33 get off latest tag (#36)

* Add labeler action * weekly cleanup, add stale * add release-drafter * move to docker's build action * move test to latest * try source directory * build on release * add comment on image tag
some-natalie · Mar 24, 2022 · 13edfa8 · 13edfa8
1 parent fff6386
commit 13edfa8
Show file tree

Hide file tree

Showing 11 changed files with 173 additions and 64 deletions.
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -0,0 +1,3 @@
+# Add 'documentation' label to any change to a markdown file or anything in the docs folder.
+documentation:
+- any: [ '*.md', 'docs/**' ]
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -0,0 +1,36 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+  - title: '🚀 New Features'
+    labels:
+      - 'enhancement'
+  - title: '🐛 Bug Fixes'
+    labels:
+      - 'bug'
+  - title: '🧰 Maintenance'
+    labels: 
+      - 'chore'
+      - 'dependencies'
+  - title: '📚 Documentation Updates'
+    labels:
+      - 'documentation'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+      - 'feature'
+  patch:
+    labels:
+      - 'patch'
+      - 'chore'
+      - 'dependencies'
+  default: patch
+template: |
+  ## Changes
+
+  $CHANGES
diff --git a/.github/workflows/build-ubuntu-focal.yml b/.github/workflows/build-ubuntu-focal.yml
@@ -1,20 +1,9 @@
 name: Build and publish Ubuntu Focal runner
 
 on:
-  schedule:
-    - cron: '15 14 1 * *'  # build once a month unless needed to more frequently
   workflow_dispatch:  # build on demand
-  push:  # build when changes that'd affect the image are pushed to main
-    branches:
-    - main
-    paths:
-    - 'images/ubuntu-focal.Dockerfile'
-    - '.github/workflows/**-focal.yml'
-    - 'images/**.sh'
-    - 'images/docker/*'
-    - 'images/patched/*'
-    - 'images/software/*'
-    - 'images/supervisor/*'
+  release:
+    types: [published]  # build on release
 
 jobs:
   build:
@@ -28,17 +17,32 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
+      - name: Set version
+        run: echo "VERSION=$(cat ${GITHUB_EVENT_PATH} | jq -r '.release.tag_name')" >> $GITHUB_ENV
+
+      - name: Set outputs
+        id: vars
+        run: echo ::set-output name=sha_short::${GITHUB_SHA::7}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v1
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build the image
-        run: |
-          cd images
-          docker build --network=host --file ubuntu-focal.Dockerfile --tag ghcr.io/some-natalie/kubernoodles/ubuntu-focal:latest .
+      - name: Build and push the image
+        uses: docker/build-push-action@v2
+        with:
+          file: 'images/ubuntu-focal.Dockerfile'
+          push: true
+          tags: |
+            ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:latest
+            ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:${{ env.VERSION }}
+            ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:${{ env.VERSION }}-${{ steps.vars.outputs.sha_short }}
 
       - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
         uses: anchore/scan-action@v3
@@ -58,9 +62,6 @@ jobs:
         with:
           image: ghcr.io/some-natalie/kubernoodles/ubuntu-focal:latest
 
-      - name: Push to GitHub Packages
-        run: docker push ghcr.io/some-natalie/kubernoodles/ubuntu-focal:latest
-
   deploy:
     runs-on: ubuntu-latest  # use the GitHub hosted runners to deploy the self-hosted runners in GHEC
     # If using GHES or GHAE, use another deployment, such as having CentOS redeploy Ubuntu and vice versa

diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -0,0 +1,15 @@
+name: "Pull Request Labeler"
+
+on:
+- pull_request_target
+
+jobs:
+  triage:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v4
+      with:
+        repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/prune-containers.yml b/.github/workflows/prune-containers.yml
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -0,0 +1,32 @@
+name: Release Drafter
+
+on:
+  push:
+    # branches to consider in the event; optional, defaults to all
+    branches:
+      - main
+  # pull_request event is required only for autolabeler
+  pull_request:
+    # Only following types are handled by the action, but one can default to all as well
+    types: [opened, reopened, synchronize]
+  # pull_request_target event is required for autolabeler to support PRs from forks
+  # pull_request_target:
+  #   types: [opened, reopened, synchronize]
+
+jobs:
+  update_release_draft:
+    runs-on: ubuntu-latest
+    steps:
+      # (Optional) GitHub Enterprise requires GHE_HOST variable set
+      #- name: Set GHE_HOST
+      #  run: |
+      #    echo "GHE_HOST=${GITHUB_SERVER_URL##https:\/\/}" >> $GITHUB_ENV
+
+      # Drafts your next Release notes as Pull Requests are merged into "master"
+      - uses: release-drafter/release-drafter@v5
+        # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml
+        # with:
+        #   config-name: my-config.yml
+        #   disable-autolabeler: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test-ubuntu-focal.yml b/.github/workflows/test-ubuntu-focal.yml
@@ -26,20 +26,22 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
       - name: Login to GitHub Packages
         uses: docker/login-action@v1
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build the image
-        run: |
-          cd images
-          docker build --network=host --file ubuntu-focal.Dockerfile --tag ghcr.io/some-natalie/kubernoodles/ubuntu-focal:test .
-
-      - name: Push to GitHub Packages
-        run: docker push ghcr.io/some-natalie/kubernoodles/ubuntu-focal:test
+      - name: Build and push image
+        uses: docker/build-push-action@v2
+        with:
+          file: 'images/ubuntu-focal.Dockerfile'
+          push: true
+          tags: ghcr.io/some-natalie/kubernoodles/ubuntu-focal:latest
 
   deploy:
     name: Deploy test image to `test-runners` namespace

diff --git a/.github/workflows/weekly-cleanup.yml b/.github/workflows/weekly-cleanup.yml
@@ -0,0 +1,46 @@
+name: Weekly repo cleanup 🔥
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '30 22 * * 1'  # Weekly at 22:30 UTC on Mondays
+
+jobs:
+  clean-ghcr:
+    name: Delete old unused container images
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        runner:
+          - ubuntu-focal
+    steps:
+      - name: Delete untagged containers
+        uses: snok/container-retention-policy@v1
+        with:
+          image-names: kubernoodles/${{ matrix.runner }}
+          cut-off: Two hours ago UTC
+          timestamp-to-use: created_at
+          account-type: personal
+          untagged-only: true
+          token: ${{ secrets.GHCR_CLEANUP_TOKEN }}
+
+  stale:
+    name: Destalinate!
+    runs-on: ubuntu-latest
+    steps:
+      - name: Close stale issues and pull requests
+        uses: actions/stale@v4
+        with:
+          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
+          close-issue-message: 'This issue was closed because it has been stalled for 2 weeks with no activity.'
+          days-before-issue-stale: 30
+          days-before-issue-close: 14
+          stale-issue-label: 'stale'
+          exempt-issue-labels: 'epic'
+          stale-pr-message: 'This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days.'
+          close-pr-message: 'This PR was closed because it has been stalled for 2 weeks with no activity.'
+          days-before-pr-stale: 30
+          days-before-pr-close: 14
+          stale-pr-label: 'stale'
+          exempt-pr-labels: 'dependencies'
diff --git a/deployments/test-ubuntu-focal.yml b/deployments/test-ubuntu-focal.yml
@@ -10,7 +10,7 @@ spec:
       repository: some-natalie/kubernoodles
       env: []
       ephemeral: true
-      image: ghcr.io/some-natalie/kubernoodles/ubuntu-focal:test
+      image: ghcr.io/some-natalie/kubernoodles/ubuntu-focal:latest
       imagePullPolicy: Always
       imagePullSecrets:
         - name: ghcr

diff --git a/deployments/ubuntu-focal.yml b/deployments/ubuntu-focal.yml
@@ -10,7 +10,7 @@ spec:
       repository: some-natalie/kubernoodles
       env: []
       ephemeral: true
-      image: ghcr.io/some-natalie/kubernoodles/ubuntu-focal:latest
+      image: ghcr.io/some-natalie/kubernoodles/ubuntu-focal:latest # change this to the version you really want!
       imagePullPolicy: Always
       imagePullSecrets:
         - name: ghcr

diff --git a/images/ubuntu-focal.Dockerfile b/images/ubuntu-focal.Dockerfile
@@ -27,7 +27,7 @@ LABEL \
 ENV DEBIAN_FRONTEND=noninteractive
 
 # Copy in environment variables not needed at build
-COPY .env /.env
+COPY images/.env /.env
 
 # Shell setup
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
@@ -65,11 +65,11 @@ RUN adduser --disabled-password --gecos "" --uid 1000 runner \
     && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
 
 # Install GitHub CLI
-COPY software/gh-cli.sh gh-cli.sh
+COPY images/software/gh-cli.sh gh-cli.sh
 RUN bash gh-cli.sh && rm gh-cli.sh
 
 # Install kubectl
-COPY software/kubectl.sh kubectl.sh
+COPY images/software/kubectl.sh kubectl.sh
 RUN bash kubectl.sh && rm kubectl.sh
 
 RUN test -n "$TARGETPLATFORM" || (echo "TARGETPLATFORM must be set" && false)
@@ -121,12 +121,12 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
     && curl -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_${ARCH} \
     && chmod +x /usr/local/bin/dumb-init
 
-COPY modprobe.sh  /usr/local/bin/modprobe
-COPY startup.sh /usr/local/bin/
-COPY supervisor/ /etc/supervisor/conf.d/
-COPY logger.sh /opt/bash-utils/logger.sh
-COPY entrypoint.sh /usr/local/bin/
-COPY docker/daemon.json /etc/docker/daemon.json
+COPY images/modprobe.sh  /usr/local/bin/modprobe
+COPY images/startup.sh /usr/local/bin/
+COPY images/supervisor/ /etc/supervisor/conf.d/
+COPY images/logger.sh /opt/bash-utils/logger.sh
+COPY images/entrypoint.sh /usr/local/bin/
+COPY images/docker/daemon.json /etc/docker/daemon.json
 
 RUN chmod +x /usr/local/bin/startup.sh /usr/local/bin/entrypoint.sh /usr/local/bin/modprobe