diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 6bbe6e7b..00000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,416 +0,0 @@ ---- -name: Stackable Build Pipeline - -on: - push: - branches: - - main - - staging - - trying - - "renovate/**" - tags: - - "[0-9][0-9].[0-9]+.[0-9]+" - pull_request: - merge_group: - -env: - RUST_VERSION: 1.70.0 - CARGO_TERM_COLOR: always - CARGO_INCREMENTAL: "0" - CARGO_PROFILE_DEV_DEBUG: "0" - RUSTFLAGS: "-D warnings" - RUSTDOCFLAGS: "-D warnings" - RUST_LOG: "info" - DEV_REPO_HELM_URL: https://repo.stackable.tech/repository/helm-dev - TEST_REPO_HELM_URL: https://repo.stackable.tech/repository/helm-test - STABLE_REPO_HELM_URL: https://repo.stackable.tech/repository/helm-stable - -jobs: - # Identify unused dependencies - run_udeps: - name: Run Cargo Udeps - runs-on: ubuntu-latest - env: - RUSTC_BOOTSTRAP: 1 - steps: - - name: Install host dependencies - run: | - sudo apt-get update - sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - submodules: recursive - - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 - with: - toolchain: ${{ env.RUST_VERSION }} - - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 - with: - node-version: 18 - cache: yarn - - run: yarn install --frozen-lockfile - - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 - with: - key: udeps - - run: cargo install cargo-udeps - - run: cargo udeps --workspace - - # This job evaluates the github environment to determine why this action is running and selects the appropriate - # target repository for published Helm charts based on this. - # - # The following scenarios are identified: - # - all pull requests land in the test repository: - # condition: github.event_name == "pull_request" - # repository: test - # - # - all tagged releases land in stable: - # condition: github.event_name == 'create' & github.ref.startswith('refs/tags/') - # repository: stable - # - # - all pushes to main (i.e. PR-merges) land in dev: - # condition: github.event_name == 'push' & github.ref == 'refs/heads/main' - # repository: dev - # - # Any other scenarios (e.g. when a branch is created/pushed) will cause the publish step to be skipped, most commonly this is expected to happen for the - # branches that bors uses internally (staging, trying) for which the checks need to run, but we do not want artifacts - # to be published. - select_helm_repo: - name: Select target helm repository based on action trigger - runs-on: ubuntu-latest - outputs: - helm_repository: ${{ steps.selecthelmrepo.outputs.helm_repo }} - steps: - - id: selecthelmrepo - env: - TRIGGER: ${{ github.event_name }} - GITHUB_REF: ${{ github.ref }} - run: | - if [[ $TRIGGER == "pull_request" ]]; then - echo "exporting test as target helm repo: ${{ env.TEST_REPO_HELM_URL }}" - echo "helm_repo=${{ env.TEST_REPO_HELM_URL }}" >> $GITHUB_OUTPUT - elif [[ $TRIGGER == "push" && $GITHUB_REF == "refs/heads/main" ]]; then - echo "exporting dev as target helm repo: ${{ env.DEV_REPO_HELM_URL }}" - echo "helm_repo=${{ env.DEV_REPO_HELM_URL }}" >> $GITHUB_OUTPUT - elif [[ ( $TRIGGER == "create" || $TRIGGER == "push" ) && $GITHUB_REF == refs/tags/* ]]; then - echo "exporting stable as target helm repo: ${{ env.STABLE_REPO_HELM_URL }}" - echo "helm_repo=${{ env.STABLE_REPO_HELM_URL }}" >> $GITHUB_OUTPUT - else - echo "Unknown trigger and ref combination encountered, skipping publish step: $TRIGGER $GITHUB_REF" - echo "helm_repo=skip" >> $GITHUB_OUTPUT - fi - - run_cargodeny: - name: Run Cargo Deny - runs-on: ubuntu-latest - strategy: - matrix: - checks: - - advisories - - bans licenses sources - - # Prevent sudden announcement of a new advisory from failing ci: - continue-on-error: ${{ matrix.checks == 'advisories' }} - - steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - submodules: recursive - - uses: EmbarkStudios/cargo-deny-action@8a8607bd8e2b3a514d5a40174cc7c55b229d9ba7 # v1.4.0 - with: - command: check ${{ matrix.checks }} - - run_rustfmt: - name: Run Rustfmt - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - submodules: recursive - - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 - with: - toolchain: ${{ env.RUST_VERSION }} - components: rustfmt - - run: cargo fmt --all -- --check - - run_clippy: - name: Run Clippy - runs-on: ubuntu-latest - steps: - - name: Install host dependencies - run: | - sudo apt-get update - sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - submodules: recursive - - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 - with: - toolchain: ${{ env.RUST_VERSION }} - components: clippy - - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 - with: - key: clippy - - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 - with: - node-version: 18 - cache: yarn - - run: yarn install --frozen-lockfile - - name: Run clippy action to produce annotations - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: actions-rs/clippy-check@b5b5f21f4797c02da247df37026fcd0a5024aa4d # renovate: tag=v1.0.7 - if: env.GITHUB_TOKEN != null - with: - args: --all-targets -- -D warnings - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run clippy manually without annotations - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: env.GITHUB_TOKEN == null - run: cargo clippy --all-targets -- -D warnings - - run_rustdoc: - name: Run RustDoc - runs-on: ubuntu-latest - steps: - - name: Install host dependencies - run: | - sudo apt-get update - sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - submodules: recursive - - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 - with: - toolchain: ${{ env.RUST_VERSION }} - components: rustfmt - - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 - with: - key: doc - - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 - with: - node-version: 18 - cache: yarn - - run: yarn install --frozen-lockfile - - run: cargo doc --document-private-items - - run_tests: - name: Run Cargo Tests - runs-on: ubuntu-latest - steps: - - name: Install host dependencies - run: | - sudo apt-get update - sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - submodules: recursive - - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 - with: - toolchain: ${{ env.RUST_VERSION }} - - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 - with: - key: test - - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 - with: - node-version: 18 - cache: yarn - - run: yarn install --frozen-lockfile - - run: cargo test - - # Similar to check_charts, this tries to render the README, and see if there are unintended changes. - # This will save us from merging changes to the wrong file (instead of the templated source), and from - # forgetting to render out modifications to the README. - # check_readme: - # name: Check if committed README is the one we would render from the available parts - # runs-on: ubuntu-latest - # steps: - # - name: Checkout - # uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - # with: - # submodules: recursive - # - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.6.1 - # with: - # python-version: '3.11' - # - name: Install jinja2-cli - # run: pip install jinja2-cli==0.8.2 - # - name: Regenerate charts - # run: make render-readme - # - name: Check if committed README were up to date - # run: git diff --exit-code - # - name: Git Diff showed uncommitted changes - # if: ${{ failure() }} - # uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6 - # with: - # script: | - # core.setFailed('Committed README are not up to date, please make sure to apply them to the templated partials, and re-commit!') - - # This job cleans up the CRDs and Helm charts, followed by rebuilding them - # It then runs a `git diff` and fails the entire workflow, if any difference is encountered. - # - # Since CRD files are generated during the 'cargo build' process we need to run this once after - # removing the CRD files to ensure that the checked in versions match what the code expects. - # - # The reason for this step is, that developers are expected to check in up-to-date versions of charts - # as we'd otherwise have to build these in CI and commit them back to the PR, which - # creates all kinds of problems. - # This failsafe simply aborts anything that has not had charts rebuilt before pushing. - check_charts: - name: Check if committed Helm charts are up to date - runs-on: ubuntu-latest - steps: - - name: Install host dependencies - run: | - sudo apt-get update - sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - submodules: recursive - - name: Set up Helm - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 - with: - version: v3.6.2 - - name: Set up cargo - uses: dtolnay/rust-toolchain@1.68.2 - - name: Set up rust-cache - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 - with: - key: charts - # - name: Regenerate charts - # run: make regenerate-charts - - name: Check if committed charts were up to date - run: git diff --exit-code - - name: Git Diff showed uncommitted changes - if: ${{ failure() }} - uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6 - with: - script: | - core.setFailed('Committed charts were not up to date, please regenerate and re-commit!') - - tests_passed: - name: All tests passed - needs: - - run_udeps - - run_cargodeny - - run_clippy - - run_rustfmt - - run_rustdoc - - run_tests - - check_charts - # - check_readme - runs-on: ubuntu-latest - steps: - - name: log - run: echo All tests have passed! - - package_and_publish: - name: Package Charts, Build Docker Image and publish them - needs: - - tests_passed - - select_helm_repo - runs-on: ubuntu-latest - env: - NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} - HELM_REPO: ${{ needs.select_helm_repo.outputs.helm_repository }} - if: needs.select_helm_repo.outputs.helm_repository != 'skip' - outputs: - IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }} - steps: - - name: Install host dependencies - run: | - sudo apt-get update - sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config - - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - submodules: recursive - - uses: dtolnay/rust-toolchain@1.68.2 - with: - components: rustfmt - # This step checks if the current run was triggered by a push to a pr (or a pr being created). - # If this is the case it changes the version of this project in all Cargo.toml files to include the suffix - # "-pr" so that the published artifacts can be linked to this PR. - - name: Update version if PR - if: ${{ github.event_name == 'pull_request' }} - run: | - cargo install cargo-edit --version 0.11.11 - cargo set-version --offline --workspace 0.0.0-pr${{ github.event.pull_request.number }} - - # Recreate charts and publish charts and docker image. The "-e" is needed as we want to override the - # default value in the makefile if called from this action, but not otherwise (i.e. when called locally). - # This is needed for the HELM_REPO variable. - - name: Publish Docker image and Helm chart - run: make -e publish - # Output the name of the published image to the Job output for later use - - id: printtag - name: Output image name and tag - run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> $GITHUB_OUTPUT - - build_stackablectl: - name: Build stackablectl for ${{ matrix.target }} - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - include: - - target: x86_64-unknown-linux-gnu - os: ubuntu-latest - # Commented out, as Windows build is currently not working - # - target: x86_64-pc-windows-gnu - # os: windows-latest - # - target: x86_64-pc-windows-msvc - # os: windows-latest - - target: x86_64-apple-darwin - os: macos-latest - - target: aarch64-apple-darwin - os: macos-latest - steps: - - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - submodules: recursive - - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 - with: - toolchain: ${{ env.RUST_VERSION }} - targets: ${{ matrix.target }} - - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 - with: - key: build-stackablectl-${{ matrix.target }} - - name: Build for non-Windows - if: matrix.os != 'windows-latest' - run: cargo build --target ${{ matrix.target }} -p stackablectl - # - name: Prepare Windows env - # if: matrix.os == 'windows-latest' - # uses: msys2/setup-msys2@v2 - # with: - # msystem: MINGW64 - # update: true - # install: base-devel mingw-w64-x86_64-go mingw-w64-x86_64-rust - # # install: base-devel mingw-w64-x86_64-libressl mingw-w64-x86_64-ldns mingw-w64-x86_64-go mingw-w64-x86_64-rust - # - name: Build for Windows - # if: matrix.os == 'windows-latest' - # run: cargo build --target ${{ matrix.target }} -p stackablectl - # shell: msys2 {0} - - name: Build for Windows - if: matrix.os == 'windows-latest' - run: cargo build --target ${{ matrix.target }} -p stackablectl - -# Commented out, as this was always failing. -# We can comment it in again once want our image to be certified -# -# openshift_preflight: -# name: Run the OpenShift Preflight check on the published images -# needs: -# - package_and_publish -# runs-on: ubuntu-latest -# env: -# IMAGE_TAG: ${{ needs.package_and_publish.outputs.IMAGE_TAG }} -# steps: -# - name: Install preflight -# run: | -# wget https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/latest/download/preflight-linux-amd64 -# chmod +x preflight-linux-amd64 -# - name: Check container -# run: ./preflight-linux-amd64 check container "$IMAGE_TAG" > preflight.out -# - name: "Passed?" -# run: '[ "$(./preflight-linux-amd64 check container "$IMAGE_TAG" | jq -r .passed)" == true ]' diff --git a/.github/workflows/daily_security.yml b/.github/workflows/general_daily_security.yml similarity index 51% rename from .github/workflows/daily_security.yml rename to .github/workflows/general_daily_security.yml index 06b5d462..39196e57 100644 --- a/.github/workflows/daily_security.yml +++ b/.github/workflows/general_daily_security.yml @@ -1,20 +1,16 @@ -# ============= -# This file is automatically generated from the templates in stackabletech/operator-templating -# DON'T MANUALLY EDIT THIS FILE -# ============= --- name: Security audit on: schedule: - - cron: '15 4 * * *' + - cron: "15 4 * * *" workflow_dispatch: jobs: audit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3 # renovate: tag=v1.2.0 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/web.yaml b/.github/workflows/pr_cockpit-web.yml similarity index 75% rename from .github/workflows/web.yaml rename to .github/workflows/pr_cockpit-web.yml index f4376b92..e49bc1da 100644 --- a/.github/workflows/web.yaml +++ b/.github/workflows/pr_cockpit-web.yml @@ -1,23 +1,19 @@ --- name: web on: - push: - branches: - - main - - staging - - trying - - "renovate/**" - tags: - - '[0-9][0-9].[0-9]+.[0-9]+' pull_request: - merge_group: + paths: + - ".github/workflows/pr_cockpit-web.yml" + - "package.json" + - "yarn.lock" + - "web" jobs: build-web: name: Web frontend built runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version: 18 @@ -29,7 +25,7 @@ jobs: name: Validate web formatting runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version: 18 diff --git a/.github/workflows/pr_cockpit.yml b/.github/workflows/pr_cockpit.yml new file mode 100644 index 00000000..8a753f6b --- /dev/null +++ b/.github/workflows/pr_cockpit.yml @@ -0,0 +1,113 @@ +--- +name: Pull Request Cockpit + +on: + pull_request: + paths: + - ".github/workflows/pr_cockpit.yml" + - "rust/stackable-cockpitd" + - "rust/stackable-cockpit" + - "docs/modules/cockpit" + - "docs/modules/ROOT" + - "Cargo.lock" + - "deploy" + - "docker" + - "go.sum" + +env: + RUST_VERSION: 1.70.0 + CARGO_TERM_COLOR: always + CARGO_INCREMENTAL: "0" + CARGO_PROFILE_DEV_DEBUG: "0" + RUSTFLAGS: "-D warnings" + RUSTDOCFLAGS: "-D warnings" + RUST_LOG: "info" + DEV_REPO_HELM_URL: https://repo.stackable.tech/repository/helm-dev + +jobs: + general-checks: + name: General Pull Request Checks + uses: ./.github/workflows/pr_general.yml + + reviewdog-checks: + name: Reviewdog Pull Request Checks + uses: ./.github/workflows/pr_reviewdog.yml + + check-charts: + name: Helm Chart Check + runs-on: ubuntu-latest + needs: + - general-checks + - reviewdog-checks + steps: + - name: Checkout Repository + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + submodules: recursive + + - name: Setup Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + with: + version: v3.6.2 + + - name: Setup Rust + uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 + with: + toolchain: ${{ env.RUST_VERSION }} + + - name: Setup Rust Cache + uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 + with: + key: pr-stackable-cockpit-chart + + - name: Regenerate Charts + run: make regenerate-charts + + - name: Checking that Helm Charts are up-to-date + run: git diff --exit-code + + - name: Helm Charts not up-to-date + if: ${{ failure() }} + uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6 + with: + script: | + core.setFailed('Committed Helm charts were not up to date, please regenerate and re-commit!') + + publish: + name: Publish Docker Image + runs-on: ubuntu-latest + env: + NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} + outputs: + IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }} + needs: + - check-charts + steps: + - name: Checkout Repository + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + submodules: recursive + + - name: Setup Rust + uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 + with: + toolchain: ${{ env.RUST_VERSION }} + + - name: Setup Rust Cache + uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 + with: + key: pr-stackable-cockpit-chart + + - name: Update Version + run: | + cargo install cargo-edit --version 0.11.11 + cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }} + + # Recreate charts and publish charts and docker image. The "-e" is needed as we want to override the + # default value in the makefile if called from this action, but not otherwise (i.e. when called locally). + # This is needed for the HELM_REPO variable. + - name: Publish Docker Image and Helm Chart + run: make -e publish + - id: printtag + name: Output Image Name and Tag + run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/pr_general.yml b/.github/workflows/pr_general.yml new file mode 100644 index 00000000..0a214c93 --- /dev/null +++ b/.github/workflows/pr_general.yml @@ -0,0 +1,175 @@ +--- +name: Pull Request General + +on: workflow_call + +env: + RUST_VERSION: 1.70.0 + CARGO_TERM_COLOR: always + CARGO_INCREMENTAL: "0" + CARGO_PROFILE_DEV_DEBUG: "0" + RUSTFLAGS: "-D warnings" + RUSTDOCFLAGS: "-D warnings" + RUST_LOG: "info" + +jobs: + run_udeps: + name: Run Cargo Udeps + runs-on: ubuntu-latest + env: + RUSTC_BOOTSTRAP: 1 + steps: + - name: Install host dependencies + run: | + sudo apt-get update + sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + submodules: recursive + + - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 + with: + toolchain: ${{ env.RUST_VERSION }} + + - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 + with: + node-version: 18 + cache: yarn + - run: yarn install --frozen-lockfile + + - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 + with: + key: udeps + - run: cargo install cargo-udeps + - run: cargo udeps --workspace + + run_cargodeny: + name: Run Cargo Deny + runs-on: ubuntu-latest + strategy: + matrix: + checks: + - advisories + - bans licenses sources + # Prevent sudden announcement of a new advisory from failing ci: + continue-on-error: ${{ matrix.checks == 'advisories' }} + steps: + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + submodules: recursive + - uses: EmbarkStudios/cargo-deny-action@a50c7d5f86370e02fae8472c398f15a36e517bb8 # v1.5.4 + with: + command: check ${{ matrix.checks }} + + run_rustfmt: + name: Run Rustfmt + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + submodules: recursive + - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 + with: + toolchain: ${{ env.RUST_VERSION }} + components: rustfmt + - run: cargo fmt --all -- --check + + run_clippy: + name: Run Clippy + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + submodules: recursive + + - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 + with: + toolchain: ${{ env.RUST_VERSION }} + components: clippy + + - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 + with: + key: clippy + + - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 + with: + node-version: 18 + cache: yarn + + - run: yarn install --frozen-lockfile + - name: Run clippy action to produce annotations + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: giraffate/clippy-action@871cc4173f2594435c7ea6b0bce499cf6c2164a1 + if: env.GITHUB_TOKEN != null + with: + clippy_flags: --all-targets -- -D warnings + github_token: ${{ secrets.GITHUB_TOKEN }} + reporter: "github-pr-check" + + - name: Run clippy manually without annotations + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + if: env.GITHUB_TOKEN == null + run: cargo clippy --all-targets -- -D warnings + + run_rustdoc: + name: Run RustDoc + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + submodules: recursive + + - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 + with: + toolchain: ${{ env.RUST_VERSION }} + components: rustfmt + + - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 + with: + key: doc + + - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 + with: + node-version: 18 + cache: yarn + - run: yarn install --frozen-lockfile + - run: cargo doc --document-private-items + + run_tests: + name: Run Cargo Tests + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + submodules: recursive + + - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 + with: + toolchain: ${{ env.RUST_VERSION }} + + - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 + with: + key: test + + - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 + with: + node-version: 18 + cache: yarn + - run: yarn install --frozen-lockfile + - run: cargo test + + tests_passed: + name: All tests passed + needs: + - run_udeps + - run_cargodeny + - run_clippy + - run_rustfmt + - run_rustdoc + - run_tests + runs-on: ubuntu-latest + steps: + - name: log + run: echo All tests have passed! diff --git a/.github/workflows/reviewdog.yaml b/.github/workflows/pr_reviewdog.yml similarity index 65% rename from .github/workflows/reviewdog.yaml rename to .github/workflows/pr_reviewdog.yml index 93bd18b5..cb5af79a 100644 --- a/.github/workflows/reviewdog.yaml +++ b/.github/workflows/pr_reviewdog.yml @@ -1,6 +1,7 @@ --- -name: reviewdog -on: pull_request +name: Pull Request Reviewdog + +on: workflow_call permissions: contents: read @@ -12,7 +13,7 @@ jobs: actionlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: reviewdog/action-actionlint@b6feb003955cad286985c42e7047f4567a798f3f # v1.36.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -20,7 +21,7 @@ jobs: eslint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4 with: version: 7.26.1 @@ -33,7 +34,7 @@ jobs: flake8: runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4.6.1 with: python-version: "3.11" @@ -41,19 +42,10 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} - # Hadolint is failing to run.. issues when there are no dockerfiles? - # hadolint: - # runs-on: ubuntu-latest - # steps: - # - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - # - uses: reviewdog/action-hadolint@141ffd8d2f0b75e6fc7c87341331985448b62aa4 # v1.34.1 - # with: - # github_token: ${{ secrets.GITHUB_TOKEN }} - markdownlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: reviewdog/action-markdownlint@97e3df02fe1573d505a7b268046a44fa5409cbc3 # tag=v0.9.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -62,7 +54,7 @@ jobs: shellcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: reviewdog/action-shellcheck@f52d78284b4941028952125a10c76676c3d456eb # v1.17.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -70,7 +62,7 @@ jobs: yamllint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: reviewdog/action-yamllint@8c429dfe4fc47b1ce1fa99a64e94693880d5dc30 # tag=v1.6.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pr_stackablectl.yml b/.github/workflows/pr_stackablectl.yml new file mode 100644 index 00000000..e9f7e63b --- /dev/null +++ b/.github/workflows/pr_stackablectl.yml @@ -0,0 +1,67 @@ +--- +name: Pull Request Stackablectl + +on: + pull_request: + paths: + - ".github/workflows/pr_stackablectl" + - "docs/modules/stackablectl" + - "rust/stackable-cockpit" + - "rust/stackablectl" + - "rust/helm-sys" + - "Cargo.lock" + - "go.sum" + - "extra" + +env: + RUST_VERSION: 1.70.0 + CARGO_TERM_COLOR: always + CARGO_INCREMENTAL: "0" + CARGO_PROFILE_DEV_DEBUG: "0" + RUSTFLAGS: "-D warnings" + RUSTDOCFLAGS: "-D warnings" + RUST_LOG: "info" + +jobs: + general-checks: + name: General Pull Request Checks + uses: ./.github/workflows/pr_general.yml + + reviewdog-checks: + name: Reviewdog Pull Request Checks + uses: ./.github/workflows/pr_reviewdog.yml + + build: + name: Build stackablectl for ${{ matrix.target }} + runs-on: ${{ matrix.os }} + needs: + - general-checks + - reviewdog-checks + strategy: + fail-fast: false + matrix: + include: + - target: x86_64-unknown-linux-gnu + os: ubuntu-latest + - target: x86_64-apple-darwin + os: macos-latest + - target: aarch64-apple-darwin + os: macos-latest + steps: + - name: Checkout + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + with: + submodules: recursive + + - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 + with: + toolchain: ${{ env.RUST_VERSION }} + targets: ${{ matrix.target }} + + - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 + with: + key: build-stackablectl-${{ matrix.target }} + + - name: Build for non-Windows + if: matrix.os != 'windows-latest' + run: cargo build --target ${{ matrix.target }} -p stackablectl diff --git a/.github/workflows/release_stackablectl.yaml b/.github/workflows/release_stackablectl.yml similarity index 66% rename from .github/workflows/release_stackablectl.yaml rename to .github/workflows/release_stackablectl.yml index d9c41d6d..fbb8f98c 100644 --- a/.github/workflows/release_stackablectl.yaml +++ b/.github/workflows/release_stackablectl.yml @@ -26,10 +26,6 @@ jobs: - target: x86_64-unknown-linux-gnu os: ubuntu-20.04 # We don't use ubuntu-latest because we want to build against an old glibc version. (18.04 has glibc 2.27, 20.04 has glibc 2.31, 22.04 has glibc 2.35) file-suffix: "" - # Commented out, as Windows build is currently not working - # - target: x86_64-pc-windows-gnu - # os: windows-latest - # file-suffix: ".exe" - target: x86_64-apple-darwin os: macos-latest file-suffix: "" @@ -38,30 +34,23 @@ jobs: file-suffix: "" steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: submodules: recursive + - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 with: toolchain: ${{ env.RUST_VERSION }} targets: ${{ matrix.target }} - - name: Build for non-Windows + + - name: Build Binary if: matrix.os != 'windows-latest' - run: cargo build --target ${{ matrix.target }} --release -p stackablectl - - name: Prepare Windows env - if: matrix.os == 'windows-latest' - uses: msys2/setup-msys2@v2 - with: - msystem: MINGW64 - update: true - install: base-devel mingw-w64-x86_64-go mingw-w64-x86_64-rust - - name: Build for Windows - if: matrix.os == 'windows-latest' - run: cargo build --target ${{ matrix.target }} --release -p stackablectl - shell: msys2 {0} - - name: Rename binary file + run: cargo build --target ${{ matrix.target }} --release --package stackablectl + + - name: Rename Binary run: mv target/${{ matrix.target }}/release/stackablectl${{ matrix.file-suffix }} stackablectl-${{ matrix.target }}${{ matrix.file-suffix }} - - name: Upload Release binaries + + - name: Upload Release Binary uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: files: stackablectl-${{ matrix.target }}${{ matrix.file-suffix }}