Merge pull request #3 from VertaAI/ln/gha-nack

chore: move to GHA

Author: liam-verta

.github/workflows/release.yaml

@@ -1,8 +1,11 @@
 name: Release
 on:
-  push:
-    tags:
-      - v[0-9]+.[0-9]+.[0-9]+
+  # Only run when this repo changes from private to public.
+  # Already public = never
+  public
+  # push:
+  #   tags:
+  #     - v[0-9]+.[0-9]+.[0-9]+
 jobs:
   release:
     runs-on: ubuntu-latest

.github/workflows/testing.yaml

@@ -1,8 +1,11 @@
 name: Testing
 
 on:
-- push
-- pull_request
+  # Only run when this repo changes from private to public.
+  # Already public = never
+  public
+# - push
+# - pull_request
 
 jobs:
   build:

.github/workflows/verta-build.yaml

@@ -0,0 +1,222 @@
+name: Build and Push
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+  push:
+    branches:
+      - verta/main
+      - 'release/*'
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: write  # Read is required for actions/checkout, write is required to comment on commits
+  statuses: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  VERTA_ECR_REGISTRY: "493416687123.dkr.ecr.us-east-1.amazonaws.com"
+
+jobs:
+  nats-boot-config:
+    runs-on: ubuntu-latest
+
+    env:
+      ECR_REPOSITORY: "493416687123.dkr.ecr.us-east-1.amazonaws.com/external/natsio/nats-boot-config"
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          # need previous commit to find PR head commit info
+          fetch-depth: 2
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::493416687123:role/github-actions
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Get branch names
+        id: branch_names
+        uses: tj-actions/branch-names@v7
+
+      - name: Get docker image tag
+        id: image_info
+        run: |
+          branch=$(echo ${{ steps.branch_names.outputs.current_branch }} | sed 's,/,_,g')
+          # PRs checkout a merge of PR head with target. Branches checkout current head of branch.
+          # When in a PR, use the PR head commit sha instead of the checkout commit sha.
+          pr_sha="${{ github.event.pull_request.head.sha }}"
+          sha=${pr_sha:-$GITHUB_SHA}
+          sha_details=$(TZ=UTC git show -s --format=%cd--%h --date='format-local:%Y-%m-%dT%H-%M-%S' --abbrev=7 $sha)
+          echo "sha=${sha}" >> $GITHUB_OUTPUT
+          echo "tag=${branch}-${sha_details}" >> $GITHUB_OUTPUT
+
+      - name: Update commit status with Docker image status
+        uses: ouzi-dev/commit-status-updater@v2
+        with:
+          name: "Tag: ${{ steps.image_info.outputs.tag }}"
+          description: "Publishing..."
+
+      - name: Inspect image to see if it already exists
+        id: should_publish
+        run: |
+          TARGETS=""
+          docker manifest inspect $ECR_REPOSITORY:${{ steps.image_info.outputs.tag }} || TARGETS="nack"
+          echo "targets=${TARGETS}" >> $GITHUB_OUTPUT
+
+      - name: Build and push Docker image to ECR
+        uses: docker/build-push-action@v4
+        if: "!(steps.should_publish.outputs.targets == '')"
+        with:
+          # context: .
+          file: docker/nats-boot-config/Dockerfile
+          push: true
+          build-args: |
+            VERSION=${{ steps.image_info.outputs.tag }}
+          tags: |
+            ${{ env.ECR_REPOSITORY }}:${{ steps.image_info.outputs.tag }}
+
+      - name: Configure AWS credentials for us-west-2
+        # external components should mirror every merge to verta/main
+        if: startsWith( github.ref, 'refs/heads/release/' ) || ( github.ref == 'refs/heads/verta/main' )
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::493416687123:role/github-actions
+          aws-region: us-west-2
+
+      - name: Login to Amazon ECR for us-west-2
+        id: login-ecr-release
+        if: startsWith( github.ref, 'refs/heads/release/' ) || ( github.ref == 'refs/heads/verta/main' )
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Mirror Docker image to us-west-2
+        id: mirror-release
+        if: startsWith( github.ref, 'refs/heads/release/' ) || ( github.ref == 'refs/heads/verta/main' )
+        shell: bash
+        run: |
+          export TARGET_REPOSITORY=${ECR_REPOSITORY/us-east-1/us-west-2}
+          docker manifest inspect ${TARGET_REPOSITORY}:${{ steps.image_info.outputs.tag }} || \
+            docker tag ${ECR_REPOSITORY}:${{ steps.image_info.outputs.tag }} ${TARGET_REPOSITORY}:${{ steps.image_info.outputs.tag }} && \
+            docker push ${TARGET_REPOSITORY}:${{ steps.image_info.outputs.tag }}
+
+      - name: Create commit comment
+        uses: peter-evans/commit-comment@v2
+        if: "!(steps.should_publish.outputs.targets == '')"
+        with:
+          body: "Docker Tag: ${{ steps.image_info.outputs.tag }}"
+
+      - name: Update commit status with Docker image status
+        uses: ouzi-dev/commit-status-updater@v2
+        with:
+          name: "Tag: ${{ steps.image_info.outputs.tag }}"
+          url: "${{ github.server_url }}/${{ github.repository }}/commit/${{ steps.image_info.outputs.sha }}#comments"
+          status: success
+
+  nats-server-config-reloader:
+    runs-on: ubuntu-latest
+
+    env:
+      ECR_REPOSITORY: "493416687123.dkr.ecr.us-east-1.amazonaws.com/external/natsio/nats-server-config-reloader"
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          # need previous commit to find PR head commit info
+          fetch-depth: 2
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::493416687123:role/github-actions
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Get branch names
+        id: branch_names
+        uses: tj-actions/branch-names@v7
+
+      - name: Get docker image tag
+        id: image_info
+        run: |
+          branch=$(echo ${{ steps.branch_names.outputs.current_branch }} | sed 's,/,_,g')
+          # PRs checkout a merge of PR head with target. Branches checkout current head of branch.
+          # When in a PR, use the PR head commit sha instead of the checkout commit sha.
+          pr_sha="${{ github.event.pull_request.head.sha }}"
+          sha=${pr_sha:-$GITHUB_SHA}
+          sha_details=$(TZ=UTC git show -s --format=%cd--%h --date='format-local:%Y-%m-%dT%H-%M-%S' --abbrev=7 $sha)
+          echo "sha=${sha}" >> $GITHUB_OUTPUT
+          echo "tag=${branch}-${sha_details}" >> $GITHUB_OUTPUT
+
+      # - name: Update commit status with Docker image status
+      #   uses: ouzi-dev/commit-status-updater@v2
+      #   with:
+      #     name: "Tag: ${{ steps.image_info.outputs.tag }}"
+      #     description: "Publishing..."
+
+      - name: Inspect image to see if it already exists
+        id: should_publish
+        run: |
+          TARGETS=""
+          docker manifest inspect $ECR_REPOSITORY:${{ steps.image_info.outputs.tag }} || TARGETS="nack"
+          echo "targets=${TARGETS}" >> $GITHUB_OUTPUT
+
+      - name: Build and push Docker image to ECR
+        uses: docker/build-push-action@v4
+        if: "!(steps.should_publish.outputs.targets == '')"
+        with:
+          # context: .
+          file: docker/nats-server-config-reloader/Dockerfile
+          push: true
+          build-args: |
+            VERSION=${{ steps.image_info.outputs.tag }}
+          tags: |
+            ${{ env.ECR_REPOSITORY }}:${{ steps.image_info.outputs.tag }}
+
+      - name: Configure AWS credentials for us-west-2
+        # external components should mirror every merge to verta/main
+        if: startsWith( github.ref, 'refs/heads/release/' ) || ( github.ref == 'refs/heads/verta/main' )
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::493416687123:role/github-actions
+          aws-region: us-west-2
+
+      - name: Login to Amazon ECR for us-west-2
+        id: login-ecr-release
+        if: startsWith( github.ref, 'refs/heads/release/' ) || ( github.ref == 'refs/heads/verta/main' )
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Mirror Docker image to us-west-2
+        id: mirror-release
+        if: startsWith( github.ref, 'refs/heads/release/' ) || ( github.ref == 'refs/heads/verta/main' )
+        shell: bash
+        run: |
+          export TARGET_REPOSITORY=${ECR_REPOSITORY/us-east-1/us-west-2}
+          docker manifest inspect ${TARGET_REPOSITORY}:${{ steps.image_info.outputs.tag }} || \
+            docker tag ${ECR_REPOSITORY}:${{ steps.image_info.outputs.tag }} ${TARGET_REPOSITORY}:${{ steps.image_info.outputs.tag }} && \
+            docker push ${TARGET_REPOSITORY}:${{ steps.image_info.outputs.tag }}
+
+      # - name: Create commit comment
+      #   uses: peter-evans/commit-comment@v2
+      #   if: "!(steps.should_publish.outputs.targets == '')"
+      #   with:
+      #     body: "Docker Tag: ${{ steps.image_info.outputs.tag }}"
+
+      # - name: Update commit status with Docker image status
+      #   uses: ouzi-dev/commit-status-updater@v2
+      #   with:
+      #     name: "Tag: ${{ steps.image_info.outputs.tag }}"
+      #     url: "${{ github.server_url }}/${{ github.repository }}/commit/${{ steps.image_info.outputs.sha }}#comments"
+      #     status: success

docker/nats-server-config-reloader/Dockerfile

@@ -8,7 +8,7 @@ FROM alpine:latest as osdeps
 RUN apk add --no-cache ca-certificates
 
 FROM alpine:3.17
-RUN apk -U --no-cache upgrad
+RUN apk -U --no-cache upgrade
 COPY --from=build /go/src/nack/nats-server-config-reloader.docker /usr/local/bin/nats-server-config-reloader
 COPY --from=osdeps /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/