wilix-infra/actions
3
0
Fork 0
Code Pull Requests Actions Activity

Compare commits

base: wilix-infra:master
Branches Tags
wilix-infra:master
..
compare: wilix-infra:8590a26b16b26fb3401d86afdd340ada90db9a7b
Branches Tags
wilix-infra:master

1 Commits
master ... 8590a26b16

Author SHA1 Message Date
maxim.yanchuk
8590a26b16 LP-2725: disableable go cache 2023-12-26 15:17:50 +03:00
10 changed files with 9 additions and 594 deletions
Expand all files Collapse all files

45
.gitea/actions/plugin/build-channel-export/action.yml
View File

@@ -1,45 +0,0 @@
name: build-channel-export
description: Build plugin via make
inputs:
go_version:
required: false
description: 'GO version'
go_cache:
required: false
description: 'For direct disable go-cache if needed'
node_version:
required: false
description: 'Node.js version'
runs:
using: composite
steps:
- name: ci/setup-go
uses: actions/setup-go@v4
if: ${{ inputs.go_version && inputs.go_cache != 'false' }}
with:
go-version: "${{ inputs.go_version }}"
cache-dependency-path: |
go.sum
server/go.sum
- name: ci/setup-go-wo-cache
uses: actions/setup-go@v4
if: ${{ inputs.go_version && inputs.go_cache == 'false' }}
with:
go-version: "${{ inputs.go_version }}"
cache: false
- name: ci/setup-node
uses: actions/setup-node@v4
if: ${{ inputs.node_version }}
with:
node-version: "${{ inputs.node_version }}"
- name: ci/plugin-build
shell: bash
run: |
echo "::group::dist"
make dist
echo "::endgroup::"

6
.gitea/workflows/java-pull-request-check-template.yml
View File

@@ -42,12 +42,12 @@ env:
jobs:
check:
name: check and test
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: https://github.com/actions/checkout@v3
- uses: https://github.com/actions/setup-java@v3
with:
distribution: 'zulu'
distribution: 'temurin'
java-version: 21
check-latest: "false"
- uses: https://github.com/gradle/gradle-build-action@v2
@@ -138,4 +138,4 @@ jobs:
- name: loop fail notification
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/mattermost/action-mattermost-notify@1.1.0
uses: https://github.com/mattermost/action-mattermost-notify@master

136
.gitea/workflows/loop-plugin-channel-export-template.yml
View File

@@ -1,136 +0,0 @@
name: Build and sign plugin with marketplace json formation
on:
workflow_call:
inputs:
go_version:
required: false
description: 'GO version'
go_cache:
required: false
description: 'For direct disable go-cache if needed'
node_version:
required: false
description: 'Node.js version'
vault_secrets_base_path:
required: true
description: 'Base vault secret path'
artifacts_url:
required: true
description: 'Artifacts URL'
artifacts_repository:
required: true
description: 'Artifacts repository'
secrets:
VAULT_ROLE_ID:
required: true
VAULT_SECRET_ID:
required: true
jobs:
release:
name: release
runs-on: ubuntu-22.04
steps:
- name: ci/checkout-repo
uses: actions/checkout@v3
- id: publish-secrets
name: ci/publish-secrets
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ inputs.vault_secrets_base_path }} ARTIFACTS_USERNAME ;
${{ inputs.vault_secrets_base_path }} ARTIFACTS_PASSWORD ;
- id: key
name: ci/key
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_EXPORTED ;
${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_ID ;
${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_PASSPHRASE ;
- id: plugin-meta
name: ci/plugin-meta
shell: bash
run: |
apt-get update
apt-get install -y jq
echo "PLUGIN=$(jq -r '.id + "-" + .version + ".tar.gz"' plugin.json)" >> "$GITHUB_OUTPUT"
echo "PLUGIN_ID=$(jq -r '.id' plugin.json)" >> "$GITHUB_OUTPUT"
echo "PLUGIN_VERSION=$(jq -r '.version' plugin.json)" >> "$GITHUB_OUTPUT"
echo "ENTERPRISE=$(jq -r '.props.enterprise == true' plugin.json)" >> "$GITHUB_OUTPUT"
echo "BETA=$(jq -r '.version | contains("SNAPSHOT")' plugin.json)" >> "$GITHUB_OUTPUT"
echo "EXPERIMENTAL=$(jq -r '.props.experimental == true' plugin.json)" >> "$GITHUB_OUTPUT"
- name: ci/plugin-build
uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/plugin/build-channel-export@master
with:
go_version: ${{ inputs.go_version }}
go_cache: ${{ inputs.go_cache }}
node_version: ${{ inputs.node_version }}
ssh_key: ${{ secrets.AI_DEPLOY_KEY }}
- name: ci/plugin-sign
uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/file-sign@master
with:
private_key: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_EXPORTED }}
private_key_id: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_ID }}
private_key_passphrase: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_PASSPHRASE }}
filepath: ${{ gitea.workspace }}/dist/${{ steps.plugin-meta.outputs.PLUGIN }}
- name: ci/push-plugin
uses: sonatype-nexus-community/nexus-repo-github-action@master
with:
serverUrl: ${{ inputs.artifacts_url }}
username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }}
password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }}
format: raw
repository: ${{ inputs.artifacts_repository }}
coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }}
filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }}
- name: ci/push-plugin-sign
uses: sonatype-nexus-community/nexus-repo-github-action@master
with:
serverUrl: ${{ inputs.artifacts_url }}
username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }}
password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }}
format: raw
repository: ${{ inputs.artifacts_repository }}
coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }}.sig
filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }}.sig
- name: ci/plugin-json
uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/plugin/json@master
with:
plugin_id: ${{ steps.plugin-meta.outputs.PLUGIN_ID }}
plugin_version: ${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
enterprise: ${{ steps.plugin-meta.outputs.ENTERPRISE }}
beta: ${{ steps.plugin-meta.outputs.BETA }}
experimental: ${{ steps.plugin-meta.outputs.EXPERIMENTAL }}
artifacts_url: ${{ inputs.artifacts_url }}
artifacts_repository: ${{ inputs.artifacts_repository }}
- name: ci/push-plugin-json
uses: sonatype-nexus-community/nexus-repo-github-action@master
with:
serverUrl: ${{ inputs.artifacts_url }}
username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }}
password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }}
format: raw
repository: ${{ inputs.artifacts_repository }}
coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }}.json
filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }}.json

2
.gitea/workflows/loop-plugin-with-marketplace-template.yml
View File

@@ -76,9 +76,7 @@ jobs:
uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/plugin/build@master
with:
go_version: ${{ inputs.go_version }}
go_cache: ${{ inputs.go_cache }}
node_version: ${{ inputs.node_version }}
ssh_key: ${{ secrets.AI_DEPLOY_KEY }}
- name: ci/plugin-sign
uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/file-sign@master

115
.gitea/workflows/mobile-pull-request-check-template.yml
View File

@@ -1,115 +0,0 @@
name: Mobile pull request check
on:
workflow_call:
inputs:
node-version:
description: "Set node version"
default: 20
type: string
notification_enabled:
description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault"
default: false
required: false
type: boolean
custom_notification_hook_enabled:
description: "Использовать ли кастомный url хук для оповещений (должен лежать в vault секрете проекта)"
default: false
required: false
type: boolean
notification_channel:
description: "Канал для оповещений о результатах деплоя"
default: internal_projects_notifications
required: false
type: string
vault_secrets_base_path:
description: 'Базовый путь для секретов проекта в vault'
required: false
type: string
secrets:
VAULT_ROLE_ID:
required: true
VAULT_SECRET_ID:
required: true
env:
vault_main_base_path: dev/wilix/main/data/ci
jobs:
check:
name: mobile check and test
runs-on: ubuntu-latest
steps:
- name: ci/checkout-repo
uses: actions/checkout@v3
- name: Use Node.js ${{ inputs.node-version }}
uses: https://github.com/actions/setup-node@v3
with:
node-version: ${{ inputs.node-version }}
- name: ci/prepare-node-deps
uses: ./.gitea/actions/prepare-node-deps
- name: ci/check-styles
shell: bash
run: |
echo "::group::check-styles"
npm run check
echo "::endgroup::"
- name: ci/run-tests
shell: bash
run: |
echo "::group::run-tests"
npm run test:ci
echo "::endgroup::"
- name: Get general notification url
if: ${{ inputs.notification_enabled && ! inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ env.vault_main_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
- name: Get custom notification url
if: ${{ inputs.notification_enabled && inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ inputs.vault_secrets_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
- name: prepare failed notification body
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/finnp/create-file-action@master
env:
FILE_NAME: "mattermost.json"
FILE_DATA: |
{
"channel": "${{ inputs.notification_channel }}",
"attachments": [
{
"fallback": "Проверка упала ${{ gitea.repository }}",
"text": "@${{ gitea.actor }} упала тестовая сборка",
"color": "#FF0000",
"fields": [
{
"short": true,
"title": "Сборка",
"value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
}
]
}
]
}
- name: loop fail notification
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/mattermost/action-mattermost-notify@1.1.0

112
.gitea/workflows/node-pull-request-check-template.yml
View File

@@ -1,112 +0,0 @@
name: Pull request check
on:
workflow_call:
inputs:
node-version:
description: "Set node version"
default: 20
type: string
yarn-commands:
description: "yarn-commands"
default: |-
yarn install
yarn test
type: string
notification_enabled:
description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault"
default: false
required: false
type: boolean
custom_notification_hook_enabled:
description: "Использовать ли кастомный url хук для оповещений (должен лежать в vault секрете проекта)"
default: false
required: false
type: boolean
notification_channel:
description: "Канал для оповещений о результатах деплоя"
default: internal_projects_notifications
required: false
type: string
vault_secrets_base_path:
description: 'Базовый путь для секретов проекта в vault'
required: false
type: string
sonar_enabled:
default: false
required: false
type: boolean
secrets:
VAULT_ROLE_ID:
required: true
VAULT_SECRET_ID:
required: true
env:
vault_main_base_path: dev/wilix/main/data/ci
jobs:
check:
name: check and test
runs-on: ubuntu-latest
steps:
- uses: https://github.com/actions/checkout@v3
- name: Use Node.js ${{ inputs.node-version }}
uses: https://github.com/actions/setup-node@v3
with:
node-version: ${{ inputs.node-version }}
- run: ${{ inputs.yarn-commands }}
- name: dockerfile lint check
uses: https://github.com/hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
- name: Get general notification url
if: ${{ inputs.notification_enabled && ! inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ env.vault_main_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
- name: Get custom notification url
if: ${{ inputs.notification_enabled && inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ inputs.vault_secrets_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
- name: prepare failed notification body
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/finnp/create-file-action@master
env:
FILE_NAME: "mattermost.json"
FILE_DATA: |
{
"channel": "${{ inputs.notification_channel }}",
"attachments": [
{
"fallback": "Проверка упала ${{ gitea.repository }}",
"text": "@${{ gitea.actor }} упала тестовая сборка",
"color": "#FF0000",
"fields": [
{
"short": true,
"title": "Сборка",
"value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
}
]
}
]
}
- name: loop fail notification
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/mattermost/action-mattermost-notify@1.1.0

2
.gitea/workflows/werf-cleanup-template.yml
View File

@@ -26,7 +26,7 @@ env:
jobs:
cleanup:
name: Cleanup
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: https://github.com/actions/checkout@v3
- name: Fetch all history for all tags and branches

4
.gitea/workflows/werf-deploy-template.yml
View File

@@ -62,7 +62,7 @@ env:
jobs:
converge:
name: Deploy stand
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- name: Checkout code
@@ -197,5 +197,5 @@ jobs:
}
- name: loop fail notification
uses: https://github.com/mattermost/action-mattermost-notify@1.1.0
uses: https://github.com/mattermost/action-mattermost-notify@master
if: ${{ inputs.notification_enabled && (job.status == 'success' || job.status == 'failure') }}

68
.gitea/workflows/werf-yonote-cleanup-template.yml
View File

@@ -1,68 +0,0 @@
name: Cleanup Yonote Docker registry
on:
workflow_call:
inputs:
docker_repo_path:
default: private.docker.wilix.dev
required: false
type: string
docker_images_path:
description: 'Относительный путь для образов проекта'
required: true
type: string
werf_debug:
default: false
required: false
type: boolean
secrets:
VAULT_ROLE_ID:
required: true
VAULT_SECRET_ID:
required: true
env:
vault_main_base_path: dev/wilix/main/data/ci
jobs:
cleanup:
name: Cleanup
runs-on: ubuntu-latest
steps:
- uses: https://github.com/actions/checkout@v3
- name: Fetch all history for all tags and branches
run: git fetch --prune --unshallow
# FIXME Эти секреты нужно будет сделать полностью различными для проектов, идеально - краткосрочные генерируемые vault
- id: import-secrets
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ env.vault_main_base_path }} local_cluster_kube_config_base64 ;
${{ env.vault_main_base_path }} docker_registry_username ;
${{ env.vault_main_base_path }} docker_registry_password ;
dev/wilix/yonote/data/ci/yonote NPM_AUTH_TOKEN ;
- name: Login to wilix nexus Container Registry
uses: https://github.com/docker/login-action@v2
with:
registry: ${{ inputs.docker_repo_path }}
username: ${{ steps.import-secrets.outputs.docker_registry_username }}
password: ${{ steps.import-secrets.outputs.docker_registry_password }}
- name: Install werf
uses: https://github.com/werf/actions/install@v1.2
- name: Setup debug if need
if: ${{ inputs.werf_debug }}
run: echo "WERF_LOG_DEBUG=true" >> "$GITHUB_ENV"
- name: Cleanup
run: werf cleanup
env:
WERF_REPO: ${{ inputs.docker_repo_path }}/${{ inputs.docker_images_path }}
WERF_KUBECONFIG_BASE64: ${{ steps.import-secrets.outputs.local_cluster_kube_config_base64 }}
NPM_AUTH_TOKEN: ${{ steps.import-secrets.outputs.NPM_AUTH_TOKEN }}

107
.gitea/workflows/yonote-node-pull-request-check-template.yml
View File

@@ -1,107 +0,0 @@
name: Pull request check
on:
workflow_call:
inputs:
node-version:
description: "Set node version"
default: 20
type: string
yarn-commands:
description: "yarn-commands"
default: |-
yarn install
yarn test
type: string
notification_enabled:
description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault"
default: false
required: false
type: boolean
custom_notification_hook_enabled:
description: "Использовать ли кастомный url хук для оповещений (должен лежать в vault секрете проекта)"
default: false
required: false
type: boolean
notification_channel:
description: "Канал для оповещений о результатах деплоя"
default: internal_projects_notifications
required: false
type: string
vault_secrets_base_path:
description: 'Базовый путь для секретов проекта в vault'
required: false
type: string
sonar_enabled:
default: false
required: false
type: boolean
secrets:
VAULT_ROLE_ID:
required: true
VAULT_SECRET_ID:
required: true
env:
vault_main_base_path: dev/wilix/main/data/ci
jobs:
check:
name: check and test
runs-on: ubuntu-latest
steps:
- uses: https://github.com/actions/checkout@v3
- name: Use Node.js ${{ inputs.node-version }}
uses: https://github.com/actions/setup-node@v3
with:
node-version: ${{ inputs.node-version }}
- run: ${{ inputs.yarn-commands }}
- name: Get general notification url
if: ${{ inputs.notification_enabled && ! inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ env.vault_main_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
- name: Get custom notification url
if: ${{ inputs.notification_enabled && inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ inputs.vault_secrets_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
- name: prepare failed notification body
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/finnp/create-file-action@master
env:
FILE_NAME: "mattermost.json"
FILE_DATA: |
{
"channel": "${{ inputs.notification_channel }}",
"attachments": [
{
"fallback": "Проверка упала ${{ gitea.repository }}",
"text": "@${{ gitea.actor }} упала тестовая сборка",
"color": "#FF0000",
"fields": [
{
"short": true,
"title": "Сборка",
"value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
}
]
}
]
}
- name: loop fail notification
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/mattermost/action-mattermost-notify@1.1.0