add GH Actions CI/CD

sdr-enthusiasts · Nov 17, 2023 · 2061fb1 · 2061fb1
1 parent bc311d2
commit 2061fb1
Show file tree

Hide file tree

Showing 11 changed files with 339 additions and 0 deletions.
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -0,0 +1,19 @@
+version: 2
+
+updates:
+  # check for updated docker image and will create pull request
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: weekly
+    assignees:
+      - "fredclausen"
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    assignees:
+      - "mikenye"
+      - "fredclausen"
diff --git a/.github/workflows/cancel_dupes.yml b/.github/workflows/cancel_dupes.yml
@@ -0,0 +1,23 @@
+---
+# Cancels duplicate github actions when superseded
+
+name: Cancelling Duplicates
+on:
+  workflow_run:
+    workflows:
+      - "Pull Request"
+      - "Deploy"
+      - "Linting (Non-Image)"
+    types: ["requested"]
+
+jobs:
+  cancel-duplicate-workflow-runs:
+    name: "Cancel duplicate workflow runs"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: potiuk/cancel-workflow-runs@master
+        name: "Cancel duplicate workflow runs"
+        with:
+          cancelMode: allDuplicates
+          token: ${{ secrets.GITHUB_TOKEN }}
+          sourceRunId: ${{ github.event.workflow_run.id }}
diff --git a/.github/workflows/check_versions.yml b/.github/workflows/check_versions.yml
@@ -0,0 +1,65 @@
+---
+name: Check upstream versions
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 12 * * *"
+
+jobs:
+  version_in_container:
+    name: Check version in 'latest' image
+    runs-on: ubuntu-latest
+    outputs:
+      currver: ${{ steps.current-version.outputs.currver }}
+    steps:
+      - name: Get version from ghcr.io/${{ github.repository }}:latest
+        id: current-version
+        run: |
+          set -x
+          echo "::set-output name=currver::$(docker run --rm --entrypoint cat ghcr.io/${{ github.repository }}:latest /CONTAINER_VERSION)"
+
+  latest_version:
+    name: Check latest versions
+    runs-on: ubuntu-latest
+    outputs:
+      latestver: ${{ steps.latest-version.outputs.latestver }}
+    steps:
+      - name: Build image
+        uses: docker/build-push-action@v5
+        with:
+          push: false
+          load: true
+          tags: testing:latest
+      - name: Get version from newly built image
+        id: latest-version
+        run: |
+          set -x
+          echo "::set-output name=latestver::$(docker run --rm --entrypoint cat testing:latest /CONTAINER_VERSION)"
+
+  display_versions:
+    name: Display versions
+    needs: [version_in_container, latest_version]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Display versions
+        run: |
+          echo "versions in ghcr.io/${{ github.repository }}:latest = ${{ needs.version_in_container.outputs.currver }}"
+          echo "versions in apt repository = ${{ needs.latest_version.outputs.latestver }}"
+          echo "will a deployment be triggered = ${{ needs.version_in_container.outputs.currver != needs.latest_version.outputs.latestver }}"
+
+  trigger_deploy:
+    name: Trigger deployment on new versions
+    needs: [version_in_container, latest_version]
+    if: ${{ needs.version_in_container.outputs.currver != needs.latest_version.outputs.latestver }}
+    runs-on: ubuntu-latest
+    env:
+      WORKFLOW_AUTH_TOKEN: ${{ secrets.GH_PAT_MIKENYE }}
+      WORKFLOW_REPO: ${{ github.repository }}
+      WORKFLOW_FILE: deploy.yml
+      WORKFLOW_REASON: "triggered via check_versions.yml in ${{ github.repository }}"
+    steps:
+      - name: Trigger ${{ env.WORKFLOW_FILE }} in ${{ env.WORKFLOW_REPO }}
+        run: |
+          echo "$WORKFLOW_AUTH_TOKEN" | gh auth login --with-token
+          gh workflow run --ref main --repo "$WORKFLOW_REPO" "$WORKFLOW_FILE" -f reason="$WORKFLOW_REASON"
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,66 @@
+name: Deploy to GHCR
+
+on:
+  # Build and deploy the image on pushes to main branch
+  workflow_dispatch:
+    inputs:
+      reason:
+        required: false
+        description: "Reason for running this workflow"
+      use_test_image:
+        required: false
+        type: boolean
+        description: "Use base image testpr"
+        default: false
+  # Build and deploy the image on pushes to master branch
+  push:
+    branches:
+      - main
+    paths:
+      - "Dockerfile**"
+      - "rootfs/**"
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: docker-aprs-tracker
+  REPO: sdr-enthusiasts
+  IMAGE: docker-aprs-tracker
+
+jobs:
+  workflow-dispatch:
+    name: Triggered via Workflow Dispatch?
+    # only run this step if workflow dispatch triggered
+    # log the reason the workflow dispatch was triggered
+    if: |
+      github.event_name == 'workflow_dispatch' &&
+      github.event.inputs.reason != ''
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log dispatch reason
+        env:
+          INPUTS_REASON: ${{ github.event.inputs.reason }}
+          INPUTS_USE_TEST_IMAGE: ${{ github.event.inputs.use_test_image }}
+        run: |
+          echo "Workflow dispatch reason: $INPUTS_REASON"
+          echo "Use test image: $INPUTS_USE_TEST_IMAGE"
+
+  build_and_push:
+    name: Image Build & Push
+    uses: sdr-enthusiasts/common-github-workflows/.github/workflows/build_and_push_image.yml@main
+    with:
+      push_enabled: true
+      push_destinations: ghcr.io;
+      ghcr_repo_owner: ${{ github.repository_owner }}
+      ghcr_repo: sdr-enthusiasts/docker-aprs-tracker
+      platform_linux_arm32v6_enabled: false
+      platform_linux_i386_enabled: false
+      # set build_latest to true if github.event.inputs.use_test_image is false
+      build_latest: ${{ github.event.inputs.use_test_image == 'false' || github.event.inputs.use_test_image == ''  }}
+      build_baseimage_test: ${{ github.event.inputs.use_test_image == 'true' || github.event.inputs.use_test_image == ''  }}
+      # only build the entire stack if we are not using the test image
+      build_version_specific: false
+      build_platform_specific: false
+      build_nohealthcheck: false
+      build_baseimage_url: :base/:base-test-pr
+    secrets:
+      ghcr_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/flake8.yml b/.github/workflows/flake8.yml
@@ -0,0 +1,26 @@
+---
+name: Linting (Flake8)
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "**.py"
+
+jobs:
+  flake8-lint:
+    name: Run flake8 against python files
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out source repository
+        uses: actions/checkout@v4
+      - name: Set up Python environment
+        uses: actions/setup-python@v4.7.1
+        with:
+          python-version: "3.9"
+      - name: flake8 Lint
+        uses: py-actions/flake8@v2
+        with:
+          ignore: "E501"
diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml
@@ -0,0 +1,21 @@
+---
+name: Linting (Hadolint)
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "Dockerfile"
+
+jobs:
+  hadolint:
+    name: Run hadolint against docker files
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Pull hadolint/hadolint:latest Image
+        run: docker pull hadolint/hadolint:latest
+      - name: Run hadolint against Dockerfiles
+        run: docker run --rm -i -v "$PWD":/workdir --workdir /workdir --entrypoint hadolint hadolint/hadolint --ignore DL3003 --ignore DL3006 --ignore DL3010 --ignore DL4001 --ignore DL3007 --ignore DL3008 --ignore SC2068 --ignore DL3007 --ignore SC1091 --ignore DL3013 --ignore DL3010 $(find . -type f -iname "Dockerfile*")
diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml
@@ -0,0 +1,23 @@
+---
+name: Linting (Markdown)
+
+on:
+  pull_request:
+    branches:
+      - main
+      # only run these if markdown files are updated
+    paths:
+      - "**.md"
+      - "**.MD"
+
+jobs:
+  markdownlint:
+    name: Run markdownlint against markdown files
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Pull markdownlint/markdownlint:latest Image
+        run: docker pull markdownlint/markdownlint:latest
+      - name: Run markdownlint against *.md files
+        run: docker run --rm -i -v "$(pwd)":/workdir --workdir /workdir markdownlint/markdownlint:latest --rules ~MD004,~MD013,~MD033,~MD026,~MD002,~MD022,~MD007,~MD029,~MD012,~MD034 $(find . -type f -iname '*.md' | grep -v '/.git/')
diff --git a/.github/workflows/on_pr.yml b/.github/workflows/on_pr.yml
@@ -0,0 +1,27 @@
+---
+name: Pull Request
+
+on:
+  # Enable manual running of action if necessary
+  workflow_dispatch:
+  # Test build/deploy on PRs to main/master
+  pull_request:
+    # Only publish on push to main branch
+    branches:
+      - main
+    # Don't trigger if it's just a documentation update
+    paths-ignore:
+      - "**.md"
+      - "**.MD"
+      - "**.yml"
+      - "LICENSE"
+      - ".gitattributes"
+      - ".gitignore"
+      - ".dockerignore"
+
+jobs:
+  test-build:
+    name: Test
+    uses: sdr-enthusiasts/common-github-workflows/.github/workflows/build_and_push_image.yml@main
+    with:
+      push_enabled: false
diff --git a/.github/workflows/pre-commit-updates.yaml b/.github/workflows/pre-commit-updates.yaml
@@ -0,0 +1,23 @@
+name: Update pre-commit hooks
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: 0 0 * * 0
+
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4.1.0
+        with:
+          fetch-depth: 0
+      - uses: vrslev/pre-commit-autoupdate@v1.0.0
+      - uses: peter-evans/create-pull-request@v5
+        with:
+          branch: pre-commit-autoupdate
+          title: "chore(deps): Update pre-commit hooks"
+          commit-message: "chore(deps): Update pre-commit hooks"
+          body: Update pre-commit hooks
+          labels: dependencies
+          delete-branch: True
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
@@ -0,0 +1,20 @@
+---
+name: Linting (Shellcheck)
+
+on:
+  pull_request:
+    branches:
+      - main
+      # only run these if markdown files are updated
+
+jobs:
+  shellcheck:
+    name: Run shellcheck against shell scripts
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'pull_request' }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Pull koalaman/shellcheck:stable Image
+        run: docker pull koalaman/shellcheck:stable
+      - name: Run Shellcheck against shell scripts
+        run: docker run --rm -i -v "$PWD:/mnt" koalaman/shellcheck:stable $(find . -type f -exec grep -m1 -l -E '^#!.*sh.*' {} \; | grep -v '/.git/')
diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml
@@ -0,0 +1,26 @@
+---
+name: Linting (YAML)
+
+on:
+  pull_request:
+    branches:
+      - main
+      # only run when yaml files are updated
+    paths:
+      - "**.yml"
+
+jobs:
+  yamllint:
+    name: Run yamllint against YAML files
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: yaml-lint
+        uses: ibiqlik/action-yamllint@v3
+        with:
+          config_data: |
+            extends: default
+            rules:
+              line-length:
+                max: 120
+                level: warning