diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 000000000..b5c99340f --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,95 @@ +name: Release Robusta + +on: + release: + types: [published] + +env: + PROJECT_ID: ${{ secrets.GKE_PROJECT }} +# ` `` GKE_ZONE: us-central1-c # TODO: update to cluster zone + RELEASE_VER : ${{ github.event.release.tag_name }} +jobs: + + setup-build-publish-deploy: + name: Build images + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Get release version + run: echo "$RELEASE_VER" + + - uses: google-github-actions/setup-gcloud@v0.2.0 + with: + service_account_key: ${{ secrets.GKE_SA_KEY }} + project_id: ${{ secrets.GKE_PROJECT }} + export_default_credentials: true + + # Configure Docker to use the gcloud command-line tool as a credential helper for authentication + - run: |- + gcloud auth configure-docker us-central1-docker.pkg.dev + + - run: |- + gcloud config get-value project + + - run: |- + curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 + chmod a+x skaffold + + - name: Update package version + run: | + sed -i 's/0.0.0/${{env.RELEASE_VER}}/g' src/robusta/_version.py src/pyproject.toml + + # see https://github.com/GoogleContainerTools/skaffold/issues/4842 + - name: Cache skaffold image builds & config + uses: actions/cache@v2 + with: + path: ~/.skaffold/ + key: fixed-${{ github.sha }} + restore-keys: | + fixed-${{ github.sha }} + fixed- + - name: Build with skaffold + run: ./skaffold build -p prod --file-output=container-ids.json + + # we disable the run-id so that if we do two identical builds then they will output the same YAML + # otherwise skaffold creates a different yaml because the run id changes + - name: Render yaml file + run: ./skaffold render -p prod --offline=true -l skaffold.dev/run-id=LEAVE_UNCHANGED > robusta.yaml + + # upload robusta.yaml to gist + - name: Deploy gist + uses: arikalon1/actions-deploy-gist@v1 + with: + token: ${{ secrets.GIST_TOKEN }} + gist_id: 1196dd6496707d42d85d96f7e6b5d000 + gist_file_name: robusta-${{ env.RELEASE_VER }}.yaml + file_path: ./robusta.yaml + + - name: Create robusta examples + run: |- + zip -r ./example-playbooks.zip ./playbooks + + - name: Upload examples playbook to public gcp bucket + run: gsutil cp ./example-playbooks.zip gs://robusta-public/${{ env.RELEASE_VER }}/example-playbooks.zip + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: 3.9 + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install twine + + - name: Prepare pypi dist + run: | + cd src + pip3 install poetry==1.1.6 + poetry config virtualenvs.create false + bash -c "pip3 install --requirement <(poetry export --dev --format requirements.txt --without-hashes)" + poetry publish --build -u ${{ secrets.PYPI_USER }} -p ${{ secrets.PYPI_PASS }} + cd ../ diff --git a/.github/workflows/deploy-docs.yaml b/.github/workflows/deploy-docs.yaml new file mode 100644 index 000000000..07b6eba75 --- /dev/null +++ b/.github/workflows/deploy-docs.yaml @@ -0,0 +1,73 @@ +name: Build & Deploy Robusta Docs + +on: + release: + types: [published] + push: + paths: + - 'docs/**' + workflow_dispatch: + inputs: + version: + description: 'Docs release version' + required: true + +env: + PROJECT_ID: ${{ secrets.GKE_PROJECT }} + RELEASE_VER : ${{ github.event.release.tag_name }} +jobs: + + setup-build-publish-deploy: + name: Deploy docs + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - uses: google-github-actions/setup-gcloud@v0.2.0 + with: + service_account_key: ${{ secrets.GKE_SA_KEY }} + project_id: ${{ secrets.GKE_PROJECT }} + export_default_credentials: true + + # Configure Docker to use the gcloud command-line tool as a credential helper for authentication + - run: |- + gcloud auth configure-docker us-central1-docker.pkg.dev + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: 3.9 + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r docs/requirements.txt + + - name: Set environmental variables + run: | + if [ ! -z "${{ env.RELEASE_VER }}" ]; then + echo release + echo "DOCS_VERSION=${{ env.RELEASE_VER }}" >> $GITHUB_ENV + elif [ ! -z "${{ github.event.inputs.version }}" ]; then + echo manual + echo "DOCS_VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV + else + echo default + echo "DOCS_VERSION=master" >> $GITHUB_ENV + fi + + - name: Update docs version ${{ env.DOCS_VERSION }} + run: | + sed -i 's/DOCS_VERSION_PLACEHOLDER/${{ env.DOCS_VERSION }}/g' docs/conf.py + sed -i 's/DOCS_RELEASE_PLACEHOLDER/${{ env.DOCS_VERSION }}/g' docs/conf.py + + - name: Build the docs + run: | + cd docs + make html + + # using relative path doesn't work for some reason (aka ./_build/html) + - name: Upload docs to public gcp bucket + run: gsutil rsync -R /home/runner/work/cloudlets/cloudlets/docs/_build/html gs://robusta-public/${{ env.DOCS_VERSION }}/ \ No newline at end of file diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml new file mode 100644 index 000000000..ffd51a4d7 --- /dev/null +++ b/.github/workflows/semgrep.yml @@ -0,0 +1,18 @@ +on: + pull_request: {} + push: + branches: + - main + - master +name: Semgrep +jobs: + semgrep: + name: Scan + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: returntocorp/semgrep-action@v1 + with: + auditOn: push + publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} + publishDeployment: 1560 diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..d9b21d188 --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@ +.idea/ +.vscode/ +src/build/ +src/dist/ +*.egg/ +*.egg-info/ +*.pyc +venv/ +docs/_build +.DS_Store