diff options
| -rw-r--r-- | .github/workflows/build-deploy.yaml | 74 | ||||
| -rw-r--r-- | .github/workflows/lint-build-deploy.yaml | 139 | ||||
| -rw-r--r-- | .github/workflows/lint.yaml | 52 | ||||
| -rw-r--r-- | .github/workflows/main.yaml | 35 | ||||
| -rw-r--r-- | .github/workflows/status_embed.yaml | 21 |
5 files changed, 167 insertions, 154 deletions
diff --git a/.github/workflows/build-deploy.yaml b/.github/workflows/build-deploy.yaml new file mode 100644 index 0000000..61541cd --- /dev/null +++ b/.github/workflows/build-deploy.yaml @@ -0,0 +1,74 @@ +name: Build & deploy + +on: + workflow_call: + inputs: + sha-tag: + description: "A short-form SHA tag for the commit that triggered this workflow" + required: true + type: string + +jobs: + build: + name: Build & push + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + # The current version (v2) of Docker's build-push action uses + # buildx, which comes with BuildKit features that help us speed + # up our builds using additional cache features. Buildx also + # has a lot of other features that are not as relevant to us. + # + # See https://github.com/docker/build-push-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to GHCR.io + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Build and push the container to the GitHub Container + # Repository. The container will be tagged as "latest" + # and with the short SHA of the commit. + - name: Build and push + uses: docker/build-push-action@v4 + with: + push: ${{ github.ref == github.event.repository.default_branch }} + cache-from: type=registry,ref=ghcr.io/python-discord/king-arthur:latest + cache-to: type=inline + tags: | + ghcr.io/python-discord/king-arthur:latest + ghcr.io/python-discord/king-arthur:${{ inputs.sha-tag }} + build-args: git_sha=${{ github.sha }} + + deploy: + environment: production + name: Deploy + runs-on: ubuntu-latest + needs: build + if: ${{ github.ref == github.event.repository.default_branch }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + repository: python-discord/kubernetes + + - uses: azure/setup-kubectl@v3 + + - name: Authenticate with Kubernetes + uses: azure/k8s-set-context@v3 + with: + method: kubeconfig + kubeconfig: ${{ secrets.KUBECONFIG }} + + - name: Deploy to Kubernetes + uses: azure/k8s-deploy@v4 + with: + manifests: | + namespaces/default/king-arthur/deployment.yaml + images: 'ghcr.io/python-discord/king-arthur:${{ inputs.sha-tag }}' diff --git a/.github/workflows/lint-build-deploy.yaml b/.github/workflows/lint-build-deploy.yaml deleted file mode 100644 index ba79ca1..0000000 --- a/.github/workflows/lint-build-deploy.yaml +++ /dev/null @@ -1,139 +0,0 @@ -name: Lint, Build & Deploy - -on: - push: - branches: - - main - pull_request: - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python Dependencies - uses: HassanAbouelela/actions/setup-python@setup-python_v1.4.0 - with: - python_version: '3.10' - - - name: Run pre-commit hooks - run: SKIP=ruff pre-commit run --all-files - - # Run `ruff` using github formatting to enable automatic inline annotations. - - name: Run ruff - run: "ruff check --format=github ." - - build: - if: github.ref == 'refs/heads/main' - name: Build & Push - runs-on: ubuntu-latest - - steps: - # Create a commit SHA-based tag for the container repositories - - name: Create SHA Container Tag - id: sha_tag - run: | - tag=$(cut -c 1-7 <<< $GITHUB_SHA) - echo "::set-output name=tag::$tag" - - name: Checkout code - uses: actions/checkout@v2 - - # The current version (v2) of Docker's build-push action uses - # buildx, which comes with BuildKit features that help us speed - # up our builds using additional cache features. Buildx also - # has a lot of other features that are not as relevant to us. - # - # See https://github.com/docker/build-push-action - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to Github Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Build and push the container to the GitHub Container - # Repository. The container will be tagged as "latest" - # and with the short SHA of the commit. - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - push: true - cache-from: type=registry,ref=ghcr.io/python-discord/king-arthur:latest - cache-to: type=inline - tags: | - ghcr.io/python-discord/king-arthur:latest - ghcr.io/python-discord/king-arthur:${{ steps.sha_tag.outputs.tag }} - build-args: | - git_sha=${{ github.sha }} - - deploy: - environment: production - name: Deploy - runs-on: ubuntu-latest - needs: [lint, build] - - steps: - - name: Create SHA Container Tag - id: sha_tag - run: | - tag=$(cut -c 1-7 <<< $GITHUB_SHA) - echo "::set-output name=tag::$tag" - - - name: Checkout code - uses: actions/checkout@v2 - with: - repository: python-discord/kubernetes - - - name: Authenticate with Kubernetes - uses: azure/k8s-set-context@v1 - with: - method: kubeconfig - kubeconfig: ${{ secrets.KUBECONFIG }} - - - name: Deploy to Kubernetes - uses: Azure/k8s-deploy@v1 - with: - manifests: | - namespaces/default/king-arthur/deployment.yaml - images: 'ghcr.io/python-discord/king-arthur:${{ steps.sha_tag.outputs.tag }}' - kubectl-version: 'latest' - - artifact: - name: Generate Artifact - if: always() && github.event_name == 'pull_request' - needs: [lint, build, deploy] - runs-on: ubuntu-latest - steps: - # Prepare the Pull Request Payload artifact. If this fails, we - # we fail silently using the `continue-on-error` option. It's - # nice if this succeeds, but if it fails for any reason, it - # does not mean that our lint-test checks failed. - - name: Prepare Pull Request Payload artifact - id: prepare-artifact - if: always() && github.event_name == 'pull_request' - continue-on-error: true - run: cat $GITHUB_EVENT_PATH | jq '.pull_request' > pull_request_payload.json - - # This only makes sense if the previous step succeeded. To - # get the original outcome of the previous step before the - # `continue-on-error` conclusion is applied, we use the - # `.outcome` value. This step also fails silently. - - name: Upload a Build Artifact - if: always() && steps.prepare-artifact.outcome == 'success' - continue-on-error: true - uses: actions/upload-artifact@v2 - with: - name: pull-request-payload - path: pull_request_payload.json diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..bfa7eb0 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,52 @@ +name: Lint + +on: + workflow_call + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Install Python dependencies + uses: HassanAbouelela/actions/setup-python@setup-python_v1.4.0 + with: + python_version: '3.10' + + - name: Run pre-commit hooks + run: SKIP=ruff pre-commit run --all-files + + # Run `ruff` using github formatting to enable automatic inline annotations. + - name: Run ruff + run: "ruff check --format=github ." + + artifact: + name: Generate & upload pull request artifacts + if: always() && github.event_name == 'pull_request' + needs: lint + runs-on: ubuntu-latest + steps: + # Prepare the pull request payload artifact. If this fails, we + # we fail silently using the `continue-on-error` option. It's + # nice if this succeeds, but if it fails for any reason, it + # does not mean that our lint-test checks failed. + - name: Prepare pull request payload artifact + id: prepare-artifact + if: always() && github.event_name == 'pull_request' + continue-on-error: true + run: cat $GITHUB_EVENT_PATH | jq '.pull_request' > pull_request_payload.json + + # This only makes sense if the previous step succeeded. To + # get the original outcome of the previous step before the + # `continue-on-error` conclusion is applied, we use the + # `.outcome` value. This step also fails silently. + - name: Upload a build artifact + if: always() && steps.prepare-artifact.outcome == 'success' + continue-on-error: true + uses: actions/upload-artifact@v3 + with: + name: pull-request-payload + path: pull_request_payload.json diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml new file mode 100644 index 0000000..72afbde --- /dev/null +++ b/.github/workflows/main.yaml @@ -0,0 +1,35 @@ +name: CI + +on: + push: + branches: + - main + pull_request: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + generate-sha-tag: + runs-on: ubuntu-latest + outputs: + sha-tag: ${{ steps.sha-tag.outputs.sha-tag }} + steps: + - name: Create short SHA to be used as a container tag + id: sha-tag + run: | + tag=$(cut -c 1-7 <<< $GITHUB_SHA) + echo "sha-tag=$tag" >> $GITHUB_OUTPUT + + lint: + uses: ./.github/workflows/lint.yaml + + build-deploy: + uses: ./.github/workflows/build-deploy.yaml + needs: + - lint + - generate-sha-tag + with: + sha-tag: ${{ needs.generate-sha-tag.outputs.sha-tag }} + secrets: inherit diff --git a/.github/workflows/status_embed.yaml b/.github/workflows/status_embed.yaml index 604eb08..8728383 100644 --- a/.github/workflows/status_embed.yaml +++ b/.github/workflows/status_embed.yaml @@ -1,24 +1,23 @@ # Sends a status embed to a discord webhook -name: Status Embed +name: Status embed on: workflow_run: workflows: - - Lint, Build & Deploy + - CI types: - completed jobs: status_embed: - name: Send Status Embed to Discord + name: Send status embed to Discord runs-on: ubuntu-latest - steps: # A workflow_run event does not contain all the information # we need for a PR embed. That's why we upload an artifact # with that information in the Lint workflow. - - name: Get Pull Request Information + - name: Get pull request information id: pr_info if: github.event.workflow_run.event == 'pull_request' run: | @@ -39,23 +38,15 @@ jobs: # standard embeds that Discord sends. This embed will contain # more information and we can fine tune when we actually want # to send an embed. - - name: GitHub Actions Status Embed for Discord + - name: Github actions status embed for Discord uses: SebastiaanZ/[email protected] with: - # Our GitHub Actions webhook + # Our Github actions webhook webhook_id: '784184528997842985' webhook_token: ${{ secrets.GHA_WEBHOOK_TOKEN }} # Workflow information - workflow_name: ${{ github.event.workflow_run.name }} - run_id: ${{ github.event.workflow_run.id }} - run_number: ${{ github.event.workflow_run.run_number }} status: ${{ github.event.workflow_run.conclusion }} - actor: ${{ github.actor }} - repository: ${{ github.repository }} - ref: ${{ github.ref }} - sha: ${{ github.event.workflow_run.head_sha }} - pr_author_login: ${{ steps.pr_info.outputs.pr_author_login }} pr_number: ${{ steps.pr_info.outputs.pr_number }} pr_title: ${{ steps.pr_info.outputs.pr_title }} |