ci: restore CI configuration

saitho · saitho · commit 0ea6858bf161 · 2020-12-28T17:19:55.000+01:00
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,23 @@
+* **Please check if the PR fulfills these requirements**
+- [ ] The commit message follows our guidelines
+- [ ] Tests for the changes have been added (for bug fixes / features)
+- [ ] Docs have been added / updated (for bug fixes / features)
+
+
+* **What kind of change does this PR introduce?** (Bug fix, feature, docs update, ...)
+
+
+
+* **What is the current behavior?** (You can also link to an open issue here)
+
+
+
+* **What is the new behavior (if this is a feature change)?**
+
+
+
+* **Does this PR introduce a breaking change?** (What changes might users need to make in their application due to this PR?)
+
+
+
+* **Other information**:
diff --git a/.github/linters/.isort.cfg b/.github/linters/.isort.cfg
@@ -0,0 +1,7 @@
+[settings]
+
+; https://pycqa.github.io/isort/#multi-line-output-modes
+multi_line_output = 3
+
+; necessary because black expect the trailing comma.
+include_trailing_comma = true
diff --git a/.github/workflows/cancel-redundant-builds.yml b/.github/workflows/cancel-redundant-builds.yml
@@ -0,0 +1,11 @@
+name: Cancel running jobs on PR update
+on: pull_request
+
+jobs:
+  build:
+    name: auto-cancellation-running-action
+    runs-on: ubuntu-latest
+    steps:
+      - uses: fauguste/auto-cancellation-running-action@0.1.2
+        with:
+          githubToken: ${{ secrets.GH_TOKEN }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,56 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master, next ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master, next ]
+  schedule:
+    - cron: '36 23 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ] #'go',
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -0,0 +1,22 @@
+---
+name: Lint Code Base
+
+on:
+  push:
+    branches-ignore:
+      - master
+      - next
+
+jobs:
+  build:
+    name: Lint Code Base
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v2
+      - name: Lint Code Base
+        uses: docker://github/super-linter:v3
+        env:
+          VALIDATE_ALL_CODEBASE: false
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
diff --git a/.github/workflows/test-cli.yml b/.github/workflows/test-cli.yml
@@ -0,0 +1,49 @@
+name: Test CLI
+
+on:
+  pull_request:
+    types: [opened, labeled, unlabeled, synchronize]
+    branches:
+      - master
+      - next
+
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Set up Go 1.13
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.13
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build
+        run: go build -v -o bin/stackhead-cli
+
+      - uses: actions/upload-artifact@v2
+        with:
+          name: stackhead-cli
+          path: bin/stackhead-cli
+
+  test-unit:
+    name: Unit Test
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go 1.13
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.13
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Test
+        run: go test ./...
diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml
@@ -0,0 +1,194 @@
+name: Integration Test
+
+on:
+  pull_request:
+    types: [opened, labeled, unlabeled, synchronize]
+    branches:
+      - master
+      - next
+
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Set up Go 1.13
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.13
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build
+        run: go build -v -o bin/stackhead-cli
+
+      - uses: actions/upload-artifact@v2
+        with:
+          name: stackhead-cli
+          path: bin/stackhead-cli
+
+  checkLabel:
+    needs: build
+    name: Please request integration test and review
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.draft == false
+    steps:
+      - run: if [ ${{ contains( github.event.pull_request.labels.*.name, 'action/integration-test') }} == false ]; then exit 1; else exit 0; fi
+
+  test-integration:
+    name: Integration Test
+    needs: checkLabel
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ 'ubuntu-18.04', 'ubuntu-20.04', 'centos-8' ]
+      fail-fast: false
+    if: github.event.pull_request.draft == false
+    env:
+      DOMAIN_PREFIX: pr-${{ github.event.number }}-cli-${{ matrix.os }}
+      DOMAIN: test.stackhead.io
+    steps:
+      - uses: actions/checkout@v2
+      - name: Remove Python 2 and old Ansible 2.9 version
+        run: sudo apt purge python ansible -y
+      - name: Set up Python 3
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+      - name: Install Ansible v2.10.3 (GH actions currently uses 2.9)
+        run: pip install ansible==2.10.3
+      - name: Print Ansible and Python version
+        run: ansible --version && python --version
+      - uses: webfactory/ssh-agent@v0.4.1
+        with:
+          ssh-private-key: "${{ secrets.SSH_PRIVATE_KEY }}"
+      - name: Setup Hetzner server
+        id: setup_server
+        uses: saitho/hetzner-cloud-action@v1.1.0
+        with:
+          action: create
+          server_name: "${{ env.DOMAIN_PREFIX }}"
+          server_image: ubuntu-18.04
+          server_location: fsn1
+          server_ssh_key_name: gh-actions
+          wait_for_ssh: 1
+        env:
+          API_TOKEN: ${{ secrets.HETZNER_TOKEN }}
+      - name: Add DNS record
+        uses: saitho/create-dns-record@patch-1
+        with:
+          type: "A"
+          name: "${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }}"
+          content: "${{ steps.setup_server.outputs.hcloud_server_created_ipv4 }}"
+          ttl: 1
+          proxied: 0
+          token: "${{ secrets.CLOUDFLARE_TOKEN }}"
+          zone: "${{ secrets.CLOUDFLARE_ZONE }}"
+      - name: Add DNS record for subdomain
+        uses: saitho/create-dns-record@patch-1
+        with:
+          type: "A"
+          name: "sub.${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }}"
+          content: "${{ steps.setup_server.outputs.hcloud_server_created_ipv4 }}"
+          ttl: 1
+          proxied: 0
+          token: "${{ secrets.CLOUDFLARE_TOKEN }}"
+          zone: "${{ secrets.CLOUDFLARE_ZONE }}"
+      - name: Download StackHead CLI artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: stackhead-cli
+          path: /home/runner/bin
+      - name: Set execution permission on binary
+        run: chmod +x /home/runner/bin/stackhead-cli
+        working-directory: /home/runner/bin
+      - name: Perform validation tests
+        run: |
+          /home/runner/bin/stackhead-cli cli validate ./schemas/examples/cli-config/valid/cli.yml
+          /home/runner/bin/stackhead-cli module validate ./schemas/examples/module-config/valid/container-module.yml
+          /home/runner/bin/stackhead-cli project validate ./schemas/examples/project-definition/valid/docker_project.yml
+      - name: Perform integration test
+        uses: ./actions/integration-test
+        with:
+          ipaddress: ${{ steps.setup_server.outputs.hcloud_server_created_ipv4 }}
+          domain: '${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }}'
+          domain2: 'sub.${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }}'
+          webserver: nginx # when using cli "getstackhead.stackhead_webserver_" prefix is added automatically
+          selftest: 1
+          cli: 1
+          cli_bin_path: /home/runner/bin/stackhead-cli
+          version: "${{ github.HEAD_REF }}"
+      - name: PR comment if integration stage was left intact
+        uses: mshick/add-pr-comment@v1
+        if: always() && contains( github.event.pull_request.labels.*.name, 'action/keep-integration-stage')
+        with:
+          message: |
+            Because the `action/keep-integration-stage` label was set, the integration stage is left intact.
+            You may now continue debugging on it, if you had been granted SSH access.
+
+            IP-Address: ${{ steps.setup_server.outputs.hcloud_server_created_ipv4 }}
+            OS: ${{ matrix.os }}
+
+            ## Quick command reference
+
+            ### Build
+
+            ```bash
+            INPUT_IPADDRESS=${{ steps.setup_server.outputs.hcloud_server_created_ipv4 }} INPUT_DOMAIN=${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }} INPUT_DOMAIN2=sub.${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }} INPUT_WEBSERVER=getstackhead.stackhead_webserver_nginx INPUT_CONTAINER=getstackhead.stackhead_container_docker INPUT_SELFTEST=1 GITHUB_ACTION_PATH=./actions/integration-test/ STACKHEAD_CLONE_LOCATION=. ./actions/integration-test/steps/build.sh
+            ```
+
+            ### Setup server
+
+            ```bash
+            INPUT_IPADDRESS=${{ steps.setup_server.outputs.hcloud_server_created_ipv4 }} INPUT_DOMAIN=${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }} INPUT_DOMAIN2=sub.${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }} INPUT_WEBSERVER=getstackhead.stackhead_webserver_nginx INPUT_CONTAINER=getstackhead.stackhead_container_docker INPUT_SELFTEST=1 GITHUB_ACTION_PATH=./actions/integration-test/ STACKHEAD_CLONE_LOCATION=. ./actions/integration-test/steps/setup.sh
+            ```
+
+            ### Deploy application
+
+            ```bash
+            INPUT_IPADDRESS=${{ steps.setup_server.outputs.hcloud_server_created_ipv4 }} INPUT_DOMAIN=${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }} INPUT_DOMAIN2=sub.${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }} INPUT_WEBSERVER=getstackhead.stackhead_webserver_nginx INPUT_CONTAINER=getstackhead.stackhead_container_docker INPUT_SELFTEST=1 GITHUB_ACTION_PATH=./actions/integration-test/ STACKHEAD_CLONE_LOCATION=. ./actions/integration-test/steps/deploy.sh
+            ```
+
+            ### Validate application
+
+            ```bash
+            INPUT_IPADDRESS=${{ steps.setup_server.outputs.hcloud_server_created_ipv4 }} INPUT_DOMAIN=${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }} INPUT_DOMAIN2=sub.${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }} INPUT_WEBSERVER=getstackhead.stackhead_webserver_nginx INPUT_CONTAINER=getstackhead.stackhead_container_docker INPUT_SELFTEST=1 GITHUB_ACTION_PATH=./actions/integration-test/ STACKHEAD_CLONE_LOCATION=. ./actions/integration-test/steps/validate.sh
+            ```
+
+            ### Destroy application
+
+            ```bash
+            INPUT_IPADDRESS=${{ steps.setup_server.outputs.hcloud_server_created_ipv4 }} INPUT_DOMAIN=${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }} INPUT_DOMAIN2=sub.${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }} INPUT_WEBSERVER=getstackhead.stackhead_webserver_nginx INPUT_CONTAINER=getstackhead.stackhead_container_docker INPUT_SELFTEST=1 GITHUB_ACTION_PATH=./actions/integration-test/ STACKHEAD_CLONE_LOCATION=. ./actions/integration-test/steps/destroy.sh
+            ```
+
+            ## Done debugging?
+
+            Destroy the stage by deleting the server in the Hetzner control panel and the DNS setting in the Cloudflare control panel.
+          repo-token: ${{ secrets.GH_TOKEN }}
+          allow-repeats: false
+      - name: Remove DNS record
+        uses: saitho/delete-dns-record@saitho-patch-1
+        if: always() && !contains( github.event.pull_request.labels.*.name, 'action/keep-integration-stage')
+        with:
+          name: "${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }}"
+          token: "${{ secrets.CLOUDFLARE_TOKEN }}"
+          zone: "${{ secrets.CLOUDFLARE_ZONE }}"
+      - name: Remove DNS record for subdomain
+        uses: saitho/delete-dns-record@saitho-patch-1
+        if: always() && !contains( github.event.pull_request.labels.*.name, 'action/keep-integration-stage')
+        with:
+          name: "sub.${{ env.DOMAIN_PREFIX }}.${{ env.DOMAIN }}"
+          token: "${{ secrets.CLOUDFLARE_TOKEN }}"
+          zone: "${{ secrets.CLOUDFLARE_ZONE }}"
+      - name: Remove Hetzner server
+        uses: saitho/hetzner-cloud-action@v1.1.0
+        if: always() && !contains( github.event.pull_request.labels.*.name, 'action/keep-integration-stage')
+        with:
+          action: remove
+          server_id: "${{ steps.setup_server.outputs.hcloud_server_id }}"
+        env:
+          API_TOKEN: ${{ secrets.HETZNER_TOKEN }}
