-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
pasqualedevita
committed
Oct 18, 2022
1 parent
837cbde
commit b4e92aa
Showing
8 changed files
with
286 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# EditorConfig is awesome: http://EditorConfig.org | ||
# Uses editorconfig to maintain consistent coding styles | ||
|
||
# top-most EditorConfig file | ||
root = true | ||
|
||
# Unix-style newlines with a newline ending every file | ||
[*] | ||
charset = utf-8 | ||
end_of_line = lf | ||
indent_size = 2 | ||
indent_style = space | ||
insert_final_newline = true | ||
max_line_length = 80 | ||
trim_trailing_whitespace = true | ||
|
||
[*.xml] | ||
charset = utf-8 | ||
end_of_line = lf | ||
indent_size = 2 | ||
indent_style = space | ||
insert_final_newline = true | ||
max_line_length = 80 | ||
trim_trailing_whitespace = true | ||
|
||
[*.{tf,tfvars}] | ||
indent_size = 2 | ||
indent_style = space | ||
|
||
[*.md] | ||
max_line_length = 0 | ||
trim_trailing_whitespace = false | ||
|
||
# Tab indentation (no size specified) | ||
[Makefile] | ||
tab_width = 2 | ||
indent_style = tab | ||
|
||
[COMMIT_EDITMSG] | ||
max_line_length = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
<!--- Please always add a PR description as if nobody knows anything about the context these changes come from. --> | ||
<!--- Even if we are all from our internal team, we may not be on the same page. --> | ||
<!--- Write this PR as you were contributing to a public OSS project, where nobody knows you and you have to earn their trust. --> | ||
<!--- This will improve our projects in the long run! Thanks. --> | ||
|
||
#### List of Changes | ||
<!--- Describe your changes in detail --> | ||
|
||
#### Motivation and Context | ||
<!--- Why is this change required? What problem does it solve? --> | ||
|
||
#### How Has This Been Tested? | ||
<!--- Please describe in detail how you tested your changes. --> | ||
<!--- Include details of your testing environment, tests ran to see how --> | ||
<!--- your change affects other areas of the code, etc. --> | ||
|
||
#### Screenshots (if appropriate): | ||
|
||
#### Types of changes | ||
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> | ||
- [ ] Chore (nothing changes by a user perspective) | ||
- [ ] Bug fix (non-breaking change which fixes an issue) | ||
- [ ] New feature (non-breaking change which adds functionality) | ||
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) | ||
|
||
#### Checklist: | ||
<!--- Go over all the following points, and put an `x` in all the boxes that apply. --> | ||
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> | ||
- [ ] My change requires a change to the documentation. | ||
- [ ] I have updated the documentation accordingly. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
name: "Validate PR title" | ||
|
||
on: | ||
pull_request_target: | ||
types: | ||
- opened | ||
- edited | ||
- synchronize | ||
|
||
jobs: | ||
main: | ||
name: Validate PR title | ||
runs-on: ubuntu-latest | ||
steps: | ||
# Please look up the latest version from | ||
# https://github.com/amannn/action-semantic-pull-request/releases | ||
- uses: amannn/action-semantic-pull-request@v3.4.6 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
# Configure which types are allowed. | ||
# Default: https://github.com/commitizen/conventional-commit-types | ||
types: | | ||
fix | ||
feat | ||
docs | ||
chore | ||
breaking | ||
# Configure that a scope must always be provided. | ||
requireScope: false | ||
# Configure additional validation for the subject based on a regex. | ||
# This example ensures the subject starts with an uppercase character. | ||
subjectPattern: ^[A-Z].+$ | ||
# If `subjectPattern` is configured, you can use this property to override | ||
# the default error message that is shown when the pattern doesn't match. | ||
# The variables `subject` and `title` can be used within the message. | ||
subjectPatternError: | | ||
The subject "{subject}" found in the pull request title "{title}" | ||
didn't match the configured pattern. Please ensure that the subject | ||
starts with an uppercase character. | ||
# For work-in-progress PRs you can typically use draft pull requests | ||
# from Github. However, private repositories on the free plan don't have | ||
# this option and therefore this action allows you to opt-in to using the | ||
# special "[WIP]" prefix to indicate this state. This will avoid the | ||
# validation of the PR title and the pull request checks remain pending. | ||
# Note that a second check will be reported if this is enabled. | ||
wip: true | ||
# When using "Squash and merge" on a PR with only one commit, GitHub | ||
# will suggest using that commit message instead of the PR title for the | ||
# merge commit, and it's easy to commit this by mistake. Enable this option | ||
# to also validate the commit message for one commit PRs. | ||
validateSingleCommit: false | ||
# Related to `validateSingleCommit` you can opt-in to validate that the PR | ||
# title matches a single commit to avoid confusion. | ||
validateSingleCommitMatchesPrTitle: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
name: Release | ||
|
||
on: | ||
# Trigger the workflow on push on the main branch | ||
push: | ||
branches: | ||
- main | ||
paths-ignore: | ||
- 'CODEOWNERS' | ||
- '**.md' | ||
- '.**' | ||
|
||
jobs: | ||
release: | ||
name: Release | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout | ||
id: checkout | ||
uses: actions/checkout@v2 | ||
with: | ||
persist-credentials: false | ||
fetch-depth: 0 | ||
|
||
- name: Release | ||
id: release | ||
uses: cycjimmy/semantic-release-action@v2 | ||
with: | ||
semantic_version: 18.0.0 | ||
extra_plugins: | | ||
@semantic-release/release-notes-generator@10.0.3 | ||
@semantic-release/git@10.0.1 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Log in to the Container registry | ||
id: docker_login | ||
if: steps.release.outputs.new_release_published == 'true' | ||
uses: docker/login-action@v2 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Build and push Docker image | ||
id: docker_build_push | ||
if: steps.release.outputs.new_release_published == 'true' | ||
uses: docker/build-push-action@v3 | ||
with: | ||
context: . | ||
push: true | ||
tags: | | ||
ghcr.io/${{ github.repository }}:latest | ||
ghcr.io/${{ github.repository }}:v${{ steps.release.outputs.new_release_version }} | ||
labels: | | ||
maintainer=https://pagopa.it | ||
org.opencontainers.image.source=https://github.com/${{ github.repository }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
.tmp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"branches": ["main", "master"], | ||
"ci": false, | ||
"plugins": [ | ||
[ | ||
"@semantic-release/commit-analyzer", | ||
{ | ||
"preset": "angular", | ||
"releaseRules": [{ "type": "breaking", "release": "major" }] | ||
} | ||
], | ||
"@semantic-release/release-notes-generator", | ||
"@semantic-release/github" | ||
] | ||
} |
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# see https://help.github.com/en/articles/about-code-owners#example-of-a-codeowners-file | ||
|
||
* @pagopa/infrastructure-admins |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
name: "Create GitHub self hosted runner" | ||
description: "Create a GitHub self hosted runner on Azure" | ||
|
||
inputs: | ||
client_id: | ||
description: "Azure service principal App Id" | ||
required: true | ||
tenant_id: | ||
description: "Azure tenant id" | ||
required: true | ||
subscription_id: | ||
description: "Azure subscription Id" | ||
required: true | ||
container_app_environment_name: | ||
description: "Azure container app environment name" | ||
required: true | ||
resource_group_name: | ||
description: "Azure container app environment resource group name" | ||
required: true | ||
self_hosted_runner_image_tag: | ||
description: "Self hosted runner image tag from https://github.com/pagopa/github-self-hosted-runner/pkgs/container/github-self-hosted-runner" | ||
required: true | ||
default: "v1.0.3@sha256:b1a04fdd800f06436b9dee0311292b640d8c2af333ce983d1877b7164b475c30" | ||
|
||
outputs: | ||
runner_id: | ||
value: steps.create_github_runner.AZURE_CONTAINER_APP_NAME | ||
description: 'Whether a new release was published' | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Login | ||
id: login | ||
uses: azure/login@v1 | ||
with: | ||
client-id: ${{ inputs.client_id }} | ||
tenant-id: ${{ inputs.tenant_id }} | ||
subscription-id: ${{ inputs.subscription_id }} | ||
|
||
- name: Create GitHub Runner | ||
id: create_github_runner | ||
shell: bash | ||
run: | | ||
TIMESTAMP=$(date +%s) | ||
SELF_HOSTED_RUNNER_IMAGE="ghcr.io/pagopa/github-self-hosted-runner:${{ inputs.self_hosted_runner_image_tag }}" | ||
AZURE_RESOURCE_GROUP_NAME="${{ inputs.resource_group_name }}" | ||
AZURE_CONTAINER_APP_ENVIRONMENT_NAME="${{ inputs.container_app_environment_name }}" | ||
AZURE_CONTAINER_APP_NAME="runner-${{ github.run_id }}${TIMESTAMP}" | ||
echo "[INFO] AZURE_CONTAINER_APP_NAME: ${AZURE_CONTAINER_APP_NAME}" | ||
echo "::set-output name=AZURE_CONTAINER_APP_NAME::${AZURE_CONTAINER_APP_NAME}" | ||
GITHUB_TOKEN=$(curl \ | ||
-X POST \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "Authorization: Bearer ${{ secrets.BOT_TOKEN }}" \ | ||
https://api.github.com/repos/${{ github.repository }}/actions/runners/registration-token | jq ".token" -r) | ||
az config set extension.use_dynamic_install=yes_without_prompt | ||
az containerapp create \ | ||
--name "${AZURE_CONTAINER_APP_NAME}" \ | ||
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" \ | ||
--image "${SELF_HOSTED_RUNNER_IMAGE}" \ | ||
--environment "${AZURE_CONTAINER_APP_ENVIRONMENT_NAME}" \ | ||
--secrets github-token="${GITHUB_TOKEN}" \ | ||
--env-vars \ | ||
GITHUB_REPOSITORY="https://github.com/${{ github.repository }}" \ | ||
GITHUB_TOKEN=secretref:github-token | ||
sleep 30 | ||
GITHUB_RUNNER_ID=$(curl \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "Authorization: Bearer ${{ secrets.BOT_TOKEN }}" \ | ||
https://api.github.com/repos/${{ github.repository }}/actions/runners | jq '.runners | map(select(.name | startswith("'${AZURE_CONTAINER_APP_NAME}'"))) | .[].id' -r) | ||
curl \ | ||
-X PUT \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "Authorization: Bearer ${{ secrets.BOT_TOKEN }}" \ | ||
https://api.github.com/repos/${{ github.repository }}/actions/runners/${GITHUB_RUNNER_ID}/labels \ | ||
-d '{"labels":["'${AZURE_CONTAINER_APP_NAME}'"]}' |