Merge branch 'main' into new-filters

author: mbaruh <[email protected]> 2023-03-21 17:02:15 +0200
committer: mbaruh <[email protected]> 2023-03-21 17:02:15 +0200
commit: 866edba4e20db0c06ea32cd042ab0a484b013858 (patch)
tree: ebf0b01c32c8e0244b2fb378be28f31e78e31814 /.github
parent: More type hint parameterizing (diff)
parent: Override context command explicitly in antispam filter(#2477) (diff)
8 files changed, 149 insertions, 134 deletions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..f60e94af8
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "python-discord/devops"
diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml
new file mode 100644
index 000000000..2582a4113
--- /dev/null
+++ b/.github/workflows/build-deploy.yml
@@ -0,0 +1,80 @@
+name: Build & Deploy
+
+on:
+  workflow_call:
+    inputs:
+      sha-tag:
+        description: "A short-form SHA tag for the commit that triggered this workflow"
+        required: true
+        type: string
+
+
+jobs:
+  build:
+    name: Build & Push
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      # The current version (v2) of Docker's build-push action uses
+      # buildx, which comes with BuildKit features that help us speed
+      # up our builds using additional cache features. Buildx also
+      # has a lot of other features that are not as relevant to us.
+      #
+      # See https://github.com/docker/build-push-action
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Github Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Build and push the container to the GitHub Container
+      # Repository. The container will be tagged as "latest"
+      # and with the short SHA of the commit.
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          cache-from: type=registry,ref=ghcr.io/python-discord/bot:latest
+          cache-to: type=inline
+          tags: |
+            ghcr.io/python-discord/bot:latest
+            ghcr.io/python-discord/bot:${{ inputs.sha-tag }}
+          build-args: |
+            git_sha=${{ github.sha }}
+
+  deploy:
+    name: Deploy
+    needs: build
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - name: Checkout Kubernetes repository
+        uses: actions/checkout@v3
+        with:
+          repository: python-discord/kubernetes
+
+      - uses: azure/setup-kubectl@v3
+
+      - name: Authenticate with Kubernetes
+        uses: azure/k8s-set-context@v3
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBECONFIG }}
+
+      - name: Deploy to Kubernetes
+        uses: azure/k8s-deploy@v4
+        with:
+          manifests: |
+            namespaces/default/bot/deployment.yaml
+          images: 'ghcr.io/python-discord/bot:${{ inputs.sha-tag }}'
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
deleted file mode 100644
index f8f2c8888..000000000
--- a/.github/workflows/build.yml
+++ /dev/null
@@ -1,63 +0,0 @@
-name: Build
-
-on:
-  workflow_run:
-    workflows: ["Lint & Test"]
-    branches:
-      - main
-    types:
-      - completed
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  build:
-    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push'
-    name: Build & Push
-    runs-on: ubuntu-latest
-
-    steps:
-      # Create a commit SHA-based tag for the container repositories
-      - name: Create SHA Container Tag
-        id: sha_tag
-        run: |
-          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
-          echo "::set-output name=tag::$tag"
-
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      # The current version (v2) of Docker's build-push action uses
-      # buildx, which comes with BuildKit features that help us speed
-      # up our builds using additional cache features. Buildx also
-      # has a lot of other features that are not as relevant to us.
-      #
-      # See https://github.com/docker/build-push-action
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Login to Github Container Registry
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN  }}
-
-      # Build and push the container to the GitHub Container
-      # Repository. The container will be tagged as "latest"
-      # and with the short SHA of the commit.
-      - name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: ./Dockerfile
-          push: true
-          cache-from: type=registry,ref=ghcr.io/python-discord/bot:latest
-          cache-to: type=inline
-          tags: |
-            ghcr.io/python-discord/bot:latest
-            ghcr.io/python-discord/bot:${{ steps.sha_tag.outputs.tag }}
-          build-args: |
-            git_sha=${{ github.sha }}
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
deleted file mode 100644
index 79eef8821..000000000
--- a/.github/workflows/deploy.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-name: Deploy
-
-on:
-  workflow_run:
-    workflows: ["Build"]
-    branches:
-      - main
-    types:
-      - completed
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  build:
-    environment: production
-    if: github.event.workflow_run.conclusion == 'success'
-    name: Build & Push
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Create SHA Container Tag
-        id: sha_tag
-        run: |
-          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
-          echo "::set-output name=tag::$tag"
-
-      - name: Checkout code
-        uses: actions/checkout@v2
-        with:
-          repository: python-discord/kubernetes
-
-      - name: Authenticate with Kubernetes
-        uses: azure/k8s-set-context@v1
-        with:
-          method: kubeconfig
-          kubeconfig: ${{ secrets.KUBECONFIG }}
-
-      - name: Deploy to Kubernetes
-        uses: Azure/k8s-deploy@v1
-        with:
-          manifests: |
-              namespaces/default/bot/deployment.yaml
-          images: 'ghcr.io/python-discord/bot:${{ steps.sha_tag.outputs.tag }}'
-          kubectl-version: 'latest'
diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml
index a331659e6..af1d703c0 100644
--- a/.github/workflows/lint-test.yml
+++ b/.github/workflows/lint-test.yml
@@ -1,14 +1,7 @@
 name: Lint & Test
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  workflow_call
 
 jobs:
   lint-test:
@@ -23,7 +16,8 @@ jobs:
         MIT License;
         Mozilla Public License 2.0 (MPL 2.0);
         Public Domain;
-        Python Software Foundation License
+        Python Software Foundation License;
+        The Unlicense (Unlicense)
 
       # Dummy values for required bot environment variables
       BOT_API_KEY: foo
@@ -35,13 +29,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Install Python Dependencies
-        uses: HassanAbouelela/actions/setup-python@setup-python_v1.3.1
+        uses: HassanAbouelela/actions/setup-python@setup-python_v1.4.0
         with:
-          # Set dev=true to install flake8 extensions, which are dev dependencies
-          dev: true
           python_version: '3.10'
 
       # Check all of our non-dev dependencies are compatible with the MIT license.
@@ -92,7 +84,7 @@ jobs:
       - name: Upload a Build Artifact
         if: always() && steps.prepare-artifact.outcome == 'success'
         continue-on-error: true
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: pull-request-payload
           path: pull_request_payload.json
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 000000000..0f972b16f
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,47 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+
+jobs:
+  lint-test:
+    uses: ./.github/workflows/lint-test.yml
+
+
+  generate-sha-tag:
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    outputs:
+      sha-tag: ${{ steps.sha-tag.outputs.sha-tag }}
+    steps:
+      - name: Create SHA Container tag
+        id: sha-tag
+        run: |
+          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
+          echo "sha-tag=$tag" >> $GITHUB_OUTPUT
+
+
+  build-deploy:
+    if: github.ref == 'refs/heads/main'
+    uses: ./.github/workflows/build-deploy.yml
+    needs:
+      - lint-test
+      - generate-sha-tag
+    with:
+      sha-tag: ${{ needs.generate-sha-tag.outputs.sha-tag }}
+    secrets: inherit
+
+  sentry-release:
+    if: github.ref == 'refs/heads/main'
+    uses: ./.github/workflows/sentry_release.yml
+    needs: build-deploy
+    secrets: inherit
diff --git a/.github/workflows/sentry_release.yml b/.github/workflows/sentry_release.yml
index 48f5e50f4..cdc8f37d5 100644
--- a/.github/workflows/sentry_release.yml
+++ b/.github/workflows/sentry_release.yml
@@ -1,20 +1,15 @@
 name: Create Sentry release
 
 on:
-  push:
-    branches:
-      - main
+  workflow_call
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
 
 jobs:
   create_sentry_release:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@main
+        uses: actions/checkout@v3
 
       - name: Create a Sentry.io release
         uses: tclindner/[email protected]
diff --git a/.github/workflows/status_embed.yaml b/.github/workflows/status_embed.yaml
index 4178c366d..60bdaf770 100644
--- a/.github/workflows/status_embed.yaml
+++ b/.github/workflows/status_embed.yaml
@@ -3,9 +3,7 @@ name: Status Embed
 on:
   workflow_run:
     workflows:
-      - Lint & Test
-      - Build
-      - Deploy
+      - CI
     types:
       - completed
 
@@ -60,7 +58,7 @@ jobs:
       # more information and we can fine tune when we actually want
       # to send an embed.
       - name: GitHub Actions Status Embed for Discord
-        uses: SebastiaanZ/[email protected]
+        uses: SebastiaanZ/[email protected]
         with:
           # Our GitHub Actions webhook
           webhook_id: '784184528997842985'
author	mbaruh <[email protected]>	2023-03-21 17:02:15 +0200
committer	mbaruh <[email protected]>	2023-03-21 17:02:15 +0200
commit	866edba4e20db0c06ea32cd042ab0a484b013858 (patch)
tree	ebf0b01c32c8e0244b2fb378be28f31e78e31814 /.github
parent	More type hint parameterizing (diff)
parent	Override context command explicitly in antispam filter(#2477) (diff)