Sync files with networkservicemesh/cmd-template

This PR syncs files with https://github.com/networkservicemesh/cmd-template Revision: https://github.com/networkservicemesh/cmd-template/commits/e8ed376ecfda3a4aad2f7ffab6098abba0515c8e commit e8ed376ecfda3a4aad2f7ffab6098abba0515c8e Author: Nikita Skrynnik <93182827+NikitaSkrynnik@users.noreply.github.com> Date: Mon Jul 25 21:22:30 2022 +1100 Add reusable workflows (#105) * reuse already existing workflows from .github Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * replace docker-push workflows Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * rework release workflow Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * rework update-deployments and ci workflows Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * finish reworking workflows Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * minor fixes Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * specify config_file path for yamllint job in CI workflow Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix automerge Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix yamllint issues Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix docker-build-and-test job in CI workflow Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * add print-debug-info job to automerge workflow Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
networkservicemesh · Jul 25, 2022 · c450708 · c450708
1 parent 2a85926
commit c450708
Show file tree

Hide file tree

Showing 8 changed files with 86 additions and 575 deletions.
diff --git a/.github/workflows/automerge.yaml b/.github/workflows/automerge.yaml
@@ -7,115 +7,28 @@ on:
     workflows:
       - "ci"
 jobs:
-  automerge:
-    name: Automerge
+  print-debug-info:
+    name: Print debug info
     runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' }}
-    outputs:
-      pr_branch_ref: ${{ steps.check_mergeability.outputs.pr_branch_ref }}
     steps:
-      - name: Find current PR
-        uses: jwalton/gh-find-current-pr@v1.0.2
-        id: findPr
-        with:
-          sha: ${{ github.event.workflow_run.head_sha }}
-          github-token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-      - name: Validate PR number
-        run: |
-          if [ -z ${{ steps.findPr.outputs.pr }} ]; then
-            echo "No opened PR was found for SHA ${{ github.event.workflow_run.head_sha }}"
-            exit 1
-          fi
-      - name: Get PR Info
-        id: get_pull_request_info
-        uses: octokit/request-action@v2.x
-        with:
-          route: GET /repos/${{ github.repository }}/pulls/${{ steps.findPr.outputs.pr }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-      - name: Check mergeability
-        id: check_mergeability
-        run: |
-          echo "Mergeable: ${{ fromJson(steps.get_pull_request_info.outputs.data).mergeable }}"
-          PR_BRANCH_REF=${{ fromJson(steps.get_pull_request_info.outputs.data).head.ref }}
-          echo "PR_BRANCH_REF: $PR_BRANCH_REF"
-          echo "::set-output name=pr_branch_ref::$PR_BRANCH_REF"
-          if [ "${{ fromJson(steps.get_pull_request_info.outputs.data).mergeable }}" != "true" ]; then
-            echo "PR has conflicts"
-            exit 1
-          fi
-      - name: Check out the code
-        uses: actions/checkout@v2
-      - name: Fetch main
-        run: |
-          git remote -v
-          git fetch --depth=1 origin main
-      - name: Only allow go.mod and go.sum changes
-        run: |
-          find . -type f ! -name 'go.mod' ! -name 'go.sum' ! -name '*.yaml' ! -name '*.yml' ! -name '*.txt' ! -name '*.md' ! -name '*.conf' -exec git diff --exit-code origin/main -- {} +
-      - name: Merge PR
-        uses: ridedott/merge-me-action@master
-        with:
-          GITHUB_LOGIN: nsmbot
-          ENABLED_FOR_MANUAL_CHANGES: true
-          GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
+      - uses: hmarr/debug-action@v2
+
+  check-mergeability:
+    if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' }}
+    uses: networkservicemesh/.github/.github/workflows/check-mergeability.yaml@main
+    secrets:
+      token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
+
+  automerge:
+    needs: [check-mergeability]
+    if: ${{ needs.check-mergeability.result == 'success' }}
+    uses: networkservicemesh/.github/.github/workflows/automerge.yaml@main
+
   resolve_conflicts:
-    name: Autoresolve Conflicts
-    needs: [automerge]
-    if: ${{ always() && needs.automerge.result == 'failure' && needs.automerge.outputs.pr_branch_ref != '' && github.actor == 'nsmbot' }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout default branch
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-      - name: Checkout PR branch
-        uses: actions/checkout@v2
-        with:
-          ref: ${{ needs.automerge.outputs.pr_branch_ref }}
-          fetch-depth: 0
-          token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-      - name: Verify conflicts only in go.mod/go.sum
-        run: |
-          CONFLICTING_FILES=$(git merge-tree $(git merge-base origin/main HEAD) origin/main HEAD | \
-            awk 'BEGIN {is_conflict = 0} /changed in both/{is_conflict = 1; next} /base/{if (is_conflict) {print $4; is_conflict = 0} next }' | \
-            { grep -vF "go.mod" || true; } | \
-            { grep -vF "go.sum" || true; })
-          if [[ -n $CONFLICTING_FILES ]]; then
-            echo "Conflicts can be resolved only in go.mod and go.sum files, but conflicts were found in other files: $CONFLICTING_FILES"
-            exit 1
-          fi
-      - name: Check number of retries
-        run: |
-          if [ $(git log --oneline | head -n 10 | grep -Fc "Automatically resolving conflicts in go.mod") -ge 3 ]; then
-            echo "Couldn't automatically resolve conflicts (number of re-tries is >= 3). Please, resolve them manually."
-            exit 1
-          fi
-      - name: Merge default branch
-        run: |
-          git config --global user.email "nsmbot@networkservicmesh.io"
-          git config --global user.name "NSMBot"
-          git config pull.rebase false
-          git pull -q origin main -s ort -X theirs
-      - name: Setup Go
-        uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.2
-      - name: Update version manually
-        run: |
-          branch=${{ needs.automerge.outputs.pr_branch_ref }}
-          repository=${branch#update/networkservicemesh/}
-          echo Update ${repository} version in go.mod manually
-          go get -u github.com/networkservicemesh/${repository}@main
-      - name: Re-generate go.sum
-        run: go mod tidy
-      - name: Push changes
-        run: |
-          echo "Automatically resolving conflicts in go.mod and updating dependency versions to the latest" >> /tmp/commit-message
-          git config --global user.email "nsmbot@networkservicmesh.io"
-          git config --global user.name "NSMBot"
-          git add -- go.sum go.mod
-          git commit -s -F /tmp/commit-message
-          echo "Force-pushing changes to ${{ needs.automerge.outputs.pr_branch_ref }}"
-          git push -f origin ${{ needs.automerge.outputs.pr_branch_ref }}
+    needs: [check-mergeability]
+    if: ${{ always() && needs.check-mergeability.result == 'failure' && needs.check-mergeability.outputs.pr_branch_ref != '' }}
+    uses: networkservicemesh/.github/.github/workflows/resolve-conflicts.yaml@main
+    with:
+      pr_branch_ref: ${{ needs.check-mergeability.outputs.pr_branch_ref }}
+    secrets:
+      token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -8,149 +8,35 @@ on:
   pull_request:
 jobs:
   yamllint:
-    name: yamllint
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-      - name: yaml-lint
-        uses: ibiqlik/action-yamllint@v1
-        with:
-          config_file: .yamllint.yml
-          strict: true
+    uses: networkservicemesh/.github/.github/workflows/yamllint.yaml@main
+    with:
+      config_file: "./.yamllint.yml"
 
   shellcheck:
-    name: shellcheck
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: shellcheck
-        uses: fkautz/shell-linter@v1.0.1
-
-  build:
-    name: build
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v2
-      - name: Setup Go
-        uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.2
-      - name: Build
-        run: go build -race ./...
+    uses: networkservicemesh/.github/.github/workflows/shellcheck.yaml@main
 
   golangci-lint:
-    name: golangci-lint
-    runs-on: ubuntu-latest
-    if: github.repository != 'networkservicemesh/cmd-template'
-    steps:
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Setup Go
-        uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.2
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: v1.45.2
+    uses: networkservicemesh/.github/.github/workflows/golangci-lint.yaml@main
 
   excludeFmtErrorf:
-    name: exclude fmt.Errorf
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Exclude fmt.Errorf
-        run: |
-          if grep -r --include=*.go --exclude=*.pb.go fmt.Errorf . ; then
-           echo "Please use errors.Errorf (or errors.New or errors.Wrap or errors.Wrapf) as appropriate rather than fmt.Errorf"
-           exit 1
-          fi
+    uses: networkservicemesh/.github/.github/workflows/exclude-fmt-errorf.yaml@main
 
   restrictNSMDeps:
-    name: Restrict dependencies on github.com/networkservicemesh/*
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Restrict dependencies on github.com/networkservicemesh/*
-        env:
-          ALLOWED_REPOSITORIES: "api, sdk, sdk-k8s, sdk-kernel, sdk-sriov, sdk-vpp"
-        run: |
-          for i in $(grep github.com/networkservicemesh/ go.mod | grep -v '^module' | sed 's;.*\(github.com\/networkservicemesh\/[^ ]*\).*;\1;g');do
-            if ! [ "$(echo ${ALLOWED_REPOSITORIES} | grep ${i#github.com/networkservicemesh/})" ]; then
-              echo Dependency on "${i}" is forbidden
-              exit 1
-            fi;
-          done
+    uses: networkservicemesh/.github/.github/workflows/restrict-nsm-deps.yaml@main
+    with:
+      allowed_repositories: "api, sdk, sdk-k8s, sdk-kernel, sdk-sriov, sdk-vpp"
 
   checkgomod:
-    name: Check go.mod and go.sum
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.2
-      - run: go mod tidy
-      - name: Check for changes
-        run: |
-          git diff --name-only --exit-code || ( echo "Run go mod tidy" && false )
+    uses: networkservicemesh/.github/.github/workflows/checkgomod.yaml@main
 
   gogenerate:
-    name: Check generated files
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.2
-      - run: go generate ./...
-      - name: Check for changes
-        run: |
-          git diff --name-only --exit-code || ( echo "Rerun go generate ./... locally and resubmit" && false )
+    uses: networkservicemesh/.github/.github/workflows/cmd-gogenerate.yaml@main
 
   excludereplace:
-    name: Exclude Replace in go.mod
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out the code
-        uses: actions/checkout@v2
-      - name: Exclude replace in go.mod
-        run: |
-          grep ^replace go.mod || exit 0
-          exit 1
+    uses: networkservicemesh/.github/.github/workflows/exclude-replace.yaml@main
 
-  docker:
-    name: Docker Build & Test
-    runs-on: ubuntu-latest
+  docker-build-and-test:
     if: github.repository != 'networkservicemesh/cmd-template'
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v1
-        with:
-          go-version: 1.18.2
-      - name: Build container
-        run: docker build .
-      - name: Run tests
-        run: docker run --privileged --rm $(docker build -q . --target test)
-      - name: Find merged PR
-        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-        uses: jwalton/gh-find-current-pr@v1
-        id: findPr
-        with:
-          github-token: ${{ github.token }}
-      - name: Publish Image
-        if: github.event_name == 'push' && github.ref == 'refs/heads/main' && success() && steps.findPr.outputs.number
-        uses: matootie/github-docker@v3.0.0
-        with:
-          accessToken: ${{ github.token }}
-          tag: |
-            pr-${{ steps.findPr.outputs.pr }}
-            commit-${{ github.sha }}
-            latest
+    uses: networkservicemesh/.github/.github/workflows/docker-build-and-test.yaml@main
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -17,56 +17,4 @@ on:
 
 jobs:
   analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        # Override automatic language detection by changing the below list
-        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
-        language: ['go']
-        # Learn more...
-        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-        with:
-          # We must fetch at least the immediate parents so that if this is
-          # a pull request then we can checkout the head.
-          fetch-depth: 2
-
-      # If this run was triggered by a pull request event, then checkout
-      # the head of the pull request instead of the merge commit.
-      - run: git checkout HEAD^2
-        if: ${{ github.event_name == 'pull_request' }}
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
-        with:
-          languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
-          # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
-
-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 https://git.io/JvXDl
-
-      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-      #    and modify them (or add more) to build your code if your project
-      #    uses a compiled language
-
-      # - run: |
-      #    make bootstrap
-      #    make release
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+    uses: networkservicemesh/.github/.github/workflows/codeql-analysis.yaml@main