feat: adds initial actions

.github/workflows/cli.yml

@@ -16,54 +16,56 @@ permissions:
 env:
   AWS_REGION: eu-central-1
   AWS_ROLE_ARN: arn:aws:iam::332405224602:role/ci
+  EARTHLY_TARGET: docker
+  EARTHLY_VERSION: 0.7.6
+  GHCR_REGISTRY: ghcr.io/${{ github.repository }}
+  TAGS: latest
 
 jobs:
-  build:
+  discover:
     runs-on: ubuntu-latest
-    env:
-      FORCE_COLOR: 1
+    outputs:
+      json: ${{ steps.discover.outputs.json}}
     steps:
-      - name: Install Earthly
-        uses: earthly/actions/setup-earthly@v1
+      - uses: actions/checkout@v3
+      - name: Setup CI
+        uses: input-output-hk/catalyst-ci/actions/setup@master
+        with:
+          aws_role_arn: ${{ env.AWS_ROLE_ARN }}
+          aws_region: ${{ env.AWS_REGION }}
+          earthly_version: ${{ env.EARTHLY_VERSION }}
+      - name: Discover Earthfiles
+        uses: input-output-hk/catalyst-ci/actions/discover@master
+        id: discover
         with:
-          version: v0.7.6
+          parse_images: "true"
+          targets: ${{ env.EARTHLY_TARGET }}
+  publish:
+    runs-on: ubuntu-latest
+    needs: [discover]
+    strategy:
+      matrix:
+        earthfile: ${{ fromJson(needs.discover.outputs.json) }}
+    steps:
       - uses: actions/checkout@v3
-      - name: Put back the git branch into git (Earthly uses it for tagging)
-        run: |
-          branch=""
-          if [ -n "$GITHUB_HEAD_REF" ]; then
-            branch="$GITHUB_HEAD_REF"
-          else
-            branch="${GITHUB_REF##*/}"
-          fi
-          git checkout -b "$branch" || true
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1.7.0
+      - name: Setup CI
+        uses: input-output-hk/catalyst-ci/actions/setup@master
         with:
-          role-to-assume: ${{ env.AWS_ROLE_ARN }}
-          aws-region: ${{ env.AWS_REGION }}
-      - name: Login to GitHub Container Registry
+          aws_role_arn: ${{ env.AWS_ROLE_ARN }}
+          aws_region: ${{ env.AWS_REGION }}
+          earthly_version: ${{ env.EARTHLY_VERSION }}
+      - name: Login to GHCR
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Configure Earthly remote runner
-        run: |
-            mkdir -p /tmp/certs
-
-            JSON=$(aws secretsmanager get-secret-value --secret-id global/ci/ci-tls --query SecretString --output text)
-            echo "${JSON}" | jq -r .private_key | sed 's/\\n/\n/g' > /tmp/certs/key.pem
-            echo "${JSON}" | jq -r .certificate | sed 's/\\n/\n/g' > /tmp/certs/cert.pem
-            echo "${JSON}" | jq -r .ca_certificate | sed 's/\\n/\n/g' > /tmp/certs/ca.pem
-
-            earthly config global.tlskey /tmp/certs/key.pem
-            earthly config global.tlscert /tmp/certs/cert.pem
-            earthly config global.tlsca /tmp/certs/ca.pem
-      - name: Run build
-        run: |
-          earthly  \
-            --ci \
-            --buildkit-host "tcp://${{ secrets.EARTHLY_SATELLITE_ADDRESS }}:8372" \
-            --push ./cli+docker \
-            --registry=ghcr.io/${{ github.repository }}
+      - name: Build and publish
+        uses: input-output-hk/catalyst-ci/actions/publish@master
+        with:
+          earthfile: ${{ matrix.earthfile.path }}
+          earthly_satellite: ${{ secrets.EARTHLY_SATELLITE_ADDRESS }}
+          images: ${{ matrix.earthfile.images }}
+          registry: ${{ env.GHCR_REGISTRY }}
+          tags: ${{ env.TAGS }}
+          target: ${{ env.EARTHLY_TARGET }}

actions/deploy/action.yml

@@ -0,0 +1,19 @@
+name: CI Deploy
+description: Deploys the published images to the remote cluster
+inputs:
+  discover_output:
+    description: The output from the discover step
+    required: true
+  tag:
+    description: The image tag to deploy
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Discover
+      shell: bash
+      id: discover
+      run: |
+        PAYLOAD=$(echo '${{ inputs.discover_output }}' | jq -cr 'map({(.images | split(" ")[] ): "${{ inputs.tag }}"}) | add')
+        echo "Payload: ${PAYLOAD}"

actions/discover/action.yml

@@ -0,0 +1,45 @@
+name: CI Discovery
+description: Discovers Earthfiles in the given paths and compiles data about them
+inputs:
+  parse_images:
+    description: Whether the image names from the given targets should be returnd (requires at least one target)
+    required: false
+    default: "false"
+  paths:
+    description: A space separated list of paths to search
+    required: false
+    default: "."
+  targets:
+    description: A space seperated list of targets to filter against
+    required: false
+    default: ""
+outputs:
+  json:
+    description: "JSON object containing information about discovered Earthfiles"
+    value: ${{ steps.discover.outputs.json }}
+
+runs:
+  using: composite
+  steps:
+    - name: Discover
+      shell: bash
+      id: discover
+      run: |
+        FLAGS=("-j")
+
+        if [[ "${{ inputs.parse_images }}" == "true" ]]; then
+          FLAGS+=("-i")
+        fi
+
+        for target in ${{ inputs.targets }}; do
+          FLAGS+=("-t" "$target")
+        done
+
+        JSON_OUTPUT=$(ci scan "${FLAGS[@]}" ${{ inputs.paths }})
+        if [[ "${{ inputs.parse_images }}" == "true" ]]; then
+          OUTPUT=$(echo "$JSON_OUTPUT" | jq -cr '[.[] | .images |= join(" ")]')
+        else
+          OUTPUT="${JSON_OUTPUT}"
+        fi
+
+        echo "json=$OUTPUT" >>$GITHUB_OUTPUT

actions/publish/action.yml

@@ -0,0 +1,41 @@
+name: CI Publish
+description: Publishes the given Docker containers
+inputs:
+  earthfile:
+    description: Path to the Earthfile (excluding /Earthfile suffix) to build
+    required: true
+  earthly_satellite:
+    description: The address of the remote Earthly satellite to use
+    required: true
+  images:
+    description: A space seperated list of images the Earthfile will produce
+    required: true
+  registry:
+    description: The registry to publish containers images to
+    required: true
+  tags:
+    description: A space seperated list of tags to tag the resulting images with
+  target:
+    description: The target to build for the given Earthfile
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Build
+      shell: bash
+      run: |
+        earthly \
+            --buildkit-host "tcp://${{ inputs.earthly_satellite }}:8372" \
+            ${{ inputs.earthfile }}+${{ inputs.target }} \
+            --tag=latest
+
+          for image in ${{ inputs.images }}; do
+            for tag in ${{ inputs.tags }}; do
+              echo "Tagging ${image}:latest as ${{ inputs.registry }}/${image}:${tag}"
+              docker tag "${image}:latest" "${{ inputs.registry }}/${image}:${tag}"
+
+              echo "Pushing ${{ inputs.registry }}/${image}:${tag}"
+              docker push "${{ inputs.registry }}/${image}:${tag}"
+            done
+          done

actions/setup/action.yml

@@ -0,0 +1,39 @@
+name: CI Setup
+description: Performs required steps to setup CI
+inputs:
+  aws_role_arn:
+    description: The ARN of the CI role (used for fetching secrets)
+    required: true
+  aws_region:
+    description: The AWS region to use
+    required: true
+  cli_version:
+    description: The version of the CI CLI to install
+    required: false
+    default: 0.0.1
+  earthly_version:
+    description: The version of Earthly to install
+    required: false
+    default: latest
+runs:
+  using: composite
+  steps:
+    - name: Install Earthly
+      uses: earthly/actions-setup@v1
+      with:
+        version: ${{ inputs.earthly_version }}
+    - name: Install CLI
+      shell: bash
+      run: |
+        sudo curl \
+          -L https://github.com/input-output-hk/catalyst-ci/releases/download/v${{ inputs.cli_version }}/ci-linux-amd64 \
+          -o /usr/bin/ci
+        sudo chmod +x /usr/bin/ci
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: ${{ inputs.aws_role_arn }}
+        aws-region: ${{ inputs.aws_region }}
+    - name: Setup Earthly Satellite
+      shell: bash
+      run: mkdir -p /tmp/certs && ci setup /tmp/certs