Skip to content

🔥 Migrating to Makefile Modules ALL AT ONCE 🔥 #556

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 17 commits into from
Sep 30, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions .github/actions/repo_access/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: 'Setup repo access'
description: 'Setups authenticate to GitHub repos'
inputs:
DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB:
required: true
description: "DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB secret"
outputs: {}
runs:
using: "composite"
steps:
- name: Configure jetstack/venafi-connection-lib repo pull access
shell: bash
run: |
mkdir ~/.ssh
chmod 700 ~/.ssh

echo "${{ inputs.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}" > ~/.ssh/venafi_connection_lib_id
chmod 600 ~/.ssh/venafi_connection_lib_id

cat <<EOT >> ~/.ssh/config
Host venafi-connection-lib.github.com
HostName github.com
IdentityFile ~/.ssh/venafi_connection_lib_id
IdentitiesOnly yes
EOT

cat <<EOT >> ~/.gitconfig
[url "git@venafi-connection-lib.github.com:jetstack/venafi-connection-lib"]
insteadOf = https://github.com/jetstack/venafi-connection-lib
EOT

echo "GOPRIVATE=github.com/jetstack/venafi-connection-lib" >> $GITHUB_ENV
11 changes: 4 additions & 7 deletions .github/dependabot.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/dependabot.yaml instead.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Broken link, I've fixed this upstream: cert-manager/makefile-modules#196


# Update Go dependencies and GitHub Actions dependencies daily.
version: 2
updates:
- package-ecosystem: gomod
@@ -14,10 +18,3 @@ updates:
groups:
all:
patterns: ["*"]
- package-ecosystem: docker
directory: /
schedule:
interval: daily
groups:
all:
patterns: ["*"]
23 changes: 0 additions & 23 deletions .github/workflows/chart-test.yaml

This file was deleted.

31 changes: 31 additions & 0 deletions .github/workflows/govulncheck.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/go/base/.github/workflows/govulncheck.yaml instead.

# Run govulncheck at midnight every night on the main branch,
# to alert us to recent vulnerabilities which affect the Go code in this
# project.
name: govulncheck
on:
workflow_dispatch: {}
schedule:
- cron: '0 0 * * *'

permissions:
contents: read

jobs:
govulncheck:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- id: go-version
run: |
make print-go-version >> "$GITHUB_OUTPUT"

- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ steps.go-version.outputs.result }}

- run: make verify-govulncheck
101 changes: 101 additions & 0 deletions .github/workflows/make-self-upgrade.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml instead.

name: make-self-upgrade
concurrency: make-self-upgrade
on:
workflow_dispatch: {}
schedule:
- cron: '0 0 * * *'

permissions:
contents: read

jobs:
self_upgrade:
runs-on: ubuntu-latest

if: github.repository_owner == 'cert-manager'

permissions:
contents: write
pull-requests: write

env:
SOURCE_BRANCH: "${{ github.ref_name }}"
SELF_UPGRADE_BRANCH: "self-upgrade-${{ github.ref_name }}"

steps:
- name: Fail if branch is not head of branch.
if: ${{ !startsWith(github.ref, 'refs/heads/') && env.SOURCE_BRANCH != '' && env.SELF_UPGRADE_BRANCH != '' }}
run: |
echo "This workflow should not be run on a non-branch-head."
exit 1

- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- id: go-version
run: |
make print-go-version >> "$GITHUB_OUTPUT"

- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ steps.go-version.outputs.result }}

- run: |
git checkout -B "$SELF_UPGRADE_BRANCH"

- run: |
make -j upgrade-klone
make -j generate

- id: is-up-to-date
shell: bash
run: |
git_status=$(git status -s)
is_up_to_date="true"
if [ -n "$git_status" ]; then
is_up_to_date="false"
echo "The following changes will be committed:"
echo "$git_status"
fi
echo "result=$is_up_to_date" >> "$GITHUB_OUTPUT"

- if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
run: |
git config --global user.name "cert-manager-bot"
git config --global user.email "cert-manager-bot@users.noreply.github.com"
git add -A && git commit -m "BOT: run 'make upgrade-klone' and 'make generate'" --signoff
git push -f origin "$SELF_UPGRADE_BRANCH"

- if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const { repo, owner } = context.repo;
const pulls = await github.rest.pulls.list({
owner: owner,
repo: repo,
head: owner + ':' + process.env.SELF_UPGRADE_BRANCH,
base: process.env.SOURCE_BRANCH,
state: 'open',
});

if (pulls.data.length < 1) {
const result = await github.rest.pulls.create({
title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH,
owner: owner,
repo: repo,
head: process.env.SELF_UPGRADE_BRANCH,
base: process.env.SOURCE_BRANCH,
body: [
'This PR is auto-generated to bump the Makefile modules.',
].join('\n'),
});
await github.rest.issues.addLabels({
owner,
repo,
issue_number: result.data.number,
labels: ['skip-review']
});
}
138 changes: 0 additions & 138 deletions .github/workflows/release-master.yml

This file was deleted.

Loading
Loading