operate-first · sesheta · May 3, 2022 · Apr 28, 2022
diff --git a/.aicoe-ci.yaml b/.aicoe-ci.yaml
@@ -1,13 +1 @@
 check: []
-build:
-  build-strategy: Source
-  base-image: registry.access.redhat.com/ubi8/nodejs-16:latest
-  registry: quay.io
-  registry-org: open-services-group
-  registry-project: peribolos-as-a-service
-  registry-secret: osg-pusher-secret
-deploy:
-  project-org: open-services-group
-  project-name: peribolos-as-a-service
-  image-name: peribolos-service-controller
-  overlay-contextpath: "manifests/overlays/prod/imagestream.yaml"
diff --git a/.github/ISSUE_TEMPLATE/promote.md b/.github/ISSUE_TEMPLATE/promote.md
@@ -0,0 +1,8 @@
+---
+name: Promote stage images to prod
+about: "⚠ Maintainers only. Schedule environment promotion."
+title: Promote `stage` environment to `prod`
+labels: kind/promote, bot
+---
+
+Promote `stage` to `prod`, please.
diff --git a/.github/ISSUE_TEMPLATE/release.md b/.github/ISSUE_TEMPLATE/release.md
@@ -0,0 +1,8 @@
+---
+name: Trigger a new release
+about: "⚠ Maintainers only. Schedule repo for a semantic release."
+title: New semantic release
+labels: kind/release, bot
+---
+
+Create a new release, please.
diff --git a/.github/actions/build-controller/action.yaml b/.github/actions/build-controller/action.yaml
@@ -0,0 +1,22 @@
+name: Build Controller
+description: Build Controller container as an S2I image
+inputs:
+  tags:
+    type: string
+    default: ${{ github.sha }}
+runs:
+  using: "composite"
+  steps:
+    - name: Read S2I base image
+      id: s2ibase
+      uses: juliangruber/read-file-action@v1
+      with:
+        path: ./.s2ibase
+
+    - name: S2I Build
+      uses: redhat-actions/s2i-build@v2
+      with:
+        path_context: "."
+        builder_image: "${{ steps.s2ibase.outputs.content }}"
+        image: peribolos-as-a-service
+        tags: "${{ inputs.tags }}"
diff --git a/.github/actions/build-peribolos/action.yaml b/.github/actions/build-peribolos/action.yaml
@@ -0,0 +1,26 @@
+name: Build Peribolos
+description: Build Peribolos container from ./peribolos-fix/Dockerfile
+inputs:
+  tags:
+    type: string
+    default: ${{ github.sha }}
+runs:
+  using: "composite"
+  steps:
+    - name: Cache
+      uses: actions/cache@v3
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+
+    - name: Build
+      uses: redhat-actions/buildah-build@v2
+      with:
+        image: peribolos
+        tags: "${{ inputs.tags }}"
+        context: peribolos-fix
+        containerfiles: peribolos-fix/Dockerfile
diff --git a/.github/actions/check-maintainer-role/action.yaml b/.github/actions/check-maintainer-role/action.yaml
@@ -0,0 +1,63 @@
+name: Check actor's maintainer role
+description: Check if actor is has write permission to the repo and report back in a comment
+inputs:
+  success:
+    required: true
+    type: string
+  failure:
+    required: true
+    type: string
+  label:
+    required: true
+    type: string
+  token:
+    required: true
+    type: string
+outputs:
+  comment-id:
+    description: "ID of the comment created on target issue"
+    value: ${{ steps.comment.outputs.comment-id }}
+runs:
+  using: "composite"
+  steps:
+    - name: Check if user has write access
+      uses: lannonbr/[email protected]
+      continue-on-error: true
+      id: access
+      with:
+        permission: write
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}
+
+    - name: Check issue label
+      if: ${{ !contains(github.event.issue.labels.*.name, inputs.label) }}
+      continue-on-error: true
+      id: releaseLabel
+      shell: bash
+      run: exit 1
+
+    - name: Close Issue
+      uses: peter-evans/close-issue@v1
+      if: ${{ !steps.access.outcome == 'failure' && steps.releaseLabel.outcome == 'success' }}
+      with:
+        issue-number: ${{ github.event.issue.number }}
+        body: |
+          ⛔ You're not a maintainer @${{ github.event.issue.user.id }}. ${{ inputs.failure }}
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}
+
+    - name: Exit on failure
+      if: ${{ steps.access.outcome == 'failure' || steps.releaseLabel.outcome == 'failure' }}
+      shell: bash
+      run: exit 1
+
+    - name: Create success comment
+      uses: peter-evans/create-or-update-comment@v1
+      if: ${{ success() }}
+      id: comment
+      with:
+        issue-number: ${{ github.event.issue.number }}
+        body: |
+          🚀 ${{ inputs.success }} from ${{ github.sha }}. Job started [here](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}).
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}
diff --git a/.github/actions/test/action.yaml b/.github/actions/test/action.yaml
@@ -0,0 +1,31 @@
+name: Test
+description: Test Node.js package
+runs:
+  using: "composite"
+  steps:
+    - name: Read Node.js version
+      id: node_version
+      uses: juliangruber/read-file-action@v1
+      with:
+        path: ./.nvmrc
+
+    - name: Setup Node.js
+      uses: actions/setup-node@v3
+      with:
+        node-version: "${{ steps.node_version.outputs.content }}"
+
+    - name: Cache Node.js modules
+      uses: actions/cache@v3
+      with:
+        path: ~/.npm
+        key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.OS }}-node-
+
+    - name: Install dependencies
+      shell: bash
+      run: npm ci
+
+    - name: Run tests
+      shell: bash
+      run: npm test
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -0,0 +1,34 @@
+name: Pull request
+
+on: pull_request
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Test
+        uses: ./.github/actions/test
+
+  build-controller:
+    name: Build controller
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Build
+        uses: ./.github/actions/build-controller
+
+  build-peribolos:
+    name: Build peribolos
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Build
+        uses: ./.github/actions/build-peribolos
diff --git a/.github/workflows/promote.yaml b/.github/workflows/promote.yaml
@@ -0,0 +1,63 @@
+name: Promote
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  promote:
+    name: Promote
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Check actor's permissions
+        uses: ./.github/actions/check-maintainer-role
+        id: check-promote
+        with:
+          success: Promotion issue noticed. Promotion triggered
+          failure: You can't trigger a environment promotion
+          label: kind/promote
+
+      - name: Get images used in stage
+        uses: mikefarah/yq@master
+        id: stage
+        with:
+          cmd: yq e ".images" manifests/overlays/stage/kustomization.yaml
+
+      - name: Use stage images in prod
+        uses: mikefarah/yq@master
+        with:
+          cmd: yq e -i '.images=(strenv(IMAGES) | from_yaml)' manifests/overlays/prod/kustomization.yaml
+        env:
+          IMAGES: ${{ steps.stage.outputs.result }}
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        id: pr
+        with:
+          commit-message: "chore(manifests): Promote staging to prod"
+          title: "chore(manifests): Promote staging to prod"
+          branch: "promote/${{ github.event.issue.number }}"
+          delete-branch: true
+          author: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
+          body: |
+            Closes: ${{ github.event.issue.html_url }}
+
+            :up: Bumps `prod` overlay to use new images (copied from `stage`):
+
+            ```yaml
+            ${{ steps.stage.outputs.result }}
+            ```
+
+      - name: Create success comment
+        uses: peter-evans/create-or-update-comment@v1
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          comment-id: ${{ steps.check-promote.outputs.comment-id }}
+          body: |
+            🙏 Promote pull request created at ${{ steps.pr.outputs.pull-request-url }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
@@ -0,0 +1,61 @@
+name: Push
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Test
+        uses: ./.github/actions/test
+
+  build-controller:
+    name: Build and Push Controller
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Build
+        uses: ./.github/actions/build-controller
+        with:
+          tags: ${{ github.sha }} latest
+
+      - name: Push To Quay
+        uses: redhat-actions/push-to-registry@v2
+        if: ${{ github.repository == 'open-services-group/peribolos-as-a-service'}}
+        with:
+          image: peribolos-as-a-service
+          tags: ${{ github.sha }} latest
+          registry: quay.io/open-services-group
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+
+  build-peribolos:
+    name: Build and Push Peribolos
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Build
+        uses: ./.github/actions/build-peribolos
+        with:
+          tags: ${{ github.sha }} latest
+
+      - name: Push To Quay
+        uses: redhat-actions/push-to-registry@v2
+        if: ${{ github.repository == 'open-services-group/peribolos-as-a-service'}}
+        with:
+          image: peribolos
+          tags: ${{ github.sha }} latest
+          registry: quay.io/open-services-group
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}