From 5f128fde03220e207b5fa4fe9bdbd917e9da9d58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Krupa=20=28paulfantom=29?= Date: Tue, 1 Mar 2022 23:50:42 +0100 Subject: [PATCH] .github: use renovate to manage tooling versions; cleanup --- .github/env | 3 --- .github/renovate.json | 20 ++++++++++++++++ .github/workflows/images.yml | 16 ++++++++----- .github/workflows/kubeconform.yml | 7 +++--- .github/workflows/kubelint.yml | 34 ---------------------------- .github/workflows/monitoring.yml | 7 +++--- .github/workflows/pluto.yml | 19 ---------------- .github/workflows/prometheusrule.yml | 7 +++--- .github/workflows/secrets.yml | 8 +++---- .github/workflows/versions.yaml | 8 +++++-- .kubelinter.yaml | 9 -------- 11 files changed, 49 insertions(+), 89 deletions(-) delete mode 100644 .github/env delete mode 100644 .github/workflows/kubelint.yml delete mode 100644 .github/workflows/pluto.yml delete mode 100644 .kubelinter.yaml diff --git a/.github/env b/.github/env deleted file mode 100644 index e9bfc9e60..000000000 --- a/.github/env +++ /dev/null @@ -1,3 +0,0 @@ -golang-version=1.17 -jsonnet-version=0.18.0 -jb-version=dafc283219baad354ecec101ec33070049e3a7b4 diff --git a/.github/renovate.json b/.github/renovate.json index 7967286a9..4b4c87461 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -3,12 +3,32 @@ "config:base" ], "assignees": ["paulfantom"], + "reviewers": ["paulfantom"], "regexManagers": [ { "fileMatch": "metal/group_vars/k3s.yml", "matchStrings": ["k3s_version: (?.*?)\\n"], "datasourceTemplate": "github-tags", "depNameTemplate": "k3s-io/k3s" + }, + { + "fileMatch": ["^\\.github\\/workflows\\/[^/]+\\.ya?ml$"], + "matchStrings": ["jsonnet-version:\\s(?.*?)\\n"], + "datasourceTemplate": "github-tags", + "depNameTemplate": "google/jsonnet" + }, + { + "fileMatch": ["^\\.github\\/workflows\\/[^/]+\\.ya?ml$"], + "matchStrings": ["golang-version:\\s(?.*?)\\n"], + "datasourceTemplate": "golang-version", + "depNameTemplate": "golang" + } + ], + "packageRules": [ + { + "addLabels": ["github_actions"], + "groupName": "github actions", + "matchPaths": [".github/**"] } ] } diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 92557a44c..a2652308e 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -7,19 +7,23 @@ on: pull_request: branches: [master] +env: + golang-version: 1.17.7 + jobs: validate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Import environment variables - run: cat ".github/env" >> $GITHUB_ENV - - name: Show env - run: echo $GITHUB_ENV - uses: actions/setup-go@v3 with: go-version: '${{ env.golang-version }}' - run: go install github.com/brancz/gojsontoyaml@latest - - run: wget https://github.com/estesp/manifest-tool/releases/download/v1.0.3/manifest-tool-linux-amd64 -O /tmp/manifest-tool && chmod +x /tmp/manifest-tool && sudo mv /tmp/manifest-tool /usr/bin/ - - run: sudo apt update && sudo apt install -y jq + - run: | + wget https://github.com/estesp/manifest-tool/releases/download/v1.0.3/manifest-tool-linux-amd64 -O /tmp/manifest-tool + chmod +x /tmp/manifest-tool + sudo mv /tmp/manifest-tool /usr/bin/ + - run: | + sudo apt update + sudo apt install -y jq - run: ./hack/checkimages.sh diff --git a/.github/workflows/kubeconform.yml b/.github/workflows/kubeconform.yml index 48996e08d..f2aec0b33 100644 --- a/.github/workflows/kubeconform.yml +++ b/.github/workflows/kubeconform.yml @@ -7,13 +7,14 @@ on: pull_request: branches: [master] +env: + golang-version: 1.17.7 + jobs: apps: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Import environment variables - run: cat ".github/env" >> $GITHUB_ENV - uses: actions/setup-go@v3 with: go-version: '${{ env.golang-version }}' @@ -33,8 +34,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Import environment variables - run: cat ".github/env" >> $GITHUB_ENV - uses: actions/setup-go@v3 with: go-version: '${{ env.golang-version }}' diff --git a/.github/workflows/kubelint.yml b/.github/workflows/kubelint.yml deleted file mode 100644 index 67325e0f8..000000000 --- a/.github/workflows/kubelint.yml +++ /dev/null @@ -1,34 +0,0 @@ -#--- -#name: kubelint -# -#on: -# push: -# branches: [master] -# pull_request: -# branches: [master] -# -#jobs: -# apps: -# runs-on: ubuntu-latest -# steps: -# - uses: actions/checkout@v2 -# - name: Download latest kube-linter -# run: | -# LOCATION=$(curl -s https://api.github.com/repos/stackrox/kube-linter/releases/latest \ -# | grep "tag_name" \ -# | awk '{print "https://github.com/stackrox/kube-linter/releases/download/" substr($2, 2, length($2)-3) "/kube-linter-linux.tar.gz"}') -# curl -s -L -o kube-linter-linux.tar.gz $LOCATION -# tar -xf kube-linter-linux.tar.gz -C "${GITHUB_WORKSPACE}/" -# - run: ./kube-linter lint --config .kubelinter.yaml apps/ -# base: -# runs-on: ubuntu-latest -# steps: -# - uses: actions/checkout@v2 -# - name: Download latest kube-linter -# run: | -# LOCATION=$(curl -s https://api.github.com/repos/stackrox/kube-linter/releases/latest \ -# | grep "tag_name" \ -# | awk '{print "https://github.com/stackrox/kube-linter/releases/download/" substr($2, 2, length($2)-3) "/kube-linter-linux.tar.gz"}') -# curl -s -L -o kube-linter-linux.tar.gz $LOCATION -# tar -xf kube-linter-linux.tar.gz -C "${GITHUB_WORKSPACE}/" -# - run: ./kube-linter lint --config .kubelinter.yaml base/ diff --git a/.github/workflows/monitoring.yml b/.github/workflows/monitoring.yml index 939c6203d..3439649e8 100644 --- a/.github/workflows/monitoring.yml +++ b/.github/workflows/monitoring.yml @@ -7,20 +7,21 @@ on: pull_request: branches: [master] +env: + golang-version: 1.17.7 + jobs: alertmanager: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Import environment variables - run: cat ".github/env" >> $GITHUB_ENV - uses: actions/setup-go@v3 with: go-version: '${{ env.golang-version }}' - run: go install github.com/brancz/gojsontoyaml@latest - run: go install -a github.com/prometheus/alertmanager/cmd/amtool@latest - name: Unpack config - run: gojsontoyaml -yamltojson alertmanager.yaml + run: gojsontoyaml -yamltojson alertmanager.yaml - name: Replace secrets run: | sed -i 's|$(SLACK_API_URL)|https://example.org|g' alertmanager.yaml diff --git a/.github/workflows/pluto.yml b/.github/workflows/pluto.yml deleted file mode 100644 index 07e9059b8..000000000 --- a/.github/workflows/pluto.yml +++ /dev/null @@ -1,19 +0,0 @@ -#--- -#name: pluto -# -#on: -# push: -# branches: [master] -# pull_request: -# branches: [master] -# -#jobs: -# validate: -# runs-on: ubuntu-latest -# steps: -# - uses: actions/checkout@v2 -# - uses: actions/setup-go@v2 -# with: -# go-version: '^1.13.1' -# - run: go get -u github.com/FairwindsOps/pluto -# - run: pluto detect-files --target-versions k8s=v1.18.0 -d apps/ diff --git a/.github/workflows/prometheusrule.yml b/.github/workflows/prometheusrule.yml index ab0e12f4e..e759ad037 100644 --- a/.github/workflows/prometheusrule.yml +++ b/.github/workflows/prometheusrule.yml @@ -7,20 +7,19 @@ on: pull_request: branches: [master] +env: + golang-version: 1.17.7 + jobs: verify: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Import environment variables - run: cat ".github/env" >> $GITHUB_ENV - uses: actions/setup-go@v3 with: go-version: '${{ env.golang-version }}' - run: go install github.com/brancz/gojsontoyaml@latest #- run: go get -u github.com/prometheus/prometheus/cmd/promtool - - run: | - echo "HOSTNAME: $HOSTNAME" - name: Download latest release of promtool run: | VERSION=$(curl -s https://api.github.com/repos/prometheus/prometheus/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3)}' | sed 's/v//') diff --git a/.github/workflows/secrets.yml b/.github/workflows/secrets.yml index d311f1846..f1f021c8c 100644 --- a/.github/workflows/secrets.yml +++ b/.github/workflows/secrets.yml @@ -7,16 +7,14 @@ on: pull_request: branches: [master] +env: + golang-version: 1.17.7 + jobs: validate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Import environment variables - run: cat ".github/env" >> $GITHUB_ENV - - uses: actions/setup-go@v3 - with: - go-version: '${{ env.golang-version }}' - run: go install github.com/brancz/gojsontoyaml@latest - run: sudo apt update && sudo apt install -y jq - run: make secrets diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index 30062b7a5..85e48aa5f 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -5,13 +5,17 @@ on: - cron: '15 */6 * * *' #push: # branch: main + +env: + golang-version: 1.17.7 + jsonnet-version: 0.18.0 + jb-version: 3aec759b6a423f5b50751443ccc81e91a0887c02 # Commit from mid February 2022 + jobs: versions: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Import environment variables - run: cat ".github/env" >> $GITHUB_ENV - uses: actions/setup-go@v3 with: go-version: '${{ env.golang-version }}' diff --git a/.kubelinter.yaml b/.kubelinter.yaml deleted file mode 100644 index aadb28463..000000000 --- a/.kubelinter.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -checks: - exclude: - - "unset-cpu-requirements" - - "unset-memory-requirements" - - "no-read-only-root-fs" - - "run-as-non-root" - - "no-extensions-v1beta" # argocd still uses invalid API - - "drop-net-raw-capability" # TODO: needs investigation