setup(repo): initial setup

Articola-Tools · Oct 25, 2024 · 288f252 · 288f252
1 parent a6c6177
commit 288f252
Show file tree

Hide file tree

Showing 18 changed files with 641 additions and 1 deletion.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,8 @@
+.idea
+.github
+.git
+tests
+.dockerignore
+Dockerfile
+LICENSE
+README.md
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,17 @@
+version: 2
+
+updates:
+    - package-ecosystem: "github-actions"
+      directory: "/"
+      schedule:
+          interval: "daily"
+
+    - package-ecosystem: "docker"
+      directory: "/"
+      schedule:
+          interval: "daily"
+
+    - package-ecosystem: "gomod"
+      directory: "/"
+      schedule:
+          interval: "daily"
diff --git a/.github/workflows/build_and_push_docker_image.yml b/.github/workflows/build_and_push_docker_image.yml
@@ -0,0 +1,56 @@
+name: "Build and push PR name validator Docker image"
+
+on:
+    push:
+        branches:
+            - "main"
+        paths-ignore:
+            - ".github/**"
+            - ".idea/**"
+            - "tests/**"
+            - "LICENSE"
+            - "README.md"
+
+permissions:
+    contents: "read"
+    packages: "write"
+    id-token: "write"
+
+env:
+    REGISTRY: "ghcr.io"
+    IMAGE_NAME: "articola-tools/pr-name-validator"
+
+jobs:
+    build-and-push:
+        runs-on: "ubuntu-latest"
+
+        # NOTE: building and pushing Docker image of PR name validator linter take around 1 minute.
+        # If this job takes more than 5 minutes, it means that something is wrong.
+        timeout-minutes: 5
+        steps:
+            - name: "Checkout ${{ github.event.repository.name }}"
+              uses: "actions/checkout@v4"
+
+            - name: "Add short hash of current commit to environment variables"
+              run: "echo \"CURRENT_COMMIT_SHORT_HASH=$(git rev-parse --short \"$GITHUB_SHA\")\" >> \"$GITHUB_ENV\""
+
+            - name: "Set up Docker Buildx"
+              uses: "docker/setup-buildx-action@v3"
+
+            - name: "Login to Docker registry"
+              uses: "docker/login-action@v3"
+              with:
+                  registry: "${{ env.REGISTRY }}"
+                  username: "${{ github.actor }}"
+                  password: "${{ secrets.GITHUB_TOKEN }}"
+
+            - name: "Build and push PR name validator linter Docker image"
+              uses: "docker/build-push-action@v6"
+              id: "build-and-push"
+              with:
+                  context: "."
+                  push: true
+                  tags: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest,
+                         ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.CURRENT_COMMIT_SHORT_HASH }}"
+                  cache-from: "type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
+                  cache-to: "type=inline"
diff --git a/.github/workflows/validate_new_changes.yml b/.github/workflows/validate_new_changes.yml
@@ -0,0 +1,199 @@
+name: "New changes validation"
+
+on:
+    pull_request:  # yamllint disable-line rule:empty-values
+
+permissions:
+    contents: "read"
+    packages: "read"
+
+env:
+    REGISTRY: "ghcr.io"
+    IMAGE_NAME: "articola-tools/pr-name-validator"
+
+jobs:
+    find-changed-files:
+        runs-on: "ubuntu-latest"
+        outputs:
+            is_yaml_changed: "${{ steps.filter.outputs.yaml }}"
+            is_dockerfile_changed: "${{ steps.filter.outputs.dockerfile }}"
+            is_validator_image_changed: "${{ steps.filter.outputs.validator-image }}"
+            is_go_changed: "${{ steps.filter.outputs.go }}"
+            is_markdown_changed: "${{ steps.filter.outputs.markdown }}"
+        permissions:
+            pull-requests: "read"
+        steps:
+            - name: "Checkout ${{ github.event.repository.name }}"
+              uses: "actions/checkout@v4"
+              with:
+                  fetch-depth: 1
+
+            - name: "Find changed files"
+              uses: "dorny/paths-filter@v3"
+              id: "filter"
+              with:
+                  filters: |
+                      yaml:
+                      - "**/*.yaml"
+                      - "**/*.yml"
+                      dockerfile:
+                      - "**/Dockerfile"
+                      validator-image:
+                      - "**/Dockerfile"
+                      - "**/.dockerignore"
+                      - "**/*.go"
+                      go:
+                      - "**/*.go"
+                      markdown:
+                      - "**/*.md"
+
+    validate-pr-name-validator-image:
+        runs-on: "ubuntu-latest"
+        needs: "find-changed-files"
+        if: "${{ needs.find-changed-files.outputs.is_validator_image_changed == 'true' }}"
+
+        # NOTE: building and running Docker image of PR name validator take around 1 minute.
+        # If this job takes more than 5 minutes, it means that something is wrong.
+        timeout-minutes: 5
+        steps:
+            - name: "Checkout ${{ github.event.repository.name }}"
+              uses: "actions/checkout@v4"
+
+            - name: "Set up Docker Buildx"
+              uses: "docker/setup-buildx-action@v3"
+
+            - name: "Login to Docker registry"
+              uses: "docker/login-action@v3"
+              with:
+                  registry: "${{ env.REGISTRY }}"
+                  username: "${{ github.actor }}"
+                  password: "${{ secrets.GITHUB_TOKEN }}"
+
+            - name: "Build PR name validator Docker image"
+              uses: "docker/build-push-action@v6"
+              with:
+                  push: false
+                  load: true
+
+                  # NOTE: using another name to don't allow docker to download image from the internet in the next step.
+                  tags: "local/pr-name-validator-pr:latest"
+                  cache-from: "type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
+                  cache-to: "type=inline"
+
+            - name: "Check correct PR names"
+              run: |
+                  while IFS= read -r pr_name; do
+                  docker run --rm local/pr-name-validator-pr:latest "$pr_name";
+                  done < ${{ github.workspace }}/tests/correct_pr_names.txt
+
+            - name: "Check incorrect PR names"
+              run: |
+                  while IFS= read -r pr_name; do
+                  if docker run --rm local/pr-name-validator-pr:latest "$pr_name"; then
+                  echo "Validation unexpectedly succeeded for PR name '$pr_name'!" >&2
+                  exit 1
+                  fi
+                  done < ${{ github.workspace }}/tests/incorrect_pr_names.txt
+
+            - name: "Run Dockerfile security scanner"
+              run: "docker run --rm --group-add $(getent group docker | cut -d: -f3)
+                    -v /var/run/docker.sock:/var/run/docker.sock
+                    ghcr.io/articola-tools/dockerfile-security-scanner local/pr-name-validator-pr:latest"
+
+    validate-dockerfile-changes:
+        runs-on: "ubuntu-latest"
+        needs: "find-changed-files"
+        if: "${{ needs.find-changed-files.outputs.is_dockerfile_changed == 'true' }}"
+
+        # NOTE: validating Dockerfile changes takes around 1 minute.
+        # If this job takes more than 5 minutes, it means that something is wrong.
+        timeout-minutes: 5
+        steps:
+            - name: "Checkout ${{ github.event.repository.name }}"
+              uses: "actions/checkout@v4"
+
+            - name: "Login to Docker registry"
+              uses: "docker/login-action@v3"
+              with:
+                  registry: "${{ env.REGISTRY }}"
+                  username: "${{ github.actor }}"
+                  password: "${{ secrets.GITHUB_TOKEN }}"
+
+            - name: "Run Dockerfile linter"
+              run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo
+                    ${{ env.REGISTRY }}/articola-tools/dockerfile-linter:latest"
+
+    validate-yaml-changes:
+        runs-on: "ubuntu-latest"
+        needs: "find-changed-files"
+
+        if: "${{ needs.find-changed-files.outputs.is_yaml_changed == 'true' }}"
+
+        # NOTE: validating YAML changes takes around 1 minute.
+        # If this job takes more than 5 minutes, it means that something is wrong.
+        timeout-minutes: 5
+        steps:
+            - name: "Checkout ${{ github.event.repository.name }}"
+              uses: "actions/checkout@v4"
+
+            - name: "Login to Docker registry"
+              uses: "docker/login-action@v3"
+              with:
+                  registry: "${{ env.REGISTRY }}"
+                  username: "${{ github.actor }}"
+                  password: "${{ secrets.GITHUB_TOKEN }}"
+
+            - name: "Run YAML linter"
+              run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo
+                    ${{ env.REGISTRY }}/articola-tools/yaml-linter:latest"
+
+    validate-markdown-changes:
+        runs-on: "ubuntu-latest"
+        needs: "find-changed-files"
+        if: "${{ needs.find-changed-files.outputs.is_markdown_changed == 'true' }}"
+
+        # NOTE: validating Markdown changes takes around 1 minute.
+        # If this job takes more than 5 minutes, it means that something is wrong.
+        timeout-minutes: 5
+        steps:
+            - name: "Checkout ${{ github.event.repository.name }}"
+              uses: "actions/checkout@v4"
+
+            - name: "Login to Docker registry"
+              uses: "docker/login-action@v3"
+              with:
+                  registry: "${{ env.REGISTRY }}"
+                  username: "${{ github.actor }}"
+                  password: "${{ secrets.GITHUB_TOKEN }}"
+
+            - name: "Run Dockerfile linter"
+              run: "docker run --rm -v ${{ github.workspace }}:/linter_workdir/repo
+                    ${{ env.REGISTRY }}/articola-tools/markdown-linter:latest"
+
+    validate-go-changes:
+        runs-on: "ubuntu-latest"
+        needs: "find-changed-files"
+        if: "${{ needs.find-changed-files.outputs.is_go_changed == 'true' }}"
+
+        # NOTE: validating Go changes takes around 1 minute.
+        # If this job takes more than 5 minutes, it means that something is wrong.
+        timeout-minutes: 5
+        steps:
+            - name: "Checkout ${{ github.event.repository.name }}"
+              uses: "actions/checkout@v4"
+
+            - name: "Build code"
+              run: "go build -ldflags \"-s -w\" -o pr_name_validator ./cmd/pr_name_validator/"
+
+            - name: "Run unit tests"
+              run: "go test ./..."
+
+            - name: "Login to Docker registry"
+              uses: "docker/login-action@v3"
+              with:
+                  registry: "${{ env.REGISTRY }}"
+                  username: "${{ github.actor }}"
+                  password: "${{ secrets.GITHUB_TOKEN }}"
+
+            - name: "Run linter"
+              run: "docker run --rm -v ./:/linter_workdir ghcr.io/articola-tools/go-linter:latest"
diff --git a/.idea/.gitignore b/.idea/.gitignore
diff --git a/.idea/misc.xml b/.idea/misc.xml
diff --git a/.idea/modules.xml b/.idea/modules.xml
diff --git a/.idea/pr-name-validator.iml b/.idea/pr-name-validator.iml
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,16 @@
+FROM golang:1.22.8 AS build
+
+COPY ./ /pr-name-validator
+
+WORKDIR /pr-name-validator
+
+RUN go mod download && go build -ldflags "-s -w" -o pr_name_validator ./cmd/pr_name_validator/
+
+
+FROM gcr.io/distroless/static-debian12:nonroot-8701094b7fe8ff30d0777bbdfcc9a65caff6f40b
+
+COPY --from=build /pr-name-validator/pr_name_validator /pr_name_validator
+
+HEALTHCHECK --timeout=1s --retries=1 CMD /pr_name_validator || exit 1
+
+ENTRYPOINT ["/pr_name_validator"]