From ca2c530429e7b71362685594b8b150e7ac9559a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Alejandro=20Marug=C3=A1n?= Date: Thu, 15 Aug 2024 00:11:09 +0200 Subject: [PATCH] feat: improve workflows closes #4 closes #5 closes #6 --- .github/updatecli/dependencies.yaml | 64 ++++++++++++++ .github/workflows/check-changes.yaml | 108 +++++++++++++++++------- .github/workflows/release.yaml | 119 ++++++++++++++------------- .gitignore | 1 + .lastbuild | 1 - Dockerfile | 2 +- 6 files changed, 209 insertions(+), 86 deletions(-) create mode 100644 .github/updatecli/dependencies.yaml create mode 100644 .gitignore delete mode 100644 .lastbuild diff --git a/.github/updatecli/dependencies.yaml b/.github/updatecli/dependencies.yaml new file mode 100644 index 0000000..253bdc8 --- /dev/null +++ b/.github/updatecli/dependencies.yaml @@ -0,0 +1,64 @@ +scms: + cruise-control: + kind: github + spec: + owner: "linkedin" + repository: "cruise-control" + token: {{ requiredEnv "GITHUB_TOKEN" }} + branch: "main" +sources: + aws-msk-iam-auth: + kind: githubrelease + spec: + owner: "aws" + repository: "aws-msk-iam-auth" + token: {{ requiredEnv "GITHUB_TOKEN" }} + versionFilter: + kind: semver + transformers: + - trimprefix: "v" + cruise-control: + kind: gittag + scmid: cruise-control + spec: + versionfilter: + kind: semver + cruise-control-ui: + kind: githubrelease + spec: + owner: "linkedin" + repository: "cruise-control-ui" + token: {{ requiredEnv "GITHUB_TOKEN" }} + versionFilter: + kind: semver + transformers: + - trimprefix: "v" +conditions: {} +targets: + update-aws-msk-iam-auth-version: + name: "Update the value of ARG AWS_MSK_IAM_AUTH_VERSION in the Dockerfile" + sourceid: aws-msk-iam-auth + kind: dockerfile + spec: + file: Dockerfile + instruction: + keyword: "ARG" + matcher: "AWS_MSK_IAM_AUTH_VERSION" + update-cc-tag: + name: "Update the value of ARG CC_TAG in the Dockerfile" + sourceid: cruise-control + kind: dockerfile + spec: + file: Dockerfile + instruction: + keyword: "ARG" + matcher: "CC_TAG" + update-cc-ui-tag: + name: "Update the value of ARG CC_UI_TAG in the Dockerfile" + sourceid: cruise-control-ui + kind: dockerfile + spec: + file: Dockerfile + instruction: + keyword: "ARG" + matcher: "CC_UI_TAG" diff --git a/.github/workflows/check-changes.yaml b/.github/workflows/check-changes.yaml index a71ddbe..293a50f 100644 --- a/.github/workflows/check-changes.yaml +++ b/.github/workflows/check-changes.yaml @@ -13,46 +13,98 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - - - name: Get latest tag - id: latest_release - run: | - latest_release=$(curl -s https://api.github.com/repos/linkedin/cruise-control/tags | jq -r '.[0].name') - echo "latest_release=$latest_release" >> $GITHUB_OUTPUT - + - name: Get current tag id: current_release run: | - current_release=$(grep lastTag .lastbuild | cut -d '=' -f 2) - echo "current_release=$current_release" >> $GITHUB_OUTPUT - + # cc_tag + cc_current_release=$(grep "ARG CC_TAG" Dockerfile | cut -d '=' -f 2) + echo "cc_current_release=$cc_current_release" >> $GITHUB_OUTPUT + + # cc_ui_tag + cc_ui_current_release=$(grep "ARG CC_TAG_UI" Dockerfile | cut -d '=' -f 2) + echo "cc_ui_current_release=$cc_ui_current_release" >> $GITHUB_OUTPUT + + # iam_tag + iam_current_release=$(grep "ARG AWS_MSK_IAM_AUTH_VERSION" Dockerfile | cut -d '=' -f 2) + echo "iam_current_release=$iam_current_release" >> $GITHUB_OUTPUT + + - name: Install updatecli + uses: updatecli/updatecli-action@v2 + + - name: Update dependencies + env: + GITHUB_TOKEN: ${{ secrets.PAT_GITHUB }} + run: | + updatecli apply --config .github/updatecli/dependencies.yaml --commit=false + + - name: Get latest tag + id: latest_release + run: | + # cc_tag + cc_latest_release=$(grep "ARG CC_TAG" Dockerfile | cut -d '=' -f 2) + echo "cc_latest_release=$cc_latest_release" >> $GITHUB_OUTPUT + + # cc_ui_tag + cc_ui_latest_release=$(grep "ARG CC_TAG_UI" Dockerfile | cut -d '=' -f 2) + echo "cc_ui_latest_release=$cc_ui_latest_release" >> $GITHUB_OUTPUT + + # iam_tag + iam_latest_release=$(grep "ARG AWS_MSK_IAM_AUTH_VERSION" Dockerfile | cut -d '=' -f 2) + echo "iam_latest_release=$iam_latest_release" >> $GITHUB_OUTPUT + + # complete tag + echo "complete_tag=cc$cc_latest_release-iam$iam_latest_release" >> $GITHUB_OUTPUT + - name: Check if exists changes id: check_changes + env: + cc_latest_release: ${{ steps.latest_release.outputs.cc_latest_release }} + cc_ui_latest_release: ${{ steps.latest_release.outputs.cc_ui_latest_release }} + iam_latest_release: ${{ steps.latest_release.outputs.iam_latest_release }} run: | - # check changes - if [ ${{ steps.latest_release.outputs.latest_release }} != ${{ steps.current_release.outputs.current_release }} ]; then - echo "release_changed=true" >> $GITHUB_OUTPUT + # Cruise Control + if [ "$cc_current_release" != "$cc_latest_release" ]; then + body+="Cruise Control version:\n" + body+=" - :information_source: Current: $cc_current_release\n" + body+=" - :up: Upgrade: $cc_latest_release\n" + body+=" - Changelog: https://github.com/linkedin/cruise-control/releases/tag/$cc_latest_release\n\n" + + echo "release_changed=true" >> $GITHUB_OUTPUT + fi + + # Cruise Control UI + if [ "$cc_ui_current_release" != "$cc_ui_latest_release" ]; then + body+="Cruise Control UI version:\n" + body+=" - :information_source: Current: $cc_ui_current_release\n" + body+=" - :up: Upgrade: $cc_ui_latest_release\n" + body+=" - Changelog: https://github.com/linkedin/cruise-control-ui/releases/tag/v$cc_ui_latest_release\n\n" + + echo "release_changed=true" >> $GITHUB_OUTPUT fi - - # save file - echo "lastTag=$new_tag" > .lastbuild - - - name: Create PR with .lastbuild changes + + # IAM + if [ "$iam_current_release" != "$iam_latest_release" ]; then + body+="AWS IAM Auth version:\n" + body+=" - :information_source: Current: $iam_current_release\n" + body+=" - :up: Upgrade: $iam_latest_release\n" + body+=" - Changelog: https://github.com/aws/aws-msk-iam-auth/releases/tag/v$iam_latest_release\n\n" + + echo "release_changed=true" >> $GITHUB_OUTPUT + fi + + echo -e "$body" > pr-output.log + + - name: Create PR changes if: steps.check_changes.outputs.release_changed == 'true' uses: peter-evans/create-pull-request@v6 with: token: ${{ secrets.PAT_GITHUB }} - commit-message: "feat: new cruise-control version ${{ steps.latest_release.outputs.latest_release }}" + commit-message: "feat: new cruise-control version ${{ steps.latest_release.outputs.complete_tag }}" signoff: false - branch: feat/upgrade-cruise-control-${{ steps.latest_release.outputs.latest_release }} + branch: feat/upgrade-cruise-control-${{ steps.latest_release.outputs.complete_tag }} delete-branch: true - title: '[cruise-control] new release: ${{ steps.latest_release.outputs.latest_release }}' - body: | - Cruise Control version: - - :information_source: Current: `${{ steps.current_release.outputs.current_release }}` - - :up: Upgrade: `${{ steps.latest_release.outputs.latest_release }}` - - Changelog: https://github.com/linkedin/cruise-control/releases/tag/${{ steps.latest_release.outputs.latest_release }} + title: '[cruise-control] new release: ${{ steps.latest_release.outputs.complete_tag }}' + body-path: pr-output.log labels: | auto-pr-bump-version - team-reviewers: devops-ia diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8fa54bf..de664ae 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,12 +7,12 @@ env: GHCR_REPO: ${{ github.repository }} on: + workflow_dispatch: push: branches: - main paths: - - .lastbuild - workflow_dispatch: + - Dockerfile jobs: release: @@ -20,9 +20,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - jdk_version: - - 11 - - 17 + jdk_version: [11, 17] permissions: contents: write @@ -36,11 +34,35 @@ jobs: with: fetch-depth: 0 - - name: Read .lastbuild file + - name: Read tags from Dockerfile id: current_tag run: | - current_tag=$(grep lastTag .lastbuild | cut -d '=' -f 2) - echo "current_tag=$current_tag" >> $GITHUB_OUTPUT + # cc_tag + cc_current_tag=$(grep "ARG CC_TAG" Dockerfile | cut -d '=' -f 2) + echo "cc_current_tag=$cc_current_tag" >> $GITHUB_OUTPUT + + # cc_ui_tag + cc_current_tag=$(grep "ARG CC_TAG_UI" Dockerfile | cut -d '=' -f 2) + echo "cc_ui_current_tag=$cc_ui_current_tag" >> $GITHUB_OUTPUT + + # iam_tag + iam_current_tag=$(grep "ARG AWS_MSK_IAM_AUTH_VERSION" Dockerfile | cut -d '=' -f 2) + echo "iam_current_tag=$iam_current_tag" >> $GITHUB_OUTPUT + + - name: "Set Docker metadata" + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.DOCKERHUB_USER }}/${{ env.DOCKERHUB_REPO }} + ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }} + labels: | + org.opencontainers.image.maintainer=ialejandro + org.opencontainers.image.title=Cruise Control + org.opencontainers.image.description=Cruise Control for Apache Kafka + org.opencontainers.image.vendor=DevOps IA + tags: | + type=sha,enable=false - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -48,9 +70,13 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - ############## - # DOCKERHUB - ############## + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- - name: "[DOCKERHUB] Log in to Docker Hub" uses: docker/login-action@v3 @@ -58,22 +84,31 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: "[DOCKERHUB] Build and push Docker image" + - name: "[GHCR] Log in to the Container registry" + uses: docker/login-action@v3 + with: + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: "Build and push Docker image" uses: docker/build-push-action@v6 with: + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max context: . - push: true + labels: ${{ steps.meta.outputs.labels }} platforms: linux/amd64,linux/arm64 - build-args: | - OPENJDK_VERSION=${{ matrix.jdk_version }} - CC_TAG=${{ steps.current_tag.outputs.current_tag }} - tags: | - ${{ env.DOCKERHUB_USER }}/${{ env.DOCKERHUB_REPO }}:jdk${{ matrix.jdk_version }}-cc${{ steps.current_tag.outputs.current_tag }} + push: true + sbom: true + tags: ${{ steps.meta.outputs.tags }} - - name: "[DOCKERHUB] Update README.md default version" + - name: "Update README.md default version" run: | # replace default version - sed -i "s/\* Cruise Control: .*/* Cruise Control: \`${{ steps.current_tag.outputs.current_tag }}\`/" README.md + sed -i "s/\* Cruise Control: .*/* Cruise Control: \`${{ steps.current_tag.outputs.cc_current_tag }}\`/" README.md + sed -i "s/\* Cruise Control UI: .*/* Cruise Control UI: \`${{ steps.current_tag.outputs.cc_ui_current_tag }}\`/" README.md + sed -i "s/\* AWS IAM Auth: .*/* AWS IAM Auth: \`${{ steps.current_tag.outputs.iam_current_tag }}\`/" README.md # push changes git config --global user.email "github-actions[bot]@users.noreply.github.com" @@ -89,45 +124,17 @@ jobs: password: ${{ secrets.DOCKERHUB_PASSWORD }} repository: ${{ env.DOCKERHUB_USER }}/${{ env.DOCKERHUB_REPO }} - ############## - # GHCR - ############## - - - name: "[GHCR] Log in to the Container registry" - uses: docker/login-action@v3 - with: - registry: ${{ env.GHCR_REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: "[GHCR] Get metadata" - uses: docker/metadata-action@v5 - with: - images: | - ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }} - tags: | - type=sha,enable=false - labels: | - maintainer=ialejandro - org.opencontainers.image.title=cruise-control - org.opencontainers.image.description=Cruise Control for Apache Kafka - - - name: "[GHCR] Build and push Docker image" - id: push - uses: docker/build-push-action@v6 - with: - context: . - push: true - platforms: linux/amd64,linux/arm64 - build-args: | - OPENJDK_VERSION=${{ matrix.jdk_version }} - CC_TAG=${{ steps.current_tag.outputs.current_tag }} - tags: | - ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }}:jdk${{ matrix.jdk_version }}-cc${{ steps.current_tag.outputs.current_tag }} - - name: "[GHCR] Generate artifact" uses: actions/attest-build-provenance@v1 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPO }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true + + - # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5f25650 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +pr-output.log diff --git a/.lastbuild b/.lastbuild deleted file mode 100644 index aa66334..0000000 --- a/.lastbuild +++ /dev/null @@ -1 +0,0 @@ -lastTag=2.5.138 diff --git a/Dockerfile b/Dockerfile index 6e4f718..362e872 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG OPENJDK_VERSION=11 +ARG OPENJDK_VERSION=17 FROM amazoncorretto:${OPENJDK_VERSION} as base