From 5e15da92699a6f92da11557919bbecee9563289b Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Fri, 15 Dec 2023 09:41:17 +0100
Subject: [PATCH] new(ci): added gha support.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
---
 .github/workflows/ci.yml                      | 56 ++++++++++++
 .github/workflows/master.yml                  | 36 ++++++++
 .github/workflows/release.yml                 | 67 ++++++++++++++
 .../workflows/reusable_build_push_images.yml  | 87 +++++++++++++++++++
 .../reusable_build_test_driverkit.yml         | 40 +++++++++
 5 files changed, 286 insertions(+)
 create mode 100644 .github/workflows/ci.yml
 create mode 100644 .github/workflows/master.yml
 create mode 100644 .github/workflows/release.yml
 create mode 100644 .github/workflows/reusable_build_push_images.yml
 create mode 100644 .github/workflows/reusable_build_test_driverkit.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000..ce618082
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,56 @@
+name: CI Build
+on:
+  pull_request:
+    branches: [master]
+  workflow_dispatch:
+
+# Checks if any concurrent jobs under the same pull request or branch are being executed
+# NOTE: this will cancel every workflow that is being ran against a PR as group is just the github ref (without the workflow name)
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true  
+
+jobs:
+  build-test:
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: amd64
+
+  build-test-arm64:
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: arm64
+      
+  gomodtidy:
+    name: Enforce go.mod tidiness
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          persist-credentials: false
+
+      - name: Setup Go
+        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
+        with:
+          go-version: '1.21'
+          check-latest: true
+
+      - name: Execute go mod tidy and check the outcome
+        working-directory: ./
+        run: |
+          go mod tidy
+          exit_code=$(git diff --exit-code)
+          exit ${exit_code}
+
+      - name: Print a comment in case of failure
+        run: |
+          echo "The go.mod and/or go.sum files appear not to be correctly tidied.
+
+          Please, rerun go mod tidy to fix the issues."
+          exit 1
+        if: |
+          failure() && github.event.pull_request.head.repo.full_name == github.repository    
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
new file mode 100644
index 00000000..11c9e1c2
--- /dev/null
+++ b/.github/workflows/master.yml
@@ -0,0 +1,36 @@
+name: Master CI
+on:
+  push:
+    branches: [master]
+
+# Checks if any concurrent jobs is running for master CI and eventually cancel it
+concurrency:
+  group: ci-master
+  cancel-in-progress: true  
+
+jobs:
+  build-test:
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: amd64
+  
+  build-test-arm64:
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: arm64
+
+  push-images:
+    uses: ./.github/workflows/reusable_build_push_images.yml
+    needs: build-test
+    with:
+      arch: amd64
+    secrets: inherit  
+      
+  push-images-arm64:
+    uses: ./.github/workflows/reusable_build_push_images.yml
+    needs: build-test-arm64
+    with:
+      arch: arm64
+    secrets: inherit  
+      
+    
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000..22f5fb9d
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,67 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - v*
+
+permissions:
+  contents: write # needed to write releases
+  id-token: write # needed for keyless signing
+
+jobs:
+  build-test:
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: amd64
+  
+  build-test-arm64:
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: arm64
+
+  push-images:
+    uses: ./.github/workflows/reusable_build_push_images.yml
+    needs: build-test
+    with:
+      arch: amd64
+      tag: ${{ github.ref_name }}
+      is_latest: true
+    secrets: inherit  
+      
+  push-images-arm64:
+    uses: ./.github/workflows/reusable_build_push_images.yml
+    needs: build-test-arm64
+    with:
+      arch: arm64
+      tag: ${{ github.ref_name }}
+      is_latest: true
+    secrets: inherit  
+
+  release:
+    needs: [push-images,push-images-arm64]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Fetch
+        run: git fetch --prune --force --tags
+
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.21'
+      
+      - name: Install GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          install-only: true
+
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GIT_TAG: ${{ github.ref_name }}
+        run: make release  
diff --git a/.github/workflows/reusable_build_push_images.yml b/.github/workflows/reusable_build_push_images.yml
new file mode 100644
index 00000000..c09b3c08
--- /dev/null
+++ b/.github/workflows/reusable_build_push_images.yml
@@ -0,0 +1,87 @@
+# This is a reusable workflow used by master and release CI
+on:
+  workflow_call:
+    inputs:
+      arch:
+        description: amd64 or arm64
+        required: true
+        type: string
+      branch:
+        description: name of the branch
+        required: false
+        type: string
+        default: 'master'
+      tag:
+        description: The tag to use (e.g. "master" or "0.35.0")
+        required: false
+        type: string
+        default: ''
+      is_latest:
+        description: Update the latest tag with the new image
+        required: false
+        type: boolean
+        default: false
+
+jobs:
+  build-images:
+    runs-on: ${{ (inputs.arch == 'arm64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }}
+    env:
+      GIT_BRANCH: ${{ inputs.branch }}
+      GIT_TAG: ${{ inputs.tag }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        
+      - name: Create download folder
+        run: mkdir -p build-${{ inputs.arch }}
+        
+      - name: Download Driverkit
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: driverkit-${{ inputs.arch }}
+          path: build-${{ inputs.arch }}
+          
+      - name: Enforce executable bit
+        run: chmod +x build-${{ inputs.arch }}/driverkit
+        
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+          
+      - name: Login to Docker Hub
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_SECRET }}
+          
+      - name: Build and Push docker images
+        run: make push/all
+        
+      - name: Push latest images if needed
+        if: inputs.is_latest
+        run: make push/latest
+   
+  images:
+    runs-on: ubuntu-latest
+    needs: build-images
+    env:
+      GIT_BRANCH: ${{ inputs.branch }}
+      GIT_TAG: ${{ inputs.tag }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+          
+      - name: Login to Docker Hub
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_SECRET }}
+          
+      - name: Build and Push manifest to registry
+        run: make manifest/all
+      
+      - name: Push latest manifest if needed
+        if: inputs.is_latest
+        run: make manifest/latest
diff --git a/.github/workflows/reusable_build_test_driverkit.yml b/.github/workflows/reusable_build_test_driverkit.yml
new file mode 100644
index 00000000..9ae31b1d
--- /dev/null
+++ b/.github/workflows/reusable_build_test_driverkit.yml
@@ -0,0 +1,40 @@
+# This is a reusable workflow used by master and release CI
+on:
+  workflow_call:
+    inputs:
+      arch:
+        description: amd64 or arm64
+        required: true
+        type: string
+
+jobs:
+  build-test:
+    # See https://github.com/actions/runner/issues/409#issuecomment-1158849936
+    runs-on: ${{ (inputs.arch == 'arm64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }}
+    container: golang:1.21-alpine
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.21
+
+      - name: Build
+        run: make build
+        
+      - name: Test
+        run: make test
+      
+      - name: Integration tests
+        run: make Integration_test
+        
+      - name: Upload driverkit
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        with:
+          name: driverkit-${{ inputs.arch }}
+          path: |
+            ${{ github.workspace }}/_output/bin/driverkit