From d42fd391589b265bb7c994fe0d6f56eea385b98d Mon Sep 17 00:00:00 2001 From: Thomas Schuetz Date: Thu, 27 Apr 2023 08:20:43 +0200 Subject: [PATCH] fix: added settings again Signed-off-by: Thomas Schuetz --- .github/CODEOWNERS | 14 +++ .github/settings.yml | 112 +++++++++++++++++++ .github/workflows/build_container.yaml | 147 +++++++++++++++++++++++++ .github/workflows/release.yaml | 117 ++++++++++++++++++++ .github/workflows/test.yaml | 27 +++++ .release-please-manifest.json | 1 + release-please-config.json | 75 +++++++++++++ renovate.json | 47 ++++++++ 8 files changed, 540 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 .github/settings.yml create mode 100644 .github/workflows/build_container.yaml create mode 100644 .github/workflows/release.yaml create mode 100644 .github/workflows/test.yaml create mode 100644 .release-please-manifest.json create mode 100644 release-please-config.json create mode 100644 renovate.json diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..99e21535 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,14 @@ +# CODEOWNERS file indicates code owners for certain files +# +# Code owners will automatically be added as a reviewer for PRs that touch +# the owned files. +# + +# Default owners for everything in the repo +# +# Unless a later match takes precedence, these owners will be requested for +# review when someone opens a pull request. + +/.github/settings.yml @k8sgpt-ai/maintainers + +* @k8sgpt-ai/maintainers @k8sgpt-ai/operator-maintainers @k8sgpt-ai/operator-approvers diff --git a/.github/settings.yml b/.github/settings.yml new file mode 100644 index 00000000..667181e7 --- /dev/null +++ b/.github/settings.yml @@ -0,0 +1,112 @@ +repository: + # See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings. + + # The name of the repository. Changing this will rename the repository + name: k8sgpt-operator + + # A short description of the repository that will show up on GitHub + description: Automatic SRE Superpowers within your Kubernetes cluster + + # A URL with more information about the repository + homepage: https://k8sgpt.ai + + # A comma-separated list of topics to set on the repository + topics: kubernetes, devops, tooling, openai, sre + + # Either `true` to make the repository private, or `false` to make it public. + private: false + + # Either `true` to enable issues for this repository, `false` to disable them. + has_issues: true + + # Either `true` to enable projects for this repository, or `false` to disable them. + # If projects are disabled for the organization, passing `true` will cause an API error. + has_projects: true + + # Either `true` to enable the wiki for this repository, `false` to disable it. + has_wiki: false + + # Either `true` to enable downloads for this repository, `false` to disable them. + has_downloads: true + + # Updates the default branch for this repository. + default_branch: main + + # Either `true` to allow squash-merging pull requests, or `false` to prevent + # squash-merging. + allow_squash_merge: true + + # Either `true` to allow merging pull requests with a merge commit, or `false` + # to prevent merging pull requests with merge commits. + allow_merge_commit: true + + # Either `true` to allow rebase-merging pull requests, or `false` to prevent + # rebase-merging. + allow_rebase_merge: true + + # Either `true` to enable automatic deletion of branches on merge, or `false` to disable + delete_branch_on_merge: true + + # Either `true` to enable automated security fixes, or `false` to disable + # automated security fixes. + enable_automated_security_fixes: true + + # Either `true` to enable vulnerability alerts, or `false` to disable + # vulnerability alerts. + enable_vulnerability_alerts: true + +# Labels: define labels for Issues and Pull Requests +labels: + - name: bug + color: CC0000 + description: An issue with the system 🐛. + + - name: feature + # If including a `#`, make sure to wrap it with quotes! + color: '#336699' + description: New functionality. + + - name: Help Wanted + # Provide a new name to rename an existing label + new_name: first-timers-only + +# Milestones: define milestones for Issues and Pull Requests +milestones: + - title: v0.1.0 + description: v0.1.0 + # The state of the milestone. Either `open` or `closed` + state: open + +# See https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions for available options +teams: + - name: maintainers + permission: admin + - name: operator-maintainers + permission: maintain + - name: contributors + permission: push + +branches: + - name: main + # https://docs.github.com/en/rest/reference/repos#update-branch-protection + # Branch Protection settings. Set to null to disable + protection: + # Required. Require at least one approving review on a pull request, before merging. Set to null to disable. + required_pull_request_reviews: + # The number of approvals required. (1-6) + required_approving_review_count: 1 + # Dismiss approved reviews automatically when a new commit is pushed. + dismiss_stale_reviews: true + # Blocks merge until code owners have reviewed. + require_code_owner_reviews: true + # Specify which users and teams can dismiss pull request reviews. Pass an empty dismissal_restrictions object to disable. User and team dismissal_restrictions are only available for organization-owned repositories. Omit this parameter for personal repositories. + # Required. Require status checks to pass before merging. Set to null to disable + required_status_checks: + # Required. Require branches to be up to date before merging. + strict: true + # Required. The list of status checks to require in order to merge into this branch + contexts: [ "DCO" ] + # Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable. + enforce_admins: true + # Prevent merge commits from being pushed to matching branches + required_linear_history: true diff --git a/.github/workflows/build_container.yaml b/.github/workflows/build_container.yaml new file mode 100644 index 00000000..83f2546a --- /dev/null +++ b/.github/workflows/build_container.yaml @@ -0,0 +1,147 @@ +name: Build container + +on: + push: + branches: + - 'main' + - '[0-9]+.[1-9][0-9]*.x' + pull_request: + branches: + - 'main' + - '[0-9]+.[1-9][0-9]*.x' + paths-ignore: + - "**.md" + +env: + GO_VERSION: "~1.20" + IMAGE_NAME: "k8sgpt-operator" +defaults: + run: + shell: bash + +jobs: + prepare_ci_run: + name: Prepare CI Run + runs-on: ubuntu-22.04 + outputs: + GIT_SHA: ${{ steps.extract_branch.outputs.GIT_SHA }} + BRANCH: ${{ steps.extract_branch.outputs.BRANCH }} + BRANCH_SLUG: ${{ steps.extract_branch.outputs.BRANCH_SLUG }} + DATETIME: ${{ steps.get_datetime.outputs.DATETIME }} + BUILD_TIME: ${{ steps.get_datetime.outputs.BUILD_TIME }} + NON_FORKED_AND_NON_ROBOT_RUN: ${{ steps.get_run_type.outputs.NON_FORKED_AND_NON_ROBOT_RUN }} + + steps: + - name: Check out code + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + + - name: Extract branch name + id: extract_branch + uses: keptn/gh-action-extract-branch-name@main + + - name: Get current date and time + id: get_datetime + run: | + DATETIME=$(date +'%Y%m%d%H%M') + BUILD_TIME=$(date -u "+%F_%T") + echo "DATETIME=$DATETIME" >> "$GITHUB_OUTPUT" + echo "BUILD_TIME=$BUILD_TIME" >> "$GITHUB_OUTPUT" + + - name: Get workflow run type + id: get_run_type + run: | + NON_FORKED_AND_NON_ROBOT_RUN=${{ ( github.actor != 'renovate[bot]' && github.actor != 'dependabot[bot]' ) && ( github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository ) }} + echo "github.actor != 'renovate[bot]' = ${{ github.actor != 'renovate[bot]' }}" + echo "github.actor != 'dependabot[bot]' = ${{ github.actor != 'dependabot[bot]' }}" + echo "github.event_name == 'push' = ${{ github.event_name == 'push' }}" + echo "github.event.pull_request.head.repo.full_name == github.repository = ${{ github.event.pull_request.head.repo.full_name == github.repository }}" + echo "NON_FORKED_AND_NON_ROBOT_RUN = $NON_FORKED_AND_NON_ROBOT_RUN" + echo "NON_FORKED_AND_NON_ROBOT_RUN=$NON_FORKED_AND_NON_ROBOT_RUN" >> "$GITHUB_OUTPUT" + + build_image: + name: Build Container Image + needs: prepare_ci_run + runs-on: ubuntu-22.04 + env: + BRANCH: ${{ needs.prepare_ci_run.outputs.BRANCH }} + DATETIME: ${{ needs.prepare_ci_run.outputs.DATETIME }} + BUILD_TIME: ${{ needs.prepare_ci_run.outputs.BUILD_TIME }} + GIT_SHA: ${{ needs.prepare_ci_run.outputs.GIT_SHA }} + RELEASE_REGISTRY: "localhost:5000/k8sgpt-operator" + steps: + - name: Check out code + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2 + + - name: Build Docker Image + uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4 + with: + context: . + platforms: linux/amd64 + file: ./Dockerfile + target: production + tags: | + ${{ env.RELEASE_REGISTRY }}/${{ env.IMAGE_NAME }}:dev-${{ env.DATETIME }} + build-args: | + GIT_HASH=${{ env.GIT_SHA }} + RELEASE_VERSION=dev-${{ env.DATETIME }} + BUILD_TIME=${{ env.BUILD_TIME }} + builder: ${{ steps.buildx.outputs.name }} + push: false + cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_NAME }} + cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_NAME }} + outputs: type=docker,dest=/tmp/${{ env.IMAGE_NAME }}-image.tar + + - name: Upload image as artifact + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3 + with: + name: ${{ env.IMAGE_NAME }}-image.tar + path: /tmp/${{ env.IMAGE_NAME }}-image.tar + + upload_images: + name: Upload images to ghcr registry + needs: [ prepare_ci_run, build_image ] + if: github.event_name == 'push' && needs.prepare_ci_run.outputs.NON_FORKED_AND_NON_ROBOT_RUN == 'true' # only run on push to main/maintenance branches + runs-on: ubuntu-22.04 + env: + DATETIME: ${{ needs.prepare_ci_run.outputs.DATETIME }} + BUILD_TIME: ${{ needs.prepare_ci_run.outputs.BUILD_TIME }} + GIT_SHA: ${{ needs.prepare_ci_run.outputs.GIT_SHA }} + permissions: + packages: write # Needed for pushing images to the registry + contents: read # Needed for checking out the repository + steps: + - name: Check out code + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2 + with: + registry: "ghcr.io" + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2 + + - name: Build Docker Image + uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + target: production + tags: | + ghcr.io/k8sgpt-ai/${{ env.IMAGE_NAME }}:dev-${{ env.DATETIME }} + build-args: | + GIT_HASH=${{ env.GIT_SHA }} + RELEASE_VERSION=dev-${{ env.DATETIME }} + BUILD_TIME=${{ env.BUILD_TIME }} + builder: ${{ steps.buildx.outputs.name }} + push: true + cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_NAME }} + cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_NAME }} \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000..645dd6e7 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,117 @@ +name: release + +on: + push: + branches: + - main + - '[0-9]+.[0-9]+.x' + workflow_dispatch: + +defaults: + run: + shell: bash + +jobs: + release-please: + permissions: + contents: write # for google-github-actions/release-please-action to create release commit + pull-requests: write # for google-github-actions/release-please-action to create release PR + runs-on: ubuntu-latest + outputs: + releases_created: ${{ steps.release.outputs.releases_created }} + tag_name: ${{ steps.release.outputs.tag_name }} + # Release-please creates a PR that tracks all changes + steps: + - name: Checkout + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + + - uses: google-github-actions/release-please-action@c078ea33917ab8cfa5300e48f4b7e6b16606aede # v3 + id: release + with: + command: manifest + token: ${{secrets.GITHUB_TOKEN}} + default-branch: main + + goreleaser: + if: needs.release-please.outputs.releases_created == 'true' + permissions: + contents: write + needs: + - release-please + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + with: + fetch-depth: 0 + - name: Set up Go + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4 + with: + go-version: '1.20' + - name: Download Syft + uses: anchore/sbom-action/download-syft@422cb34a0f8b599678c41b21163ea6088edb2624 # v0.14.1 + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4 + with: + # either 'goreleaser' (default) or 'goreleaser-pro' + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.K8SGPT_BOT_SECRET }} + + build-container: + if: needs.release-please.outputs.releases_created == 'true' + needs: + - release-please + runs-on: ubuntu-22.04 + permissions: + contents: write + packages: write + id-token: write + env: + IMAGE_TAG: ghcr.io/k8sgpt-ai/k8sgpt-operator:${{ needs.release-please.outputs.tag_name }} + IMAGE_NAME: k8sgpt-operator + steps: + - name: Checkout + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + with: + submodules: recursive + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2 + + - name: Login to GitHub Container Registry + uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2 + with: + registry: "ghcr.io" + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build Docker Image + uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + target: production + tags: | + ${{ env.IMAGE_TAG }} + builder: ${{ steps.buildx.outputs.name }} + push: true + cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }} + cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }} + + - name: Generate SBOM + uses: anchore/sbom-action@422cb34a0f8b599678c41b21163ea6088edb2624 # v0.14.1 + with: + image: ${{ env.IMAGE_TAG }} + artifact-name: sbom-${{ env.IMAGE_NAME }} + output-file: ./sbom-${{ env.IMAGE_NAME }}.spdx.json + + - name: Attach SBOM to release + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 + with: + tag_name: ${{ needs.release-please.outputs.tag_name }} + files: ./sbom-${{ env.IMAGE_NAME }}.spdx.json \ No newline at end of file diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 00000000..207a2e99 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,27 @@ +name: Run tests + +on: + push: + branches: + - main + pull_request: + branches: + - main + +env: + GO_VERSION: "~1.20" + +jobs: + build: + + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + + - name: Set up Go + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Test + run: go test -v ./... \ No newline at end of file diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 00000000..28cbe894 --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1 @@ +{".":"0.0.0"} \ No newline at end of file diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 00000000..118bc2f8 --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,75 @@ +{ + "packages": { + ".": { + "changelog-path": "CHANGELOG.md", + "release-type": "go", + "prerelease": false, + "bump-minor-pre-major": true, + "bump-patch-for-minor-pre-major": true, + "draft": false, + "extra-files": [ + "README.md", + "deploy/manifest.yaml", + "chart/Chart.yaml", + "chart/values.yaml", + "container/manifests/deployment.yaml" + ], + "changelog-sections": [ + { + "type": "feat", + "section": "Features" + }, + { + "type": "fix", + "section": "Bug Fixes" + }, + { + "type": "chore", + "section": "Other" + }, + { + "type": "docs", + "section": "Docs" + }, + { + "type": "perf", + "section": "Performance" + }, + { + "type": "build", + "hidden": true, + "section": "Build" + }, + { + "type": "deps", + "section": "Dependency Updates" + }, + { + "type": "ci", + "hidden": true, + "section": "CI" + }, + { + "type": "refactor", + "section": "Refactoring" + }, + { + "type": "revert", + "hidden": true, + "section": "Reverts" + }, + { + "type": "style", + "hidden": true, + "section": "Styling" + }, + { + "type": "test", + "hidden": true, + "section": "Tests" + } + ] + } + }, + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json" +} \ No newline at end of file diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..e4f1dff0 --- /dev/null +++ b/renovate.json @@ -0,0 +1,47 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base", + "helpers:pinGitHubActionDigests", + ":gitSignOff" + + ], + "addLabels": ["dependencies"], + "postUpdateOptions": [ + "gomodTidy", + "gomodMassage" + ], + "packageRules": [ + { + "matchUpdateTypes": ["minor", "patch"], + "matchCurrentVersion": "!/^0/", + "automerge": true + }, + { + "matchManagers": ["gomod"], + "addLabels": ["go"] + }, + { + "matchManagers": ["github-actions"], + "addLabels": ["github_actions"] + }, + { + "matchManagers": ["dockerfile"], + "addLabels": ["docker"] + } + ], + "regexManagers": [ + { + "fileMatch": [ + "(^|\\/)Makefile$", + "(^|\\/)Dockerfile", + "(^|\\/).*\\.ya?ml$", + "(^|\\/).*\\.toml$", + "(^|\\/).*\\.sh$" + ], + "matchStrings": [ + "# renovate: datasource=(?.+?) depName=(?.+?)\\s.*?_VERSION ?(\\??=|\\: ?) ?\\\"?(?.+?)?\\\"?\\s" + ] + } + ] +} \ No newline at end of file