diff --git a/.github/scripts/build.sh b/.github/scripts/build.sh new file mode 100644 index 0000000..9d0ae7c --- /dev/null +++ b/.github/scripts/build.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +set -eo pipefail + +main() { + + pip install poetry + poetry install + +} + +main "$@" diff --git a/.github/scripts/setup.sh b/.github/scripts/setup.sh index 903325d..5d7c853 100644 --- a/.github/scripts/setup.sh +++ b/.github/scripts/setup.sh @@ -2,14 +2,14 @@ # shellcheck disable=SC2129 +set -eo pipefail + main() { BRANCH_OR_TAG="$(echo "${GITHUB_REF}" | sed 's/refs\/heads\///g' | sed 's/refs\/tags\///g')" - PROJECT_NAME="role-jumpcloud" + WORKFLOW_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" echo "BRANCH_OR_TAG=${BRANCH_OR_TAG}" >> "$GITHUB_ENV" echo "WEBHOOK_URL=${WEBHOOK_URL}" >> "$GITHUB_ENV" - echo "PROJECT_NAME=${PROJECT_NAME}" >> "$GITHUB_ENV" - echo "NOTIFICATION=${PROJECT_NAME} [${BRANCH_OR_TAG}]" >> "$GITHUB_ENV" - echo "USERNAME=osx-provisioner" >> "$GITHUB_ENV" + echo "NOTIFICATION=${PROJECT_NAME} [<${WORKFLOW_URL}|${BRANCH_OR_TAG}>]" >> "$GITHUB_ENV" } main diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 6fabf1a..a2c55c0 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -3,19 +3,72 @@ name: role-jumpcloud-push # Workflow Secrets: # SLACK_WEBHOOK (Required, for slack notifications...) +# GALAXY_API_KEY (Required, for Ansible Galaxy Import...) on: push: workflow_dispatch: +env: + PROJECT_NAME: "role-jumpcloud" + USERNAME: "osx-provisioner" + VERBOSE_NOTIFICATIONS: 0 + jobs: - documentation_test: + create_release: + needs: [documentation_test, molecule_lint, osx_build, security_test, start_notification, workflow_lint] runs-on: ubuntu-latest steps: + - name: Release -- Checkout Repository + if: contains(github.ref, '/tags/v') + uses: actions/checkout@v1 + + - name: Release -- Setup Environment + if: contains(github.ref, '/tags/v') + run: | + source ./.github/scripts/setup.sh + echo "{}" > package.json + env: + WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + + - name: Release -- Generate Changelog + if: contains(github.ref, '/tags/v') + uses: scottbrenner/generate-changelog-action@v1.3.3 + id: Changelog + env: + REPO: ${{ github.repository }} + - name: Release -- Create Github Release + if: contains(github.ref, '/tags/v') + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ env.BRANCH_OR_TAG }} + release_name: Release ${{ env.BRANCH_OR_TAG }} + body: | + ${{ steps.Changelog.outputs.changelog }} + draft: true + prerelease: false + + - name: Release -- Report Job Status (Success) + if: contains(github.ref, '/tags/v') + run: | + ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: automated release has been created:\nhttps://github.com/${USERNAME}/${PROJECT_NAME}/releases" + + - name: Release -- Report Job Status (Failure) + if: failure() && contains(github.ref, '/tags/v') + run: | + ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: automated release generation failed!" + + documentation_test: + + runs-on: ubuntu-latest + + steps: - name: Documentation Test -- Checkout Repository uses: actions/checkout@v1 @@ -26,14 +79,16 @@ jobs: WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} - name: Documentation Test -- Documentation Validation - uses: gaurav-nelson/github-action-markdown-link-check@1.0.11 + uses: gaurav-nelson/github-action-markdown-link-check@1.0.12 with: use-quiet-mode: 'no' use-verbose-mode: 'yes' - name: Documentation Test -- Report Success + if: ${{ env.VERBOSE_NOTIFICATIONS == '1' }} run: | ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: documentation test was successful!" + - name: Documentation Test -- Report Failure if: failure() run: | @@ -48,9 +103,9 @@ jobs: python-version: [3.8] steps: - - name: Molecule Lint -- Checkout Repository uses: actions/checkout@v1 + - name: Molecule Lint -- Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v1 with: @@ -61,6 +116,7 @@ jobs: source ./.github/scripts/setup.sh env: WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + - name: Molecule Lint -- Install Requirements run: | pip install poetry @@ -71,61 +127,61 @@ jobs: poetry run molecule lint - name: Molecule Lint -- Report Job Status (Success) + if: ${{ env.VERBOSE_NOTIFICATIONS == '1' }} run: | ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: molecule linting was successful!" + - name: Molecule Lint -- Report Job Status (Failure) if: failure() run: | ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: molecule linting has failed!" - release: - needs: [molecule_lint, documentation_test, security_test] + osx_build: - runs-on: ubuntu-latest + runs-on: macos-${{ matrix.os }} + strategy: + max-parallel: 4 + matrix: + os: [10.15] + platform: [x86_64] + python-version: [3.8.10] + scenario: ["mock_install_no_update", "mock_install_with_update"] steps: - - - name: Release -- Checkout Repository - if: contains(github.ref, '/tags/v') + - name: OSX Build -- Checkout uses: actions/checkout@v1 - - name: Release -- Setup Environment - if: contains(github.ref, '/tags/v') + - name: OSX Build -- Setup python + uses: actions/setup-python@v2 + with: + python-version: ${{ matrix.python-version }} + + - name: OSX Build -- Setup Environment run: | source ./.github/scripts/setup.sh - NEWTAG=${BRANCH_OR_TAG} - echo "NEWTAG=${NEWTAG}" >> $GITHUB_ENV - echo "{}" > package.json + source ./.github/scripts/build.sh env: WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} - - name: Release -- Generate Changelog - if: contains(github.ref, '/tags/v') - uses: scottbrenner/generate-changelog-action@1.0.3 - id: Changelog - env: - REPO: ${{ github.repository }} - - name: Release -- Create Github Release - if: contains(github.ref, '/tags/v') - uses: actions/create-release@v1 + - name: OSX Build -- Molecule Scenario + run: | + poetry run molecule test -s "${SCENARIO}" env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: ${{ env.NEWTAG }} - release_name: Release ${{ env.NEWTAG }} - body: | - ${{ steps.Changelog.outputs.changelog }} - draft: true - prerelease: false + SCENARIO: ${{ matrix.scenario}} - - name: Release -- Report Job Status (Success) - if: contains(github.ref, '/tags/v') + - name: OSX Build -- Report Job Status (Success) + if: ${{ env.VERBOSE_NOTIFICATIONS == '1' }} run: | - ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: automated release has been created:\nhttps://github.com/${USERNAME}/${PROJECT_NAME}/releases" - - name: Release -- Report Job Status (Failure) - if: failure() && contains(github.ref, '/tags/v') + ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: OSX ${{ matrix.os }}, molecule test scenario '${SCENARIO}' was successful" + env: + SCENARIO: ${{ matrix.scenario}} + + - name: OSX Build -- Report Job Status (Failure) + if: failure() run: | - ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: automated release generation failed!" + ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: OSX ${{ matrix.os }}, molecule test scenario '${SCENARIO}' failed!" + env: + SCENARIO: ${{ matrix.scenario}} security_test: @@ -136,9 +192,9 @@ jobs: python-version: [3.8] steps: - - name: Security Test -- Checkout Repository uses: actions/checkout@v1 + - name: Security Test -- Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v1 with: @@ -151,7 +207,7 @@ jobs: WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} - name: Security Test -- Run Gitleaks - uses: zricethezav/gitleaks-action@master + uses: zricethezav/gitleaks-action@v1.6.0 - name: Security Test -- Check Dependencies run: | @@ -161,46 +217,87 @@ jobs: safety check - name: Security Test -- Report Job Status on Success + if: ${{ env.VERBOSE_NOTIFICATIONS == '1' }} run: | ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: security checks were successful!" + - name: Security Test -- Report Job Status on Failure if: failure() run: | ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: security checks failed!" - workflow_lint: + start_notification: + runs-on: ubuntu-latest + + steps: + - name: Start -- Checkout Repository + uses: actions/checkout@v1 + + - name: Start -- Setup Environment + run: | + source ./.github/scripts/setup.sh + env: + WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + + - name: Start -- Report Job Status on Success + run: | + ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: workflow has started!" + + - name: Start -- Report Job Status on Failure + if: failure() + run: | + ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: error reporting job status!" + + success_notification: + needs: [create_release] runs-on: ubuntu-latest - strategy: - max-parallel: 4 - matrix: - python-version: [3.8] steps: + - name: Success -- Checkout Repository + uses: actions/checkout@v1 + + - name: Success -- Setup Environment + run: | + source ./.github/scripts/setup.sh + env: + WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + - name: Success -- Report Job Status on Success + run: | + ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: all checks were successful!" + + - name: Success -- Report Job Status on Failure + if: failure() + run: | + ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: error reporting job status!" + + workflow_lint: + + runs-on: ubuntu-latest + + steps: - name: Workflow Lint -- Checkout Repository uses: actions/checkout@v1 - - name: Workflow Lint -- Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v1 - with: - python-version: ${{ matrix.python-version }} - name: Workflow Lint -- Setup Environment run: | source ./.github/scripts/setup.sh env: WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} - - name: Workflow Lint -- Install Requirements - run: | - pip install yamllint - name: Workflow Lint -- Run Linter - run: | - yamllint .github/workflows + uses: ibiqlik/action-yamllint@v3 + with: + format: standard + file_or_dir: ./.github/workflows + config_file: ./.yamllint - name: Workflow Lint -- Report Job Status (Success) + if: ${{ env.VERBOSE_NOTIFICATIONS == '1' }} run: | ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: workflow linting was successful!" + - name: Workflow Lint -- Report Job Status (Failure) if: failure() run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0b1c0a6..006f286 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,6 +15,10 @@ on: required: true default: '' +env: + PROJECT_NAME: "role-jumpcloud" + USERNAME: "osx-provisioner" + jobs: publish_to_galaxy: @@ -25,13 +29,13 @@ jobs: python-version: [3.8] steps: - - name: Publish to Galaxy -- Code Checkout (workflow dispatch) if: github.event_name == 'workflow_dispatch' uses: actions/checkout@v2 with: fetch-depth: 0 ref: ${{ github.event.inputs.TAG }} + - name: Publish to Galaxy -- Code Checkout (published release) if: github.event_name != 'workflow_dispatch' uses: actions/checkout@v2 @@ -53,15 +57,17 @@ jobs: run: | pip install poetry poetry install + - name: Publish to Galaxy -- Trigger Ansible Galaxy Import run: | - ansible-galaxy role import ${USERNAME} ${PROJECT_NAME} --token ${API_KEY} + poetry run ansible-galaxy role import ${USERNAME} ${PROJECT_NAME} --token ${API_KEY} env: API_KEY: ${{ secrets.GALAXY_API_KEY }} - name: Publish to Galaxy -- Report Job Status (Success) run: | ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: automated ansible galaxy import has been completed!" + - name: Publish to Galaxy -- Report Job Status (Failure) if: failure() run: |