-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #72 from swagger-api/fix-ci
- Loading branch information
Showing
28 changed files
with
1,011 additions
and
372 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
name: 'Dependency Review' | ||
on: [pull_request] | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
dependency-review: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: 'Checkout Repository' | ||
uses: actions/checkout@v4 | ||
- name: Dependency Review | ||
uses: actions/dependency-review-action@v3 | ||
with: | ||
fail-on-severity: high |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
name: Deploy Docker | ||
|
||
on: | ||
workflow_dispatch: | ||
branches: ["master"] | ||
inputs: | ||
tag: | ||
description: tag/version to deploy | ||
required: true | ||
jobs: | ||
deploy: | ||
|
||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: deploy docker | ||
run: | | ||
SC_RELEASE_TAG="v${{ env.TAG }}" | ||
echo "$SC_RELEASE_TAG" | ||
TOKEN="${{ secrets.RANCHER2_BEARER_TOKEN }}" | ||
RANCHER_HOST="rancher.tools.swagger.io" | ||
CLUSTER_ID="c-n8zp2" | ||
NAMESPACE_NAME="swagger-oss" | ||
K8S_OBJECT_TYPE="daemonsets" | ||
K8S_OBJECT_NAME="swagger-converter" | ||
DEPLOY_IMAGE="swaggerapi/swagger-converter:$SC_RELEASE_TAG" | ||
workloadStatus="" | ||
getStatus() { | ||
echo "Getting update status..." | ||
if ! workloadStatus="$(curl -s -X GET \ | ||
-H "Authorization: Bearer ${TOKEN}" \ | ||
-H 'Content-Type: application/json' \ | ||
"https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}/status")" | ||
then | ||
echo 'ERROR - get status k8s API call failed!' | ||
echo "Exiting build"... | ||
exit 1 | ||
fi | ||
} | ||
# $1 = image to deploy | ||
updateObject() { | ||
local image="${1}" | ||
echo "Updating image value..." | ||
if ! curl -s -X PATCH \ | ||
-H "Authorization: Bearer ${TOKEN}" \ | ||
-H 'Content-Type: application/json-patch+json' \ | ||
"https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}" \ | ||
-d "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/0/image\", \"value\": \"${image}\"}]" | ||
then | ||
echo 'ERROR - image update k8s API call failed!' | ||
echo "Exiting build..." | ||
exit 1 | ||
fi | ||
} | ||
# Check that the TAG is valid | ||
if [[ $SC_RELEASE_TAG =~ ^[vV]?[0-9]*\.[0-9]*\.[0-9]*$ ]]; then | ||
echo "" | ||
echo "This is a Valid TAG..." | ||
# Get current image/tag in case we need to rollback | ||
getStatus | ||
ROLLBACK_IMAGE="$(echo "${workloadStatus}" | jq -r '.spec.template.spec.containers[0].image')" | ||
echo "" | ||
echo "Current image: ${ROLLBACK_IMAGE}" | ||
# Update image and validate response | ||
echo "" | ||
updateObject "${DEPLOY_IMAGE}" | ||
echo "" | ||
echo "" | ||
echo "Waiting for pods to start..." | ||
echo "" | ||
sleep 60s | ||
# Get state of the k8s object. If numberReady == desiredNumberScheduled, consider the upgrade successful. Else raise error | ||
getStatus | ||
status="$(echo "${workloadStatus}" | jq '.status')" | ||
echo "" | ||
echo "${status}" | ||
echo "" | ||
numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')" | ||
numberReady="$(echo "${status}" | jq -r '.numberReady')" | ||
if (( numberReady == numberDesired )); then | ||
echo "${K8S_OBJECT_NAME} has been upgraded to ${DEPLOY_IMAGE}" | ||
# If pods are not starting, rollback the upgrade and exit the build with error | ||
else | ||
echo "state = error...rolling back upgrade" | ||
updateObject "${ROLLBACK_IMAGE}" | ||
echo "" | ||
echo "" | ||
echo "Waiting for rollback pods to start..." | ||
echo "" | ||
sleep 60s | ||
getStatus | ||
status="$(echo "${workloadStatus}" | jq '.status')" | ||
echo "" | ||
echo "${status}" | ||
echo "" | ||
numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')" | ||
numberReady="$(echo "${status}" | jq -r '.numberReady')" | ||
if (( numberReady == numberDesired )); then | ||
echo "Rollback to ${ROLLBACK_IMAGE} completed." | ||
else | ||
echo "FATAL - rollback failed" | ||
fi | ||
echo "Exiting Build..." | ||
exit 1 | ||
fi | ||
else | ||
echo "This TAG is not in a valid format..." | ||
echo "Exiting Build..." | ||
exit 0 | ||
fi | ||
echo "Exiting Build..." | ||
exit 0 | ||
env: | ||
ACTIONS_ALLOW_UNSECURE_COMMANDS: true | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
TAG: ${{ github.event.inputs.tag }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
name: Build Test PR | ||
|
||
on: | ||
pull_request: | ||
branches: [ "master" ] | ||
|
||
jobs: | ||
build: | ||
|
||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
java: [ 11 ] | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Set up Java | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: ${{ matrix.java }} | ||
- name: Cache local Maven repository | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.m2/repository | ||
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | ||
restore-keys: | | ||
${{ runner.os }}-maven- | ||
- name: Build with Maven and Gradle | ||
run: | | ||
mvn --no-transfer-progress -B install --file pom.xml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,53 @@ | ||
name: Deployment | ||
name: Build Test Deploy master | ||
|
||
on: | ||
push: | ||
branches: | ||
- master | ||
push: | ||
branches: [ "master" ] | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
java: [ 8 ] | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Set up Java | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: ${{ matrix.java }} | ||
server-id: ossrh | ||
server-username: MAVEN_USERNAME | ||
server-password: MAVEN_PASSWORD | ||
- name: Run maven deploy/release (action-maven-publish) | ||
uses: samuelmeuli/action-maven-publish@v1 | ||
with: | ||
gpg_private_key: ${{ secrets.OSSRH_GPG_PRIVATE_KEY }} | ||
gpg_passphrase: ${{ secrets.OSSRH_GPG_PRIVATE_PASSPHRASE }} | ||
nexus_username: ${{ secrets.OSSRH_USERNAME }} | ||
nexus_password: ${{ secrets.OSSRH_TOKEN }} | ||
env: | ||
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | ||
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | ||
build: | ||
|
||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
java: [ 11 ] | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Set up Java | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: ${{ matrix.java }} | ||
server-id: ossrh | ||
server-username: MAVEN_USERNAME | ||
server-password: MAVEN_PASSWORD | ||
- name: Cache local Maven repository | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.m2/repository | ||
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | ||
restore-keys: | | ||
${{ runner.os }}-maven- | ||
- name: Build with Maven, Deploy snapshot to maven central | ||
run: | | ||
export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec` | ||
echo "POM VERSION" ${MY_POM_VERSION} | ||
if [[ $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]]; | ||
then | ||
mvn --no-transfer-progress -B install --file pom.xml | ||
export MY_JAVA_VERSION=`java -version 2>&1 | head -1 | cut -d'"' -f2 | sed '/^1\./s///' | cut -d'.' -f1` | ||
echo "JAVA VERSION" ${MY_JAVA_VERSION} | ||
if [[ ${MY_JAVA_VERSION} == "11" ]]; | ||
then | ||
export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec` | ||
echo "POM VERSION" ${MY_POM_VERSION} | ||
mvn --no-transfer-progress -B clean deploy | ||
else | ||
echo "not deploying on java version: " ${MY_JAVA_VERSION} | ||
fi | ||
else | ||
echo "not building and maven publishing project as it is a release version: " ${MY_JAVA_VERSION} | ||
fi | ||
env: | ||
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | ||
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
name: Prepare Release | ||
|
||
on: | ||
workflow_dispatch: | ||
branches: ["master"] | ||
|
||
jobs: | ||
build: | ||
|
||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: tibdex/github-app-token@v1 | ||
id: generate-token | ||
with: | ||
app_id: ${{ secrets.APP_ID }} | ||
private_key: ${{ secrets.APP_PRIVATE_KEY }} | ||
- name: Set up Python 3.10 | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: '3.10' | ||
- name: Set up Java 11 | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: 11 | ||
server-id: ossrh | ||
server-username: MAVEN_USERNAME | ||
server-password: MAVEN_PASSWORD | ||
- name: Cache local Maven repository | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.m2/repository | ||
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | ||
restore-keys: | | ||
${{ runner.os }}-maven- | ||
- name: Run prepare release script | ||
id: prepare-release | ||
run: | | ||
export MY_POM_VERSION=`mvn -q -Dexec.executable="echo" -Dexec.args='${projects.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec` | ||
if [[ $MY_POM_VERSION =~ ^.*SNAPSHOT$ ]]; | ||
then | ||
. ./CI/prepare-release.sh | ||
echo "PREPARE_RELEASE_OK=yes" >> $GITHUB_ENV | ||
else | ||
echo "not preparing release for release version: " ${MY_POM_VERSION} | ||
echo "PREPARE_RELEASE_OK=no" >> $GITHUB_ENV | ||
fi | ||
echo "SC_VERSION=$SC_VERSION" >> $GITHUB_ENV | ||
echo "SC_NEXT_VERSION=$SC_NEXT_VERSION" >> $GITHUB_ENV | ||
- name: Create Prepare Release Pull Request | ||
uses: peter-evans/create-pull-request@v4 | ||
if: env.PREPARE_RELEASE_OK == 'yes' | ||
with: | ||
token: ${{ steps.generate-token.outputs.token }} | ||
commit-message: prepare release ${{ env.SC_VERSION }} | ||
title: 'prepare release ${{ env.SC_VERSION }}' | ||
branch: prepare-release-${{ env.SC_VERSION }} | ||
env: | ||
ACTIONS_ALLOW_UNSECURE_COMMANDS: true | ||
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | ||
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
SC_VERSION: | ||
SC_NEXT_VERSION: | ||
|
Oops, something went wrong.