diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000..46f9340 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,26 @@ +{ + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: [ + 'config:recommended', + ], + crossplane: { + fileMatch: [ + '(^|/)example/.*\\.ya?ml$', + ], + }, + packageRules: [ + { + matchManagers: [ + 'crossplane', + ], + matchFileNames: [ + 'example/**', + ], + groupName: 'examples', + }, + ], + postUpdateOptions: [ + 'gomodTidy', + 'gomodUpdateImportPaths', + ], +} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dcfb7dc..b312b2c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,14 +15,22 @@ on: env: # Common versions GO_VERSION: '1.25.10' - GOLANGCI_VERSION: 'v2.4.0' - DOCKER_BUILDX_VERSION: 'v0.24.0' + GOLANGCI_VERSION: 'v2.8.0' + DOCKER_BUILDX_VERSION: 'v0.23.0' + + # These environment variables are important to the Crossplane CLI install.sh + # script. They determine what version it installs. + XP_CHANNEL: master # TODO(negz): Pin to stable once v1.14 is released. + XP_VERSION: current # TODO(negz): Pin to a version once v1.14 is released. + + # This CI job will automatically push new builds to xpkg.upbound.io if the + # XPKG_ACCESS_ID and XPKG_TOKEN secrets are set in the GitHub respository (or + # organization) settings. Create a token at https://accounts.upbound.io. + XPKG_ACCESS_ID: ${{ secrets.UP_ROBOT_ID }} # The package to push, without a version tag. The default matches GitHub. For - # example xpkg.crossplane.io/crossplane/function-template-go. Note that - # xpkg.crossplane.io is just an alias for ghcr.io, so we upload to ghcr.io but - # this'll be pulled from xpkg.crossplane.io. - XPKG: ghcr.io/${{ github.repository}} + # example xpkg.upbound.io/crossplane/function-template-go. + XPKG: xpkg.upbound.io/${{ github.repository}} # The package version to push. The default is 0.0.0-gitsha. XPKG_VERSION: ${{ inputs.version }} @@ -32,10 +40,10 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Go - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 with: go-version: ${{ env.GO_VERSION }} cache: false # The golangci-lint action does its own caching. @@ -44,7 +52,7 @@ jobs: run: go mod tidy && git diff --exit-code go.mod go.sum - name: Lint - uses: golangci/golangci-lint-action@v9 + uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9 with: version: ${{ env.GOLANGCI_VERSION }} @@ -52,10 +60,10 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup Go - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 with: go-version: ${{ env.GO_VERSION }} @@ -76,24 +84,24 @@ jobs: - arm64 steps: - name: Setup QEMU - uses: docker/setup-qemu-action@v4 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4 with: platforms: all - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 with: version: ${{ env.DOCKER_BUILDX_VERSION }} install: true - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 # We ask Docker to use GitHub Action's native caching support to speed up # the build, per https://docs.docker.com/build/cache/backends/gha/. - name: Build Runtime id: image - uses: docker/build-push-action@v7 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7 with: context: . platforms: linux/${{ matrix.arch }} @@ -111,7 +119,7 @@ jobs: run: ./crossplane xpkg build --package-file=${{ matrix.arch }}.xpkg --package-root=package/ --embed-runtime-image-tarball=runtime-${{ matrix.arch }}.tar - name: Upload Single-Platform Package - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: package-${{ matrix.arch }} path: "*.xpkg" @@ -119,33 +127,33 @@ jobs: retention-days: 1 # This job downloads the single-platform packages built by the build job, and - # pushes them as a multi-platform package. + # pushes them as a multi-platform package. We only push the package it the + # XPKG_ACCESS_ID and XPKG_TOKEN secrets were provided. push: - if: ${{ github.event_name != 'pull_request' }} runs-on: ubuntu-24.04 needs: - build steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Download Single-Platform Packages - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: - # See https://github.com/docker/build-push-action/blob/263435/README.md#summaries - pattern: "!*.dockerbuild" path: . merge-multiple: true + pattern: "!*.dockerbuild" # This gets uploaded by docker/build-push-action but must be skipped: https://github.com/actions/toolkit/pull/1874 - name: Setup the Crossplane CLI run: "curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | sh" - - name: Login to GitHub Container Registry - uses: docker/login-action@v4 + - name: Login to Upbound + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 + if: env.XPKG_ACCESS_ID != '' with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} + registry: xpkg.upbound.io + username: ${{ secrets.UP_ROBOT_ID }} + password: ${{ secrets.UP_API_TOKEN }} # If a version wasn't explicitly passed as a workflow_dispatch input we # default to version v0.0.0--, for example @@ -155,7 +163,8 @@ jobs: if: env.XPKG_VERSION == '' run: echo "XPKG_VERSION=v0.0.0-$(date -d@$(git show -s --format=%ct) +%Y%m%d%H%M%S)-$(git rev-parse --short=12 HEAD)" >> $GITHUB_ENV - - name: Push Multi-Platform Package to GitHub Container Registry - # XPKG repo name can't contain uppercase characters like UpboundCare, we need to lowercase if the GithubOrg contains them. + - name: Push Multi-Platform Package to Upbound + if: env.XPKG_ACCESS_ID != '' + # XPKG repo name can't contain uppercase characters # See https://github.com/orgs/community/discussions/25768#discussioncomment-8057564 for XPKG@L lowercase explanation run: "./crossplane --verbose xpkg push --package-files $(echo *.xpkg|tr ' ' ,) ${XPKG@L}:${{ env.XPKG_VERSION }}" diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml new file mode 100644 index 0000000..71e67ec --- /dev/null +++ b/.github/workflows/tag.yml @@ -0,0 +1,26 @@ +name: Tag + +on: + workflow_dispatch: + inputs: + version: + description: 'Release version (e.g. v0.1.0)' + required: true + message: + description: 'Tag message' + required: true + +jobs: + create-tag: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + + - name: Create Tag + uses: negz/create-tag@39bae1e0932567a58c20dea5a1a0d18358503320 # v1 + with: + version: ${{ github.event.inputs.version }} + message: ${{ github.event.inputs.message }} + token: ${{ secrets.GITHUB_TOKEN }}