Merge pull request #31 from itscontained/cicd/cleanup

cicd/cleanup

.github/actions/docker-multi-login-action/action.yml

@@ -0,0 +1,23 @@
+name: 'Docker Multi Login Action'
+description: 'Log in to dockerhub, quay, and github container registry'
+runs:
+  using: "composite"
+  steps:
+    - shell: bash
+      run: |
+        echo "🔑 Logging into dockerhub..."
+        if docker login --username ${{ fromJSON(env.secrets).DOCKERHUB_USERNAME }} --password ${{ fromJSON(env.secrets).DOCKERHUB_PASSWORD }} > /dev/null 2>&1; then
+          echo "🎉 Login Succeeded!"
+        fi
+    - shell: bash
+      run: |
+        echo "🔑 Logging into quay.io..."
+        if docker login quay.io --username ${{ fromJSON(env.secrets).QUAY_USERNAME }} --password ${{ fromJSON(env.secrets).QUAY_PASSWORD }} > /dev/null 2>&1; then
+          echo "🎉 Login Succeeded!"
+        fi
+    - shell: bash
+      run: |
+        echo "🔑 Logging into ghcr.io..."
+        if docker login ghcr.io --username ${{ fromJSON(env.secrets).GHCR_USERNAME }} --password ${{ fromJSON(env.secrets).GHCR_PASSWORD }} > /dev/null 2>&1; then
+          echo "🎉 Login Succeeded!"
+        fi

.github/actions/docker-target-image-list-action/action.yml

@@ -0,0 +1,47 @@
+name: 'Docker Target Image List Generator'
+description: 'A Github Action to generate a list of fully qualified target images for docker related steps'
+inputs:
+  registries:
+    description: "Comma separated list of docker registries"
+    required: false
+    default: "docker.io,quay.io,ghcr.io"
+  images:
+    description: "Comma separated list of images"
+    required: true
+  tags:
+    description: "Comma separated list of image tags"
+    required: false
+    default: "edge"
+outputs:
+  fully-qualified-target-images:
+    description: "List of fully qualified docker target images"
+    value: ${{ steps.gen-fqti.outputs.fully-qualified-target-images }}
+runs:
+  using: "composite"
+  steps:
+    - name: Generate fully qualified docker target images
+      id: gen-fqti
+      shell: bash
+      run: |
+        IFS=',' read -r -a registries <<< "${{ inputs.registries }}"
+        IFS=',' read -r -a images <<< "${{ inputs.images }}"
+        IFS=',' read -r -a tags <<< "${{ inputs.tags }}"
+        FQTI=""
+        echo "Generating fully qualified docker target images for:"
+        echo "🐋 Registries: ${#registries[@]}"
+        echo "📷 Images:     ${#images[@]}"
+        echo "🏷️ Tags:       ${#tags[@]}"
+        echo "🧮 Total:      $((${#registries[@]}*${#images[@]}*${#tags[@]}))"
+        for registry in "${registries[@]}"; do
+          for image in "${images[@]}"; do
+            for tag in "${tags[@]}"; do
+              if [ -z "$FQTI" ]; then
+                FQTI="${registry}/${image}:${tag}"
+              else
+                FQTI="$FQTI,${registry}/${image}:${tag}"
+              fi
+            done
+          done
+        done
+        echo ::set-output name=fully-qualified-target-images::${FQTI}
+

.github/actions/setup-kubebuilder-action/action.yml

@@ -0,0 +1,27 @@
+name: 'Setup Kubebuilder'
+description: 'A Github Action to setup Kubebuilder'
+inputs:
+  os:
+    description: "OS version"
+    required: false
+    default: 'linux'
+  arch:
+    description: "Arch version"
+    required: false
+    default: 'amd64'
+  version:
+    description: "Kubebuilder version"
+    required: false
+    default: '2.3.1'
+runs:
+  using: "composite"
+  steps:
+    - shell: bash
+      run: |
+        echo "📥 Downloading Kubebuilder ${{ inputs.version }} for ${{ inputs.os }}-${{ inputs.arch }}"
+        curl -Lso /tmp/kubebuilder.tgz "https://go.kubebuilder.io/dl/${{ inputs.version }}/${{ inputs.os }}/${{ inputs.arch }}"
+        sudo mkdir -p /usr/local/kubebuilder/bin
+        sudo chmod 777 /usr/local/kubebuilder/bin
+        tar ixzf /tmp/kubebuilder.tgz -C /usr/local/kubebuilder/bin --strip-components 2
+        export PATH="${PATH}:/usr/local/kubebuilder/bin"
+        echo "🎉 Kubebuilder downloaded and added to \$PATH"

.github/actions/tag-check-action/action.yml

@@ -0,0 +1,51 @@
+name: 'Tag Check Action'
+description: 'A Github Action see if the tag supplied already exists on dockerhub'
+inputs:
+  image:
+    description: "Image to check"
+    required: true
+  tag:
+    description: "Tag to check"
+    required: true
+  skip:
+    description: "Whether to skip check"
+    required: false
+    default: 'false'
+outputs:
+  tag:
+    description: "Return checked tag"
+    value: ${{ steps.check-tag.outputs.tag }}
+  exists:
+    description: "Return boolean of exist status"
+    value: ${{ steps.check-tag.outputs.exists }}
+runs:
+  using: "composite"
+  steps:
+    - name: Check Upstream Tag Against DockerHub Registry
+      id: check-tag
+      shell: bash
+      env:
+        VERSION: ${{ inputs.tag }}
+      run: |
+        if [[ "${{ inputs.skip }}" == "true" ]] && [[ -n ${VERSION} ]]
+        then
+          echo "⏭️ Skipping check - Using given tag - ${{ inputs.image }}:${{ inputs.tag }}"
+          echo "::set-output name=exists::false"
+          echo "::set-output name=tag::${{ inputs.tag }}"
+          exit
+        elif [[ "${{ inputs.skip }}" == "true" ]] && [[ -z ${VERSION} ]]
+        then
+          echo "⏮️ Requested skip check but missing input tag"
+          exit 1
+        fi
+        echo "🔍 Checking ${{ inputs.image }} for a tag that matches ${{ inputs.tag }}"
+        TAG="$(curl -s https://registry.hub.docker.com/v1/repositories/${{ inputs.image }}/tags | jq -r '.[] | select(.name==env.VERSION) | .name')"
+        if [[ -n "$TAG" ]]
+        then
+          echo "🎉 Match found! - ${{ inputs.image }}:${{ inputs.tag }}"
+          echo "::set-output name=exists::true"
+        else
+          echo "❌ Could not find a tag matching ${{ inputs.tag }} for ${{ inputs.image }}"
+          echo "::set-output name=exists::false"
+        fi
+        echo "::set-output name=tag::${{ inputs.tag }}"

.github/workflows/chart-release.yaml

@@ -9,31 +9,21 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
+      - name: Configure Git
+        run: |
+          git config --global user.name "${{ env.GHCR_USERNAME }}"
+          git config --global user.email "${{ env.GHCR_USERNAME }}@users.noreply.github.com"
       - name: Checkout secret-manger
         uses: actions/checkout@v2
         with:
           path: secret-manager
-      - name: Import Secrets
-        uses: RichiCoder1/[email protected]
-        with:
-          url: ${{ secrets.VaultURL }}
-          method: approle
-          roleId: ${{ secrets.appRoleID }}
-          secretId: ${{ secrets.appSecretID }}
-          path: kv-v2
-          secrets: |
-            auth/github token | GITHUB_PAT;
       - name: Checkout Chart Repo
         uses: actions/checkout@v2
         with:
-          token: "${{ env.GITHUB_PAT }}"
+          token: ${{ env.GHCR_PASSWORD }}
           repository: "itscontained/charts"
           ref: gh-pages
           path: charts
-      - name: Configure Git
-        run: |
-          git config --global user.name "$GITHUB_ACTOR"
-          git config --global user.email "[email protected]"
       - name: Install Helm
         run: |
           curl -fsSLo get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
@@ -44,11 +34,7 @@ jobs:
           wget https://github.com/helm/chart-releaser/releases/download/v1.0.0/chart-releaser_1.0.0_linux_amd64.tar.gz
           tar xzvf chart-releaser_1.0.0_linux_amd64.tar.gz cr
       - name: Copy CRDs to chart
-        run: |
-          cp secret-manager/deploy/crds/*.yaml secret-manager/deploy/charts/secret-manager/templates/crds/;
-          for i in secret-manager/deploy/charts/secret-manager/templates/crds/*.yaml; do
-               sed -i '1s/.*/{{- if .Values.installCRDs }}/;$a{{- end }}' $i;
-          done
+        run: make crds-to-chart
       - name: Release Chart
         run: |
           helm package secret-manager/deploy/charts/secret-manager/ --destination .cr-release-packages

.github/workflows/docker.yaml

@@ -8,14 +8,33 @@ on:
       - 'v*.*.*'
   pull_request:
     branches: master
-
+env:
+  IMAGES: ${{ github.repository_owner }}/secret-manager
+  PLATFORMS: "linux/amd64,linux/arm64,linux/arm/v7"
 jobs:
+  lint-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Set up Go 1.15
+        uses: actions/setup-go@v1
+        with:
+          go-version: '~1.15.0'
+      - name: Setup Kubebuilder
+        uses: ./.github/actions/setup-kubebuilder-action
+      - name: Lint
+        run: |
+          make lint-install
+          make lint
+      - name: Test
+        run: make test
   docker:
     runs-on: ubuntu-latest
+    needs: lint-and-test
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-
       - name: Prepare
         id: prep
         run: |
@@ -27,61 +46,49 @@ jobs:
           if [ "${{ github.event_name }}" = "schedule" ]; then
             VERSION=nightly
           fi
-          TAGS="${DOCKER_IMAGE}:${VERSION},ghcr.io/${DOCKER_IMAGE}:${VERSION},quay.io/${DOCKER_IMAGE}:${VERSION}"
+          TAGS="${VERSION}"
           if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            TAGS="$TAGS,${DOCKER_IMAGE}:latest,ghcr.io/${DOCKER_IMAGE}:latest,quay.io/${DOCKER_IMAGE}:latest"
+            TAGS="$TAGS,latest"
           fi
           echo ::set-output name=version::${VERSION}
           echo ::set-output name=tags::${TAGS}
           echo ::set-output name=build_date::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
           echo ::set-output name=vcs_ref::${GITHUB_SHA::8}
-
+      - uses: ./.github/actions/docker-target-image-list-action
+        name: Generate Target Images
+        id: gen-tags
+        with:
+          images: ${{ env.IMAGES }}
+          tags: ${{ steps.prep.outputs.tags }}
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
         with:
           install: true
           version: latest
           driver-opts: image=moby/buildkit:master
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Login to Quay
-        uses: docker/login-action@v1
-        with:
-          registry: quay.io
-          username: ${{ secrets.QUAY_USERNAME }}
-          password: ${{ secrets.QUAY_PASSWORD }}
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ secrets.GHCR_USERNAME }}
-          password: ${{ secrets.GHCR_PASSWORD }}
-
-      - name: Build and push
+      - name: Docker Multi Login
+        uses: ./.github/actions/docker-multi-login-action
+        env:
+          secrets: ${{ toJSON(secrets) }}
+      - name: Build and Push
         uses: docker/build-push-action@v2
         with:
           context: .
           file: ./Dockerfile
-          platforms: |
-            linux/amd64
-            linux/arm64
-            linux/arm/v7
+          platforms: ${{ env.PLATFORMS }}
+          pull: true
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.prep.outputs.tags }}
+          tags: ${{ steps.gen-tags.outputs.fully-qualified-target-images }}
           build-args: |
             VERSION=${{ steps.prep.outputs.version }}
             BUILD_DATE=${{ steps.prep.outputs.build_date }}
             VCS_REF=${{ steps.prep.outputs.vcs_ref }}
       - name: Inspect
         if: ${{ github.event_name != 'pull_request' }}
         run: |
-          docker buildx imagetools inspect ${DOCKER_IMAGE}:${{ steps.prep.outputs.version }}
+          IFS=',' read -r -a images <<< "${{ steps.gen-tags.outputs.fully-qualified-target-images }}"
+          for image in "${images[@]}"; do
+              docker buildx imagetools inspect ${image}
+          done