Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
# Default owner for everything in this repo.
* @ExtraToast
* @JorisJonkers-dev
4 changes: 2 additions & 2 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
blank_issues_enabled: false
contact_links:
- name: ExtraToast platform conventions
url: https://github.com/ExtraToast/repo-template/blob/main/CONTRIBUTING.md
- name: JorisJonkers-dev platform conventions
url: https://github.com/JorisJonkers-dev/repo-template/blob/main/CONTRIBUTING.md
about: Branch, PR, CI (Pipeline Complete) and versioning conventions for every repo.
2 changes: 1 addition & 1 deletion .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Renovate (renovate.json) is the primary dependency manager for ExtraToast
# Renovate (renovate.json) is the primary dependency manager for JorisJonkers-dev
# repos. Dependabot is enabled only for GitHub Actions security updates as a
# belt-and-braces fallback; disable this file if Renovate covers actions in a
# given repo.
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Canonical single CI workflow for every ExtraToast repository.
# Canonical single CI workflow for every JorisJonkers-dev repository.
#
# Org convention: ONE pipeline per repo, and it terminates in a single
# aggregating job named "Pipeline Complete". That job name is the ONLY
Expand Down
92 changes: 92 additions & 0 deletions .github/workflows/container-publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
name: Container Publish

on:
workflow_call:
inputs:
image-name:
description: Image name below ghcr.io/<owner>/.
required: true
type: string
version:
description: Release version tag.
required: true
type: string
context:
description: Docker build context.
required: false
type: string
default: .
dockerfile:
description: Dockerfile path.
required: false
type: string
default: Dockerfile
platforms:
description: Target platforms.
required: false
type: string
default: linux/amd64
secrets:
packages-token:
description: Token passed as docker build secret github_token.
required: false

permissions:
contents: read
packages: write

jobs:
publish:
name: Container Publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6

- uses: docker/setup-qemu-action@v3

- uses: docker/setup-buildx-action@v4

- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}

- name: Resolve image tags
id: image
shell: bash
env:
IMAGE_NAME: ${{ inputs.image-name }}
VERSION: ${{ inputs.version }}
GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
run: |
set -euo pipefail

owner="$(printf '%s' "$GITHUB_REPOSITORY_OWNER" | tr '[:upper:]' '[:lower:]')"
image_ref="ghcr.io/${owner}/${IMAGE_NAME}"
if [ "$image_ref" != "$(printf '%s' "$image_ref" | tr '[:upper:]' '[:lower:]')" ]; then
echo "::error::Docker image reference must be lowercase: $image_ref"
exit 1
fi

{
echo 'tags<<EOF'
printf '%s:%s\n' "$image_ref" "$VERSION"
printf '%s:sha-%s\n' "$image_ref" "$GITHUB_SHA"
echo 'EOF'
} >> "$GITHUB_OUTPUT"

- name: Build and publish image
uses: docker/build-push-action@v7
with:
context: ${{ inputs.context }}
file: ${{ inputs.dockerfile }}
platforms: ${{ inputs.platforms }}
push: true
tags: ${{ steps.image.outputs.tags }}
cache-from: type=gha,scope=${{ inputs.image-name }}
cache-to: type=gha,mode=max,scope=${{ inputs.image-name }}
secrets: |
github_token=${{ secrets.packages-token || github.token }}
github_actor=${{ github.actor }}
6 changes: 3 additions & 3 deletions .github/workflows/deploy-config-render-drift.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
workflow_call:
inputs:
package-version:
description: Version of @extratoast/deploy-config-schema to install.
description: Version of @jorisjonkers-dev/deploy-config-schema to install.
required: false
type: string
default: ^0.6.0
Expand All @@ -22,7 +22,7 @@ on:
type: string
default: .
node-auth-token:
description: Token with packages:read for installing @extratoast packages from GitHub Packages (pass secrets.GITHUB_TOKEN).
description: Token with packages:read for installing @jorisjonkers-dev packages from GitHub Packages (pass secrets.GITHUB_TOKEN).
required: false
type: string
default: ""
Expand Down Expand Up @@ -56,7 +56,7 @@ jobs:

- uses: actions/checkout@v6
with:
repository: ExtraToast/github-workflows
repository: JorisJonkers-dev/github-workflows
ref: ${{ steps.workflow-ref.outputs.ref }}
path: .github-workflows
persist-credentials: false
Expand Down
79 changes: 79 additions & 0 deletions .github/workflows/docker-image-ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
name: Docker Image CI

on:
workflow_call:
inputs:
image-name:
description: Image name below ghcr.io/<owner>/.
required: true
type: string
context:
description: Docker build context.
required: false
type: string
default: .
dockerfile:
description: Dockerfile path.
required: false
type: string
default: Dockerfile
target:
description: Optional Dockerfile target.
required: false
type: string
default: ''
build-args:
description: Optional docker build args, one per line.
required: false
type: string
default: ''
secrets:
packages-token:
description: Token passed as docker build secret github_token.
required: false

permissions:
contents: read
packages: read

jobs:
build:
name: Docker Image CI
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6

- uses: docker/setup-buildx-action@v4

- name: Resolve image reference
id: image
shell: bash
env:
IMAGE_NAME: ${{ inputs.image-name }}
GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
run: |
set -euo pipefail

owner="$(printf '%s' "$GITHUB_REPOSITORY_OWNER" | tr '[:upper:]' '[:lower:]')"
image_ref="ghcr.io/${owner}/${IMAGE_NAME}"
if [ "$image_ref" != "$(printf '%s' "$image_ref" | tr '[:upper:]' '[:lower:]')" ]; then
echo "::error::Docker image reference must be lowercase: $image_ref"
exit 1
fi

printf 'tag=%s:ci-%s\n' "$image_ref" "$GITHUB_SHA" >> "$GITHUB_OUTPUT"

- name: Build image
uses: docker/build-push-action@v7
with:
context: ${{ inputs.context }}
file: ${{ inputs.dockerfile }}
target: ${{ inputs.target }}
build-args: ${{ inputs.build-args }}
push: false
tags: ${{ steps.image.outputs.tag }}
cache-from: type=gha,scope=${{ inputs.image-name }}
cache-to: type=gha,mode=max,scope=${{ inputs.image-name }}
secrets: |
github_token=${{ secrets.packages-token || github.token }}
github_actor=${{ github.actor }}
4 changes: 2 additions & 2 deletions .github/workflows/flux-render-validate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ on:
description: Repository containing the CRD catalog and validation script.
required: false
type: string
default: ExtraToast/platform-blueprints
default: JorisJonkers-dev/platform-blueprints
crd-catalog-ref:
description: Git ref for the CRD catalog and validation script.
required: false
Expand Down Expand Up @@ -56,7 +56,7 @@ jobs:

- uses: actions/checkout@v6
with:
repository: ExtraToast/github-workflows
repository: JorisJonkers-dev/github-workflows
ref: ${{ steps.workflow-ref.outputs.ref }}
path: .github-workflows
persist-credentials: false
Expand Down
95 changes: 95 additions & 0 deletions .github/workflows/gitops-ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
name: GitOps CI

on:
workflow_call:
inputs:
overlay-paths:
description: Newline- or comma-separated kustomize overlay paths to render and validate.
required: true
type: string
platform-config-paths:
description: Newline- or comma-separated platform config globs to validate.
required: false
type: string
default: |-
inventory/**/*.yaml
inventory/**/*.yml
deploy-config-command:
description: Optional command that writes deploy-config JSON to DEPLOY_CONFIG_OUT.
required: false
type: string
default: ''
deploy-config-targets:
description: Optional newline-separated adapter=relative/committed/path.yaml render drift targets.
required: false
type: string
default: ''
system-tests-command:
description: Optional caller-owned system test command.
required: false
type: string
default: ''
secrets:
packages-token:
description: GitHub Packages token used for deploy-config-schema package resolution.
required: false

permissions:
contents: read
packages: read

jobs:
gitops:
name: GitOps CI
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6

- name: Resolve workflow ref
id: workflow-ref
shell: bash
env:
WORKFLOW_REF: ${{ github.workflow_ref }}
run: |
set -euo pipefail

ref="${WORKFLOW_REF#*@}"
if [ -z "$ref" ] || [ "$ref" = "$WORKFLOW_REF" ]; then
echo "::error::Unable to resolve reusable workflow ref from $WORKFLOW_REF"
exit 1
fi

printf 'ref=%s\n' "$ref" >> "$GITHUB_OUTPUT"

- uses: actions/checkout@v6
with:
repository: JorisJonkers-dev/github-workflows
ref: ${{ steps.workflow-ref.outputs.ref }}
path: .github-workflows
persist-credentials: false

- name: Validate platform config
uses: ./.github-workflows/actions/platform-config-validate
with:
config-paths: ${{ inputs.platform-config-paths }}
schema-kind: auto
node-auth-token: ${{ secrets.packages-token || github.token }}

- name: Validate Flux render
uses: ./.github-workflows/actions/flux-render-validate
with:
overlay-paths: ${{ inputs.overlay-paths }}

- name: Check deploy config render drift
if: ${{ inputs.deploy-config-command != '' && inputs.deploy-config-targets != '' }}
uses: ./.github-workflows/actions/deploy-config-render-drift
with:
deploy-config-command: ${{ inputs.deploy-config-command }}
targets: ${{ inputs.deploy-config-targets }}
node-auth-token: ${{ secrets.packages-token || github.token }}

- name: Run system tests
if: ${{ inputs.system-tests-command != '' }}
env:
SYSTEM_TESTS_COMMAND: ${{ inputs.system-tests-command }}
run: bash -euo pipefail -c "$SYSTEM_TESTS_COMMAND"
4 changes: 2 additions & 2 deletions .github/workflows/jvm-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ jobs:

- uses: actions/checkout@v6
with:
repository: ExtraToast/github-workflows
repository: JorisJonkers-dev/github-workflows
ref: ${{ steps.workflow-ref.outputs.ref }}
path: .github-workflows
persist-credentials: false
Expand Down Expand Up @@ -115,7 +115,7 @@ jobs:

- uses: actions/checkout@v6
with:
repository: ExtraToast/github-workflows
repository: JorisJonkers-dev/github-workflows
ref: ${{ steps.workflow-ref.outputs.ref }}
path: .github-workflows
persist-credentials: false
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/migration-guard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:

- uses: actions/checkout@v6
with:
repository: ExtraToast/github-workflows
repository: JorisJonkers-dev/github-workflows
ref: ${{ steps.workflow-ref.outputs.ref }}
path: .github-workflows
persist-credentials: false
Expand Down
Loading
Loading