Merge pull request #50 from Fgruntjes/initial-build

chore: Dynamically load project matrix for github actions

.config/.editorconfig

@@ -0,0 +1,6 @@
+root = true
+
+[*]
+insert_final_newline = true
+indent_style = space
+indent_size = 4

.config/ansible-lint.yml

@@ -0,0 +1,13 @@
+---
+# check this website for detailed configuration options:
+#    https://ansible-lint.readthedocs.io/configuring/#ansible-lint-configuration
+
+profile: shared
+
+exclude_paths:
+    - "../.github"
+    - "../.git"
+    - "../**/docker-compose.yaml"
+
+warn_list:
+    - yaml[line-length]

.github/actions/config_cli_tools/action.yaml

@@ -0,0 +1,24 @@
+name: 'Configure CLI tools for CI/CD'
+description: 'Setup CI/CD tools and authentication'
+inputs:
+    google_workload_identity_provider:
+        required: true
+        description: "Google workload identity provider, created in `deploy/setup.sh`."
+    google_service_account:
+        required: true
+        description: "Google service account email, created in `deploy/setup.sh`."
+runs:
+    using: "composite"
+    steps:
+    -   uses: google-github-actions/auth@v1
+        with:
+            workload_identity_provider: ${{ inputs.google_workload_identity_provider }}
+            service_account: ${{ inputs.google_service_account }}
+    -   uses: google-github-actions/setup-gcloud@v1
+    -   uses: giantswarm/install-binary-action@v1
+        with:
+            binary: 'atlas'
+            version: '1.4.0'
+            smoke_test: "${binary} --version"
+            tarball_binary_path: "*/bin/${binary}"
+            download_url: 'https://fastdl.mongodb.org/mongocli/mongodb-atlas-cli_${version}_linux_x86_64.tar.gz'

.github/actions/config_docker/action.yaml

@@ -0,0 +1,28 @@
+name: 'Configure Docker tools'
+description: 'Setup Docker tools and authentication'
+inputs:
+    google_workload_identity_provider:
+        required: true
+        description: "Google workload identity provider, created in `deploy/setup.sh`."
+    google_service_account:
+        required: true
+        description: "Google service account email, created in `deploy/setup.sh`."
+    container_registry:
+        required: true
+        description: "Container registry to login to"
+runs:
+    using: "composite"
+    steps:
+    -   uses: google-github-actions/auth@v1
+        id: google_auth
+        with:
+            token_format: 'access_token'
+            workload_identity_provider: ${{ inputs.google_workload_identity_provider }}
+            service_account: ${{ inputs.google_service_account }}
+            access_token_lifetime: 300s
+    -   uses: docker/login-action@v2
+        with:
+            registry: ${{ inputs.container_registry }}
+            username: oauth2accesstoken
+            password: ${{ steps.google_auth.outputs.access_token }}
+    -   uses: docker/setup-buildx-action@v2

.github/project_matrix.sh

@@ -0,0 +1,70 @@
+#!/usr/bin/env bash
+
+set -e
+
+cd "$(dirname "$(realpath "$0")")/..";
+
+function isFunction() {
+    PROJECT_NAME=$1
+    [[ ! "${PROJECT_NAME}" =~ .Tests$ ]] && [[ "${PROJECT_NAME}" =~ ^App.Function ]]
+}
+
+function isDocker() {
+    PROJECT_NAME=$1
+    [[ -f "${PROJECT_DIRECTORY}/Dockerfile" ]]
+}
+
+function isTest() {
+    PROJECT_NAME=$1
+    [[ "${PROJECT_NAME}" =~ \.Tests$ && "${PROJECT_NAME}" != "App.Lib.Tests" ]]
+}
+
+function isTypescript() {
+    PROJECT_NAME=$1
+    [[ -f "${PROJECT_DIRECTORY}/tsconfig.json" ]]
+}
+
+
+RESULT_PROJECTS=()
+PROJECT_DIRECTORIES=( $(find . -maxdepth 1 -type d) )
+for PROJECT_DIRECTORY in "${PROJECT_DIRECTORIES[@]}"
+do
+    PROJECT_NAME=$(basename "${PROJECT_DIRECTORY}")
+
+    case $1 in
+        functions)
+            if isFunction "${PROJECT_NAME}"; then
+                RESULT_PROJECTS+=($PROJECT_NAME)
+            fi
+            ;;
+        docker)
+            if isDocker "${PROJECT_NAME}"; then
+                RESULT_PROJECTS+=($PROJECT_NAME)
+            fi
+            ;;
+        tests)
+            if isTest "${PROJECT_NAME}"; then
+                RESULT_PROJECTS+=($PROJECT_NAME)
+            fi
+            ;;
+        typescript)
+            if isTypescript "${PROJECT_NAME}"; then
+                RESULT_PROJECTS+=($PROJECT_NAME)
+            fi
+            ;;
+        *)
+            echo "Unknown project type ${1}"
+            echo "Usage: project_matrix.sh {functions|tests|typescript|docker} [--json]"
+            exit 1
+            ;;
+    esac
+done
+
+if [[ "${2}" == "--json" ]]; then
+    jq --compact-output --null-input '$ARGS.positional' --args -- "${RESULT_PROJECTS[@]}"
+else
+    for PROJECT in "${RESULT_PROJECTS[@]}"
+    do
+         echo "${PROJECT}"
+    done
+fi

.github/workflows/build.yaml

@@ -0,0 +1,56 @@
+name: Build
+on:
+    workflow_call:
+        inputs:
+            environment:
+                required: true
+                type: string
+            tag:
+                required: true
+                type: string
+        secrets:
+            GOOGLE_WORKLOAD_IDENTITY_PROVIDER:
+                required: true
+            GOOGLE_SERVICE_ACCOUNT_EMAIL:
+                required: true
+            GOOGLE_PROJECT_ID:
+                required: true
+            GOOGLE_REGION:
+                required: true
+
+jobs:
+    project_matrix:
+        uses: ./.github/workflows/project_matrix.yaml
+
+    build_images:
+        runs-on: ubuntu-latest
+        needs: [project_matrix]
+        strategy:
+            matrix:
+                project: ${{ fromJson(needs.project_matrix.outputs.docker) }}
+        permissions:
+            contents: 'read'
+            id-token: 'write'
+        steps:
+        -   uses: actions/checkout@v3
+        -   uses: ./.github/actions/config_docker
+            with:
+                google_workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
+                google_service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_EMAIL }}
+                container_registry: ${{ secrets.GOOGLE_REGION }}-docker.pkg.dev
+        -   uses: docker/metadata-action@v4
+            id: meta
+            with:
+                images: ${{ secrets.GOOGLE_REGION }}-docker.pkg.dev/${{ secrets.GOOGLE_PROJECT_ID }}/docker/${{ inputs.environment }}/${{ matrix.project }}
+                tags: ${{ inputs.tag }}
+        -   uses: docker/build-push-action@v3
+            with:
+                context: .
+                file: '${{ matrix.project }}/Dockerfile'
+                push: true
+                tags: ${{ steps.meta.outputs.tags }}
+                labels: ${{ steps.meta.outputs.labels }}
+                cache-from: type=gha
+                cache-to: type=gha,mode=max
+                # @see https://github.com/docker/buildx/issues/1533
+                provenance: false

.github/workflows/delete.yaml

@@ -0,0 +1,74 @@
+name: Cleanup
+on:
+    workflow_call:
+        inputs:
+            environment:
+                required: true
+                type: string
+
+        secrets:
+            GOOGLE_WORKLOAD_IDENTITY_PROVIDER:
+                required: true
+            GOOGLE_SERVICE_ACCOUNT_EMAIL:
+                required: true
+            GOOGLE_PROJECT_ID:
+                required: true
+            GOOGLE_REGION:
+                required: true
+            SENTRY_DSN:
+                required: true
+            CLOUDFLARE_API_TOKEN:
+                required: true
+            CLOUDFLARE_ACCOUNT_ID:
+                required: true
+            MONGODB_ATLAS_PUBLIC_KEY:
+                required: true
+            MONGODB_ATLAS_PRIVATE_KEY:
+                required: true
+            MONGODB_ATLAS_PROJECT_ID:
+                required: true
+
+jobs:
+    delete_containers:
+        runs-on: ubuntu-latest
+        timeout-minutes: 5
+        permissions:
+            contents: read
+            id-token: write
+        steps:
+        -   uses: actions/checkout@v3
+        -   uses: ./.github/actions/config_docker
+            with:
+                google_workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
+                google_service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_EMAIL }}
+                container_registry: ${{ secrets.GOOGLE_REGION }}-docker.pkg.dev
+        -   uses: docker://europe-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli
+            with:
+                args: >-
+                    -repo=${{ secrets.GOOGLE_REGION }}-docker.pkg.dev/${{ secrets.GOOGLE_PROJECT_ID }}/docker/${{ inputs.environment }}
+                    -tag-filter-all='.*'
+                    -recursive=true
+        
+    delete_resources:
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            id-token: write
+        steps:
+        -   uses: actions/checkout@v3
+        -   uses: ./.github/actions/config_cli_tools
+            with:
+                google_workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
+                google_service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_EMAIL }}
+        -   run: ./deploy/run-ansible.sh src/delete.yml
+            env:
+                APP_TAG: ${{ inputs.tag }}
+                APP_ENVIRONMENT: ${{ inputs.environment }}
+                SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+                GOOGLE_REGION: ${{ secrets.GOOGLE_REGION }}
+                GOOGLE_PROJECT_ID: ${{ secrets.GOOGLE_PROJECT_ID }}
+                MONGODB_ATLAS_PUBLIC_KEY: ${{ secrets.MONGODB_ATLAS_PUBLIC_KEY }}
+                MONGODB_ATLAS_PRIVATE_KEY: ${{ secrets.MONGODB_ATLAS_PRIVATE_KEY }}
+                MONGODB_ATLAS_PROJECT_ID: ${{ secrets.MONGODB_ATLAS_PROJECT_ID }}
+                CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+                CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}