diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 050ba09..8a47c5a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,14 +2,17 @@ name: ci on: schedule: - - cron: '0 10 * * *' # everyday at 10am + - cron: '0 10 * * *' push: branches: - 'master' - 'releases/v*' + tags: + - 'v*' pull_request: branches: - 'master' + - 'releases/v*' jobs: ci: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 041e641..4fb5d6c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,13 +5,10 @@ on: branches: - 'master' - 'releases/v*' - paths-ignore: - - '**.md' pull_request: branches: - 'master' - paths-ignore: - - '**.md' + - 'releases/v*' jobs: test: @@ -21,11 +18,15 @@ jobs: name: Checkout uses: actions/checkout@v2 - - name: Install - run: yarn install + name: Validate + uses: docker/bake-action@v1 + with: + targets: validate - name: Test - run: yarn run test + uses: docker/bake-action@v1 + with: + targets: test env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml deleted file mode 100644 index 0134e68..0000000 --- a/.github/workflows/validate.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: validate - -on: - push: - branches: - - 'master' - - 'releases/v*' - paths-ignore: - - '**.md' - pull_request: - branches: - - 'master' - paths-ignore: - - '**.md' - -jobs: - validate: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - - - name: Validate - run: docker buildx bake validate diff --git a/Dockerfile.dev b/Dockerfile.dev deleted file mode 100644 index cc1be75..0000000 --- a/Dockerfile.dev +++ /dev/null @@ -1,54 +0,0 @@ -#syntax=docker/dockerfile:1.2 - -FROM node:12 AS deps -WORKDIR /src -COPY package.json yarn.lock ./ -RUN --mount=type=cache,target=/src/node_modules \ - yarn install - -FROM scratch AS update-yarn -COPY --from=deps /src/yarn.lock / - -FROM deps AS validate-yarn -COPY .git .git -RUN status=$(git status --porcelain -- yarn.lock); if [ -n "$status" ]; then echo $status; exit 1; fi - -FROM deps AS base -COPY . . - -FROM base AS build -RUN --mount=type=cache,target=/src/node_modules \ - yarn build - -#FROM deps AS test -#ARG GITHUB_REPOSITORY -#ENV RUNNER_TEMP=/tmp/github_runner -#ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache -#ENV GITHUB_REPOSITORY=${GITHUB_REPOSITORY} -#COPY . . -#RUN --mount=type=cache,target=/src/node_modules \ -# --mount=type=secret,id=github_token \ -# GITHUB_TOKEN=$(cat /run/secrets/github_token) env|sort && yarn run test -# -#FROM scratch AS test-coverage -#COPY --from=test /src/coverage /coverage/ - -FROM base AS run-format -RUN --mount=type=cache,target=/src/node_modules \ - yarn run format - -FROM scratch AS format -COPY --from=run-format /src/src/*.ts /src/ - -FROM base AS validate-format -RUN --mount=type=cache,target=/src/node_modules \ - yarn run format-check - -FROM scratch AS dist -COPY --from=build /src/dist/ /dist/ - -FROM build AS validate-build -RUN status=$(git status --porcelain -- dist); if [ -n "$status" ]; then echo $status; exit 1; fi - -FROM base AS dev -ENTRYPOINT ["bash"] diff --git a/docker-bake.hcl b/docker-bake.hcl index 6c397f3..66d73f5 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,62 +1,77 @@ variable "GITHUB_REPOSITORY" { default = "crazy-max/ghaction-github-labeler" } +variable "NODE_VERSION" { + default = "12" +} + +target "_common" { + args = { + NODE_VERSION = NODE_VERSION + GITHUB_REPOSITORY = GITHUB_REPOSITORY + } +} group "default" { targets = ["build"] } group "pre-checkin" { - targets = ["update-yarn", "format", "build"] + targets = ["vendor-update", "format", "build"] } group "validate" { - targets = ["validate-format", "validate-build", "validate-yarn"] + targets = ["vendor-validate", "format-validate", "build-validate"] } -target "dockerfile" { - dockerfile = "Dockerfile.dev" +target "vendor-update" { + inherits = ["_common"] + dockerfile = "./hack/build.Dockerfile" + target = "vendor-update" + output = ["."] } -target "update-yarn" { - inherits = ["dockerfile"] - target = "update-yarn" - output = ["."] +target "vendor-validate" { + inherits = ["_common"] + dockerfile = "./hack/build.Dockerfile" + target = "vendor-validate" } target "build" { - inherits = ["dockerfile"] - target = "dist" + inherits = ["_common"] + dockerfile = "./hack/build.Dockerfile" + target = "build-update" output = ["."] } -//target "test" { -// args = { -// GITHUB_REPOSITORY = "${GITHUB_REPOSITORY}" -// } -// inherits = ["dockerfile"] -// secret = ["id=github_token,src=.dev/.ghtoken"] -// target = "test-coverage" -// output = ["."] -//} +target "build-validate" { + inherits = ["_common"] + dockerfile = "./hack/build.Dockerfile" + target = "build-validate" +} target "format" { - inherits = ["dockerfile"] - target = "format" + inherits = ["_common"] + dockerfile = "./hack/build.Dockerfile" + target = "format-update" output = ["."] } -target "validate-format" { - inherits = ["dockerfile"] - target = "validate-format" +target "format-validate" { + inherits = ["_common"] + dockerfile = "./hack/build.Dockerfile" + target = "format-validate" } -target "validate-build" { - inherits = ["dockerfile"] - target = "validate-build" +target "test" { + inherits = ["_common"] + dockerfile = "./hack/test.Dockerfile" + secret = ["id=GITHUB_TOKEN,env=GITHUB_TOKEN"] + target = "test-coverage" + output = ["./coverage"] } -target "validate-yarn" { - inherits = ["dockerfile"] - target = "validate-yarn" +target "test-local" { + inherits = ["test"] + secret = ["id=GITHUB_TOKEN,src=.dev/.ghtoken"] } diff --git a/hack/build.Dockerfile b/hack/build.Dockerfile new file mode 100644 index 0000000..742a14d --- /dev/null +++ b/hack/build.Dockerfile @@ -0,0 +1,54 @@ +# syntax=docker/dockerfile:1.3 +ARG NODE_VERSION + +FROM node:${NODE_VERSION}-alpine AS base +RUN apk add --no-cache cpio findutils git +WORKDIR /src + +FROM base AS deps +RUN --mount=type=bind,target=.,rw \ + --mount=type=cache,target=/src/node_modules \ + yarn install && mkdir /vendor && cp yarn.lock /vendor + +FROM scratch AS vendor-update +COPY --from=deps /vendor / + +FROM deps AS vendor-validate +RUN --mount=type=bind,target=.,rw \ + git add -A && cp -rf /out/* .; \ + if [ -n "$(git status --porcelain -- yarn.lock)" ]; then \ + echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'; \ + git status --porcelain -- yarn.lock; \ + exit 1; \ + fi + +FROM deps AS build +RUN --mount=type=bind,target=.,rw \ + --mount=type=cache,target=/src/node_modules \ + yarn run build && mkdir /out && cp -Rf dist /out/ + +FROM scratch AS build-update +COPY --from=build /out / + +FROM build AS build-validate +RUN --mount=type=bind,target=.,rw \ + git add -A && cp -rf /out/* .; \ + if [ -n "$(git status --porcelain -- dist)" ]; then \ + echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'; \ + git status --porcelain -- dist; \ + exit 1; \ + fi + +FROM deps AS format +RUN --mount=type=bind,target=.,rw \ + --mount=type=cache,target=/src/node_modules \ + yarn run format \ + && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out + +FROM scratch AS format-update +COPY --from=format /out / + +FROM deps AS format-validate +RUN --mount=type=bind,target=.,rw \ + --mount=type=cache,target=/src/node_modules \ + yarn run format-check \ diff --git a/hack/test.Dockerfile b/hack/test.Dockerfile new file mode 100644 index 0000000..b02f1c2 --- /dev/null +++ b/hack/test.Dockerfile @@ -0,0 +1,25 @@ +# syntax=docker/dockerfile:1.3 +ARG NODE_VERSION +ARG GITHUB_REPOSITORY + +FROM node:${NODE_VERSION}-alpine AS base +RUN apk add --no-cache git +WORKDIR /src + +FROM base AS deps +RUN --mount=type=bind,target=.,rw \ + --mount=type=cache,target=/src/node_modules \ + yarn install + +FROM deps AS test +ENV RUNNER_TEMP=/tmp/github_runner +ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache +ARG GITHUB_REPOSITORY +ENV GITHUB_REPOSITORY=${GITHUB_REPOSITORY} +RUN --mount=type=bind,target=.,rw \ + --mount=type=cache,target=/src/node_modules \ + --mount=type=secret,id=GITHUB_TOKEN \ + GITHUB_TOKEN=$(cat /run/secrets/GITHUB_TOKEN) yarn run test --coverageDirectory=/tmp/coverage + +FROM scratch AS test-coverage +COPY --from=test /tmp/coverage /