diff --git a/.editorconfig b/.editorconfig index a7822058..8101a495 100644 --- a/.editorconfig +++ b/.editorconfig @@ -10,7 +10,7 @@ indent_style = space indent_size = 4 max_line_length = 150 -[{Makefile}] +[Makefile] indent_style = tab indent_size = 4 @@ -25,3 +25,6 @@ eclint_indent_style = unset [Dockerfile] indent_size = 4 + +[{*.yml,*.yaml}] +indent_size = 2 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..94d2a35e --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,38 @@ +name: CI + +on: + push: + tags: + - v* + branches-ignore: + - gh-pages + pull_request: + branches-ignore: + - gh-pages + schedule: + # Run daily at 01:34, so we get notified if CI is broken before a pull request + # is submitted. + - cron: "34 1 * * *" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + lint: + uses: ./.github/workflows/lint.yml + test: + uses: ./.github/workflows/test.yml + codeql: + uses: ./.github/workflows/codeql.yml + # Virtual job that can be configured as a required check before a PR can be merged. + all-required-checks-done: + name: All required checks done + needs: + - lint + - test + - codeql + runs-on: ubuntu-22.04 + steps: + - run: | + echo "All required checks done" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..fd89e43c --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,75 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + workflow_call: + +permissions: + actions: read + security-events: write + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ['go'] + go: [ '1.20' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Golang with cache + uses: magnetikonline/action-golang-cache@v4 + with: + go-version: "1.20" + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml deleted file mode 100644 index fe6e3732..00000000 --- a/.github/workflows/go.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Operator CI - -on: [push, pull_request] - -jobs: - go-lint: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v3 - - - name: Setup Golang with cache - uses: magnetikonline/action-golang-cache@v4 - with: - go-version: "1.20" - - - name: golangci-lint - uses: golangci/golangci-lint-action@v3 - with: - version: "latest" - skip-pkg-cache: true - skip-build-cache: true - args: "-c ./.golangci.yml --timeout=10m --issues-exit-code=1 --max-issues-per-linter=0 --sort-results ./..." - - go-unit-tests: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v3 - - - name: Setup Golang with cache - uses: magnetikonline/action-golang-cache@v4 - with: - go-version: "1.20" - - - name: make test - run: make test - - - name: Go Test Coverage - uses: codecov/codecov-action@v3 - with: - files: ./operator.out # optional - - go-integration-tests: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v3 - - - name: Setup Golang with cache - uses: magnetikonline/action-golang-cache@v4 - with: - go-version: "1.20" - - - name: make test-integration - run: make test-integration diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..765d03f3 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,29 @@ +name: Lint + +on: + workflow_call: + +permissions: + contents: read + pull-requests: read + +jobs: + go-lint: + name: Golang Lint + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v3 + + - name: Setup Golang with cache + uses: magnetikonline/action-golang-cache@v4 + with: + go-version: "1.20" + + - name: golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + version: "latest" + skip-pkg-cache: true + skip-build-cache: true + args: "-c ./.golangci.yml --timeout=10m --issues-exit-code=1 --max-issues-per-linter=0 --sort-results ./..." diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 728b58ed..d27b58bd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,14 +1,43 @@ name: Release Armada Operator on: - push: - tags: - - 'v*' + workflow_run: + types: [completed] + workflows: [CI] + branches: + - v* permissions: contents: write jobs: + validate: + if: github.event.workflow_run.event == 'push' && github.event.workflow_run.conclusion == 'success' && github.repository_owner == 'armadaproject' + name: "Validate revision" + runs-on: ubuntu-22.04 + + steps: + - name: "Checkout" + uses: "actions/checkout@v3" + with: + fetch-depth: 0 + + # The given ref should belong to the main branch. + # If it starts with 'v', it should be a tag, belong to the main branch and match the semver regex. + # Anything else is invalid. + - name: Validate ref + run: | + ref='${{ github.event.workflow_run.head_branch }}' + sha='${{ github.event.workflow_run.head_sha }}' + + [[ $ref =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] && + [ $(git rev-parse refs/tags/$ref) == $sha ] && + [ $(git branch --contains=$sha main | wc -l) -eq 1 ] + if [ $? -ne 0 ]; then + echo "::error ::Invalid ref $ref $sha: must be a tag, belong to the main branch and match the semver regex" + exit 1 + fi + echo "GORELEASER_CURRENT_TAG=$ref" >> $GITHUB_ENV release: name: "Release" runs-on: ubuntu-22.04 diff --git a/.github/workflows/release_rc.yml b/.github/workflows/release_rc.yml index 1ad7e707..aff3239f 100644 --- a/.github/workflows/release_rc.yml +++ b/.github/workflows/release_rc.yml @@ -1,15 +1,42 @@ name: Release Armada Operator - RC on: - push: + workflow_run: + types: [completed] + workflows: [CI] branches: - main - - master permissions: contents: write jobs: + validate: + if: github.event.workflow_run.event == 'push' && github.event.workflow_run.conclusion == 'success' && github.repository_owner == 'armadaproject' + name: "Validate revision" + runs-on: ubuntu-22.04 + + steps: + - name: "Checkout" + uses: "actions/checkout@v3" + with: + fetch-depth: 0 + + # The given ref should belong to the main branch. + # If it's main, it shouldn't be more than 2 commits away (in case another push happened in the meantime). + # Anything else is invalid. + - name: Validate ref + run: | + ref='${{ github.event.workflow_run.head_branch }}' + sha='${{ github.event.workflow_run.head_sha }}' + + [ "$ref" == "main" ] && + [ $(git branch --contains=$sha main | wc -l) -eq 1 ] && + [ $(git rev-list --count $sha..main) -le 2 ] + if [ $? -ne 0 ]; then + echo "::error ::Invalid ref $ref $sha: must be a merge to main branch and not more than 2 commits away" + exit 1 + fi release: name: Release runs-on: "ubuntu-22.04" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..0703b2a9 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,81 @@ +name: Test + +on: + workflow_call: + +permissions: + contents: read + checks: write + +jobs: + go-unit-tests: + name: Golang Unit Tests + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v3 + + - name: Setup Golang with cache + uses: magnetikonline/action-golang-cache@v4 + with: + go-version: "1.20" + + - name: make test + run: make test + + - name: Go Test Coverage + uses: codecov/codecov-action@v3 + with: + files: ./operator.out # optional + + go-integration-tests: + name: Golang Integration Tests + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v3 + + - name: Setup Golang with cache + uses: magnetikonline/action-golang-cache@v4 + with: + go-version: "1.20" + + - name: make test-integration + run: make test-integration + + go-mod-up-to-date: + name: Golang Mod Up To Date + runs-on: ubuntu-22.04 + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup Golang with Cache + uses: magnetikonline/action-golang-cache@v4 + with: + go-version: "1.20" + + - name: Download all Go modules + run: go mod download + + - name: Check for tidyness of go.mod and go.sum + run: | + go mod tidy + + changed=$(git status -s -uno | wc -l) + + echo -e "### Git status" >> $GITHUB_STEP_SUMMARY + if [[ "$changed" -gt 0 ]]; then + echo -e "Go modules are not synchronized. Please run 'go mod tidy' and commit the changes." >> $GITHUB_STEP_SUMMARY + + git status -s -uno >> $GITHUB_STEP_SUMMARY + + echo -e >> $GITHUB_STEP_SUMMARY + echo -e "### Git diff" >> $GITHUB_STEP_SUMMARY + + git --no-pager diff >> $GITHUB_STEP_SUMMARY + else + echo -e "Go modules are synchronized." >> $GITHUB_STEP_SUMMARY + echo -e >> $GITHUB_STEP_SUMMARY + fi + + exit $changed