | ||
paths-ignore: | ||
- "**.md" | ||
|
||
env: | ||
GO_VERSION: "~1.20" | ||
IMAGE_NAME: "k8sgpt-operator" | ||
defaults: | ||
run: | ||
shell: bash | ||
|
||
jobs: | ||
prepare_ci_run: | ||
name: Prepare CI Run | ||
runs-on: ubuntu-22.04 | ||
outputs: | ||
GIT_SHA: ${{ steps.extract_branch.outputs.GIT_SHA }} | ||
BRANCH: ${{ steps.extract_branch.outputs.BRANCH }} | ||
BRANCH_SLUG: ${{ steps.extract_branch.outputs.BRANCH_SLUG }} | ||
DATETIME: ${{ steps.get_datetime.outputs.DATETIME }} | ||
BUILD_TIME: ${{ steps.get_datetime.outputs.BUILD_TIME }} | ||
NON_FORKED_AND_NON_ROBOT_RUN: ${{ steps.get_run_type.outputs.NON_FORKED_AND_NON_ROBOT_RUN }} | ||
|
||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 | ||
|
||
- name: Extract branch name | ||
id: extract_branch | ||
uses: keptn/gh-action-extract-branch-name@main | ||
|
||
- name: Get current date and time | ||
id: get_datetime | ||
run: | | ||
DATETIME=$(date +'%Y%m%d%H%M') | ||
BUILD_TIME=$(date -u "+%F_%T") | ||
echo "DATETIME=$DATETIME" >> "$GITHUB_OUTPUT" | ||
echo "BUILD_TIME=$BUILD_TIME" >> "$GITHUB_OUTPUT" | ||
- name: Get workflow run type | ||
id: get_run_type | ||
run: | | ||
NON_FORKED_AND_NON_ROBOT_RUN=${{ ( github.actor != 'renovate[bot]' && github.actor != 'dependabot[bot]' ) && ( github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository ) }} | ||
echo "github.actor != 'renovate[bot]' = ${{ github.actor != 'renovate[bot]' }}" | ||
echo "github.actor != 'dependabot[bot]' = ${{ github.actor != 'dependabot[bot]' }}" | ||
echo "github.event_name == 'push' = ${{ github.event_name == 'push' }}" | ||
echo "github.event.pull_request.head.repo.full_name == github.repository = ${{ github.event.pull_request.head.repo.full_name == github.repository }}" | ||
echo "NON_FORKED_AND_NON_ROBOT_RUN = $NON_FORKED_AND_NON_ROBOT_RUN" | ||
echo "NON_FORKED_AND_NON_ROBOT_RUN=$NON_FORKED_AND_NON_ROBOT_RUN" >> "$GITHUB_OUTPUT" | ||
build_image: | ||
name: Build Container Image | ||
needs: prepare_ci_run | ||
runs-on: ubuntu-22.04 | ||
env: | ||
BRANCH: ${{ needs.prepare_ci_run.outputs.BRANCH }} | ||
DATETIME: ${{ needs.prepare_ci_run.outputs.DATETIME }} | ||
BUILD_TIME: ${{ needs.prepare_ci_run.outputs.BUILD_TIME }} | ||
GIT_SHA: ${{ needs.prepare_ci_run.outputs.GIT_SHA }} | ||
RELEASE_REGISTRY: "localhost:5000/k8sgpt-operator" | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 | ||
|
||
- name: Set up Docker Buildx | ||
id: buildx | ||
uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2 | ||
|
||
- name: Build Docker Image | ||
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4 | ||
with: | ||
context: . | ||
platforms: linux/amd64 | ||
file: ./Dockerfile | ||
target: production | ||
tags: | | ||
${{ env.RELEASE_REGISTRY }}/${{ env.IMAGE_NAME }}:dev-${{ env.DATETIME }} | ||
build-args: | | ||
GIT_HASH=${{ env.GIT_SHA }} | ||
RELEASE_VERSION=dev-${{ env.DATETIME }} | ||
BUILD_TIME=${{ env.BUILD_TIME }} | ||
builder: ${{ steps.buildx.outputs.name }} | ||
push: false | ||
cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_NAME }} | ||
cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_NAME }} | ||
outputs: type=docker,dest=/tmp/${{ env.IMAGE_NAME }}-image.tar | ||
|
||
- name: Upload image as artifact | ||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3 | ||
with: | ||
name: ${{ env.IMAGE_NAME }}-image.tar | ||
path: /tmp/${{ env.IMAGE_NAME }}-image.tar | ||
|
||
upload_images: | ||
name: Upload images to ghcr registry | ||
needs: [ prepare_ci_run, build_image ] | ||
if: github.event_name == 'push' && needs.prepare_ci_run.outputs.NON_FORKED_AND_NON_ROBOT_RUN == 'true' # only run on push to main/maintenance branches | ||
runs-on: ubuntu-22.04 | ||
env: | ||
DATETIME: ${{ needs.prepare_ci_run.outputs.DATETIME }} | ||
BUILD_TIME: ${{ needs.prepare_ci_run.outputs.BUILD_TIME }} | ||
GIT_SHA: ${{ needs.prepare_ci_run.outputs.GIT_SHA }} | ||
permissions: | ||
packages: write # Needed for pushing images to the registry | ||
contents: read # Needed for checking out the repository | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 | ||
|
||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2 | ||
with: | ||
registry: "ghcr.io" | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Set up Docker Buildx | ||
id: buildx | ||
uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2 | ||
|
||
- name: Build Docker Image | ||
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4 | ||
with: | ||
context: . | ||
file: ./Dockerfile | ||
platforms: linux/amd64,linux/arm64 | ||
target: production | ||
tags: | | ||
ghcr.io/k8sgpt-ai/${{ env.IMAGE_NAME }}:dev-${{ env.DATETIME }} | ||
build-args: | | ||
GIT_HASH=${{ env.GIT_SHA }} | ||
RELEASE_VERSION=dev-${{ env.DATETIME }} | ||
BUILD_TIME=${{ env.BUILD_TIME }} | ||
builder: ${{ steps.buildx.outputs.name }} | ||
push: true | ||
cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_NAME }} | ||
cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_NAME }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
name: release | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
- '[0-9]+.[0-9]+.x' | ||
workflow_dispatch: | ||
|
||
defaults: | ||
run: | ||
shell: bash | ||
|
||
jobs: | ||
release-please: | ||
permissions: | ||
contents: write # for google-github-actions/release-please-action to create release commit | ||
pull-requests: write # for google-github-actions/release-please-action to create release PR | ||
runs-on: ubuntu-latest | ||
outputs: | ||
releases_created: ${{ steps.release.outputs.releases_created }} | ||
tag_name: ${{ steps.release.outputs.tag_name }} | ||
# Release-please creates a PR that tracks all changes | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 | ||
|
||
- uses: google-github-actions/release-please-action@c078ea33917ab8cfa5300e48f4b7e6b16606aede # v3 | ||
id: release | ||
with: | ||
command: manifest | ||
token: ${{secrets.GITHUB_TOKEN}} | ||
default-branch: main | ||
|
||
goreleaser: | ||
if: needs.release-please.outputs.releases_created == 'true' | ||
permissions: | ||
contents: write | ||
needs: | ||
- release-please | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 | ||
with: | ||
fetch-depth: 0 | ||
- name: Set up Go | ||
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4 | ||
with: | ||
go-version: '1.20' | ||
- name: Download Syft | ||
uses: anchore/sbom-action/download-syft@422cb34a0f8b599678c41b21163ea6088edb2624 # v0.14.1 | ||
- name: Run GoReleaser | ||
uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4 | ||
with: | ||
# either 'goreleaser' (default) or 'goreleaser-pro' | ||
distribution: goreleaser | ||
version: latest | ||
args: release --clean | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.K8SGPT_BOT_SECRET }} | ||
|
||
build-container: | ||
if: needs.release-please.outputs.releases_created == 'true' | ||
needs: | ||
- release-please | ||
runs-on: ubuntu-22.04 | ||
permissions: | ||
contents: write | ||
packages: write | ||
id-token: write | ||
env: | ||
IMAGE_TAG: ghcr.io/k8sgpt-ai/k8sgpt-operator:${{ needs.release-please.outputs.tag_name }} | ||
IMAGE_NAME: k8sgpt-operator | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 | ||
with: | ||
submodules: recursive | ||
|
||
- name: Set up Docker Buildx | ||
id: buildx | ||
uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2 | ||
|
||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2 | ||
with: | ||
registry: "ghcr.io" | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Build Docker Image | ||
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4 | ||
with: | ||
context: . | ||
file: ./Dockerfile | ||
platforms: linux/amd64,linux/arm64 | ||
target: production | ||
tags: | | ||
${{ env.IMAGE_TAG }} | ||
builder: ${{ steps.buildx.outputs.name }} | ||
push: true | ||
cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }} | ||
cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }} | ||
|
||
- name: Generate SBOM | ||
uses: anchore/sbom-action@422cb34a0f8b599678c41b21163ea6088edb2624 # v0.14.1 | ||
with: | ||
image: ${{ env.IMAGE_TAG }} | ||
artifact-name: sbom-${{ env.IMAGE_NAME }} | ||
output-file: ./sbom-${{ env.IMAGE_NAME }}.spdx.json | ||
|
||
- name: Attach SBOM to release | ||
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 | ||
with: | ||
tag_name: ${{ needs.release-please.outputs.tag_name }} | ||
files: ./sbom-${{ env.IMAGE_NAME }}.spdx.json |
Oops, something went wrong.