From 5a85d06571050565ca5cc61d1357a083f96d544b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E3=81=BE=E3=81=A3=E3=81=A1=E3=82=83=E3=81=A8=E3=83=BC?=
=?UTF-8?q?=E3=81=AB=E3=82=85?=
<17376330+u1-liquid@users.noreply.github.com>
Date: Thu, 9 Nov 2023 02:43:24 +0900
Subject: [PATCH] =?UTF-8?q?misc(GitHub=20Actions):=20io=E3=81=AB=E4=B8=8D?=
=?UTF-8?q?=E8=A6=81=E3=81=AAGitHub=20Actions=E3=81=AEWorkflow=E3=83=95?=
=?UTF-8?q?=E3=82=A1=E3=82=A4=E3=83=AB=E3=82=92=E5=89=8A=E9=99=A4=20(Missk?=
=?UTF-8?q?eyIO#225)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* Dockle 公式のactionを使うように
Co-authored-by: riku6460 <17585784+riku6460@users.noreply.github.com>
---
.github/workflows/docker-develop.yml | 43 -----------
.github/workflows/docker.yml | 49 -------------
.github/workflows/dockle.yml | 36 +++++-----
.github/workflows/ok-to-test.yml | 36 ----------
.github/workflows/pr-preview-deploy.yml | 92 ------------------------
.github/workflows/pr-preview-destroy.yml | 54 --------------
6 files changed, 19 insertions(+), 291 deletions(-)
delete mode 100644 .github/workflows/docker-develop.yml
delete mode 100644 .github/workflows/docker.yml
delete mode 100644 .github/workflows/ok-to-test.yml
delete mode 100644 .github/workflows/pr-preview-deploy.yml
delete mode 100644 .github/workflows/pr-preview-destroy.yml
diff --git a/.github/workflows/docker-develop.yml b/.github/workflows/docker-develop.yml
deleted file mode 100644
index 09a2c33e0c..0000000000
--- a/.github/workflows/docker-develop.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-name: Publish Docker image (develop)
-
-on:
- push:
- branches:
- - develop
- workflow_dispatch:
-
-jobs:
- push_to_registry:
- name: Push Docker image to Docker Hub
- runs-on: ubuntu-latest
- if: github.repository == 'misskey-dev/misskey'
- steps:
- - name: Check out the repo
- uses: actions/checkout@v3.3.0
- - name: Set up Docker Buildx
- id: buildx
- uses: docker/setup-buildx-action@v2.3.0
- with:
- platforms: linux/amd64,linux/arm64
- - name: Docker meta
- id: meta
- uses: docker/metadata-action@v4
- with:
- images: misskey/misskey
- - name: Log in to Docker Hub
- uses: docker/login-action@v2
- with:
- username: ${{ secrets.DOCKER_USERNAME }}
- password: ${{ secrets.DOCKER_PASSWORD }}
- - name: Build and Push to Docker Hub
- uses: docker/build-push-action@v4
- with:
- builder: ${{ steps.buildx.outputs.name }}
- context: .
- push: true
- platforms: ${{ steps.buildx.outputs.platforms }}
- provenance: false
- tags: misskey/misskey:develop
- labels: develop
- cache-from: type=gha
- cache-to: type=gha,mode=max
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
deleted file mode 100644
index a465d92eaf..0000000000
--- a/.github/workflows/docker.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Publish Docker image
-
-on:
- release:
- types: [published]
- workflow_dispatch:
-
-jobs:
- push_to_registry:
- name: Push Docker image to Docker Hub
- runs-on: ubuntu-latest
-
- steps:
- - name: Check out the repo
- uses: actions/checkout@v3.3.0
- - name: Set up Docker Buildx
- id: buildx
- uses: docker/setup-buildx-action@v2.3.0
- with:
- platforms: linux/amd64,linux/arm64
- - name: Docker meta
- id: meta
- uses: docker/metadata-action@v4
- with:
- images: misskey/misskey
- tags: |
- type=edge
- type=ref,event=pr
- type=ref,event=branch
- type=semver,pattern={{version}}
- type=semver,pattern={{major}}.{{minor}}
- type=semver,pattern={{major}}
- - name: Log in to Docker Hub
- uses: docker/login-action@v2
- with:
- username: ${{ secrets.DOCKER_USERNAME }}
- password: ${{ secrets.DOCKER_PASSWORD }}
- - name: Build and Push to Docker Hub
- uses: docker/build-push-action@v4
- with:
- builder: ${{ steps.buildx.outputs.name }}
- context: .
- push: true
- platforms: ${{ steps.buildx.outputs.platforms }}
- provenance: false
- tags: ${{ steps.meta.outputs.tags }}
- labels: ${{ steps.meta.outputs.labels }}
- cache-from: type=gha
- cache-to: type=gha,mode=max
diff --git a/.github/workflows/dockle.yml b/.github/workflows/dockle.yml
index 9b79ee54f0..292e68be13 100644
--- a/.github/workflows/dockle.yml
+++ b/.github/workflows/dockle.yml
@@ -1,4 +1,3 @@
----
name: Dockle
on:
@@ -11,20 +10,23 @@ on:
jobs:
dockle:
runs-on: ubuntu-latest
- env:
- DOCKER_CONTENT_TRUST: 1
steps:
- - uses: actions/checkout@v3.2.0
- - run: |
- curl -L -o dockle.deb "https://github.com/goodwithtech/dockle/releases/download/v0.4.10/dockle_0.4.10_Linux-64bit.deb"
- sudo dpkg -i dockle.deb
- - run: |
- cp .config/docker_example.env .config/docker.env
- cp ./docker-compose.yml.example ./docker-compose.yml
- - run: |
- docker compose up -d web
- docker tag "$(docker compose images web | awk 'OFS=":" {print $4}' | tail -n +2)" misskey-web:latest
- - run: |
- cmd="dockle --exit-code 1 misskey-web:latest ${image_name}"
- echo "> ${cmd}"
- eval "${cmd}"
+ - name: Checkout code
+ uses: actions/checkout@v3
+ - name: Build an image from Dockerfile
+ uses: docker/build-push-action@v4
+ with:
+ context: .
+ push: false
+ provenance: false
+ cache-from: type=registry,ref=ghcr.io/misskeyio/misskey:io-buildcache
+ tags: |
+ misskey:scan
+ - name: Run dockle
+ uses: goodwithtech/dockle-action@main
+ with:
+ image: 'misskey:scan'
+ format: 'list'
+ exit-code: '1'
+ exit-level: 'warn'
+ ignore: 'CIS-DI-0005,CIS-DI-0010'
diff --git a/.github/workflows/ok-to-test.yml b/.github/workflows/ok-to-test.yml
deleted file mode 100644
index 87af3a6ba6..0000000000
--- a/.github/workflows/ok-to-test.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-# If someone with write access comments "/ok-to-test" on a pull request, emit a repository_dispatch event
-name: Ok To Test
-
-on:
- issue_comment:
- types: [created]
-
-jobs:
- ok-to-test:
- runs-on: ubuntu-latest
- # Only run for PRs, not issue comments
- if: ${{ github.event.issue.pull_request }}
- steps:
- # Generate a GitHub App installation access token from an App ID and private key
- # To create a new GitHub App:
- # https://developer.github.com/apps/building-github-apps/creating-a-github-app/
- # See app.yml for an example app manifest
- - name: Generate token
- id: generate_token
- uses: tibdex/github-app-token@v1
- with:
- app_id: ${{ secrets.DEPLOYBOT_APP_ID }}
- private_key: ${{ secrets.DEPLOYBOT_PRIVATE_KEY }}
-
- - name: Slash Command Dispatch
- uses: peter-evans/slash-command-dispatch@v1
- env:
- TOKEN: ${{ steps.generate_token.outputs.token }}
- with:
- token: ${{ env.TOKEN }} # GitHub App installation access token
- # token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} # PAT or OAuth token will also work
- reaction-token: ${{ secrets.GITHUB_TOKEN }}
- issue-type: pull-request
- commands: deploy
- named-args: true
- permission: write
diff --git a/.github/workflows/pr-preview-deploy.yml b/.github/workflows/pr-preview-deploy.yml
deleted file mode 100644
index 9b786d34aa..0000000000
--- a/.github/workflows/pr-preview-deploy.yml
+++ /dev/null
@@ -1,92 +0,0 @@
-# Run secret-dependent integration tests only after /deploy approval
-on:
- repository_dispatch:
- types: [deploy-command]
-
-name: Deploy preview environment
-
-jobs:
- # Repo owner has commented /deploy on a (fork-based) pull request
- deploy-preview-environment:
- runs-on: ubuntu-latest
- if:
- github.event.client_payload.slash_command.sha != '' &&
- contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.sha)
- steps:
- - uses: actions/github-script@v6.3.3
- id: check-id
- env:
- number: ${{ github.event.client_payload.pull_request.number }}
- job: ${{ github.job }}
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
- result-encoding: string
- script: |
- const { data: pull } = await github.rest.pulls.get({
- ...context.repo,
- pull_number: process.env.number
- });
- const ref = pull.head.sha;
-
- const { data: checks } = await github.rest.checks.listForRef({
- ...context.repo,
- ref
- });
-
- const check = checks.check_runs.filter(c => c.name === process.env.job);
-
- return check[0].id;
-
- - uses: actions/github-script@v6.3.3
- env:
- check_id: ${{ steps.check-id.outputs.result }}
- details_url: ${{ github.server_url }}/${{ github.repository }}/runs/${{ github.run_id }}
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
- script: |
- await github.rest.checks.update({
- ...context.repo,
- check_run_id: process.env.check_id,
- status: 'in_progress',
- details_url: process.env.details_url
- });
-
- # Check out merge commit
- - name: Fork based /deploy checkout
- uses: actions/checkout@v3.3.0
- with:
- ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
-
- # <insert integration tests needing secrets>
- - name: Context
- uses: okteto/context@latest
- with:
- token: ${{ secrets.OKTETO_TOKEN }}
-
- - name: Deploy preview environment
- uses: ikuradon/deploy-preview@latest
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- name: pr-${{ github.event.client_payload.pull_request.number }}-syuilo
- timeout: 15m
-
- # Update check run called "integration-fork"
- - uses: actions/github-script@v6.3.3
- id: update-check-run
- if: ${{ always() }}
- env:
- # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
- conclusion: ${{ job.status }}
- check_id: ${{ steps.check-id.outputs.result }}
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
- script: |
- const { data: result } = await github.rest.checks.update({
- ...context.repo,
- check_run_id: process.env.check_id,
- status: 'completed',
- conclusion: process.env.conclusion
- });
-
- return result;
diff --git a/.github/workflows/pr-preview-destroy.yml b/.github/workflows/pr-preview-destroy.yml
deleted file mode 100644
index 8adfad9dab..0000000000
--- a/.github/workflows/pr-preview-destroy.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-# file: .github/workflows/preview-closed.yaml
-on:
- pull_request:
- types:
- - closed
-
-name: Destroy preview environment
-
-jobs:
- destroy-preview-environment:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/github-script@v6.3.3
- id: check-conclusion
- env:
- number: ${{ github.event.number }}
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
- result-encoding: string
- script: |
- const { data: pull } = await github.rest.pulls.get({
- ...context.repo,
- pull_number: process.env.number
- });
- const ref = pull.head.sha;
-
- const { data: checks } = await github.rest.checks.listForRef({
- ...context.repo,
- ref
- });
-
- const check = checks.check_runs.filter(c => c.name === 'deploy-preview-environment');
-
- if (check.length === 0) {
- return;
- }
-
- const { data: result } = await github.rest.checks.get({
- ...context.repo,
- check_run_id: check[0].id,
- });
-
- return result.conclusion;
- - name: Context
- if: steps.check-conclusion.outputs.result == 'success'
- uses: okteto/context@latest
- with:
- token: ${{ secrets.OKTETO_TOKEN }}
-
- - name: Destroy preview environment
- if: steps.check-conclusion.outputs.result == 'success'
- uses: okteto/destroy-preview@latest
- with:
- name: pr-${{ github.event.number }}-syuilo