feat: ceramic cd manager skeleton (#4)

3box · Jul 6, 2022 · ed6a1c5 · ed6a1c5
1 parent d5f37f7
commit ed6a1c5
Show file tree

Hide file tree

Showing 10 changed files with 2,631 additions and 0 deletions.
diff --git a/.github/workflows/cd-manager.yml b/.github/workflows/cd-manager.yml
@@ -0,0 +1,122 @@
+name: Publish Docker image
+
+on:
+  push:
+    branches: [ develop, release-candidate, main ]
+    paths:
+      - 'cd/manager/**'
+  pull_request: # pull requests
+  workflow_dispatch: # manually triggered
+
+env:
+  # Dagger
+  DAGGER_PLAN: ci/cd-manager.cue
+  DAGGER_VERSION: "0.2.21"
+  DAGGER_LOG_FORMAT: "plain"
+  PIPELINE_TOOLS_VER: "0.1.3"
+  # Secrets
+  AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_REGION: ${{ secrets.AWS_REGION }}
+  GH_TOKEN: ${{ secrets.GH_TOKEN }}
+  # GitHub
+  RUN_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+  STATUS_URL: "https://api.github.com/repos/3box/pipeline-tools/statuses/${{ github.sha }}"
+  BRANCH: ${{ github.ref_name }}
+  SHA: ${{ github.sha }}
+
+jobs:
+  image:
+    name: Verify and publish Docker image
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Check out the repo
+        uses: actions/checkout@v2
+      -
+        name: Set sha tag
+        run: |
+          SHA_TAG=$(git rev-parse --short=12 "${{ env.SHA }}")
+          echo "SHA_TAG=$SHA_TAG" >> $GITHUB_ENV
+      -
+        name: Set main branch tag
+        if: ${{ env.BRANCH == 'main' }}
+        run: |
+          echo "ENV_TAG=prod" >> $GITHUB_ENV
+      -
+        name: Set rc branch tag
+        if: ${{ env.BRANCH == 'release-candidate' }}
+        run: |
+          echo "ENV_TAG=tnet" >> $GITHUB_ENV
+      -
+        name: Set develop branch tag
+        if: ${{ env.BRANCH == 'develop' || env.ENV_TAG == '' }}
+        run: |
+          echo "ENV_TAG=dev" >> $GITHUB_ENV
+      -
+        name: Set commit status "pending"
+        run: |
+          res=$(curl \
+            -X POST \
+            -H "Accept: application/vnd.github.v3+json" \
+            -H "Authorization: token ${{ env.GH_TOKEN }}" \
+            ${{ env.STATUS_URL }} \
+            -d '{"state":"pending","target_url":"${{ env.RUN_URL }}","description":"Image verification started","context":"ci/image: verify"}') || exit 1
+          echo $res
+          if [[ $res != *"pending"* ]]; then
+            exit 1
+          fi
+      -
+        name: Install Dagger
+        uses: dagger/dagger-for-github@v3
+        with:
+          install-only: true
+      -
+        name: Setup Dagger
+        run: |
+            dagger project init
+            dagger project update
+            dagger project update "github.com/3box/pipeline-tools@v${{ env.PIPELINE_TOOLS_VER }}"
+
+            AWS_SCRIPTS=cue.mod/pkg/universe.dagger.io/aws/_scripts
+            AWS_INSTALL="https://raw.githubusercontent.com/dagger/dagger/v${{ env.DAGGER_VERSION }}/pkg/universe.dagger.io/aws/_scripts/install.sh"
+            mkdir -p $AWS_SCRIPTS
+            curl -fsSL $AWS_INSTALL > $AWS_SCRIPTS/install.sh
+            chmod +x $AWS_SCRIPTS/install.sh
+      -
+        name: Verify Docker image
+        run: dagger do verify -p ../../${{ env.DAGGER_PLAN }}
+        working-directory: cd/manager
+      -
+        name: Push Docker image
+        if: ${{ env.BRANCH == 'main' || env.BRANCH == 'release-candidate' || env.BRANCH == 'develop' }}
+        run: dagger do push -w "actions:push:\"${{ env.AWS_REGION }}\":\"${{ env.ENV_TAG }}\":\"${{ env.BRANCH }}\":\"${{ env.SHA }}\":\"${{ env.SHA_TAG }}\":_" -p ../../${{ env.DAGGER_PLAN }}
+        working-directory: cd/manager
+      -
+        name: Set commit status "success"
+        run: |
+          res=$(curl \
+            -X POST \
+            -H "Accept: application/vnd.github.v3+json" \
+            -H "Authorization: token ${{ env.GH_TOKEN }}" \
+            ${{ env.STATUS_URL }} \
+            -d '{"state":"success","target_url":"${{ env.RUN_URL }}","description":"Image verification successful","context":"ci/image: verify"}') || exit 1
+          echo $res
+          if [[ $res != *"success"* ]]; then
+            exit 1
+          fi
+      -
+        name: Set commit status "failure"
+        if: ${{ failure() }}
+        run: |
+          res=$(curl \
+            -X POST \
+            -H "Accept: application/vnd.github.v3+json" \
+            -H "Authorization: token ${{ env.GH_TOKEN }}" \
+            ${{ env.STATUS_URL }} \
+            -d '{"state":"failure","target_url":"${{ env.RUN_URL }}","description":"Image verification failed","context":"ci/image: verify"}') || exit 1
+          echo $res
+          if [[ $res != *"failure"* ]]; then
+            exit 1
+          fi
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 cue.mod/
+cd/manager/target/
diff --git a/cd/TODO.cue b/cd/TODO.cue
diff --git a/cd/manager/.dockerignore b/cd/manager/.dockerignore
@@ -0,0 +1 @@
+target/