chore(ci): Use Github Actions and Semantic Release

Signed-off-by: Tomas Coufal <[email protected]>

.aicoe-ci.yaml

@@ -1,13 +1 @@
 check: []
-build:
-  build-strategy: Source
-  base-image: registry.access.redhat.com/ubi8/nodejs-16:latest
-  registry: quay.io
-  registry-org: open-services-group
-  registry-project: peribolos-as-a-service
-  registry-secret: osg-pusher-secret
-deploy:
-  project-org: open-services-group
-  project-name: peribolos-as-a-service
-  image-name: peribolos-service-controller
-  overlay-contextpath: "manifests/overlays/prod/imagestream.yaml"

.github/ISSUE_TEMPLATE/promote.md

@@ -0,0 +1,8 @@
+---
+name: Promote `stage` environment to `prod`
+about: "**Maintainers only.** Schedule environment promotion `stage`->`prod`."
+title: Promote `stage` environment to `prod`
+labels: kind/promote, bot
+---
+
+Promote `stage` to `prod`, please.

.github/ISSUE_TEMPLATE/release.md

@@ -0,0 +1,8 @@
+---
+name: Trigger a new release
+about: "**Maintainers only.** Schedule repo for a semantic release."
+title: New semantic release
+labels: kind/release, bot
+---
+
+Create a new release, please.

.github/workflows/build-controller.yaml

@@ -0,0 +1,30 @@
+name: Build Controller
+
+on:
+  workflow_call:
+    inputs:
+      image-tag:
+        type: string
+        default: ${{ github.sha }}
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Read S2I base image
+        id: s2ibase
+        uses: juliangruber/read-file-action@v1
+        with:
+          path: ./.s2ibase
+
+      - name: S2I Build
+        uses: redhat-actions/s2i-build@v1
+        with:
+          path_context: "."
+          builder_image: "${{ steps.s2ibase.outputs.content }}"
+          image_name: peribolos-as-a-service
+          image_tag: "${{ inputs.image-tag }}"

.github/workflows/build-peribolos.yaml

@@ -0,0 +1,23 @@
+name: Build Peribolos
+
+on:
+  workflow_call:
+    inputs:
+      image-tag:
+        type: string
+        default: ${{ github.sha }}
+
+jobs:
+  build-peribolos:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Build
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: peribolos
+          tags: "${{ inputs.image-tag }}"
+          context: peribolos-fix
+          containerfiles: ./Dockerfile

.github/workflows/check-maintainer-role.yaml

@@ -0,0 +1,63 @@
+name: Check actor's maintainer role
+
+on:
+  workflow_call:
+    inputs:
+      success:
+        required: true
+        type: string
+      failure:
+        required: true
+        type: string
+      label:
+        required: true
+        type: string
+    outputs:
+      comment-id: ${{ jobs.check.outputs.comment-id }}
+
+jobs:
+  check:
+    name: Check if actor is a maintainer
+    runs-on: ubuntu-latest
+    outputs:
+      comment-id: ${{ steps.comment.outputs.comment-id }}
+    steps:
+      - name: Check if user has write access
+        uses: lannonbr/[email protected]
+        continue-on-error: true
+        id: access
+        with:
+          permission: write
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check issue label
+        if: ${{ !contains(github.event.issue.labels.*.name, 'kind/promote') }}
+        continue-on-error: true
+        id: releaseLabel
+        run: exit 1
+
+      - name: Close Issue
+        uses: peter-evans/close-issue@v1
+        if: ${{ !steps.access.outcome == 'failure' && steps.releaseLabel.outcome == 'success' }}
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          body: |
+            ⛔ You're not a maintainer @${{ github.event.issue.user.id }}. ${{ inputs.failure }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Exit on failure
+        if: ${{ steps.access.outcome == 'failure' || steps.releaseLabel.outcome == 'failure' }}
+        run: exit 1
+
+      - name: Create success comment
+        uses: peter-evans/create-or-update-comment@v1
+        if: ${{ success() }}
+        id: comment
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          body: |
+            🚀 ${{ inputs.success }} from ${{ github.sha }}. Job started [here](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}).
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pr.yaml

@@ -0,0 +1,13 @@
+name: Pull request
+
+on: pull_request
+
+jobs:
+  test:
+    uses: ./.github/workflows/test.yaml
+
+  build-controller:
+    uses: ./.github/workflows/build-controller.yaml
+
+  build-peribolos:
+    uses: ./.github/workflows/build-peribolos.yaml

.github/workflows/promote.yaml

@@ -0,0 +1,65 @@
+name: Promote
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  check-promote:
+    uses: ./.github/workflows/check-maintainer-role.yaml
+    with:
+      success: Promotion issue noticed. Promotion triggered
+      failure: You can't trigger a environment promotion
+      label: kind/promote
+
+  promote:
+    name: Promote
+    needs: check-promote
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Get images used in stage
+        uses: mikefarah/yq@master
+        id: stage
+        with:
+          cmd: yq e ".images" manifests/overlays/stage/kustomization.yaml
+
+      - name: Use stage images in prod
+        uses: mikefarah/yq@master
+        with:
+          cmd: yq e -i '.images=(strenv(IMAGES) | from_yaml)' manifests/overlays/prod/kustomization.yaml
+        env:
+          IMAGES: ${{ steps.stage.outputs.result }}
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        id: pr
+        with:
+          commit-message: "chore(manifests): Promote staging to prod"
+          title: "chore(manifests): Promote staging to prod"
+          branch: "promote/${{ github.event.issue.number }}"
+          delete-branch: true
+          body: |
+            Automated change, promoting images found in `stage` overlay to `prod`.
+
+            Resolves: ${{ github.event.issue.url }}
+
+      - name: Create success comment
+        uses: peter-evans/create-or-update-comment@v1
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          comment-id: ${{ needs.check-promote.outputs.comment-id }}
+          body: |
+            🙏 Promote pull request created at ${{ steps.pr.outputs.pull-request-url }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Close issue
+        uses: peter-evans/close-issue@v1
+        with:
+          issue-number: ${{ github.event.issue.number }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/push.yaml

@@ -0,0 +1,46 @@
+name: Push
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  test:
+    uses: ./.github/workflows/test.yaml
+
+  build-controller:
+    name: Build and Push Controller
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ./.github/workflows/build-controller.yaml
+
+      - name: Tag as latest
+        run: docker tag peribolos-as-a-service:${{ github.sha }} latest
+
+      - name: Push To Quay
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: peribolos-as-a-service
+          tags: ${{ github.sha }} latest
+          registry: quay.io/open-services-group
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+
+  build-peribolos:
+    name: Build and Push Peribolos
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ./.github/workflows/build-peribolos.yaml
+
+      - name: Tag as latest
+        run: docker tag peribolos:${{ github.sha }} peribolos:latest
+
+      - name: Push To Quay
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: peribolos
+          tags: ${{ github.sha }} latest
+          registry: quay.io/open-services-group
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}