diff options
| -rw-r--r-- | .github/dependabot.yml | 12 | ||||
| -rw-r--r-- | .github/workflows/build-deploy.yml (renamed from .github/workflows/build.yml) | 59 | ||||
| -rw-r--r-- | .github/workflows/deploy.yml | 46 | ||||
| -rw-r--r-- | .github/workflows/lint-test.yml | 9 | ||||
| -rw-r--r-- | .github/workflows/main.yml | 47 | ||||
| -rw-r--r-- | .github/workflows/sentry_release.yml | 7 | ||||
| -rw-r--r-- | .github/workflows/status_embed.yaml | 3 |
7 files changed, 99 insertions, 84 deletions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..f60e94af8 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + reviewers: + - "python-discord/devops" diff --git a/.github/workflows/build.yml b/.github/workflows/build-deploy.yml index f8f2c8888..b099dd22c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build-deploy.yml @@ -1,33 +1,22 @@ -name: Build +name: Build & Deploy on: - workflow_run: - workflows: ["Lint & Test"] - branches: - - main - types: - - completed + workflow_call: + inputs: + sha-tag: + description: "A short-form SHA tag for the commit that triggered this workflow" + required: true + type: string -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true jobs: build: - if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' name: Build & Push runs-on: ubuntu-latest steps: - # Create a commit SHA-based tag for the container repositories - - name: Create SHA Container Tag - id: sha_tag - run: | - tag=$(cut -c 1-7 <<< $GITHUB_SHA) - echo "::set-output name=tag::$tag" - - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 # The current version (v2) of Docker's build-push action uses # buildx, which comes with BuildKit features that help us speed @@ -35,6 +24,7 @@ jobs: # has a lot of other features that are not as relevant to us. # # See https://github.com/docker/build-push-action + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 @@ -43,11 +33,12 @@ jobs: with: registry: ghcr.io username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} + password: ${{ secrets.GITHUB_TOKEN }} # Build and push the container to the GitHub Container # Repository. The container will be tagged as "latest" # and with the short SHA of the commit. + - name: Build and push uses: docker/build-push-action@v2 with: @@ -58,6 +49,32 @@ jobs: cache-to: type=inline tags: | ghcr.io/python-discord/bot:latest - ghcr.io/python-discord/bot:${{ steps.sha_tag.outputs.tag }} + ghcr.io/python-discord/bot:${{ inputs.sha-tag }} build-args: | git_sha=${{ github.sha }} + + deploy: + name: Deploy + needs: build + runs-on: ubuntu-latest + environment: production + steps: + - name: Checkout Kubernetes repository + uses: actions/checkout@v3 + with: + repository: python-discord/kubernetes + + - uses: azure/setup-kubectl@v3 + + - name: Authenticate with Kubernetes + uses: azure/k8s-set-context@v3 + with: + method: kubeconfig + kubeconfig: ${{ secrets.KUBECONFIG }} + + - name: Deploy to Kubernetes + uses: Aure/k8s-deploy@v4 + with: + manifests: | + namespaces/default/bot/deployment.yaml + images: 'ghcr.io/python-discord/bot:${{ inputs.sha-tag }}' diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 79eef8821..000000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: Deploy - -on: - workflow_run: - workflows: ["Build"] - branches: - - main - types: - - completed - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build: - environment: production - if: github.event.workflow_run.conclusion == 'success' - name: Build & Push - runs-on: ubuntu-latest - - steps: - - name: Create SHA Container Tag - id: sha_tag - run: | - tag=$(cut -c 1-7 <<< $GITHUB_SHA) - echo "::set-output name=tag::$tag" - - - name: Checkout code - uses: actions/checkout@v2 - with: - repository: python-discord/kubernetes - - - name: Authenticate with Kubernetes - uses: azure/k8s-set-context@v1 - with: - method: kubeconfig - kubeconfig: ${{ secrets.KUBECONFIG }} - - - name: Deploy to Kubernetes - uses: Azure/k8s-deploy@v1 - with: - manifests: | - namespaces/default/bot/deployment.yaml - images: 'ghcr.io/python-discord/bot:${{ steps.sha_tag.outputs.tag }}' - kubectl-version: 'latest' diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml index a331659e6..bea7b8760 100644 --- a/.github/workflows/lint-test.yml +++ b/.github/workflows/lint-test.yml @@ -1,14 +1,7 @@ name: Lint & Test on: - push: - branches: - - main - pull_request: - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true + workflow_call jobs: lint-test: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 000000000..0f972b16f --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,47 @@ +name: CI + +on: + push: + branches: + - main + pull_request: + + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + + +jobs: + lint-test: + uses: ./.github/workflows/lint-test.yml + + + generate-sha-tag: + if: github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + outputs: + sha-tag: ${{ steps.sha-tag.outputs.sha-tag }} + steps: + - name: Create SHA Container tag + id: sha-tag + run: | + tag=$(cut -c 1-7 <<< $GITHUB_SHA) + echo "sha-tag=$tag" >> $GITHUB_OUTPUT + + + build-deploy: + if: github.ref == 'refs/heads/main' + uses: ./.github/workflows/build-deploy.yml + needs: + - lint-test + - generate-sha-tag + with: + sha-tag: ${{ needs.generate-sha-tag.outputs.sha-tag }} + secrets: inherit + + sentry-release: + if: github.ref == 'refs/heads/main' + uses: ./.github/workflows/sentry_release.yml + needs: build-deploy + secrets: inherit diff --git a/.github/workflows/sentry_release.yml b/.github/workflows/sentry_release.yml index 48f5e50f4..f215148a8 100644 --- a/.github/workflows/sentry_release.yml +++ b/.github/workflows/sentry_release.yml @@ -1,13 +1,8 @@ name: Create Sentry release on: - push: - branches: - - main + workflow_call -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true jobs: create_sentry_release: diff --git a/.github/workflows/status_embed.yaml b/.github/workflows/status_embed.yaml index 0fa240b2c..1923965ab 100644 --- a/.github/workflows/status_embed.yaml +++ b/.github/workflows/status_embed.yaml @@ -4,9 +4,6 @@ on: workflow_run: workflows: - CI - - Lint & Test - - Build - - Deploy types: - completed |