diff --git a/.github/workflows/action.yaml b/.github/workflows/action.yaml deleted file mode 100644 index 7730f01..0000000 --- a/.github/workflows/action.yaml +++ /dev/null @@ -1,33 +0,0 @@ -name: 📦️ Plugin Service CI - -on: - pull_request: - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number }} - cancel-in-progress: true - -jobs: - main: - name: Main Process - runs-on: ubuntu-latest - env: - GOLANGCI_LINT_VERSION: 'v2.3.0' - - steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - with: - go-version-file: 'go.mod' - - - name: Check and get dependencies - run: | - go mod download - go mod tidy - git diff --exit-code go.mod - git diff --exit-code go.sum - - - name: golangci-lint - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 #v9.2.0 - with: - version: ${{ env.GOLANGCI_LINT_VERSION }} \ No newline at end of file diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..f935e24 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,155 @@ +name: 📦️ Plugin Service CI +run-name: ${{ github.event_name != 'pull_request' && '🚀 Release' || '📦️ Build' }} + +on: + pull_request: + types: [opened, reopened, synchronize, ready_for_review] + push: + branches: + - master + tags: + - "v*" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +env: + ARTIFACT_NAME: 'plugin-service' + TAG: ${{ github.event_name != 'pull_request' && github.ref_name }} + +jobs: + lint: + runs-on: 'shipfox-2vcpu-ubuntu-2404' + if: ${{ github.event_name == 'pull_request' && !github.event.pull_request.draft }} + env: + # renovate: datasource=github-tags depName=golangci/golangci-lint versioning=loose + GOLANGCI_LINT_VERSION: 'v2.3.0' + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + with: + go-version-file: 'go.mod' + + - name: Check and get dependencies + run: | + go mod download + go mod tidy + git diff --exit-code go.mod + git diff --exit-code go.sum + + - name: golangci-lint + uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 #v9.2.0 + with: + version: ${{ env.GOLANGCI_LINT_VERSION }} + + test: + runs-on: 'shipfox-2vcpu-ubuntu-2404' + if: ${{ github.event_name == 'pull_request' && !github.event.pull_request.draft }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + with: + go-version-file: 'go.mod' + + - name: Test + if: ${{ github.event_name == 'pull_request' }} + run: make test + + build: + strategy: + matrix: + include: + - arch: amd64 + - arch: arm64 + runs-on: ${{ matrix.arch == 'amd64' && 'shipfox-2vcpu-ubuntu-2404' || 'shipfox-2vcpu-ubuntu-2404-arm' }} + if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }} + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + with: + go-version-file: 'go.mod' + + - name: Google auth + if: ${{ github.event_name == 'push' || startsWith(github.ref, 'refs/tags/') }} + id: auth + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3 + with: + project_id: ${{ vars.GCP_PROJECT_ID }} + token_format: access_token + service_account: ${{ vars.GCP_TRAEFIKER_SA }} + workload_identity_provider: ${{ vars.GCP_GHA_IDENTITY_PROVIDER }} + + - name: Login to GCR + if: ${{ github.event_name == 'push' || startsWith(github.ref, 'refs/tags/') }} + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 + with: + registry: gcr.io + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} + + - name: Build binary + run: make build + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + + - name: Build docker images + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + with: + context: . + file: buildx.Dockerfile + platforms: linux/${{ matrix.arch }} + push: ${{ github.event_name != 'pull_request' }} + tags: gcr.io/traefiklabs/${{ env.ARTIFACT_NAME }}:${{ github.sha }}-${{ matrix.arch }} + + push-manifest: + if: ${{ github.event_name == 'push' || startsWith(github.ref, 'refs/tags/') }} + runs-on: 'ubuntu-latest' + needs: [ build ] + permissions: + contents: read + id-token: write + steps: + - name: Google auth + id: auth + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3 + with: + project_id: ${{ vars.GCP_PROJECT_ID }} + token_format: access_token + service_account: ${{ vars.GCP_TRAEFIKER_SA }} + workload_identity_provider: ${{ vars.GCP_GHA_IDENTITY_PROVIDER }} + + - name: Login to GCR + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 + with: + registry: gcr.io + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} + + - name: docker meta + id: metadata + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 + with: + images: | + gcr.io/traefiklabs/${{ env.ARTIFACT_NAME }} + tags: | + type=match,pattern=(v\d+.\d+.\d+),group=1 + type=match,pattern=(v\d+.\d+.\d+),value=${{ inputs.tag }},group=1 + type=raw,value={{branch}}-{{sha}}-{{date 'X'}},enable={{is_default_branch}} + + - name: Create and push manifest + uses: int128/docker-manifest-create-action@8aac06098a12365ccdf99372dcfb453ccce8a0b0 # v2.16.0 + with: + tags: ${{ steps.metadata.outputs.tags }} + sources: | + gcr.io/traefiklabs/${{ env.ARTIFACT_NAME }}:${{ github.sha }}-amd64 + gcr.io/traefiklabs/${{ env.ARTIFACT_NAME }}:${{ github.sha }}-arm64 + + - name: Clean temporary images + run: | + gcloud artifacts tags delete --quiet --package=${{ env.ARTIFACT_NAME }} --location=us --repository=gcr.io ${{ github.sha }}-amd64 + gcloud artifacts tags delete --quiet --package=${{ env.ARTIFACT_NAME }} --location=us --repository=gcr.io ${{ github.sha }}-arm64 diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml deleted file mode 100644 index 5cc1292..0000000 --- a/.semaphore/semaphore.yml +++ /dev/null @@ -1,97 +0,0 @@ -version: v1.0 -name: Plugin service -agent: - machine: - type: e1-standard-2 - os_image: ubuntu2004 -fail_fast: - stop: - when: "branch != 'master'" - -auto_cancel: - queued: - when: "branch != 'master'" - running: - when: "branch != 'master'" - -global_job_config: - secrets: - - name: google-secrets - - name: dockerhub-pull-secrets - - name: github - - name: gomod-proxy - prologue: - commands: - # semaphoreCI use a bi-weekly rolling updates but it's not enough - # https://docs.semaphoreci.com/reference/semaphore-changelog/ - # so it's not possible to use sem-version. - # - sem-version go 1.14 - - curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin" - - sudo semgo go1.24 - - export "GOPATH=$(go env GOPATH)" - - export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}" - - export "PATH=${GOPATH}/bin:${PATH}" - - mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin" - - export GOPROXY=https://proxy.golang.org,https://athens.traefiklabs.tech,direct - - cat /home/semaphore/datas/traefiker-keyfile.json | docker login -u _json_key --password-stdin https://gcr.io - - echo "${DOCKERHUB_PASSWORD}" | docker login -u "${DOCKERHUB_USERNAME}" --password-stdin - - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v2.3.0 - - curl -sfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin" - - checkout - - cache restore "mod-${SEMAPHORE_PROJECT_NAME}-${SEMAPHORE_GIT_BRANCH}-$(checksum go.mod),mod-${SEMAPHORE_PROJECT_NAME}-$(checksum go.mod),mod-${SEMAPHORE_PROJECT_NAME}" - - docker buildx create --use - - docker run --privileged --rm tonistiigi/binfmt --install all - - make start-local-db -blocks: - - name: Warm cache - dependencies: [] - task: - jobs: - - name: Warm cache - commands: - - go mod tidy - - git diff --exit-code go.mod - - git diff --exit-code go.sum - - go mod download - - cache store "mod-${SEMAPHORE_PROJECT_NAME}-${SEMAPHORE_GIT_BRANCH}-$(checksum go.mod)" "${GOPATH}/pkg/mod" - - cache store "mod-${SEMAPHORE_PROJECT_NAME}-$(checksum go.mod)" "${GOPATH}/pkg/mod" - - cache store "mod-${SEMAPHORE_PROJECT_NAME}" "${GOPATH}/pkg/mod" - - name: Build on branches - dependencies: ["Warm cache"] - run: - when: "branch = 'master'" - task: - jobs: - - name: Build on branches - commands: - - make - - make multi-arch-image-latest - - make multi-arch-image-${SEMAPHORE_GIT_BRANCH}-${SEMAPHORE_GIT_SHA:0:7}-$(date +%s) - - - name: Build on PR - dependencies: ["Warm cache"] - run: - when: "pull_request =~ '.*'" - task: - env_vars: - - name: DOCKER_BUILDX_ARGS - value: "--push" - jobs: - - name: Run build - commands: - - make - - make multi-arch-image-pr-${SEMAPHORE_GIT_PR_NUMBER} - - - name: Tag - Build release - dependencies: ["Warm cache"] - run: - when: "tag =~ '^v'" - task: - env_vars: - - name: DOCKER_BUILDX_ARGS - value: "--push" - jobs: - - name: Tag - Build release - commands: - - make - - make multi-arch-image-${SEMAPHORE_GIT_TAG_NAME}