From 983e291c58027294e0e4d91d6cdf3dae336417f9 Mon Sep 17 00:00:00 2001 From: Simone Cottini Date: Mon, 11 Dec 2023 16:50:17 +0100 Subject: [PATCH 1/2] First version of GHA --- .github/CODEOWNERS | 1 + .github/dependabot.yml | 11 +++++ .github/workflows/cd.yml | 39 ++++++++++++++++++ .github/workflows/ci.yml | 78 ++++++++++++++++++++++++++++++++++++ .github/workflows/retire.yml | 44 ++++++++++++++++++++ 5 files changed, 173 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/cd.yml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/retire.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..a502a76 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @primait/shared-services diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..0f8f65b --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: mix # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 0000000..2861227 --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,39 @@ +name: CD + +on: + release: + types: [published] + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Setup Elixir + uses: erlef/setup-beam@v1 + with: + otp-version: '25' + elixir-version: '1.14' + - name: Checkout + uses: actions/checkout@v3 + - name: setup hex + run: | + mix local.hex --force + mix local.rebar --force + - name: Get deps + run: mix deps.get + - name: Get version + run: | + VERSION=$(grep -m1 version mix.exs | cut -d'"' -f2) + echo "VERSION=$VERSION" >> $GITHUB_ENV + - name: Check version + if: ${{ github.event.release.tag_name != env.VERSION }} + run: | + echo "Github ref tag [${{ github.event.release.tag_name }}] is different from mix.exs version [${{ env.VERSION }}]" + exit 1 + - name: Login to hex.pm + run: | + mix hex.config api_key "$HEX_AUTH_KEY" + env: + HEX_AUTH_KEY: ${{ secrets.HEX_AUTH_KEY }} + - name: Publish + run: mix hex.publish --yes diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..e2e1614 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,78 @@ +name: CI + +on: [push, pull_request] + +jobs: + ci: + # Avoid duplicate jobs on PR from a branch on the same repo + if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name + runs-on: ubuntu-latest + env: + MIX_ENV: test + steps: + - uses: erlef/setup-beam@v1 + with: + otp-version: '25' + elixir-version: '1.14' + + # Check out the code. + - name: Checkout + uses: actions/checkout@v3 + + # Define how to cache deps. Restores existing cache if present. + - name: Cache deps + id: cache-deps + uses: actions/cache@v3 + env: + cache-name: cache-elixir-deps + with: + path: deps + key: ${{ runner.os }}-mix-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }} + restore-keys: | + ${{ runner.os }}-mix-${{ env.cache-name }}- + # Define how to cache the `_build` directory. + # After the first run, this speeds up tests runs a lot. + # This includes not re-compiling our project's downloaded deps every run. + - name: Cache compiled build + id: cache-build + uses: actions/cache@v3 + env: + cache-name: cache-compiled-build + with: + path: _build + key: ${{ runner.os }}-mix-${{ env.cache-name }}-${{ hashFiles('**/mix.lock') }} + restore-keys: | + ${{ runner.os }}-mix-${{ env.cache-name }}- + ${{ runner.os }}-mix- + + # Conditionally bust the cache when job is re-run. + # Sometimes, we may have issues with incremental builds that are fixed by doing a full recompile. + # In order to not waste dev time on such trivial issues force a full recompile only on builds that are retried. + # See https://fly.io/docs/elixir/advanced-guides/github-actions-elixir-ci-cd/ for more infos + - name: Clean to rule out incremental build as a source of flakiness + if: github.run_attempt != '1' + run: | + mix deps.clean --all + mix clean + - name: Deps get + run: mix deps.get + - name: Dependencies Check + run: mix deps.unlock --check-unused + - name: Compiles without warnings + run: mix compile --warnings-as-errors + - name: Check Formatting + run: mix format --check-formatted + - name: Credo + run: mix credo -a --strict + - name: Test + run: mix test + - name: Dialyzer + run: mix dialyzer + + alls-green: + if: always() && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) + runs-on: ubuntu-latest + needs: + - ci + steps: + - run: ${{ !contains(needs.*.result, 'failure') }} diff --git a/.github/workflows/retire.yml b/.github/workflows/retire.yml new file mode 100644 index 0000000..160cec8 --- /dev/null +++ b/.github/workflows/retire.yml @@ -0,0 +1,44 @@ +on: + workflow_dispatch: + inputs: + reason: + description: Retire reason + required: true + default: invalid + type: choice + options: + - renamed + - deprecated + - security + - invalid + - other + message: + description: Retire message + required: true + default: Version has a breaking bug + type: string + version: + description: Version to retire + required: true + default: x.y.z + type: string + +jobs: + retire: + runs-on: ubuntu-latest + env: + MESSAGE: ${{ inputs.message }} + REASON: ${{ inputs.reason }} + VERSION: ${{ inputs.version }} + steps: + - uses: actions/checkout@v4 + - uses: erlef/setup-beam@v1 + with: + otp-version: '24' + elixir-version: '1.13' + - run: echo "Attempting to retire version $VERSION" + - run: mix hex.config api_key "$HEX_AUTH_KEY" + env: + HEX_AUTH_KEY: ${{ secrets.HEX_AUTH_KEY }} + - run: mix hex.user whoami + - run: mix hex.retire mix_unused_discoveries "$VERSION" "$REASON" --message "$MESSAGE" From be38bcb21a4690149baf9c9ec324f754141101ee Mon Sep 17 00:00:00 2001 From: Simone Cottini Date: Mon, 11 Dec 2023 16:53:11 +0100 Subject: [PATCH 2/2] Remove drone.yml file --- .drone.yml | 201 ----------------------------------------------------- 1 file changed, 201 deletions(-) delete mode 100644 .drone.yml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index a8290d0..0000000 --- a/.drone.yml +++ /dev/null @@ -1,201 +0,0 @@ ---- -kind: pipeline -name: default - -platform: - os: linux - arch: amd64 - -clone: - disable: true - -steps: -- name: git-clone - image: public.ecr.aws/prima/drone-git:1.3-3 - environment: - PLUGIN_DEPTH: 5 - -- name: cache-restore - image: public.ecr.aws/prima/drone-tools:1.22.1 - commands: - - . /etc/profile.d/ecs-credentials-endpoint - - cache-restore - environment: - BUCKET_NAME: prima-ci-cache - CACHE_COMPRESSION_ALGO: gz - volumes: - - name: ecs - path: /etc/profile.d/ecs-credentials-endpoint - - name: docker - path: /var/run/docker.sock - depends_on: - - git-clone - -- name: check-secrets - image: public.ecr.aws/prima/drone-tools:1.22.1 - commands: - - . /etc/profile.d/ecs-credentials-endpoint - - check-secrets-grants - volumes: - - name: ecs - path: /etc/profile.d/ecs-credentials-endpoint - depends_on: - - git-clone - -- name: check-public-docker-images - image: public.ecr.aws/prima/drone-tools:1.22.1 - commands: - - check-public-docker-images - depends_on: - - git-clone - -- name: build-image - image: public.ecr.aws/prima/drone-tools:1.22.1 - commands: - - sed -i 's/USER app/USER root/g' ./Dockerfile - - docker build -t prima/mix_unused_discoveries-ci:${DRONE_COMMIT} ./ - environment: - DOCKER_DEFAULT_PLATFORM: linux/amd64 - volumes: - - name: docker - path: /var/run/docker.sock - depends_on: - - cache-restore - -- name: elixir-dependencies - image: prima/mix_unused_discoveries-ci:${DRONE_COMMIT} - commands: - - mix deps.get - depends_on: - - build-image - -- name: elixir-compile - image: prima/mix_unused_discoveries-ci:${DRONE_COMMIT} - commands: - - mix do clean, compile --all-warnings --warnings-as-errors --ignore-module-conflict --debug-info - environment: - MIX_ENV: test - depends_on: - - elixir-dependencies - -- name: elixir-dep-check - image: prima/mix_unused_discoveries-ci:${DRONE_COMMIT} - commands: - - mix deps.unlock --check-unused - environment: - MIX_ENV: test - depends_on: - - elixir-compile - -- name: elixir-format - image: prima/mix_unused_discoveries-ci:${DRONE_COMMIT} - commands: - - mix format --check-formatted - environment: - MIX_ENV: test - depends_on: - - elixir-compile - -- name: elixir-test - image: prima/mix_unused_discoveries-ci:${DRONE_COMMIT} - commands: - - mix test - environment: - MIX_ENV: test - depends_on: - - elixir-compile - -- name: elixir-credo - image: prima/mix_unused_discoveries-ci:${DRONE_COMMIT} - commands: - - mix credo -a --strict - environment: - MIX_ENV: test - depends_on: - - elixir-compile - -- name: elixir-dialyzer - image: prima/mix_unused_discoveries-ci:${DRONE_COMMIT} - commands: - - mix dialyzer - environment: - MIX_ENV: test - depends_on: - - elixir-compile - -- name: cache-save - image: public.ecr.aws/prima/drone-tools:1.22.1 - commands: - - . /etc/profile.d/ecs-credentials-endpoint - - cache-save _build deps - environment: - BUCKET_NAME: prima-ci-cache - CACHE_COMPRESSION_ALGO: gz - volumes: - - name: ecs - path: /etc/profile.d/ecs-credentials-endpoint - - name: docker - path: /var/run/docker.sock - when: - branch: - - master - depends_on: - - elixir-compile - - elixir-format - - elixir-test - - elixir-credo - - elixir-dialyzer - - elixir-dep-check - -volumes: -- name: docker - host: - path: /var/run/docker.sock -- name: ecs - host: - path: /etc/profile.d/ecs-credentials-endpoint - -trigger: - event: - - push - ---- -kind: pipeline -name: email-failure - -platform: - os: linux - arch: amd64 - -clone: - disable: true - -steps: -- name: email-failure - image: public.ecr.aws/prima/drone-email - settings: - from: drone@prima.it - host: email-smtp.eu-west-1.amazonaws.com - environment: - PLUGIN_PASSWORD: - from_secret: email_password - PLUGIN_USERNAME: - from_secret: email_username - -trigger: - status: - - failure - target: - exclude: - - qa-stack - - qa-it - - qa - -depends_on: -- default - ---- -kind: signature -hmac: 545ad1bed573812fa768357b0b89263186d128c90343de689e3eb40645142b3c - -...