From 0759b48c4b5b348eecf520bfdcfca5be520decb0 Mon Sep 17 00:00:00 2001 From: Jayesh Bapu Ahire Date: Wed, 6 Jan 2021 09:19:03 +0530 Subject: [PATCH] ci: migrating to GitHub actions (#47) * adds gha and removes CCI * addresses comments and changes in actions * adds role for publish action * cleanup * cleanup * removes redundant action file * addresses Aaron's comments --- .circleci/config.yml | 194 ---------------------------- .github/CODEOWNERS | 3 + .github/workflows/merge-publish.yml | 44 +++++++ .github/workflows/pr-build.yml | 73 +++++++++++ .github/workflows/pr-test.yml | 60 +++++++++ .github/workflows/publish.yml | 62 +++++++++ codecov.yml | 2 + query-service/build.gradle.kts | 4 +- 8 files changed, 246 insertions(+), 196 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/workflows/merge-publish.yml create mode 100644 .github/workflows/pr-build.yml create mode 100644 .github/workflows/pr-test.yml create mode 100644 .github/workflows/publish.yml create mode 100644 codecov.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index c2e6fcc5..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,194 +0,0 @@ -version: 2.1 - -orbs: - codecov: codecov/codecov@1 - snyk: snyk/snyk@0.0.10 - -executors: - gradle_docker: - docker: - - image: cimg/openjdk:11.0 - auth: - username: $DOCKERHUB_USERNAME - password: $DOCKERHUB_PASSWORD - helm: - docker: - - image: hypertrace/helm-gcs-packager:0.3.0 - auth: - username: $DOCKERHUB_USERNAME - password: $DOCKERHUB_PASSWORD - -commands: - gradle: - description: 'Run the provided gradle command' - parameters: - args: - type: string - when: - default: "on_success" - type: enum - enum: ["on_fail", "on_success", "always"] - steps: - - run: - name: << parameters.args >> - command: ./gradlew << parameters.args >> --info --max-workers=2 -Dorg.gradle.jvmargs=-Xmx2g -Dorg.gradle.console=plain --continue - when: << parameters.when >> - setup_build_environment: - description: 'Generates cache key from a hash of all gradle files' - steps: - - checkout - - run: - name: Generate cache key - # Find all gradle related files, hash each and order them consistently, then save to file for later use - command: find . -type f -name "*.gradle*" -o -name "gradle-wrapper*" | xargs shasum | sort > /tmp/checksum.txt && cat /tmp/checksum.txt - - restore_cache: - keys: - - v1-dependencies-{{ checksum "/tmp/checksum.txt" }} - # fallback to using the latest cache if no exact match is found - - v1-dependencies- - populate_and_save_cache: - description: 'Downloads all gradle dependencies and uploads cache for later use' - steps: - - gradle: - args: downloadDependencies - - save_cache: - paths: - - ~/.gradle - key: v1-dependencies-{{ checksum "/tmp/checksum.txt" }} - docker_login: - description: "Login to dockerhub with readonly credentials" - steps: - - run: - name: Dockerhub login - command: echo $DOCKERHUB_PASSWORD | docker login --username $DOCKERHUB_USERNAME --password-stdin - -jobs: - build: - executor: gradle_docker - steps: - - setup_build_environment - - setup_remote_docker: &latest_remote_docker - version: 19.03.12 - - populate_and_save_cache - - docker_login - - gradle: - args: build dockerBuildImages - - gradle: - args: jacocoTestReport - - codecov/upload: - flags: unit - merge-publish: - executor: gradle_docker - steps: - - setup_build_environment - - setup_remote_docker: *latest_remote_docker - - docker_login - - gradle: - args: dockerPushImages - release-publish: - executor: gradle_docker - steps: - - setup_build_environment - - setup_remote_docker: *latest_remote_docker - - docker_login - - gradle: - args: publish dockerPushImages - validate-charts: - executor: helm - steps: - - checkout - - run: - name: Helm Charts Lint and Template Render - command: | - helm lint --strict ./helm/ - helm template ./helm/ - snyk-scan: - executor: - name: gradle_docker - environment: - GRADLE_OPTS: -Dorg.gradle.workers.max=1 # Snyk doesn't handle parallelism well - steps: - - setup_build_environment - - snyk/scan: - additional-arguments: --all-sub-projects --policy-path=.snyk --configuration-matching='^runtimeClasspath$' - - release-charts: - executor: helm - working_directory: ~/repo - steps: - - checkout - - run: - name: Add release tag - command: | - git config --global user.email "${CIRCLE_USERNAME}@hypertrace.org" - git config --global user.name "$CIRCLE_USERNAME" - git tag -am "Released by $CIRCLE_USERNAME" $(git describe --abbrev=0 --tags | sed 's/^release-//') - - run: - name: Remove trigger tag - command: git tag -d release-$(git describe --abbrev=0) - - run: - name: Package and Publish Helm Charts - # Read the "name:" from Chart.yaml. The chart version is - - command: | - CHART_VERSION=$(git describe --abbrev=0) - CHART_NAME=$(awk '/^name:/ {print $2}' ./helm/Chart.yaml) - export GOOGLE_APPLICATION_CREDENTIALS=${HOME}/helm-gcs-key.json - echo ${HELM_GCS_CREDENTIALS} > ${GOOGLE_APPLICATION_CREDENTIALS} - helm dependency update ./helm/ - helm repo add helm-gcs ${HELM_GCS_REPOSITORY} - helm package --version ${CHART_VERSION} --app-version ${CHART_VERSION} ./helm/ - helm gcs push ${CHART_NAME}-${CHART_VERSION}.tgz helm-gcs --public --retry - - add_ssh_keys: - fingerprints: - # This ssh key gives write permission needed for the following step. - - 'bd:a2:a2:90:46:6c:51:d0:af:8b:1b:c2:d6:e2:f2:e2' - - run: - name: Update remote tags - command: git push origin refs/tags/$(git describe --abbrev=0) :refs/tags/release-$(git describe --abbrev=0) - -workflows: - version: 2 - build-and-publish: - jobs: - - build: - context: - - dockerhub-read - - validate-charts: - context: - - dockerhub-read - - snyk-scan: - context: - - hypertrace-vulnerability-scanning - - dockerhub-read - - merge-publish: - context: - - hypertrace-publishing - - dockerhub-read - requires: - - build - - validate-charts - - snyk-scan - filters: - branches: - only: - - main - - release-publish: - context: - - hypertrace-publishing - - dockerhub-read - filters: - branches: - ignore: /.*/ - tags: - only: /^release-.*/ - - release-charts: - context: - - hypertrace-publishing - - dockerhub-read - requires: - - release-publish - filters: - branches: - ignore: /.*/ - tags: - only: /^release-.*/ diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 99aa59dc..aa86984b 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,3 +2,6 @@ # global * @buchi-busireddy @tim-mwangi @avinashkolluru @inespo + +# GH action +.github/ @aaron-steinfeld @jbahire @kotharironak @buchi-busireddy \ No newline at end of file diff --git a/.github/workflows/merge-publish.yml b/.github/workflows/merge-publish.yml new file mode 100644 index 00000000..73acb504 --- /dev/null +++ b/.github/workflows/merge-publish.yml @@ -0,0 +1,44 @@ +name: merge-publish +on: + push: + branches: + - main + workflow_dispatch: + +jobs: + merge-publish: + runs-on: ubuntu-20.04 + steps: + # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation + - name: Check out code + uses: actions/checkout@v2.3.4 + with: + ref: ${{github.event.pull_request.head.ref}} + repository: ${{github.event.pull_request.head.repo.full_name}} + fetch-depth: 0 + + - name: create checksum file + uses: hypertrace/actions/checksum@main + + - name: Cache packages + uses: actions/cache@v2 + with: + path: ~/.gradle + key: gradle-packages-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/checksum.txt') }} + restore-keys: | + gradle-packages-${{ runner.os }}-${{ github.job }} + gradle-packages-${{ runner.os }} + + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_READ_USER }} + password: ${{ secrets.DOCKERHUB_READ_TOKEN }} + + - name: push docker image + uses: hypertrace/actions/gradle@main + with: + args: dockerPushImages + env: + DOCKER_USERNAME: ${{ secrets.DOCKERHUB_PUBLISH_USER }} + DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_PUBLISH_TOKEN }} diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml new file mode 100644 index 00000000..8eb4094f --- /dev/null +++ b/.github/workflows/pr-build.yml @@ -0,0 +1,73 @@ +name: build and validate +on: + push: + branches: + - main + pull_request_target: + branches: + - main + +jobs: + build: + runs-on: ubuntu-20.04 + steps: + # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation + - name: Check out code + uses: actions/checkout@v2.3.4 + with: + ref: ${{github.event.pull_request.head.ref}} + repository: ${{github.event.pull_request.head.repo.full_name}} + fetch-depth: 0 + + - name: create checksum file + uses: hypertrace/actions/checksum@main + + - name: Cache packages + uses: actions/cache@v2 + with: + path: ~/.gradle + key: gradle-packages-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/checksum.txt') }} + restore-keys: | + gradle-packages-${{ runner.os }}-${{ github.job }} + gradle-packages-${{ runner.os }} + + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_READ_USER }} + password: ${{ secrets.DOCKERHUB_READ_TOKEN }} + + - name: Build with Gradle + uses: hypertrace/actions/gradle@main + with: + args: build dockerBuildImages + + validate-helm-charts: + runs-on: ubuntu-20.04 + steps: + - name: Check out code + uses: actions/checkout@v2.3.4 + with: + ref: ${{github.event.pull_request.head.ref}} + repository: ${{github.event.pull_request.head.repo.full_name}} + fetch-depth: 0 + + - name: validate charts + uses: hypertrace/actions/validate-charts@main + + snyk-scan: + runs-on: ubuntu-20.04 + steps: + # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation + - name: Check out code + uses: actions/checkout@v2.3.4 + with: + ref: ${{github.event.pull_request.head.ref}} + repository: ${{github.event.pull_request.head.repo.full_name}} + fetch-depth: 0 + - name: Setup snyk + uses: snyk/actions/setup@0.3.0 + - name: Snyk test + run: snyk test --all-sub-projects --org=hypertrace --severity-threshold=low --policy-path=.snyk --configuration-matching='^runtimeClasspath$' + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} diff --git a/.github/workflows/pr-test.yml b/.github/workflows/pr-test.yml new file mode 100644 index 00000000..0b1da754 --- /dev/null +++ b/.github/workflows/pr-test.yml @@ -0,0 +1,60 @@ +name: test +on: + push: + branches: + - main + pull_request: + +jobs: + test: + runs-on: ubuntu-20.04 + steps: + # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation + - name: Check out code + uses: actions/checkout@v2.3.4 + with: + fetch-depth: 0 + + - name: create checksum file + uses: hypertrace/actions/checksum@main + + - name: Cache packages + uses: actions/cache@v2 + with: + path: ~/.gradle + key: gradle-packages-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/checksum.txt') }} + restore-keys: | + gradle-packages-${{ runner.os }}-${{ github.job }} + gradle-packages-${{ runner.os }} + + + - name: Unit test + uses: hypertrace/actions/gradle@main + with: + args: jacocoTestReport + + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v1 + with: + name: unit test reports + fail_ci_if_error: true + flags: unit + + - name: copy test reports + uses: hypertrace/actions/gradle@main + with: + args: copyAllReports --output-dir=/tmp/test-reports + + - name: Archive test reports + uses: actions/upload-artifact@v1 + with: + name: test-reports + path: /tmp/test-reports + if: always() + + - name: Publish Unit Test Results + uses: docker://ghcr.io/enricomi/publish-unit-test-result-action:v1.6 + if: always() + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + files: ./**/build/test-results/**/*.xml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..9ef1aa4e --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,62 @@ +name: Publish artifacts +on: +# Will only run when release is published. + release: + types: + - created + workflow_dispatch: + +jobs: + publish-artifacts: + runs-on: ubuntu-20.04 + steps: + # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation + - name: Check out code + uses: actions/checkout@v2.3.4 + with: + fetch-depth: 0 + + - name: create checksum file + uses: hypertrace/actions/checksum@main + + - name: Cache packages + uses: actions/cache@v2 + with: + path: ~/.gradle + key: gradle-packages-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/checksum.txt') }} + restore-keys: | + gradle-packages-${{ runner.os }}-${{ github.job }} + gradle-packages-${{ runner.os }} + + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_READ_USER }} + password: ${{ secrets.DOCKERHUB_READ_TOKEN }} + + - name: publish docker image + uses: hypertrace/actions/gradle@main + with: + args: publish dockerPushImages + env: + DOCKER_USERNAME: ${{ secrets.DOCKERHUB_PUBLISH_USER }} + DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_PUBLISH_TOKEN }} + ORG_GRADLE_PROJECT_publishUser: ${{ secrets.BINTRAY_USER }} + ORG_GRADLE_PROJECT_publishApiKey: ${{ secrets.BINTRAY_API_KEY }} + + publish-helm-charts: + needs: publish-artifacts + runs-on: ubuntu-20.04 + steps: + # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation + - name: Checkout Repository + uses: actions/checkout@v2.3.4 + with: + fetch-depth: 0 + + - name: package and release charts + uses: hypertrace/actions/helm-gcs-publish@main + with: + helm-gcs-credentials: ${{ secrets.HELM_GCS_CREDENTIALS }} + helm-gcs-repository: ${{ secrets.HELM_GCS_REPOSITORY }} + diff --git a/codecov.yml b/codecov.yml new file mode 100644 index 00000000..8a333e58 --- /dev/null +++ b/codecov.yml @@ -0,0 +1,2 @@ +codecov: + max_report_age: off diff --git a/query-service/build.gradle.kts b/query-service/build.gradle.kts index eae7ced8..1dc81df4 100644 --- a/query-service/build.gradle.kts +++ b/query-service/build.gradle.kts @@ -1,8 +1,8 @@ plugins { java application - id("org.hypertrace.docker-java-application-plugin") version "0.8.0" - id("org.hypertrace.docker-publish-plugin") version "0.8.0" + id("org.hypertrace.docker-java-application-plugin") version "0.8.1" + id("org.hypertrace.docker-publish-plugin") version "0.8.1" } dependencies {