Skip to content

Commit

Permalink
Merge branch 'develop' into amesh-new-engine_5
Browse files Browse the repository at this point in the history
  • Loading branch information
massongit committed Nov 5, 2022
2 parents 4c23a4a + 7bc3352 commit 549f36d
Show file tree
Hide file tree
Showing 74 changed files with 70,270 additions and 3,535 deletions.
2 changes: 1 addition & 1 deletion .dockle-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.4.6
0.4.9
18 changes: 18 additions & 0 deletions .github/workflows/add-to-task-list.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Add to Task List
on:
pull_request:
types:
- opened
- reopened
issues:
types:
- opened
jobs:
add-to-task-list:
runs-on: ubuntu-latest
steps:
- uses: dev-hato/actions-add-to-projects@v0.0.13
with:
github_app_id: ${{ secrets.PROJECT_AUTOMATION_APP_ID }}
github_app_private_key: ${{ secrets.PROJECT_AUTOMATION_PRIVATE_KEY }}
project-url: https://github.com/orgs/dev-hato/projects/1
11 changes: 1 addition & 10 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,15 @@
---
name: "CodeQL"

on:
pull_request:
# The branches below must be a subset of the branches above
branches: [develop, master]
schedule:
- cron: '0 21 * * 0'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
Expand All @@ -22,33 +19,28 @@ jobs:
language: ['python']
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

steps:
- name: Checkout repository
uses: actions/checkout@v3.0.2
uses: actions/checkout@v3.1.0
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2

# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}

# Autobuild attempts to build any compiled languages
# (C/C++, C#, or Java).
# If this step fails,
# then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

Expand All @@ -60,6 +52,5 @@ jobs:
#- run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
Original file line number Diff line number Diff line change
@@ -1,11 +1,16 @@
---
name: deploy
name: deploy-hato-bot

on:
release:
types:
- published
pull_request:
types:
- opened
- synchronize
- reopened
- closed
push:
branches:
- master
Expand All @@ -17,66 +22,88 @@ jobs:
env:
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
REPOSITORY: ${{github.repository}}
permissions:
contents: read
packages: write
if: github.event_name == 'release' || github.repository == github.event.pull_request.head.repo.full_name
if: github.event_name == 'release' || (github.event_name == 'pull_request' && github.event.action != 'closed' && github.repository == github.event.pull_request.head.repo.full_name)
steps:
- uses: actions/checkout@v3.0.2
- uses: actions/checkout@v3.1.0
with:
fetch-depth: 0
- name: Set .env
run: cp .env.example .env
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
uses: docker/login-action@v2.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v2.1.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v2.2.1
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref}}
if: ${{ github.event_name == 'pull_request' }}
- run: echo 'TAG_NAME=${{ github.event.release.tag_name }}' >> "$GITHUB_ENV"
if: ${{ github.event_name == 'release' }}
- run: echo "REPOSITORY=${{github.repository}}" >> "${GITHUB_ENV}"
- name: Build and push (build)
uses: docker/bake-action@v2.2.0
uses: docker/bake-action@v2.3.0
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: build.docker-compose.yml
- name: Build and push (main)
uses: docker/bake-action@v2.2.0
uses: docker/bake-action@v2.3.0
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: docker-compose.yml
- name: Build and push (dev)
uses: docker/bake-action@v2.3.0
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: docker-compose.yml,dev.docker-compose.yml
- run: echo 'TAG_NAME=latest' >> "$GITHUB_ENV"
if: ${{ github.event_name == 'release' }}
- name: Build and push (build) (latest)
uses: docker/bake-action@v2.2.0
uses: docker/bake-action@v2.3.0
if: ${{ github.event_name == 'release' }}
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: build.docker-compose.yml
- name: Build and push (main) (latest)
uses: docker/bake-action@v2.2.0
uses: docker/bake-action@v2.3.0
if: ${{ github.event_name == 'release' }}
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: docker-compose.yml
- name: Build and push (dev) (latest)
uses: docker/bake-action@v2.3.0
if: ${{ github.event_name == 'release' }}
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: docker-compose.yml,dev.docker-compose.yml
- name: Start docker
env:
DOCKER_CONTENT_TRUST: 1
run: docker compose up -d --wait
# Dockerコンテナに疎通できるかテストする
- name: Test
run: curl http://localhost:3000/status

# .python-version をDockerイメージと同期させる
update-version-python-version:
Expand All @@ -86,9 +113,11 @@ jobs:
pull-requests: write
env:
DOCKER_CONTENT_TRUST: 1
REPOSITORY: ${{github.repository}}
needs: deploy_docker_image
if: always() && (needs.deploy_docker_image.result == 'success' || (github.event_name == 'pull_request' && github.event.action == 'closed'))
steps:
- uses: actions/checkout@v3.0.2
- uses: actions/checkout@v3.1.0
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
Expand All @@ -97,65 +126,32 @@ jobs:
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref}}
- run: echo "REPOSITORY=${{github.repository}}" >> "${GITHUB_ENV}"
- run: docker compose pull
- name: Get Python version
id: get_python_version
run: |
DOCKER_CMD="python --version 2>&1 | sed -e 's/^Python //g'"
python_version=$(docker compose run hato-bot sh -c "${DOCKER_CMD}")
echo "Python version:" "${python_version}"
echo "::set-output name=python_version::${python_version}"
run: bash "${GITHUB_WORKSPACE}/scripts/deploy_hato_bot/update_version_python_version/get_python_version.sh"
- name: Update versions
run: |
PYTHON_VERSION="${{steps.get_python_version.outputs.python_version}}"
echo "${PYTHON_VERSION}" > .python-version
- uses: dev-hato/actions-diff-pr-management@v0.0.11
env:
PYTHON_VERSION: ${{steps.get_python_version.outputs.python_version}}
run: echo "${PYTHON_VERSION}" > .python-version
- uses: dev-hato/actions-diff-pr-management@v1.0.8
with:
github-token: ${{secrets.GITHUB_TOKEN}}
branch-name-prefix: fix-version-python-version
pr-title-prefix: .python-versionを直してあげたよ!
repo-name: ${{ github.event.pull_request.head.repo.full_name }}

pr-docker:
runs-on: ubuntu-latest
env:
DOCKER_CONTENT_TRUST: 1
needs: deploy_docker_image
steps:
- uses: actions/checkout@v3.0.2
with:
fetch-depth: 0
- name: Set .env
run: cp .env.example .env
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref}}
- run: echo "REPOSITORY=${{github.repository}}" >> "${GITHUB_ENV}"
- run: docker compose pull
- name: Start docker
run: docker compose up -d --wait
# Dockerコンテナに疎通できるかテストする
- name: Test
run: curl http://localhost:3000/status
repo-name: dev-hato/hato-bot

update-dockle:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.0.2
- uses: actions/checkout@v3.1.0
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- uses: dev-hato/actions-update-dockle@v0.0.1
- uses: dev-hato/actions-update-dockle@v0.0.27
with:
github-token: ${{secrets.GITHUB_TOKEN}}
repo-name: ${{ github.event.pull_request.head.repo.full_name }}
repo-name: dev-hato/hato-bot

dockle:
runs-on: ubuntu-latest
Expand All @@ -164,43 +160,28 @@ jobs:
- deploy_docker_image
env:
DOCKER_CONTENT_TRUST: 1
REPOSITORY: ${{github.repository}}
steps:
- uses: actions/checkout@v3.0.2
- uses: actions/checkout@v3.1.0
- name: Set .env
run: cp .env.example .env
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref}}
- run: echo "REPOSITORY=${{github.repository}}" >> "${GITHUB_ENV}"
- run: |
dockle_version="$(cat .dockle-version)"
curl -L -o dockle.deb "https://github.com/goodwithtech/dockle/releases/download/v${dockle_version}/dockle_${dockle_version}_Linux-64bit.deb"
sudo dpkg -i dockle.deb
- run: bash "${GITHUB_WORKSPACE}/scripts/deploy_hato_bot/dockle/install_dockle.sh"
- run: docker compose pull
- run: docker compose up -d
- run: |
for image_name in $(docker compose images | awk 'OFS=":" {print $2,$3}' | tail -n +2); do
cmd="dockle --exit-code 1 "
if [[ "${image_name}" =~ "postgres" ]]; then
cmd+="-ak key "
fi
cmd+="${image_name}"
echo "> ${cmd}"
eval "${cmd}"
done
- run: bash "${GITHUB_WORKSPACE}/scripts/deploy_hato_bot/dockle/run_dockle.sh"

deploy-complete:
runs-on: ubuntu-latest
if: always()
needs:
- update-version-python-version
- pr-docker
- update-dockle
- dockle
steps:
- if: needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && needs.pr-docker.result == 'success' && needs.dockle.result == 'success'))
- if: needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && (github.event.action == 'closed' || needs.dockle.result == 'success')))
run: exit 0
- if: ${{ !(needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && needs.pr-docker.result == 'success' && needs.dockle.result == 'success'))) }}
- if: ${{ !(needs.update-dockle.result == 'success' && (github.event_name == 'push' || (github.event_name == 'pull_request' && github.repository != github.event.pull_request.head.repo.full_name) || (needs.update-version-python-version.result == 'success' && (github.event.action == 'closed' || needs.dockle.result == 'success')))) }}
run: exit 1
28 changes: 28 additions & 0 deletions .github/workflows/format-json-yml.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
name: format-json-yml
on:
pull_request:
types:
- opened
- synchronize
- reopened
- closed
push:
branches:
- develop
- master
permissions:
contents: write
pull-requests: write
jobs:
format-json-yml:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- uses: dev-hato/actions-format-json-yml@v0.0.19
with:
github-token: ${{secrets.GITHUB_TOKEN}}
repo-name: dev-hato/hato-bot
Loading

0 comments on commit 549f36d

Please sign in to comment.