Merge branch 'develop' into main

#18
#15

.github/workflows/build-and-push-ci.yml

@@ -0,0 +1,34 @@
+on:
+  workflow_call:
+jobs:
+  build-and-push-cotroller:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/uffizzicloud/controller_toolbox:v2
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - uses: gacts/github-slug@v1
+        id: slug
+      - name: Create toolbox env file
+        uses: SpicyPizza/[email protected]
+        with:
+          directory: infrastructure/toolbox
+          file_name: secrets.env
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v0'
+        with:
+          token_format: 'access_token'
+          workload_identity_provider: ${{ secrets.CI_IDENTITY_PROVIDER_LOCATION }}
+          service_account: ${{ secrets.CI_SERVICE_ACCOUNT_NAME }}
+      - name: Login to GCR
+        uses: docker/login-action@v2
+        with:
+          registry: gcr.io
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+      - name: Build and Push controller
+        run: |
+          export CI_COMMIT_REF_SLUG=${{ steps.slug.outputs.branch-name-slug }}
+          make build_controller push_controller

.github/workflows/code-quality.yml

@@ -0,0 +1,46 @@
+on:
+  workflow_call:
+jobs:
+  lint-controller:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v0'
+        with:
+          token_format: 'access_token'
+          workload_identity_provider: ${{ secrets.CI_IDENTITY_PROVIDER_LOCATION }}
+          service_account: ${{ secrets.CI_SERVICE_ACCOUNT_NAME }}
+      - name: Login to GCR
+        uses: docker/login-action@v2
+        with:
+          registry: gcr.io
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+      - name: Run rubocop
+        run: |
+          eval $(make image_names)
+          docker-compose -f docker-compose.ci.yml run --rm controller bash -c "make lint"
+  test-controller:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v0'
+        with:
+          token_format: 'access_token'
+          workload_identity_provider: ${{ secrets.CI_IDENTITY_PROVIDER_LOCATION }}
+          service_account: ${{ secrets.CI_SERVICE_ACCOUNT_NAME }}
+      - name: Login to GCR
+        uses: docker/login-action@v2
+        with:
+          registry: gcr.io
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+      - name: Run tests
+        run: |
+          eval $(make image_names)
+          docker-compose -f docker-compose.ci.yml run --rm controller bash -c "make test"

.github/workflows/deploy.yml

@@ -0,0 +1,129 @@
+on:
+  workflow_call:
+    inputs:
+      env:
+        required: true
+        type: string
+      project_id:
+        required: true
+        type: string
+      service_account_name:
+        required: true
+        type: string
+      workload_identity_provider_name:
+        required: true
+        type: string
+
+env:
+  ENV: "${{ inputs.env }}"
+  SENTRY_AUTH_TOKEN: "${{ secrets.SENTRY_AUTH_TOKEN }}"
+  SENTRY_ORG: "${{ secrets.SENTRY_ORG }}"
+  SENTRY_PROJECT: "${{ secrets.SENTRY_PROJECT }}"
+  GCP_PROJECT_ID: "${{ inputs.project_id }}"
+
+jobs:
+  update-gke-image:
+    runs-on: ubuntu-latest
+    container: ghcr.io/uffizzicloud/controller_toolbox:v2
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - uses: gacts/github-slug@v1
+        id: slug
+      - id: 'ci_registry_auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v0'
+        with:
+          token_format: 'access_token'
+          workload_identity_provider: ${{ secrets.CI_IDENTITY_PROVIDER_LOCATION }}
+          service_account: ${{ secrets.CI_SERVICE_ACCOUNT_NAME }}
+      - name: Login to GCR
+        uses: docker/login-action@v2
+        with:
+          registry: gcr.io
+          username: oauth2accesstoken
+          password: ${{ steps.ci_registry_auth.outputs.access_token }}
+      - name: Pull and tag CI image
+        run: make pull_ci_image tag_image
+      - id: 'registry_auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v0'
+        with:
+          token_format: 'access_token'
+          workload_identity_provider: ${{ secrets[inputs.workload_identity_provider_name] }}
+          service_account: ${{ secrets[inputs.service_account_name] }}
+      - name: Login to GCR
+        uses: docker/login-action@v2
+        with:
+          registry: gcr.io
+          username: oauth2accesstoken
+          password: ${{ steps.registry_auth.outputs.access_token }}
+      - name: Update GKE image
+        run: |
+          export CI_COMMIT_REF_SLUG=${{ steps.slug.outputs.branch-name-slug }}
+          make push_gcp_controller
+
+  update-gke-controller:
+    runs-on: ubuntu-latest
+    needs:
+      - update-gke-image 
+    container: 
+      image: ghcr.io/uffizzicloud/controller_toolbox:v2
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v0'
+        with:
+          workload_identity_provider: ${{ secrets[inputs.workload_identity_provider_name] }}
+          service_account: ${{ secrets[inputs.service_account_name] }}
+      - uses: 'google-github-actions/get-gke-credentials@v0'
+        with:
+          cluster_name: uffizzi-client
+          location: us-central1
+      - name: Update gke controller
+        run: make update_gke_controller_service
+
+# ----------- sentry release and notification -----------
+
+  create-sentry-release:
+    runs-on: ubuntu-latest
+    needs:
+      - update-gke-image 
+      - update-gke-controller
+    container:
+      image: ghcr.io/uffizzicloud/controller_toolbox:v2
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - id: ci_registry_auth
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v0'
+        with:
+          token_format: 'access_token'
+          workload_identity_provider: ${{ secrets.CI_IDENTITY_PROVIDER_LOCATION }}
+          service_account: ${{ secrets.CI_SERVICE_ACCOUNT_NAME }}
+      - name: Login to GCR
+        uses: docker/login-action@v2
+        with:
+          registry: gcr.io
+          username: oauth2accesstoken
+          password: ${{ steps.ci_registry_auth.outputs.access_token }}
+      - name: Create Sentry release
+        run: make sentry_release
+
+  notify:
+    needs:
+      - update-gke-image 
+      - update-gke-controller
+      - create-sentry-release
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: technote-space/workflow-conclusion-action@v2
+      - uses: 8398a7/action-slack@v3
+        with:
+          status: ${{ env.WORKFLOW_CONCLUSION }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/main.yml

@@ -2,9 +2,7 @@ name: Test, Lint, Build, and Publish Image
 on:
   push:
     branches:
-      - qa
       - develop
-      - main
   pull_request:
     types: [opened,synchronize,reopened]
 
@@ -29,41 +27,3 @@ jobs:
           go-version: '1.17'
       - name: Run tests
         run: make test
-  build-and-push-some-branches:
-    runs-on: ubuntu-latest
-    needs:
-      - lint
-      - test
-    if: ${{ github.ref_name == 'main' || github.ref_name == 'qa' || github.ref_name == 'develop' || github.event_name == 'pull_request' }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-      - name: Docker metadata
-        id: meta
-        uses: docker/metadata-action@v3
-        with:
-          images: uffizzi/controller
-          tags: |
-            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
-            type=ref,event=branch,enable=${{ github.ref_name == 'qa' || github.ref_name == 'develop' }}
-            type=ref,event=pr
-      - name: Build and Push Image to Docker Hub
-        uses: docker/build-push-action@v2
-        with:
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-      - name: Update Docker Hub Description for Default Branch
-        uses: peter-evans/[email protected]
-        if: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-          repository: uffizzi/controller

.github/workflows/release-production.yml

@@ -0,0 +1,34 @@
+name: Test, Lint And Release
+on:
+  push:
+    branches:
+      - main
+permissions:
+  contents: 'read'
+  id-token: 'write'
+  packages: 'read'
+  actions: 'read'
+
+jobs:
+  build-and-push-controller:
+    uses: ./.github/workflows/build-and-push-ci.yml
+    name: Build CI Web image
+    secrets: inherit
+  code-quality:
+    needs:
+      - build-and-push-controller
+    uses: ./.github/workflows/code-quality.yml
+    name: Test and Lint
+    secrets: inherit
+  deploy:
+    needs:
+      - build-and-push-controller
+      - code-quality
+    uses: ./.github/workflows/deploy.yml
+    with:
+      env: "production"
+      project_id: "uffizzi-pro-production-gke"
+      service_account_name: "PRODUCTION_GKE_SERVICE_ACCOUNT_NAME"
+      workload_identity_provider_name: "PRODUCTION_GKE_IDENTITY_PROVIDER"
+    name: Deploy Controller
+    secrets: inherit

.github/workflows/release-qa.yml

@@ -0,0 +1,34 @@
+name: Test, Lint And Release
+on:
+  push:
+    branches:
+      - qa
+permissions:
+  contents: 'read'
+  id-token: 'write'
+  packages: 'read'
+  actions: 'read'
+
+jobs:
+  build-and-push-controller:
+    uses: ./.github/workflows/build-and-push-ci.yml
+    name: Build CI Web image
+    secrets: inherit
+  code-quality:
+    needs:
+      - build-and-push-controller
+    uses: ./.github/workflows/code-quality.yml
+    name: Test and Lint
+    secrets: inherit
+  deploy:
+    needs:
+      - build-and-push-controller
+      - code-quality
+    uses: ./.github/workflows/deploy.yml
+    with:
+      env: "qa"
+      project_id: "uffizzi-pro-qa-gke"
+      service_account_name: "QA_GKE_SERVICE_ACCOUNT_NAME"
+      workload_identity_provider_name: "QA_GKE_IDENTITY_PROVIDER"
+    name: Deploy Controller
+    secrets: inherit

.github/workflows/release-staging.yml

@@ -0,0 +1,34 @@
+name: Test, Lint And Release
+on:
+  push:
+    branches:
+      - staging
+permissions:
+  contents: 'read'
+  id-token: 'write'
+  packages: 'read'
+  actions: 'read'
+
+jobs:
+  build-and-push-controller:
+    uses: ./.github/workflows/build-and-push-ci.yml
+    name: Build CI Web image
+    secrets: inherit
+  code-quality:
+    needs:
+      - build-and-push-controller
+    uses: ./.github/workflows/code-quality.yml
+    name: Test and Lint
+    secrets: inherit
+  deploy:
+    needs:
+      - build-and-push-controller
+      - code-quality
+    uses: ./.github/workflows/deploy.yml
+    with:
+      env: "staging"
+      project_id: "uffizzi-pro-staging-gke"
+      service_account_name: "STAGING_GKE_SERVICE_ACCOUNT_NAME"
+      workload_identity_provider_name: "STAGING_GKE_IDENTITY_PROVIDER"
+    name: Deploy Controller
+    secrets: inherit