diff --git a/.circleci/config.yml b/.circleci/config.yml index 8b4dbd75..2462c2c5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,5 +1,5 @@ orbs: - architect: giantswarm/architect@4.15.0 + architect: giantswarm/architect@4.24.0 version: 2.1 workflows: diff --git a/.github/workflows/zz_generated.add-team-labels.yaml b/.github/workflows/zz_generated.add-team-labels.yaml new file mode 100644 index 00000000..b1fab09f --- /dev/null +++ b/.github/workflows/zz_generated.add-team-labels.yaml @@ -0,0 +1,53 @@ +name: Add Issue to Project when assigned + +on: + issues: + types: [assigned] + +jobs: + build_user_list: + name: Get yaml config of GS users + runs-on: ubuntu-latest + steps: + - name: Fetch issue templates + run: | + mkdir -p artifacts + wget --header "Authorization: token ${{ github.token }}" \ + -O artifacts/users.yaml \ + https://raw.githubusercontent.com/giantswarm/github/master/tools/issue-automation/user-mapping.yaml + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: users + path: artifacts/users.yaml + retention-days: 1 + + add_label: + name: Add team label when assigned + runs-on: ubuntu-latest + needs: build_user_list + steps: + - uses: actions/download-artifact@v3 + id: download-users + with: + name: users + - name: Find team label based on user names + run: | + event_assignee=$(cat $GITHUB_EVENT_PATH | jq -r .assignee.login | tr '[:upper:]' '[:lower:]') + echo "Issue assigned to: ${event_assignee}" + + TEAMS=$(cat ${{steps.download-users.outputs.download-path}}/users.yaml | tr '[:upper:]' '[:lower:]' | yq ".${event_assignee}.teams" -o csv | tr ',' ' ') + + echo "LABEL<> $GITHUB_ENV + for team in ${TEAMS}; do + echo "Team: ${team} | Label: team/${team}" + echo "team/${team}" >> $GITHUB_ENV + done + echo "EOF" >> $GITHUB_ENV + - name: Apply label to issue + if: ${{ env.LABEL != '' }} + uses: actions-ecosystem/action-add-labels@v1 + with: + github-token: ${{ secrets.ISSUE_AUTOMATION }} + labels: | + ${{ env.LABEL }} diff --git a/.github/workflows/zz_generated.add-to-project-board.yaml b/.github/workflows/zz_generated.add-to-project-board.yaml new file mode 100644 index 00000000..03ec487f --- /dev/null +++ b/.github/workflows/zz_generated.add-to-project-board.yaml @@ -0,0 +1,85 @@ +name: Add Issue to Project when assigned + +on: + issues: + types: [assigned] + +jobs: + build_user_list: + name: Get yaml config of GS users + runs-on: ubuntu-latest + steps: + - name: Get user-mapping + run: | + mkdir -p artifacts + wget --header "Authorization: token ${{ github.token }}" \ + -O artifacts/users.yaml \ + https://raw.githubusercontent.com/giantswarm/github/master/tools/issue-automation/user-mapping.yaml + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: users + path: artifacts/users.yaml + retention-days: 1 + - name: Get label-mapping + run: | + mkdir -p artifacts + wget --header "Authorization: token ${{ github.token }}" \ + -O artifacts/labels.yaml \ + https://raw.githubusercontent.com/giantswarm/github/master/tools/issue-automation/label-mapping.yaml + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: labels + path: artifacts/labels.yaml + retention-days: 1 + + add_to_personal_board: + name: Add issue to personal board + runs-on: ubuntu-latest + needs: build_user_list + steps: + - uses: actions/download-artifact@v3 + id: download-users + with: + name: users + - name: Find personal board based on user names + run: | + event_assignee=$(cat $GITHUB_EVENT_PATH | jq -r .assignee.login | tr '[:upper:]' '[:lower:]') + echo "Issue assigned to: ${event_assignee}" + + BOARD=($(cat ${{steps.download-users.outputs.download-path}}/users.yaml | tr '[:upper:]' '[:lower:]' | yq ".${event_assignee}.personalboard")) + echo "Personal board URL: ${BOARD}" + + echo "BOARD=${BOARD}" >> $GITHUB_ENV + - name: Add issue to personal board + if: ${{ env.BOARD != 'null' && env.BOARD != '' }} + uses: actions/add-to-project@main + with: + project-url: ${{ env.BOARD }} + github-token: ${{ secrets.ISSUE_AUTOMATION }} + + add_to_team_board: + name: Add issue to personal board + runs-on: ubuntu-latest + needs: build_user_list + steps: + - uses: actions/download-artifact@v3 + id: download-labels + with: + name: labels + - name: Find team board based on label + run: | + event_label=$(cat $GITHUB_EVENT_PATH | jq -r .label | tr '[:upper:]' '[:lower:]') + echo "Issue labelled with: ${event_label}" + + BOARD=($(cat ${{steps.download-users.outputs.download-path}}/labels.yaml | tr '[:upper:]' '[:lower:]' | yq ".${event_label}.projectBoard")) + echo "Team board URL: ${BOARD}" + + echo "BOARD=${BOARD}" >> $GITHUB_ENV + - name: Add issue to team board + if: ${{ env.BOARD != 'null' && env.BOARD != '' }} + uses: actions/add-to-project@main + with: + project-url: ${{ env.BOARD }} + github-token: ${{ secrets.ISSUE_AUTOMATION }} diff --git a/.github/workflows/zz_generated.check_values_schema.yaml b/.github/workflows/zz_generated.check_values_schema.yaml index 852b4c79..fa01fef0 100644 --- a/.github/workflows/zz_generated.check_values_schema.yaml +++ b/.github/workflows/zz_generated.check_values_schema.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@4.24.1 +# devctl@5.9.0 # name: 'Check if values schema file has been updated' on: pull_request @@ -16,34 +16,69 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - VALUES_FILE_CHANGED="false" - SCHEMA_FILE_CHANGED="false" + echo "Comparing ${GITHUB_BASE_REF}...${GITHUB_HEAD_REF}" - base_ref=${GITHUB_BASE_REF##*/} - head_ref=${GITHUB_HEAD_REF##*/} + # check if repo contains a schema file + if grep -q "values.schema.json" <<< $(git ls-tree -r --name-only ${GITHUB_SHA}); then - echo "Comparing ${base_ref}...${head_ref}" + # get a list of files changed in the PR + CHANGED_FILES=$(gh api repos/{owner}/{repo}/compare/${GITHUB_BASE_REF}...${GITHUB_HEAD_REF} \ + --jq ".files[].filename") - changed_files=$(gh api repos/{owner}/{repo}/compare/${base_ref}...${head_ref} --jq ".files[] | .filename") + # check if values.yaml in main chart was modified by this PR + # (this won't check values files in subcharts) + if grep -q 'helm\/[-a-z].*\/values.yaml' <<< "${CHANGED_FILES}" ; then - if grep -q "values.schema.json" <<< $(git ls-tree -r --name-only ${GITHUB_SHA}); then + # get the path to values.yaml + VALUES_FILE=$(gh api repos/{owner}/{repo}/compare/${GITHUB_BASE_REF}...${GITHUB_HEAD_REF} \ + --jq ".files[].filename" | grep 'helm\/[-a-z].*\/values.yaml') - if grep -q "values.yaml" <<< "${changed_files}" ; then - VALUES_FILE_CHANGED="true" - fi + # fetch branches so we can use them to compare + git fetch &> /dev/null - if grep -q "values.schema.json" <<< "${changed_files}" ; then - SCHEMA_FILE_CHANGED="true" - fi + # calculate hash of the keys from values.yaml from the default branch + DEFAULT_BRANCH_SHA=$(git show origin/${GITHUB_BASE_REF}:${VALUES_FILE} \ + | yq -P 'sort_keys(..)' -o=json | jq -r '[paths | join(".")]' \ + | sha1sum | awk '{print $1}') + + # calculate hash of the keys from values.yaml from this branch + THIS_BRANCH_SHA=$(git show origin/${GITHUB_HEAD_REF}:${VALUES_FILE} \ + | yq -P 'sort_keys(..)' -o=json | jq -r '[paths | join(".")]' \ + | sha1sum | awk '{print $1}') + + # compare hashes of the values files + if [[ "${DEFAULT_BRANCH_SHA}" != "${THIS_BRANCH_SHA}" ]]; then - if [ $VALUES_FILE_CHANGED != $SCHEMA_FILE_CHANGED ]; then - echo "FAILED: values.yaml was updated but values.schema.json hasn't been regenerated" - echo "Please refer to this document: https://intranet.giantswarm.io/docs/organizational-structure/teams/cabbage/app-updates/helm-values-schema/" - exit 1 + # values file structure has been modified so we need to ensure the schema + # file is also updated + + if grep -q "values.schema.json" <<< "${CHANGED_FILES}" ; then + # we assume that the schema has been updated, nothing to do + echo "PASSED: values.yaml and values.schema.json both appear to have been updated" + exit 0 + else + # schema must be updated + echo "FAILED: values.yaml was updated but values.schema.json hasn't been regenerated" + echo "Please refer to this document: https://intranet.giantswarm.io/docs/organizational-structure/teams/cabbage/app-updates/helm-values-schema/" + exit 1 + fi + + else + # values file structure hasn't changed, nothing to do + echo "values.yaml structure hasn't been changed by this PR" + exit 0 + fi + + else + # values file not included in PR, nothing to see here + echo "values.yaml not included in this PR" + exit 0 fi - echo "PASSED: values.yaml and values.schema.json both appear to have been updated" + else + + # if grep returns negative then there isn't a values.schema.json to check + echo "No values.schema.json file found in branch '${GITHUB_BASE_REF}', nothing to check" exit 0 - fi - echo "INFO: values.schema.json not present in this repo - nothing to do" + fi diff --git a/.github/workflows/zz_generated.create_release.yaml b/.github/workflows/zz_generated.create_release.yaml index b9688db2..e9c6c4d6 100644 --- a/.github/workflows/zz_generated.create_release.yaml +++ b/.github/workflows/zz_generated.create_release.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@4.24.1 +# devctl@5.9.0 # name: Create Release on: @@ -120,11 +120,13 @@ jobs: echo "error: no changes in \"$file\"" >&2 exit 1 fi + - name: Set up git identity + run: | + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" - name: Commit changes run: | file="${{ needs.gather_facts.outputs.project_go_path }}" - git config --local user.email "action@github.com" - git config --local user.name "GitHub Action" git add $file git commit -m "Bump version to ${{ steps.update_project_go.outputs.new_version }}" - name: Push changes @@ -167,10 +169,13 @@ jobs: with: version: ${{ needs.gather_facts.outputs.version }} path: ./CHANGELOG.md + - name: Set up git identity + run: | + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" - name: Create tag run: | version="${{ needs.gather_facts.outputs.version }}" - git config --local user.name "github-actions" git tag "v$version" ${{ github.sha }} - name: Push tag env: diff --git a/.github/workflows/zz_generated.create_release_pr.yaml b/.github/workflows/zz_generated.create_release_pr.yaml index 2754af5f..d5cec937 100644 --- a/.github/workflows/zz_generated.create_release_pr.yaml +++ b/.github/workflows/zz_generated.create_release_pr.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@4.24.1 +# devctl@5.9.0 # name: Create Release PR on: @@ -44,6 +44,7 @@ jobs: repo_name: ${{ steps.gather_facts.outputs.repo_name }} branch: ${{ steps.gather_facts.outputs.branch }} base: ${{ steps.gather_facts.outputs.base }} + is_major: ${{ steps.gather_facts.outputs.is_major }} skip: ${{ steps.pr_exists.outputs.skip }} version: ${{ steps.gather_facts.outputs.version }} steps: @@ -81,6 +82,7 @@ jobs: version_major=$((version_major+1)) version_minor=0 version_patch=0 + echo "::set-output name=is_major::true" ;; *) echo "Unknown Semver level provided" @@ -90,6 +92,12 @@ jobs: version="${version_major}.${version_minor}.${version_patch}" else version="${version#v}" # Strip "v" prefix. + version_major=$(echo "${version}" | cut -d "." -f 1) + version_minor=$(echo "${version}" | cut -d "." -f 2) + version_patch=$(echo "${version}" | cut -d "." -f 3) + if [[ $version_minor = 0 && $version_patch = 0 ]]; then + echo "::set-output name=is_major::true" + fi fi repo_name="$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" echo "repo_name=\"$repo_name\" base=\"$base\" head=\"$head\" version=\"$version\"" @@ -117,6 +125,9 @@ jobs: env: architect_flags: "--organisation ${{ github.repository_owner }} --project ${{ needs.gather_facts.outputs.repo_name }}" steps: + - uses: actions/setup-go@v3 + with: + go-version: '=1.18.1' - name: Install architect uses: giantswarm/install-binary-action@v1.0.0 with: @@ -129,12 +140,62 @@ jobs: - name: Prepare release changes run: | architect prepare-release ${{ env.architect_flags }} --version "${{ needs.gather_facts.outputs.version }}" + - name: Update version field in Chart.yaml + run: | + # Define chart_dir + repository="${{ needs.gather_facts.outputs.repo_name }}" + chart="helm/${repository}" + + # Check chart directory. + if [ ! -d "${chart}" ] + then + echo "Could not find chart directory '${chart}', adding app suffix." + + # Add app suffix. + chart="helm/${repository}-app" + + # Check chart directory with app suffix. + if [ ! -d "${chart}" ] + then + echo "Could not find chart directory '${chart}', removing app suffix." + + # Remove app suffix. + chart="helm/${repository%-app}" + + if [ ! -d "${chart}" ] + then + # Print error. + echo "Could not find chart directory '${chart}', doing nothing." + fi + fi + fi + + # Define chart YAML. + chart_yaml="${chart}/Chart.yaml" + + # Check chart YAML. + if [ -f "${chart_yaml}" ] + then + # check if version in Chart.yaml is templated using architect + if [ $(grep -c "^version:.*\.Version.*$" "${chart_yaml}") = "0" ]; then + yq -i '.version = "${{ needs.gather_facts.outputs.version }}"' "${chart_yaml}" + fi + fi + + - name: Bump go module defined in go.mod if needed + run: | + if [ "${{ needs.gather_facts.outputs.is_major }}" = true ] && test -f "go.mod"; then + go install github.com/marwan-at-work/mod/cmd/mod@v0.4.2 + mod upgrade + fi + - name: Set up git identity + run: | + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" - name: Create release commit env: version: "${{ needs.gather_facts.outputs.version }}" run: | - git config --local user.email "action@github.com" - git config --local user.name "github-actions" git add -A git commit -m "Release v${{ env.version }}" - name: Push changes @@ -148,4 +209,4 @@ jobs: base: "${{ needs.gather_facts.outputs.base }}" version: "${{ needs.gather_facts.outputs.version }}" run: | - hub pull-request -f -m "Release v${{ env.version }}" -a ${{ github.actor }} -b ${{ env.base }} -h ${{ needs.gather_facts.outputs.branch }} + hub pull-request -f -m "Release v${{ env.version }}" -a ${{ github.actor }} -b ${{ env.base }} -h ${{ needs.gather_facts.outputs.branch }} diff --git a/.github/workflows/zz_generated.gitleaks.yaml b/.github/workflows/zz_generated.gitleaks.yaml index 2ba257cb..e0f6786c 100644 --- a/.github/workflows/zz_generated.gitleaks.yaml +++ b/.github/workflows/zz_generated.gitleaks.yaml @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@4.24.1 +# devctl@5.9.0 # name: gitleaks diff --git a/.nancy-ignore b/.nancy-ignore index 2ed833e0..02e69e3f 100644 --- a/.nancy-ignore +++ b/.nancy-ignore @@ -4,3 +4,4 @@ CVE-2022-24687 until=2022-11-01 CVE-2021-23772 until=2022-11-01 sonatype-2022-0204 until=2022-10-01 sonatype-2021-1485 until=2022-10-01 +sonatype-2021-0276 until=2022-12-01 diff --git a/.nancy-ignore.generated b/.nancy-ignore.generated new file mode 100644 index 00000000..b4df6fc2 --- /dev/null +++ b/.nancy-ignore.generated @@ -0,0 +1,2 @@ +# This file is generated by https://github.com/giantswarm/github +# Repository specific ignores should be added to .nancy-ignore diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 682e11c1..e4d58f25 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -8,7 +8,7 @@ repos: args: [ --format=json ] - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.1.0 + rev: v4.3.0 hooks: - id: check-added-large-files # check for unresolved merge conflicts diff --git a/Makefile b/Makefile index 451b8d36..b916857e 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@4.24.1 +# devctl@5.9.0 # include Makefile.*.mk diff --git a/Makefile.gen.app.mk b/Makefile.gen.app.mk index affb5a8a..ab9f6f5d 100644 --- a/Makefile.gen.app.mk +++ b/Makefile.gen.app.mk @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@4.24.1 +# devctl@5.9.0 # ##@ App diff --git a/Makefile.gen.go.mk b/Makefile.gen.go.mk index 1889ab70..164beb63 100644 --- a/Makefile.gen.go.mk +++ b/Makefile.gen.go.mk @@ -1,6 +1,6 @@ # DO NOT EDIT. Generated with: # -# devctl@4.24.1 +# devctl@5.9.0 # APPLICATION := $(shell go list -m | cut -d '/' -f 3) @@ -97,6 +97,11 @@ lint: ## Runs golangci-lint. @echo "====> $@" golangci-lint run -E gosec -E goconst --timeout=15m ./... +.PHONY: nancy +nancy: ## Runs nancy (requires v1.0.37 or newer). + @echo "====> $@" + CGO_ENABLED=0 go list -json -m all | nancy sleuth --skip-update-check --quiet --exclude-vulnerability-file ./.nancy-ignore --additional-exclude-vulnerability-files ./.nancy-ignore.generated + .PHONY: test test: ## Runs go test with default values. @echo "====> $@" diff --git a/go.mod b/go.mod index 4dd08a8a..7d730a22 100644 --- a/go.mod +++ b/go.mod @@ -133,11 +133,11 @@ replace ( github.com/coreos/etcd v3.3.13+incompatible => github.com/coreos/etcd v3.3.25+incompatible github.com/dgrijalva/jwt-go => github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1 github.com/gogo/protobuf v1.3.1 => github.com/gogo/protobuf v1.3.2 + github.com/labstack/echo/v4 => github.com/labstack/echo/v4 v4.9.0 github.com/microcosm-cc/bluemonday v1.0.2 => github.com/microcosm-cc/bluemonday v1.0.19 github.com/nats-io/nats-server/v2 v2.5.0 => github.com/nats-io/nats-server/v2 v2.8.4 github.com/valyala/fasthttp v1.6.0 => github.com/valyala/fasthttp v1.38.0 sigs.k8s.io/cluster-api => sigs.k8s.io/cluster-api v1.0.4 - ) diff --git a/go.sum b/go.sum index 5122a2f8..f46c9c03 100644 --- a/go.sum +++ b/go.sum @@ -464,6 +464,10 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/labstack/echo/v4 v4.9.0/go.mod h1:xkCDAdFCIf8jsFQ5NnbK7oqaF/yU1A1X20Ltm0OvSks= +github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k= +github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM= +github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -975,6 +979,11 @@ golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211214170744-3b038e5940ed/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=