Skip to content

Commit

Permalink
Sync files with networkservicemesh/cmd-template
Browse files Browse the repository at this point in the history 
This PR syncs files with https://github.com/networkservicemesh/cmd-template

Revision: https://github.com/networkservicemesh/cmd-template/commits/c7cc8197690fe279a3fe337e9868ee205dae75b3

commit c7cc8197690fe279a3fe337e9868ee205dae75b3
Author: Nikita Skrynnik <[email protected]>
Date:   Tue Jul 26 22:07:37 2022 +1100

    use proper reusable workflow for docker job (#106)

    Signed-off-by: Nikita Skrynnik <[email protected]>

Signed-off-by: NSMBot <[email protected]>
  • Loading branch information
NSMBot committed Jul 26, 2022
1 parent 33df8ce commit 7df6afe
Show file tree
Hide file tree
Showing 8 changed files with 86 additions and 575 deletions.
131 changes: 22 additions & 109 deletions .github/workflows/automerge.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,115 +7,28 @@ on:
workflows:
- "ci"
jobs:
automerge:
name: Automerge
print-debug-info:
name: Print debug info
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' }}
outputs:
pr_branch_ref: ${{ steps.check_mergeability.outputs.pr_branch_ref }}
steps:
- name: Find current PR
uses: jwalton/[email protected]
id: findPr
with:
sha: ${{ github.event.workflow_run.head_sha }}
github-token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
- name: Validate PR number
run: |
if [ -z ${{ steps.findPr.outputs.pr }} ]; then
echo "No opened PR was found for SHA ${{ github.event.workflow_run.head_sha }}"
exit 1
fi
- name: Get PR Info
id: get_pull_request_info
uses: octokit/[email protected]
with:
route: GET /repos/${{ github.repository }}/pulls/${{ steps.findPr.outputs.pr }}
env:
GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
- name: Check mergeability
id: check_mergeability
run: |
echo "Mergeable: ${{ fromJson(steps.get_pull_request_info.outputs.data).mergeable }}"
PR_BRANCH_REF=${{ fromJson(steps.get_pull_request_info.outputs.data).head.ref }}
echo "PR_BRANCH_REF: $PR_BRANCH_REF"
echo "::set-output name=pr_branch_ref::$PR_BRANCH_REF"
if [ "${{ fromJson(steps.get_pull_request_info.outputs.data).mergeable }}" != "true" ]; then
echo "PR has conflicts"
exit 1
fi
- name: Check out the code
uses: actions/checkout@v2
- name: Fetch main
run: |
git remote -v
git fetch --depth=1 origin main
- name: Only allow go.mod and go.sum changes
run: |
find . -type f ! -name 'go.mod' ! -name 'go.sum' ! -name '*.yaml' ! -name '*.yml' ! -name '*.txt' ! -name '*.md' ! -name '*.conf' -exec git diff --exit-code origin/main -- {} +
- name: Merge PR
uses: ridedott/merge-me-action@master
with:
GITHUB_LOGIN: nsmbot
ENABLED_FOR_MANUAL_CHANGES: true
GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
- uses: hmarr/debug-action@v2

check-mergeability:
if: ${{ github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' }}
uses: networkservicemesh/.github/.github/workflows/check-mergeability.yaml@main
secrets:
token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}

automerge:
needs: [check-mergeability]
if: ${{ needs.check-mergeability.result == 'success' }}
uses: networkservicemesh/.github/.github/workflows/automerge.yaml@main

resolve_conflicts:
name: Autoresolve Conflicts
needs: [automerge]
if: ${{ always() && needs.automerge.result == 'failure' && needs.automerge.outputs.pr_branch_ref != '' && github.actor == 'nsmbot' }}
runs-on: ubuntu-latest
steps:
- name: Checkout default branch
uses: actions/checkout@v2
with:
fetch-depth: 0
token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
- name: Checkout PR branch
uses: actions/checkout@v2
with:
ref: ${{ needs.automerge.outputs.pr_branch_ref }}
fetch-depth: 0
token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
- name: Verify conflicts only in go.mod/go.sum
run: |
CONFLICTING_FILES=$(git merge-tree $(git merge-base origin/main HEAD) origin/main HEAD | \
awk 'BEGIN {is_conflict = 0} /changed in both/{is_conflict = 1; next} /base/{if (is_conflict) {print $4; is_conflict = 0} next }' | \
{ grep -vF "go.mod" || true; } | \
{ grep -vF "go.sum" || true; })
if [[ -n $CONFLICTING_FILES ]]; then
echo "Conflicts can be resolved only in go.mod and go.sum files, but conflicts were found in other files: $CONFLICTING_FILES"
exit 1
fi
- name: Check number of retries
run: |
if [ $(git log --oneline | head -n 10 | grep -Fc "Automatically resolving conflicts in go.mod") -ge 3 ]; then
echo "Couldn't automatically resolve conflicts (number of re-tries is >= 3). Please, resolve them manually."
exit 1
fi
- name: Merge default branch
run: |
git config --global user.email "[email protected]"
git config --global user.name "NSMBot"
git config pull.rebase false
git pull -q origin main -s ort -X theirs
- name: Setup Go
uses: actions/setup-go@v1
with:
go-version: 1.18.2
- name: Update version manually
run: |
branch=${{ needs.automerge.outputs.pr_branch_ref }}
repository=${branch#update/networkservicemesh/}
echo Update ${repository} version in go.mod manually
go get -u github.com/networkservicemesh/${repository}@main
- name: Re-generate go.sum
run: go mod tidy
- name: Push changes
run: |
echo "Automatically resolving conflicts in go.mod and updating dependency versions to the latest" >> /tmp/commit-message
git config --global user.email "[email protected]"
git config --global user.name "NSMBot"
git add -- go.sum go.mod
git commit -s -F /tmp/commit-message
echo "Force-pushing changes to ${{ needs.automerge.outputs.pr_branch_ref }}"
git push -f origin ${{ needs.automerge.outputs.pr_branch_ref }}
needs: [check-mergeability]
if: ${{ always() && needs.check-mergeability.result == 'failure' && needs.check-mergeability.outputs.pr_branch_ref != '' }}
uses: networkservicemesh/.github/.github/workflows/resolve-conflicts.yaml@main
with:
pr_branch_ref: ${{ needs.check-mergeability.outputs.pr_branch_ref }}
secrets:
token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
146 changes: 16 additions & 130 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,149 +8,35 @@ on:
pull_request:
jobs:
yamllint:
name: yamllint
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: yaml-lint
uses: ibiqlik/action-yamllint@v1
with:
config_file: .yamllint.yml
strict: true
uses: networkservicemesh/.github/.github/workflows/yamllint.yaml@main
with:
config_file: "./.yamllint.yml"

shellcheck:
name: shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: shellcheck
uses: fkautz/[email protected]

build:
name: build
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Setup Go
uses: actions/setup-go@v1
with:
go-version: 1.18.2
- name: Build
run: go build -race ./...
uses: networkservicemesh/.github/.github/workflows/shellcheck.yaml@main

golangci-lint:
name: golangci-lint
runs-on: ubuntu-latest
if: github.repository != 'networkservicemesh/cmd-template'
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v1
with:
go-version: 1.18.2
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.45.2
uses: networkservicemesh/.github/.github/workflows/golangci-lint.yaml@main

excludeFmtErrorf:
name: exclude fmt.Errorf
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Exclude fmt.Errorf
run: |
if grep -r --include=*.go --exclude=*.pb.go fmt.Errorf . ; then
echo "Please use errors.Errorf (or errors.New or errors.Wrap or errors.Wrapf) as appropriate rather than fmt.Errorf"
exit 1
fi
uses: networkservicemesh/.github/.github/workflows/exclude-fmt-errorf.yaml@main

restrictNSMDeps:
name: Restrict dependencies on github.com/networkservicemesh/*
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Restrict dependencies on github.com/networkservicemesh/*
env:
ALLOWED_REPOSITORIES: "sdk, api"
run: |
for i in $(grep github.com/networkservicemesh/ go.mod | grep -v '^module' | sed 's;.*\(github.com\/networkservicemesh\/[^ ]*\).*;\1;g');do
if ! [ "$(echo ${ALLOWED_REPOSITORIES} | grep ${i#github.com/networkservicemesh/})" ]; then
echo Dependency on "${i}" is forbidden
exit 1
fi;
done
uses: networkservicemesh/.github/.github/workflows/restrict-nsm-deps.yaml@main
with:
allowed_repositories: "api, sdk, sdk-k8s, sdk-kernel, sdk-sriov, sdk-vpp"

checkgomod:
name: Check go.mod and go.sum
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v1
with:
go-version: 1.18.2
- run: go mod tidy
- name: Check for changes
run: |
git diff --name-only --exit-code || ( echo "Run go mod tidy" && false )
uses: networkservicemesh/.github/.github/workflows/checkgomod.yaml@main

gogenerate:
name: Check generated files
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v1
with:
go-version: 1.18.2
- run: go generate ./...
- name: Check for changes
run: |
git diff --name-only --exit-code || ( echo "Rerun go generate ./... locally and resubmit" && false )
uses: networkservicemesh/.github/.github/workflows/cmd-gogenerate.yaml@main

excludereplace:
name: Exclude Replace in go.mod
runs-on: ubuntu-latest
steps:
- name: Check out the code
uses: actions/checkout@v2
- name: Exclude replace in go.mod
run: |
grep ^replace go.mod || exit 0
exit 1
uses: networkservicemesh/.github/.github/workflows/exclude-replace.yaml@main

docker:
name: Docker Build & Test
runs-on: ubuntu-latest
docker-build-and-test:
if: github.repository != 'networkservicemesh/cmd-template'
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v1
with:
go-version: 1.18.2
- name: Build container
run: docker build .
- name: Run tests
run: docker run --privileged --rm $(docker build -q . --target test)
- name: Find merged PR
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: jwalton/gh-find-current-pr@v1
id: findPr
with:
github-token: ${{ github.token }}
- name: Publish Image
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && success() && steps.findPr.outputs.number
uses: matootie/[email protected]
with:
accessToken: ${{ github.token }}
tag: |
pr-${{ steps.findPr.outputs.pr }}
commit-${{ github.sha }}
latest
uses: networkservicemesh/.github/.github/workflows/docker-build-and-test.yaml@main
secrets:
token: ${{ secrets.GITHUB_TOKEN }}
54 changes: 1 addition & 53 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,56 +17,4 @@ on:

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
# Override automatic language detection by changing the below list
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
language: ['go']
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2

# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

# - run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: networkservicemesh/.github/.github/workflows/codeql-analysis.yaml@main
Loading

0 comments on commit 7df6afe

Please sign in to comment.