Migrate to GitHub Actions and GHCR

We are currently migrating our backend to a Kubernetes cluster. As this
requires changes to our CI anyway, this is a good time to also migrate
our CI Pipeline to GitHub Actions and start using the GitHub Container
Registry to push our builds.

Changes compared to the old situation:

- flake8 linting errors will now show up as GH Actions annotations
- containers are tagged with both "latest" and a short commit SHA

Note: This version of the workflow still pushes to DockerHub IN ADDITION
TO GHCR. This is to make the transition between the two deployment
systems as seamless as possible.

2 files changed, 126 insertions, 68 deletions

diff --git a/.github/workflows/lint-build.yaml b/.github/workflows/lint-build.yaml
new file mode 100644
index 00000000..e54344fc
--- /dev/null
+++ b/.github/workflows/lint-build.yaml
@@ -0,0 +1,126 @@
+name: Linting & Building
+
+on:
+  push:
+    branches:
+      - master
+  pull_request_target:
+
+
+jobs:
+  lint:
+    name: Lint using pre-commit & flake8
+    runs-on: ubuntu-latest
+    env:
+      PIP_NO_CACHE_DIR: false
+      PIP_USER: 1
+      PIPENV_HIDE_EMOJIS: 1
+      PIPENV_IGNORE_VIRTUALENVS: 1
+      PIPENV_NOSPIN: 1
+      PYTHONUSERBASE: ${{ github.workspace }}/.cache/py-user-base
+      PRE_COMMIT_HOME: ${{ github.workspace }}/.cache/pre-commit-cache
+
+    steps:
+      - name: Add custom PYTHONUSERBASE to PATH
+        run: echo '${{ env.PYTHONUSERBASE }}/bin/' >> $GITHUB_PATH
+
+      # We don't want to persist credentials, as our GitHub Action
+      # may be run when a PR is made from a fork.
+      - name: Checkout repository
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      - name: Setup python
+        id: python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.8'
+
+      - name: Python Dependency Caching
+        uses: actions/cache@v2
+        id: python_cache
+        with:
+          path: ${{ env.PYTHONUSERBASE }}
+          key: "python-0-${{ runner.os }}-${{ env.PYTHONUSERBASE }}-\
+          ${{ steps.python.outputs.python-version }}-\
+          ${{ hashFiles('./Pipfile', './Pipfile.lock') }}"
+
+      - name: Install dependencies using pipenv
+        if: steps.python_cache.outputs.cache-hit != 'true'
+        run: |
+          pip install pipenv
+          pipenv install --dev --deploy --system
+
+      - name: Pre-commit Environment Caching
+        uses: actions/cache@v2
+        with:
+          path: ${{ env.PRE_COMMIT_HOME }}
+          key: "precommit-0-${{ runner.os }}-${{ env.PRE_COMMIT_HOME }}-\
+          ${{ steps.python.outputs.python-version }}-\
+          ${{ hashFiles('./.pre-commit-config.yaml') }}"
+
+      # We will not run `flake8` here, as we will use a separate flake8
+      # action. As pre-commit does not support user installs, and we don't
+      # really need it, we set PIP_USER=0.
+      - name: Run pre-commit hooks
+        run: export PIP_USER=0; SKIP=flake8 pre-commit run --all-files
+
+      # This step requires `pull_request_target` due to the use of annotations
+      - name: Run flake8
+        uses: julianwachholz/flake8-action@v1
+        with:
+          checkName: lint
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  build-and-push:
+    name: Build and Push to Container Repositories
+    needs: lint
+    if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/master'
+    runs-on: ubuntu-latest
+
+    steps:
+      # Create a commit SHA-based tag for the container repositories
+      - name: Create SHA Container Tag
+        id: sha_tag
+        run: |
+          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
+          echo "::set-output name=tag::$tag"
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Login to Github Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GHCR_TOKEN  }}
+
+      # This step currently pushes to both DockerHub and GHCR to
+      # make the migration easier. The DockerHub push will be
+      # removed once we've migrated to our K8s cluster.
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          cache-from: type=registry,ref=ghcr.io/python-discord/bot:latest
+          tags: |
+            ghcr.io/python-discord/seasonalbot:latest
+            ghcr.io/python-discord/seasonalbot:${{ steps.sha_tag.outputs.tag }}
+            pythondiscord/seasonalbot:latest
+            pythondiscord/seasonalbot:${{ steps.sha_tag.outputs.tag }}
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
deleted file mode 100644
index 687fdc1e..00000000
--- a/azure-pipelines.yml
+++ /dev/null
@@ -1,68 +0,0 @@
-# https://aka.ms/yaml
-
-jobs:
-  - job: test
-    displayName: 'Lint & Test'
-
-    pool:
-      vmImage: 'Ubuntu 18.04'
-
-    variables:
-      PIP_CACHE_DIR: ".cache/pip"
-      PIP_SRC: ".cache/src"
-      PIPENV_CACHE_DIR: ".cache/pipenv"
-      PIPENV_DONT_USE_PYENV: 1
-      PIPENV_HIDE_EMOJIS: 1
-      PIPENV_IGNORE_VIRTUALENVS: 1
-      PIPENV_NOSPIN: 1
-      PRE_COMMIT_HOME: $(Pipeline.Workspace)/pre-commit-cache
-
-    steps:
-      - task: UsePythonVersion@0
-        displayName: 'Set Python version'
-        name: PythonVersion
-        inputs:
-          versionSpec: '3.8.x'
-          addToPath: true
-
-      - script: pip3 install pipenv
-        displayName: 'Install pipenv'
-
-      - script: pipenv install --dev --deploy --system
-        displayName: 'Install project using pipenv'
-
-      # Create an executable shell script which replaces the original pipenv binary.
-      # The shell script ignores the first argument and executes the rest of the args as a command.
-      # It makes the `pipenv run flake8` command in the pre-commit hook work by circumventing
-      # pipenv entirely, which is too dumb to know it should use the system interpreter rather than
-      # creating a new venv.
-      - script: |
-          printf '%s\n%s' '#!/bin/bash' '"${@:2}"' > $(PythonVersion.pythonLocation)/bin/pipenv \
-          && chmod +x $(PythonVersion.pythonLocation)/bin/pipenv
-        displayName: 'Mock pipenv binary'
-
-      - task: Cache@2
-        displayName: 'Restore pre-commit environment'
-        inputs:
-          key: pre-commit | "$(PythonVersion.pythonLocation)" | .pre-commit-config.yaml
-          restoreKeys: |
-            pre-commit | "$(PythonVersion.pythonLocation)"
-          path: $(PRE_COMMIT_HOME)
-
-      - script: pre-commit run --all-files
-        displayName: 'Run pre-commit hooks'
-
-  - job: build
-    displayName: 'Build & Push Container'
-    condition: and(succeeded(), ne(variables['Build.Reason'], 'PullRequest'))
-    dependsOn: 'test'
-
-    steps:
-      - task: Docker@2
-        displayName: 'Build & Push Container'
-        inputs:
-          containerRegistry: 'DockerHub'
-          repository: 'pythondiscord/seasonalbot'
-          command: 'buildAndPush'
-          Dockerfile: '**/Dockerfile'
-          tags: 'latest'