From 194127b34ebc6dbef8241ade15e9a6403b4c42b7 Mon Sep 17 00:00:00 2001 From: Julien Duchesne Date: Thu, 26 Oct 2023 12:57:04 -0400 Subject: [PATCH] Drone -> Github Actions From our internal Drone instance to public Github actions runners --- .drone/docker-manifest.tmpl | 22 --- .drone/drone.jsonnet | 161 ----------------- .drone/drone.yml | 318 ---------------------------------- .drone/release-note.md | 20 --- .drone/vault.libsonnet | 20 --- .github/workflows/docker.yml | 49 ++++++ .github/workflows/release.yml | 50 ++++++ .github/workflows/tests.yml | 42 +++++ Dockerfile | 7 +- Makefile | 6 - README.md | 3 - 11 files changed, 147 insertions(+), 551 deletions(-) delete mode 100644 .drone/docker-manifest.tmpl delete mode 100644 .drone/drone.jsonnet delete mode 100644 .drone/drone.yml delete mode 100644 .drone/release-note.md delete mode 100644 .drone/vault.libsonnet create mode 100644 .github/workflows/docker.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/tests.yml diff --git a/.drone/docker-manifest.tmpl b/.drone/docker-manifest.tmpl deleted file mode 100644 index 2ec7d4925..000000000 --- a/.drone/docker-manifest.tmpl +++ /dev/null @@ -1,22 +0,0 @@ -image: grafana/tanka:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} -{{#if build.tags}} -tags: -{{#each build.tags}} - - {{this}} -{{/each}} -{{/if}} -manifests: - - image: grafana/tanka:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}amd64 - platform: - architecture: amd64 - os: linux - - image: grafana/tanka:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}arm64 - platform: - architecture: arm64 - os: linux - variant: v8 - - image: grafana/tanka:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}arm - platform: - architecture: arm - os: linux - variant: v7 diff --git a/.drone/drone.jsonnet b/.drone/drone.jsonnet deleted file mode 100644 index a7a8382ab..000000000 --- a/.drone/drone.jsonnet +++ /dev/null @@ -1,161 +0,0 @@ -local vault = import 'vault.libsonnet'; - -local golang = 'golang:1.20'; - -local volumes = [{ name: 'gopath', temp: {} }]; -local mounts = [{ name: 'gopath', path: '/go' }]; - -local constraints = { - local withRef(ref) = { - trigger+: { - ref+: [ref], - }, - }, - - tags: withRef('refs/tags/v*'), - mainPush: withRef('refs/heads/main'), - pullRequest: withRef('refs/pull/*/head'), -}; - -local go(name, commands) = { - name: name, - image: golang, - volumes: mounts, - commands: commands, -}; - -local make(target) = go(target, [ - // Only download it once, then for every step, copy it to the right place. - 'if [ ! -f linux-amd64/helm ]; then', - ' wget -q https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz', - ' tar -zxvf helm-v3.9.0-linux-amd64.tar.gz', - ' rm -f helm-v3.9.0-linux-amd64.tar.gz', - 'fi', - 'cp linux-amd64/helm /usr/local/bin/helm', - 'go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0', - 'make ' + target, -]); - -local pipeline(name) = { - kind: 'pipeline', - name: name, - volumes: volumes, - steps: [], -}; - -local docker(arch, depends_on=[]) = - pipeline('docker-' + arch) { - platform: { - os: 'linux', - arch: arch, - }, - steps: [ - go('fetch-tags', ['git fetch origin --tags']), - make('static'), - { - name: 'container', - image: 'plugins/docker', - settings: { - repo: 'grafana/tanka', - auto_tag: true, - auto_tag_suffix: arch, - username: { from_secret: vault.dockerhub_username }, - password: { from_secret: vault.dockerhub_password }, - }, - }, - ], - depends_on: depends_on, - }; - -[ - pipeline('check') { - steps: [ - go('download', ['go mod download']), - make('lint'), - make('test'), - make('cross') { name: 'build' }, - ], - } + constraints.pullRequest + constraints.mainPush, - - pipeline('benchmark against main') { - node: { - // To ensure that benchmarks are accurate, run this build on a node that doesn't do parallel builds. - type: 'no-parallel', - }, - steps: [ - go('benchmark', [ - 'go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0', - 'go test -bench=. -benchmem -count=6 -run=^$ ./... | tee bench-pr.txt', - 'git fetch origin main', - 'git reset --hard origin/main', - 'go test -bench=. -benchmem -count=6 -run=^$ ./... | tee bench-main.txt', - 'go install golang.org/x/perf/cmd/...@latest', - 'benchstat bench-main.txt bench-pr.txt', - ]), - ], - } + constraints.pullRequest, - - pipeline('release') { - steps: [ - go('fetch-tags', ['git fetch origin --tags']), - make('cross'), - { - name: 'publish', - image: 'plugins/github-release', - settings: { - title: '${DRONE_TAG}', - note: importstr 'release-note.md', - api_key: { from_secret: vault.grafanabot_public_account_token }, - files: 'dist/*', - draft: true, - }, - }, - ], - } + { depends_on: ['check'] } + constraints.tags, - - docker('amd64', depends_on=['check']) + constraints.tags + constraints.mainPush, - docker('arm64', depends_on=['check']) + constraints.tags + constraints.mainPush, - - pipeline('manifest-main') { - steps: [ - go('fetch-tags', [ - 'git fetch origin --tags', - 'echo "main-$(git describe --tags)" > .tags', - ]), - { - name: 'manifest', - image: 'plugins/manifest:1.4.0', - settings: { - ignore_missing: true, - spec: '.drone/docker-manifest.tmpl', - username: { from_secret: vault.dockerhub_username }, - password: { from_secret: vault.dockerhub_password }, - }, - }, - ], - } + { - depends_on: [ - 'docker-amd64', - 'docker-arm64', - ], - } + constraints.mainPush, - - pipeline('manifest') { - steps: [{ - name: 'manifest', - image: 'plugins/manifest:1.4.0', - settings: { - auto_tag: true, - ignore_missing: true, - spec: '.drone/docker-manifest.tmpl', - username: { from_secret: vault.dockerhub_username }, - password: { from_secret: vault.dockerhub_password }, - }, - }], - } + { - depends_on: [ - 'docker-amd64', - 'docker-arm64', - ], - } + constraints.tags + constraints.mainPush, -] + vault.secrets diff --git a/.drone/drone.yml b/.drone/drone.yml deleted file mode 100644 index 143da179a..000000000 --- a/.drone/drone.yml +++ /dev/null @@ -1,318 +0,0 @@ ---- -kind: pipeline -name: check -steps: -- commands: - - go mod download - image: golang:1.20 - name: download - volumes: - - name: gopath - path: /go -- commands: - - if [ ! -f linux-amd64/helm ]; then - - ' wget -q https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz' - - ' tar -zxvf helm-v3.9.0-linux-amd64.tar.gz' - - ' rm -f helm-v3.9.0-linux-amd64.tar.gz' - - fi - - cp linux-amd64/helm /usr/local/bin/helm - - go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0 - - make lint - image: golang:1.20 - name: lint - volumes: - - name: gopath - path: /go -- commands: - - if [ ! -f linux-amd64/helm ]; then - - ' wget -q https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz' - - ' tar -zxvf helm-v3.9.0-linux-amd64.tar.gz' - - ' rm -f helm-v3.9.0-linux-amd64.tar.gz' - - fi - - cp linux-amd64/helm /usr/local/bin/helm - - go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0 - - make test - image: golang:1.20 - name: test - volumes: - - name: gopath - path: /go -- commands: - - if [ ! -f linux-amd64/helm ]; then - - ' wget -q https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz' - - ' tar -zxvf helm-v3.9.0-linux-amd64.tar.gz' - - ' rm -f helm-v3.9.0-linux-amd64.tar.gz' - - fi - - cp linux-amd64/helm /usr/local/bin/helm - - go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0 - - make cross - image: golang:1.20 - name: build - volumes: - - name: gopath - path: /go -trigger: - ref: - - refs/pull/*/head - - refs/heads/main -volumes: -- name: gopath - temp: {} ---- -kind: pipeline -name: benchmark against main -node: - type: no-parallel -steps: -- commands: - - go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0 - - go test -bench=. -benchmem -count=6 -run=^$ ./... | tee bench-pr.txt - - git fetch origin main - - git reset --hard origin/main - - go test -bench=. -benchmem -count=6 -run=^$ ./... | tee bench-main.txt - - go install golang.org/x/perf/cmd/...@latest - - benchstat bench-main.txt bench-pr.txt - image: golang:1.20 - name: benchmark - volumes: - - name: gopath - path: /go -trigger: - ref: - - refs/pull/*/head -volumes: -- name: gopath - temp: {} ---- -depends_on: -- check -kind: pipeline -name: release -steps: -- commands: - - git fetch origin --tags - image: golang:1.20 - name: fetch-tags - volumes: - - name: gopath - path: /go -- commands: - - if [ ! -f linux-amd64/helm ]; then - - ' wget -q https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz' - - ' tar -zxvf helm-v3.9.0-linux-amd64.tar.gz' - - ' rm -f helm-v3.9.0-linux-amd64.tar.gz' - - fi - - cp linux-amd64/helm /usr/local/bin/helm - - go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0 - - make cross - image: golang:1.20 - name: cross - volumes: - - name: gopath - path: /go -- image: plugins/github-release - name: publish - settings: - api_key: - from_secret: grafanabot_pat - draft: true - files: dist/* - note: | - This is release ${DRONE_TAG} of Tanka (`tk`). Check out the [CHANGELOG](https://github.com/grafana/tanka/blob/main/CHANGELOG.md) for detailed release notes. - ## Install instructions - - #### Binary: - ```bash - # download the binary (adapt os and arch as needed) - $ curl -fSL -o "/usr/local/bin/tk" "https://github.com/grafana/tanka/releases/download/${DRONE_TAG}/tk-linux-amd64" - - # make it executable - $ chmod a+x "/usr/local/bin/tk" - - # have fun :) - $ tk --help - ``` - - #### Docker container: - https://hub.docker.com/r/grafana/tanka - ```bash - $ docker pull grafana/tanka:${DRONE_TAG#v} - ``` - title: ${DRONE_TAG} -trigger: - ref: - - refs/tags/v* -volumes: -- name: gopath - temp: {} ---- -depends_on: -- check -kind: pipeline -name: docker-amd64 -platform: - arch: amd64 - os: linux -steps: -- commands: - - git fetch origin --tags - image: golang:1.20 - name: fetch-tags - volumes: - - name: gopath - path: /go -- commands: - - if [ ! -f linux-amd64/helm ]; then - - ' wget -q https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz' - - ' tar -zxvf helm-v3.9.0-linux-amd64.tar.gz' - - ' rm -f helm-v3.9.0-linux-amd64.tar.gz' - - fi - - cp linux-amd64/helm /usr/local/bin/helm - - go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0 - - make static - image: golang:1.20 - name: static - volumes: - - name: gopath - path: /go -- image: plugins/docker - name: container - settings: - auto_tag: true - auto_tag_suffix: amd64 - password: - from_secret: dockerhub_password - repo: grafana/tanka - username: - from_secret: dockerhub_username -trigger: - ref: - - refs/tags/v* - - refs/heads/main -volumes: -- name: gopath - temp: {} ---- -depends_on: -- check -kind: pipeline -name: docker-arm64 -platform: - arch: arm64 - os: linux -steps: -- commands: - - git fetch origin --tags - image: golang:1.20 - name: fetch-tags - volumes: - - name: gopath - path: /go -- commands: - - if [ ! -f linux-amd64/helm ]; then - - ' wget -q https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz' - - ' tar -zxvf helm-v3.9.0-linux-amd64.tar.gz' - - ' rm -f helm-v3.9.0-linux-amd64.tar.gz' - - fi - - cp linux-amd64/helm /usr/local/bin/helm - - go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0 - - make static - image: golang:1.20 - name: static - volumes: - - name: gopath - path: /go -- image: plugins/docker - name: container - settings: - auto_tag: true - auto_tag_suffix: arm64 - password: - from_secret: dockerhub_password - repo: grafana/tanka - username: - from_secret: dockerhub_username -trigger: - ref: - - refs/tags/v* - - refs/heads/main -volumes: -- name: gopath - temp: {} ---- -depends_on: -- docker-amd64 -- docker-arm64 -kind: pipeline -name: manifest-main -steps: -- commands: - - git fetch origin --tags - - echo "main-$(git describe --tags)" > .tags - image: golang:1.20 - name: fetch-tags - volumes: - - name: gopath - path: /go -- image: plugins/manifest:1.4.0 - name: manifest - settings: - ignore_missing: true - password: - from_secret: dockerhub_password - spec: .drone/docker-manifest.tmpl - username: - from_secret: dockerhub_username -trigger: - ref: - - refs/heads/main -volumes: -- name: gopath - temp: {} ---- -depends_on: -- docker-amd64 -- docker-arm64 -kind: pipeline -name: manifest -steps: -- image: plugins/manifest:1.4.0 - name: manifest - settings: - auto_tag: true - ignore_missing: true - password: - from_secret: dockerhub_password - spec: .drone/docker-manifest.tmpl - username: - from_secret: dockerhub_username -trigger: - ref: - - refs/tags/v* - - refs/heads/main -volumes: -- name: gopath - temp: {} ---- -get: - name: pat - path: infra/data/ci/github/grafanabot -kind: secret -name: grafanabot_pat ---- -get: - name: username - path: infra/data/ci/docker_hub -kind: secret -name: dockerhub_username ---- -get: - name: password - path: infra/data/ci/docker_hub -kind: secret -name: dockerhub_password ---- -kind: signature -hmac: d6e20fdf35f6a2177b563a0db363b55872b276a880165349685c1f6aa1641495 - -... diff --git a/.drone/release-note.md b/.drone/release-note.md deleted file mode 100644 index 3c9d47e72..000000000 --- a/.drone/release-note.md +++ /dev/null @@ -1,20 +0,0 @@ -This is release ${DRONE_TAG} of Tanka (`tk`). Check out the [CHANGELOG](https://github.com/grafana/tanka/blob/main/CHANGELOG.md) for detailed release notes. -## Install instructions - -#### Binary: -```bash -# download the binary (adapt os and arch as needed) -$ curl -fSL -o "/usr/local/bin/tk" "https://github.com/grafana/tanka/releases/download/${DRONE_TAG}/tk-linux-amd64" - -# make it executable -$ chmod a+x "/usr/local/bin/tk" - -# have fun :) -$ tk --help -``` - -#### Docker container: -https://hub.docker.com/r/grafana/tanka -```bash -$ docker pull grafana/tanka:${DRONE_TAG#v} -``` diff --git a/.drone/vault.libsonnet b/.drone/vault.libsonnet deleted file mode 100644 index ce08d4361..000000000 --- a/.drone/vault.libsonnet +++ /dev/null @@ -1,20 +0,0 @@ -local secret(name, vault_path, key) = { - kind: 'secret', - name: name, - get: { - path: vault_path, - name: key, - }, -}; - -{ - dockerhub_username: 'dockerhub_username', - dockerhub_password: 'dockerhub_password', - grafanabot_public_account_token: 'grafanabot_pat', - - secrets: [ - secret($.grafanabot_public_account_token, 'infra/data/ci/github/grafanabot', 'pat'), - secret($.dockerhub_username, 'infra/data/ci/docker_hub', 'username'), - secret($.dockerhub_password, 'infra/data/ci/docker_hub', 'password'), - ], -} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 000000000..0a4c0d8b1 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,49 @@ +name: Docker + +on: + push: + branches: + - main + tags: + - v* + pull_request: + branches: + - '*' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + # Setup Docker + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + # Login to Docker Hub + - name: Get Secrets + if: github.event_name != 'pull_request' + uses: grafana/shared-workflows/actions/get-vault-secrets@main + with: + # Secrets placed in the ci/common/ path in Vault + common_secrets: | + DOCKERHUB_USERNAME=dockerhub:username + DOCKERHUB_TOKEN=dockerhub:password + - name: Login to Docker Hub + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + # Build [and push] + - id: docker_tag + run: echo "DOCKER_TAG=${GITHUB_REF_NAME#v}" >> "$GITHUB_ENV" + - name: Build and push + uses: docker/build-push-action@v5 + with: + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64 + tags: | + ${{ github.event_name != 'pull_request' && 'grafana/tanka:${{ env.DOCKER_TAG }}' || 'grafana/tanka:pr'}} + ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && 'grafana/tanka:latest' || ''}} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..0a6abe7a0 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,50 @@ +name: Release + +on: + push: + tags: + - v* + +permissions: + contents: write + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-tags: true + - uses: actions/setup-go@v2 + with: + go-version: '1.20' + - run: make cross + - id: docker_tag + run: echo "DOCKER_TAG=${GITHUB_REF_NAME#v}" >> "$GITHUB_ENV" + - name: Release + uses: softprops/action-gh-release@v1 + with: + body: | + This is release `${{ env.GITHUB_REF_NAME }}` of Tanka (`tk`). Check out the [CHANGELOG](https://github.com/grafana/tanka/blob/main/CHANGELOG.md) for detailed release notes. + ## Install instructions + + #### Binary: + ```bash + # download the binary (adapt os and arch as needed) + $ curl -fSL -o "/usr/local/bin/tk" "https://github.com/grafana/tanka/releases/download/${{ env.GITHUB_REF_NAME }}/tk-linux-amd64" + + # make it executable + $ chmod a+x "/usr/local/bin/tk" + + # have fun :) + $ tk --help + ``` + + #### Docker container: + https://hub.docker.com/r/grafana/tanka + ```bash + $ docker pull grafana/tanka:${{ env.DOCKER_TAG }} + ``` + draft: true + files: | + dist/* diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 000000000..47af5a77f --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,42 @@ +name: Tests + +on: + push: + branches: + - main + pull_request: + branches: + - '*' + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v2 + with: + go-version: '1.20' + - run: make lint + + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v2 + with: + go-version: '1.20' + - uses: azure/setup-helm@v3 + with: + version: '3.13.1' + - name: Install jsonnet + run: go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0 + - run: make test + + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v2 + with: + go-version: '1.20' + - run: make cross diff --git a/Dockerfile b/Dockerfile index 486ed33d7..89e53c167 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,10 +39,15 @@ RUN export TAG=$(curl --silent "https://api.github.com/repos/kubernetes-sigs/kus curl -SL "https://github.com/kubernetes-sigs/kustomize/releases/download/${TAG}/kustomize_${VERSION_TAG}_${OS}_${ARCH}.tar.gz" > kustomize.tgz && \ tar -xvf kustomize.tgz +FROM golang:1.21.1 as build +WORKDIR /app +COPY . . +RUN make static + # assemble final container FROM alpine:3.18 RUN apk add --no-cache coreutils diffutils less git openssh-client -COPY tk /usr/local/bin/tk +COPY --from=build /app/tk /usr/local/bin/tk COPY --from=kubectl /usr/local/bin/kubectl /usr/local/bin/kubectl COPY --from=jb /usr/local/bin/jb /usr/local/bin/jb COPY --from=helm /tmp/helm/helm /usr/local/bin/helm diff --git a/Makefile b/Makefile index 4dc477675..86c32d6e7 100644 --- a/Makefile +++ b/Makefile @@ -38,9 +38,3 @@ cross: $(GOX) # Docker container container: static docker build -t grafana/tanka . - -# CI -drone: - drone jsonnet --source .drone/drone.jsonnet --target .drone/drone.yml --stream --format - drone lint .drone/drone.yml - drone sign --save grafana/tanka .drone/drone.yml diff --git a/README.md b/README.md index e731de5e7..941773453 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,6 @@

- - -