ci refactor (#16)

* app-build wf * refactor again * helm refactor * simplify image tagging * tidy env vars * trip env vars * tidy
f2calv · Jun 25, 2023 · 208d84d · 208d84d
1 parent bd394e4
commit 208d84d
Show file tree

Hide file tree

Showing 4 changed files with 209 additions and 162 deletions.
diff --git a/.github/workflows/build-app.yml b/.github/workflows/build-app.yml
@@ -0,0 +1,23 @@
+name: build-app
+
+on:
+  workflow_call:
+    inputs:
+      fullSemVer:
+        type: string
+        description: e.g. 1.2.3-feature-my-feature.12
+        required: true
+
+jobs:
+  build-app:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: dotnet restore
+        run: dotnet restore --verbosity minimal --configfile NuGet.config
+
+      - name: dotnet build
+        run: dotnet build -c Release --nologo --no-restore -p:Version='${{ inputs.fullSemVer }}' -p:SourceRevisionId=${{ github.sha }}
+
+      #TODO: could run dotnet test here, etc...
diff --git a/.github/workflows/build-chart.yml b/.github/workflows/build-chart.yml
@@ -0,0 +1,89 @@
+name: build-chart
+
+on:
+  workflow_call:
+    inputs:
+      semVer:
+        type: string
+        description: e.g. 1.2.3-feature-my-feature.12
+        required: true
+
+jobs:
+  build-chart:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write #for pushing helm package
+      contents: write #for creating releases/tags
+    env:
+      REGISTRY: ghcr.io
+      #CHART_REPOSITORY: Note: set dynamically, i.e. github.repository_owner/charts/IMAGE_NAME
+      GIT_TAG: ${{ inputs.semVer }}
+      HELM_EXPERIMENTAL_OCI: 1
+      HELM_VERSION_TO_INSTALL: 3.9.2 #Note: keep this version in sync inside the devcontainer
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 #Note: shallow clone may break git tag & ct lint...
+
+      - name: set vars (1 of 3)
+        run: |
+          IMAGE_NAME=$(echo $REPOSITORY | sed "s|$USERNAME\/||g")
+          echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
+
+      - name: set vars (2 of 3)
+        run: echo "CHART_REPOSITORY=${{ github.repository_owner }}/charts/$IMAGE_NAME" >> $GITHUB_ENV
+
+      - name: set vars (3 of 3) #pulls helm version from devcontainer
+        run: |
+          HELM_VERSION_TO_INSTALL=$(cat .devcontainer/devcontainer.json | jq -r '.features."kubectl-helm-minikube".helm')
+          echo "HELM_VERSION_TO_INSTALL=$HELM_VERSION_TO_INSTALL" >> $GITHUB_ENV
+
+      - name: install helm
+        uses: azure/setup-helm@v3
+        with:
+          version: ${{ env.HELM_VERSION_TO_INSTALL }}
+
+      - name: helm registry login
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${REGISTRY}/${CHART_REPOSITORY} --username ${{ github.repository_owner }} --password-stdin
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: 3.7
+        if: false #not implemented/working yet
+
+      - name: chart-testing (setup)
+        uses: helm/chart-testing-action@v2
+        if: false #not implemented/working yet
+
+      - name: chart-testing (run list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch main)
+          if [[ -n "$changed" ]]; then
+            echo "::set-output name=changed::true"
+          fi
+        if: false #not implemented/working yet
+
+      - name: chart-testing (run lint)
+        run: ct lint
+        if: false #not implemented/working yet
+
+      - name: create kind cluster
+        uses: helm/kind-action@v1
+        #if: steps.list-changed.outputs.changed == 'true'
+        if: false #not implemented/working yet
+
+      - name: chart-testing (run install)
+        run: ct install
+        if: false #not implemented/working yet
+
+      - name: helm package
+        run: |
+          helm package ${{ github.workspace }}/charts/$IMAGE_NAME/ --destination ${{ github.workspace }}/artifacts/ --app-version ${{ env.GIT_TAG }}
+        if: false #not implemented/working yet
+
+      - name: helm push
+        run: |
+          helm push ${{ github.workspace }}/artifacts/$IMAGE_NAME-0.1.0.tgz oci://ghcr.io/${{ github.repository_owner }}
+        if: false #not implemented/working yet, need to change the chart version in filename
diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
@@ -0,0 +1,81 @@
+name: build-image
+
+on:
+  workflow_call:
+    inputs:
+      semVer:
+        type: string
+        description: e.g. 1.2.3-feature-my-feature.12
+        required: true
+      registry:
+        type: string
+        description: e.g. ghcr.io or docker.io
+        default: ghcr.io
+      tagOverride:
+        type: string
+        description: Default branch tag override, i.e. tag 1.2.3 -> latest
+        default: latest
+      devTagOverride:
+        type: string
+        description: Feature branch tag override, i.e. tag 1.2.3-feature-my-feature.12 -> latest-dev
+        default: latest-dev
+      platform:
+        type: string
+        description: Specify the target platform for the build output, e.g. linux/amd64,linux/arm64,linux/arm/v7
+        default: linux/amd64,linux/arm64,linux/arm/v7
+
+jobs:
+  build-image:
+    runs-on: ubuntu-latest
+    #https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
+    #https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+    permissions:
+      packages: write #for pushing container image
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: set vars (1 of 3)
+        run: |
+          IMAGE_NAME=$(echo ${{ github.repository }} | sed "s|${{ github.repository_owner }}\/||g")
+          echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
+
+      - name: set vars (2 of 3)
+        if: github.ref != 'refs/heads/main' #feature branch use devTagOverride
+        run: |
+          echo "TAG=${{ inputs.devTagOverride }}" >> $GITHUB_ENV
+
+      - name: set vars (3 of 3)
+        if: github.ref == 'refs/heads/main' #default branch use tagOverride
+        run: |
+          echo "TAG=${{ inputs.tagOverride }}" >> $GITHUB_ENV
+          echo "OVERRIDE_TAG=${{ inputs.semVer }}" >> $GITHUB_ENV
+
+      - name: docker login ${{ inputs.registry }}
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ${{ inputs.registry }} -u ${{ github.actor }} --password-stdin
+
+      - name: docker buildx build/push
+        run: |
+          docker buildx create --name multiarchtest --use
+
+          SOME_OPT=()
+          if [ ! -z "$OVERRIDE_TAG" ]; then
+            SOME_OPT=(-t "${{ inputs.registry }}/${{ github.repository }}:$OVERRIDE_TAG")
+          fi
+
+          docker buildx build \
+            -t ${{ inputs.registry }}/${{ github.repository }}:$TAG \
+            "${SOME_OPT[@]}" \
+            --label "GITHUB_RUN_ID=${{ github.run_id }}" \
+            --label "IMAGE_NAME=$IMAGE_NAME" \
+            --label "org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}" \
+            --build-arg GIT_REPO=${{ github.repository }} \
+            --build-arg GIT_TAG=${{ inputs.semVer }} \
+            --build-arg GIT_BRANCH=${{ github.ref }} \
+            --build-arg GIT_COMMIT=${{ github.sha }} \
+            --build-arg GITHUB_WORKFLOW=${{ github.workflow }} \
+            --build-arg GITHUB_RUN_ID=${{ github.run_id }} \
+            --build-arg GITHUB_RUN_NUMBER=${{ github.run_number }} \
+            --platform ${{ inputs.platform }} \
+            --pull \
+            --push \
+            .
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -22,175 +22,29 @@ jobs:
   versioning:
     uses: ./.github/workflows/versioning.yml
 
-  build_app:
-    runs-on: ubuntu-latest
+  app:
+    uses: ./.github/workflows/build-app.yml
     needs: versioning
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: dotnet restore
-        run: dotnet restore --verbosity minimal --configfile NuGet.config
-
-      - name: dotnet build
-        run: dotnet build -c Release --nologo --no-restore -p:Version='${{ needs.versioning.outputs.fullSemVer }}' -p:SourceRevisionId=${{ github.sha }}
-
-      #TODO: could run dotnet test here, etc...
-
-  build_image:
-    runs-on: ubuntu-latest
-    needs: [versioning, build_app]
-    #https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
-    #https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
-    permissions:
-      packages: write #for pushing container image
-    env:
-      REGISTRY: ghcr.io
-      REPOSITORY: ${{ github.repository }}
-      GIT_REPO: ${{ github.repository }}
-      GIT_TAG: ${{ needs.versioning.outputs.semVer }}
-      GIT_BRANCH: ${{ github.ref }}
-      GIT_COMMIT: ${{ github.sha }}
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: set vars (1 of 2)
-        run: |
-          IMAGE_NAME=$(echo $REPOSITORY | sed "s|${{ github.repository_owner }}\/||g")
-          echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
-
-      - name: set vars (2 of 2)
-        if: github.ref != 'refs/heads/main' #non-default branch use a simplistic SemVer
-        run: echo "GIT_TAG=dev" >> $GITHUB_ENV
-
-      - name: docker login ${{ env.REGISTRY }}
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login $REGISTRY -u ${{ github.actor }} --password-stdin
-
-      - name: docker buildx build/push
-        if: github.ref == 'refs/heads/main'
-        run: |
-          docker buildx create --name multiarchtest --use
-          docker buildx build \
-            -t $REGISTRY/$REPOSITORY:$GIT_TAG \
-            -t $REGISTRY/$REPOSITORY:latest \
-            --label "GITHUB_RUN_ID=${{ github.run_id }}" \
-            --label "IMAGE_NAME=$IMAGE_NAME" \
-            --build-arg GIT_REPO=$GIT_REPO \
-            --build-arg GIT_TAG=$GIT_TAG \
-            --build-arg GIT_BRANCH=$GIT_BRANCH \
-            --build-arg GIT_COMMIT=$GIT_COMMIT \
-            --build-arg GITHUB_WORKFLOW=${{ github.workflow }} \
-            --build-arg GITHUB_RUN_ID=${{ github.run_id }} \
-            --build-arg GITHUB_RUN_NUMBER=${{ github.run_number }} \
-            --platform linux/amd64,linux/arm64,linux/arm/v7 \
-            --pull \
-            --push \
-            .
+    with:
+      fullSemVer: ${{ needs.versioning.outputs.fullSemVer }}
 
-      - name: docker buildx build/push (dev)
-        if: github.ref != 'refs/heads/main'
-        run: |
-          docker buildx create --name multiarchtest --use
-          docker buildx build \
-            -t $REGISTRY/$REPOSITORY:$GIT_TAG \
-            --label "GITHUB_RUN_ID=${{ github.run_id }}" \
-            --label "IMAGE_NAME=$IMAGE_NAME" \
-            --build-arg GIT_REPO=$GIT_REPO \
-            --build-arg GIT_TAG=$GIT_TAG \
-            --build-arg GIT_BRANCH=$GIT_BRANCH \
-            --build-arg GIT_COMMIT=$GIT_COMMIT \
-            --build-arg GITHUB_WORKFLOW=${{ github.workflow }} \
-            --build-arg GITHUB_RUN_ID=${{ github.run_id }} \
-            --build-arg GITHUB_RUN_NUMBER=${{ github.run_number }} \
-            --platform linux/amd64,linux/arm64,linux/arm/v7 \
-            --pull \
-            --push \
-            .
+  image:
+    uses: ./.github/workflows/build-image.yml
+    needs: [versioning, app]
+    with:
+      semVer: ${{ needs.versioning.outputs.semVer }}
 
-  push_chart:
-    runs-on: ubuntu-latest
-    needs: [versioning, build_app, build_image]
+  chart:
+    uses: ./.github/workflows/build-chart.yml
+    needs: [versioning, app, image]
     if: github.ref == 'refs/heads/main'
-    permissions:
-      packages: write #for pushing helm package
-      contents: write #for creating releases/tags
-    env:
-      REGISTRY: ghcr.io
-      #CHART_REPOSITORY: Note: set dynamically, i.e. github.repository_owner/charts/IMAGE_NAME
-      GIT_TAG: ${{ needs.versioning.outputs.semVer }}
-      HELM_EXPERIMENTAL_OCI: 1
-      HELM_VERSION_TO_INSTALL: 3.9.2 #Note: keep this version in sync inside the devcontainer
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0 #Note: shallow clone may break git tag & ct lint...
-
-      - name: set vars (1 of 3)
-        run: |
-          IMAGE_NAME=$(echo $REPOSITORY | sed "s|$USERNAME\/||g")
-          echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
-
-      - name: set vars (2 of 3)
-        run: echo "CHART_REPOSITORY=${{ github.repository_owner }}/charts/$IMAGE_NAME" >> $GITHUB_ENV
-
-      - name: set vars (3 of 3) #pulls helm version from devcontainer
-        run: |
-          HELM_VERSION_TO_INSTALL=$(cat .devcontainer/devcontainer.json | jq -r '.features."kubectl-helm-minikube".helm')
-          echo "HELM_VERSION_TO_INSTALL=$HELM_VERSION_TO_INSTALL" >> $GITHUB_ENV
-
-      - name: install helm
-        uses: azure/setup-helm@v3
-        with:
-          version: ${{ env.HELM_VERSION_TO_INSTALL }}
-
-      - name: helm registry login
-        run: |
-          echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${REGISTRY}/${CHART_REPOSITORY} --username ${{ github.repository_owner }} --password-stdin
-
-      - uses: actions/setup-python@v4
-        with:
-          python-version: 3.7
-        if: false #not implemented/working yet
-
-      - name: chart-testing (setup)
-        uses: helm/chart-testing-action@v2
-        if: false #not implemented/working yet
-
-      - name: chart-testing (run list-changed)
-        id: list-changed
-        run: |
-          changed=$(ct list-changed --target-branch main)
-          if [[ -n "$changed" ]]; then
-            echo "::set-output name=changed::true"
-          fi
-        if: false #not implemented/working yet
-
-      - name: chart-testing (run lint)
-        run: ct lint
-        if: false #not implemented/working yet
-
-      - name: create kind cluster
-        uses: helm/kind-action@v1
-        #if: steps.list-changed.outputs.changed == 'true'
-        if: false #not implemented/working yet
-
-      - name: chart-testing (run install)
-        run: ct install
-        if: false #not implemented/working yet
-
-      - name: helm package
-        run: |
-          helm package ${{ github.workspace }}/charts/$IMAGE_NAME/ --destination ${{ github.workspace }}/artifacts/ --app-version ${{ env.GIT_TAG }}
-        if: false #not implemented/working yet
-
-      - name: helm push
-        run: |
-          helm push ${{ github.workspace }}/artifacts/$IMAGE_NAME-0.1.0.tgz oci://ghcr.io/${{ github.repository_owner }}
-        if: false #not implemented/working yet, need to change the chart version in filename
+    with:
+      semVer: ${{ needs.versioning.outputs.semVer }}
 
   release:
-    needs: [build_app, build_image, push_chart]
+    needs: [versioning, app, image, chart]
     if: github.ref == 'refs/heads/main'
     uses: f2calv/gha-workflows/.github/workflows/gha-release-versioning.yml@v1
     with:
       tag-prefix: ''
-      move-major-tag: false      
+      move-major-tag: false