From ee29698cc703e9cbe7121703179def0b0238ed9d Mon Sep 17 00:00:00 2001 From: alvicsam Date: Mon, 18 Nov 2024 16:40:46 +0100 Subject: [PATCH 1/3] ci: migrate from gitlab to github --- .github/workflows/ci.yml | 71 ++++++++++ .github/workflows/gitspiegel-trigger.yml | 22 --- .github/workflows/publish-deploy.yml | 110 +++++++++++++++ .gitlab-ci.yml | 167 ----------------------- 4 files changed, 181 insertions(+), 189 deletions(-) create mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/gitspiegel-trigger.yml create mode 100644 .github/workflows/publish-deploy.yml delete mode 100644 .gitlab-ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..7d9741b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,71 @@ +name: CI + +on: + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + set-variables: + name: Set variables + runs-on: ubuntu-latest + timeout-minutes: 10 + outputs: + VERSION: ${{ steps.version.outputs.VERSION }} + steps: + - name: Define version + id: version + run: | + export COMMIT_SHA=${{ github.sha }} + export COMMIT_SHA_SHORT=${COMMIT_SHA:0:8} + export REF_NAME=${{ github.ref_name }} + export REF_SLUG=${REF_NAME//\//_} + echo "short sha: ${COMMIT_SHA_SHORT} slug: ${REF_SLUG}" + if [[ ${REF_SLUG} == "master" ]] + then + export VERSION=${REF_SLUG}-${COMMIT_SHA_SHORT} + echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT + else + export VERSION=${REF_SLUG} + echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT + fi + echo "set COMMIT_SHA_SHORT=${COMMIT_SHA_SHORT}" + echo "set VERSION=${VERSION}" + ci: + name: Run lint + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Check out the repo + uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 22 + - name: Tests + run: | + yarn --immutable + yarn lint + + build_image: + name: Build docker image + runs-on: ubuntu-latest + needs: [set-variables] + timeout-minutes: 10 + env: + VERSION: ${{ needs.set-variables.outputs.VERSION }} + IMAGE_NAME: "docker.io/paritytech/matrix-admin-bot" + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + push: false + tags: | + ${{ env.IMAGE_NAME }}:${{ env.VERSION }} diff --git a/.github/workflows/gitspiegel-trigger.yml b/.github/workflows/gitspiegel-trigger.yml deleted file mode 100644 index dce3aaf..0000000 --- a/.github/workflows/gitspiegel-trigger.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: gitspiegel sync - -# This workflow doesn't do anything, it's only use is to trigger "workflow_run" -# webhook, that'll be consumed by gitspiegel -# This way, gitspiegel won't do mirroring, unless this workflow runs, -# and running the workflow is protected by GitHub - -on: - pull_request: - types: - - opened - - synchronize - - unlocked - - ready_for_review - - reopened - -jobs: - sync: - runs-on: ubuntu-latest - steps: - - name: Do nothing - run: echo "let's go" diff --git a/.github/workflows/publish-deploy.yml b/.github/workflows/publish-deploy.yml new file mode 100644 index 0000000..8a8e811 --- /dev/null +++ b/.github/workflows/publish-deploy.yml @@ -0,0 +1,110 @@ +name: Publish and deploy + +on: + push: + branches: + - master + tags: + - v* + - stg-v* + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +#to use reusable workflow +permissions: + id-token: write + contents: read + +env: + APP: "substrate-tip-bot" + +jobs: + set-variables: + name: Set variables + runs-on: ubuntu-latest + outputs: + VERSION: ${{ steps.version.outputs.VERSION }} + steps: + - name: Define version + id: version + run: | + export COMMIT_SHA=${{ github.sha }} + export COMMIT_SHA_SHORT=${COMMIT_SHA:0:8} + export REF_NAME=${{ github.ref_name }} + export REF_SLUG=${REF_NAME//\//_} + echo "short sha: ${COMMIT_SHA_SHORT} slug: ${REF_SLUG}" + if [[ ${REF_SLUG} == "master" ]] + then + export VERSION=${REF_SLUG}-${COMMIT_SHA_SHORT} + echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT + else + export VERSION=${REF_SLUG} + echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT + fi + echo "set VERSION=${VERSION}" + build_push_docker: + name: Build docker image + runs-on: ubuntu-latest + environment: master_n_tags + needs: [set-variables] + env: + VERSION: ${{ needs.set-variables.outputs.VERSION }} + steps: + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + push: true + tags: | + docker.io/paritytech/matrix-admin-bot:${{ env.VERSION }} + + deploy-stg: + name: Deploy Staging + runs-on: ubuntu-latest + needs: [set-variables, build_push_docker] + environment: parity-stg + env: + VERSION: ${{ needs.set-variables.outputs.VERSION }} + ARGOCD_SERVER: "argocd-stg.teleport.parity.io" + steps: + - name: Deploy to ArgoCD + uses: paritytech/argocd-deployment-action@main + with: + environment: "parity-stg" + tag: "${{ env.VERSION }}" + app_name: "${{ env.APP }}" + app_packages: "common" + argocd_server: ${{ env.ARGOCD_SERVER }} + teleport_token: ${{ env.APP }} + teleport_app_name: "argocd-stg" + argocd_auth_token: ${{ secrets.ARGOCD_AUTH_TOKEN }} + + deploy-prod: + name: Deploy Production + runs-on: ubuntu-latest + needs: [set-variables, deploy-stg] + environment: parity-prod + env: + VERSION: ${{ needs.set-variables.outputs.VERSION }} + ARGOCD_SERVER: "argocd-prod.teleport.parity.io" + steps: + - name: Deploy to ArgoCD + uses: paritytech/argocd-deployment-action@main + with: + environment: "parity-prod" + tag: "${{ env.VERSION }}" + app_name: "${{ env.APP }}" + app_packages: "common" + argocd_server: ${{ env.ARGOCD_SERVER }} + teleport_token: ${{ env.APP }} + teleport_app_name: "argocd-prod" + argocd_auth_token: ${{ secrets.ARGOCD_AUTH_TOKEN }} diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 2137113..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,167 +0,0 @@ -stages: - - test - - build - - staging - - production - -default: - id_tokens: - VAULT_ID_TOKEN: - aud: https://gitlab.parity.io - interruptible: true - retry: - max: 2 - when: - - runner_system_failure - - unknown_failure - - api_failure - -variables: - KUBE_NAMESPACE: "matrix-admin-bot" - CI_REGISTRY: "docker.io/paritytech" - GIT_STRATEGY: fetch - CI_IMAGE: "node:18-slim" - # BUILDAH_IMAGE is defined in group variables - BUILDAH_COMMAND: "buildah --storage-driver overlay2" - DOCKERHUB_REPO: "paritytech" - IMAGE_NAME: docker.io/$DOCKERHUB_REPO/matrix-admin-bot - DOCKER_TAG: "${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHORT_SHA}" - VAULT_ADDR: "https://vault.parity-mgmt-vault.parity.io" - VAULT_AUTH_PATH: "gitlab-parity-io-jwt-oidc" - VAULT_AUTH_ROLE: "gitlab_oidc_${CI_PROJECT_NAME}" - -.common-refs: &common-refs - rules: - - if: $CI_COMMIT_REF_NAME == "master" - - if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs - -.test-refs: &test-refs - rules: - - if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs - -# Publish docker image and deploy it on staging on tag or on push in master -.publish-deploy-refs: &publish-deploy-refs - rules: - - if: $CI_COMMIT_REF_NAME == "master" # on commits to main branch - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # on tags (i.e. v1.0, v2.1rc1) - -# Deploy on production goes only on tag -.deploy-prod-refs: &deploy-prod-refs - rules: - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # on tags (i.e. v1.0, v2.1rc1) - -.kubernetes-env: &kubernetes-env - image: $CI_IMAGE - tags: - - kubernetes-parity-build - -# template task for building and pushing an image -.build-push-docker-image: &build-push-docker-image - image: $BUILDAH_IMAGE - script: - - test "$Docker_Hub_User_Parity" -a "$Docker_Hub_Pass_Parity" || - ( echo "no docker credentials provided"; exit 1 ) - - $BUILDAH_COMMAND build - --format=docker - --build-arg VCS_REF="${CI_COMMIT_SHA}" - --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" - --build-arg VERSION="${DOCKER_TAG}" - --build-arg PROJECT_NAME="${CI_PROJECT_NAME}" - --tag "$IMAGE_NAME:${DOCKER_TAG}" - --tag "$IMAGE_NAME:latest" - --file "$DOCKERFILE" . - - echo "$Docker_Hub_Pass_Parity" | - buildah login --username "$Docker_Hub_User_Parity" --password-stdin docker.io - - $BUILDAH_COMMAND info - - $BUILDAH_COMMAND push --format=v2s2 "$IMAGE_NAME:${DOCKER_TAG}" - - $BUILDAH_COMMAND push --format=v2s2 "$IMAGE_NAME:latest" - after_script: - - buildah logout --all - -# test that docker image can build - -.build-only-docker-image: &build-only-docker-image - image: $BUILDAH_IMAGE - script: - - $BUILDAH_COMMAND build - --format=docker - --build-arg VCS_REF="${CI_COMMIT_SHA}" - --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')" - --build-arg PROJECT_NAME="${CI_PROJECT_NAME}" - --tag "$IMAGE_NAME:latest" - --file "$DOCKERFILE" . - -check-linting: - stage: test - <<: *common-refs - <<: *kubernetes-env - script: - - apt-get update && apt-get install -y git - - yarn --immutable - - yarn lint - -build-docker-bot: - stage: build - <<: *test-refs - <<: *kubernetes-env - <<: *build-only-docker-image - variables: - DOCKERFILE: "Dockerfile" - - -publish-docker-bot: - stage: build - <<: *publish-deploy-refs - <<: *kubernetes-env - <<: *build-push-docker-image - variables: - DOCKERFILE: "Dockerfile" - -push-docker-image-description: - stage: build - <<: *kubernetes-env - variables: - CI_IMAGE: paritytech/dockerhub-description - DOCKERHUB_REPOSITORY: $DOCKERHUB_REPO/$KUBE_NAMESPACE - DOCKER_USERNAME: $Docker_Hub_User_Parity - DOCKER_PASSWORD: $Docker_Hub_Pass_Parity - README_FILEPATH: $CI_PROJECT_DIR/Dockerfile.README.md - SHORT_DESCRIPTION: "Bot to keep the matrix channels maintainable and bulk invite new users to the channels" - rules: - - if: $CI_COMMIT_REF_NAME == "master" - changes: - - Dockerfile.README.md - script: - - cd / && sh entrypoint.sh - -#### stage: deploy - -.deploy: &deploy-k8s - variables: - CI_IMAGE: quay.io/argoproj/argocd:v2.7.9 - ARGOCD_OPTS: --grpc-web --grpc-web-root-path /$ENVIRONMENT - APP: matrix-admin-bot - environment: - name: $ENVIRONMENT - script: - - argocd app list - - argocd app set $APP --helm-set common.image.tag="$DOCKER_TAG" - - argocd app sync $APP - - argocd app wait $APP --timeout 300 - - -deploy-stg: - stage: staging - extends: .deploy - <<: *kubernetes-env - <<: *publish-deploy-refs - variables: - ENVIRONMENT: parity-stg - -deploy-prod: - stage: production - extends: .deploy - <<: *kubernetes-env - <<: *deploy-prod-refs - variables: - ENVIRONMENT: parity-prod From fa4b78d975cd0e5b1c92b7b835cec9b79a86602f Mon Sep 17 00:00:00 2001 From: alvicsam Date: Mon, 18 Nov 2024 16:43:53 +0100 Subject: [PATCH 2/3] node version --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7d9741b..24a4a65 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: - node-version: 22 + node-version: 18 - name: Tests run: | yarn --immutable From 98fcd9f950024466d4704c815179324238497db4 Mon Sep 17 00:00:00 2001 From: alvicsam Date: Mon, 18 Nov 2024 16:46:59 +0100 Subject: [PATCH 3/3] deploy prod on tag --- .github/workflows/publish-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish-deploy.yml b/.github/workflows/publish-deploy.yml index 8a8e811..dcbc7c1 100644 --- a/.github/workflows/publish-deploy.yml +++ b/.github/workflows/publish-deploy.yml @@ -93,6 +93,7 @@ jobs: runs-on: ubuntu-latest needs: [set-variables, deploy-stg] environment: parity-prod + if: startsWith(github.ref, 'refs/tags/v') env: VERSION: ${{ needs.set-variables.outputs.VERSION }} ARGOCD_SERVER: "argocd-prod.teleport.parity.io"