Merge pull request #306 from inteon/cicd

Migrate makefiles and CI/CD
cert-manager · Dec 18, 2023 · e419ee1 · e419ee1
2 parents c459a13 + b8a0022
commit e419ee1
Show file tree

Hide file tree

Showing 59 changed files with 3,336 additions and 2,991 deletions.
diff --git a/.dockerignore b/.dockerignore
diff --git a/.github/workflows/make-self-upgrade.yaml b/.github/workflows/make-self-upgrade.yaml
@@ -0,0 +1,86 @@
+# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
+# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml instead.
+
+name: make-self-upgrade
+concurrency: make-self-upgrade
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  build_images:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Fail if branch is not main
+        if: github.ref != 'refs/heads/main'
+        run: |
+          echo "This workflow should not be run on a branch other than main."
+          exit 1
+
+      - uses: actions/checkout@v4
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - run: |
+          git checkout -B "self-upgrade"
+
+      - run: |
+          make -j upgrade-klone
+          make -j generate
+
+      - id: is-up-to-date
+        shell: bash
+        run: |
+          git_status=$(git status -s)
+          is_up_to_date="true"
+          if [ -n "$git_status" ]; then
+              is_up_to_date="false"
+              echo "The following changes will be committed:"
+              echo "$git_status"
+          fi
+          echo "result=$is_up_to_date" >> "$GITHUB_OUTPUT"
+
+      - if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
+        run: |
+          git config --global user.name "jetstack-bot"
+          git config --global user.email "[email protected]"
+          git commit -a -m "BOT: run 'make upgrade-klone' and 'make generate'"
+          git push -f origin self-upgrade
+
+      - if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { repo, owner } = context.repo;
+            const pulls = await github.rest.pulls.list({
+              owner: owner,
+              repo: repo,
+              head: 'self-upgrade',
+              base: 'main',
+              state: 'open',
+            });
+            
+            if (pulls.data.length < 1) {
+              await github.rest.pulls.create({
+                title: '[CI] Merge self-upgrade into main',
+                owner: owner,
+                repo: repo,
+                head: 'self-upgrade',
+                base: 'main',
+                body: [
+                  'This PR is auto-generated to bump the Makefile modules.',
+                ].join('\n'),
+              });
+            }
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -3,58 +3,83 @@ on:
   push:
     tags:
       - "v*"
+
 env:
   VERSION: ${{ github.ref_name }}
-  IMAGE: quay.io/jetstack/cert-manager-approver-policy:${{ github.ref_name }}
+
 jobs:
-  docker-image:
+  build_images:
+    runs-on: ubuntu-latest
+
     permissions:
-      contents: write
-      id-token: write
-    runs-on: ubuntu-22.04
+      contents: read # needed for checkout
+      packages: write # needed for push images
+      id-token: write # needed for keyless signing
+
     steps:
       - uses: actions/checkout@v4
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3
+
+      - id: go-version
+        run: |
+          make print-go-version >> "$GITHUB_OUTPUT"
+
       - uses: docker/login-action@v3
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_PASSWORD }}
-      - uses: docker/build-push-action@v5
+
+      - uses: actions/setup-go@v4
         with:
-          context: .
-          file: ./Dockerfile
-          platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le
-          push: true
-          tags: ${{ env.IMAGE }}
-          build-args: |
-            VERSION=${{ env.VERSION }}
-
-  github-release:
-    runs-on: ubuntu-22.04
-    needs:
-      - docker-image
+          go-version: ${{ steps.go-version.outputs.result }}
+
+      - id: release
+        run: make release
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: ${{ steps.release.outputs.RELEASE_HELM_CHART_NAME }}-${{ steps.release.outputs.RELEASE_HELM_CHART_VERSION }}.tgz
+          path: ${{ steps.release.outputs.RELEASE_HELM_CHART_TAR }}
+          if-no-files-found: error
+
+    outputs:
+      RELEASE_OCI_MANAGER_IMAGE: ${{ steps.release.outputs.RELEASE_OCI_MANAGER_IMAGE }}
+      RELEASE_OCI_MANAGER_TAG: ${{ steps.release.outputs.RELEASE_OCI_MANAGER_TAG }}
+      RELEASE_HELM_CHART_NAME: ${{ steps.release.outputs.RELEASE_HELM_CHART_NAME }}
+      RELEASE_HELM_CHART_VERSION: ${{ steps.release.outputs.RELEASE_HELM_CHART_VERSION }}
+
+  github_release:
+    runs-on: ubuntu-latest
+
+    needs: build_images
+
+    permissions:
+      contents: write # needed for creating a PR
+      pull-requests: write # needed for creating a PR
+
     steps:
-      - uses: actions/checkout@v4
-      - id: create_helm_archive
-        run: make helm-chart         
-      - id: create_release
-        uses: actions/create-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - run: |
+          touch .notes-file
+          echo "OCI_MANAGER_IMAGE: ${{ needs.build_images.outputs.RELEASE_OCI_MANAGER_IMAGE }}" >> .notes-file
+          echo "OCI_MANAGER_TAG: ${{ needs.build_images.outputs.RELEASE_OCI_MANAGER_TAG }}" >> .notes-file
+          echo "HELM_CHART_NAME: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}" >> .notes-file
+          echo "HELM_CHART_VERSION: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}" >> .notes-file
+
+      - id: chart_download
+        uses: actions/download-artifact@v3
         with:
-          tag_name: ${{ env.VERSION }}
-          release_name: ${{ env.VERSION }}
-          draft: true
-          prerelease: true
-          body: |
-            Docker Image: `${{ env.IMAGE }}`
-      - uses: actions/upload-release-asset@v1
-        env:
+          name: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}-${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}.tgz
+
+      - env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ${{ steps.create_helm_archive.outputs.path }}
-          asset_name: cert-manager-approver-policy.helm-chart.tgz
-          asset_content_type: application/gzip
+        run: |
+          gh release create "$VERSION" \
+            --repo="$GITHUB_REPOSITORY" \
+            --title="${VERSION}" \
+            --draft \
+            --verify-tag \
+            --notes-file .notes-file
+          
+          gh release upload "$VERSION" \
+            --repo="$GITHUB_REPOSITORY" \
+            "${{ steps.chart_download.outputs.download-path }}/${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}-${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}.tgz"
diff --git a/Dockerfile b/Dockerfile