diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000000..6ca453c32c --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,41 @@ +name: "Code scanning - action" + +on: + push: + branches: + - 'main' + paths-ignore: + - 'docs/**' + pull_request: + # The branches below must be a subset of the branches above + branches: + - 'main' + paths-ignore: + - 'docs/**' + +jobs: + CodeQL-Build: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + # Override language selection by uncommenting this and choosing your languages + with: + languages: go, javascript + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + #- run: | + # make bootstrap + # make release + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml new file mode 100644 index 0000000000..50f1ce85c6 --- /dev/null +++ b/.github/workflows/e2e.yml @@ -0,0 +1,66 @@ +name: "ZITADEL e2e Tests" + +on: + workflow_run: + workflows: [ZITADEL Release] + types: + - completed + workflow_dispatch: + inputs: + releaseversion: + description: 'Release version to test' + required: true + default: 'latest' + +jobs: + test: + strategy: + matrix: + browser: [firefox, chrome] + runs-on: ubuntu-20.04 + env: + ZITADEL_IMAGE_REGISTRY: 'ghcr.io/zitadel/zitadel' + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + - name: Set TAG env manual trigger + if: github.event_name == 'workflow_dispatch' + run: echo "ZITADEL_IMAGE=${ZITADEL_IMAGE_REGISTRY}:${{ github.event.inputs.releaseversion }}" >> $GITHUB_ENV + - name: get latest tag + uses: actions-ecosystem/action-get-latest-tag@v1 + id: get-latest-tag + with: + semver_only: true + - name: Set TAG env on ZITADEL release + if: github.event_name == 'workflow_run' + run: echo "ZITADEL_IMAGE=${ZITADEL_IMAGE_REGISTRY}:${{ steps.get-latest-tag.outputs.tag }}" >> $GITHUB_ENV + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + with: + driver: docker + install: true + - name: Test ${{ matrix.browser }} + run: docker compose run --service-ports e2e --browser ${{ matrix.browser }} + working-directory: e2e/config/host.docker.internal + - name: Ensure Artifacts Directory Exists + run: mkdir -p ./.artifacts + - name: Save ZITADEL Logs + if: always() + run: docker compose logs zitadel > ../../../.artifacts/e2e-compose-zitadel.log + working-directory: e2e/config/host.docker.internal + - name: Save Prepare Logs + if: always() + run: docker compose logs prepare > ../../../.artifacts/e2e-compose-prepare.log + working-directory: e2e/config/host.docker.internal + - name: Archive production tests ${{ matrix.browser }} + if: always() + uses: actions/upload-artifact@v3 + with: + name: production-tests-${{ matrix.browser }} + path: | + e2e/cypress/results + e2e/cypress/videos + e2e/cypress/screenshots + .artifacts/e2e-compose-zitadel.log + .artifacts/e2e-compose-prepare.log + retention-days: 30 diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml new file mode 100644 index 0000000000..cc350f8e76 --- /dev/null +++ b/.github/workflows/issues.yml @@ -0,0 +1,20 @@ +name: Add new issues to product management project + +on: + issues: + types: + - opened + +jobs: + add-to-project: + name: Add issue to project + runs-on: ubuntu-latest + steps: + - uses: actions/add-to-project@v0.3.0 + with: + # You can target a repository in a different organization + # to the issue + project-url: https://github.com/orgs/zitadel/projects/2 + github-token: ${{ secrets.ADD_TO_PROJECT_PAT }} + labeled: OKR + label-operator: NOT diff --git a/.github/workflows/release-channels.yml b/.github/workflows/release-channels.yml new file mode 100644 index 0000000000..864a0a7778 --- /dev/null +++ b/.github/workflows/release-channels.yml @@ -0,0 +1,52 @@ +name: ZITADEL Release tags + +on: + push: + branches: + - "main" + paths: + - 'release-channels.yaml' + workflow_dispatch: + +permissions: + contents: write + packages: write + +jobs: + Build: + runs-on: ubuntu-20.04 + env: + DOCKER_BUILDKIT: 1 + steps: + - name: Source checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: get stable tag + run: echo STABLE_RELEASE=$(yq eval '.stable' release-channels.yaml) >> $GITHUB_ENV + - name: checkout stable tag + uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ env.STABLE_RELEASE }} + - name: GitHub Container Registry Login + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - uses: tibdex/github-app-token@v1 + id: generate-token + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Google Artifact Registry Login + uses: docker/login-action@v2 + with: + registry: europe-docker.pkg.dev + username: _json_key_base64 + password: ${{ secrets.GCR_JSON_KEY_BASE64 }} + - name: copy release to stable + run: | + skopeo --version + skopeo copy --all docker://ghcr.io/zitadel/zitadel:$STABLE_RELEASE docker://ghcr.io/zitadel/zitadel:stable diff --git a/.github/workflows/test-code.yml b/.github/workflows/test-code.yml new file mode 100644 index 0000000000..7a4793dbe0 --- /dev/null +++ b/.github/workflows/test-code.yml @@ -0,0 +1,75 @@ +name: ZITADEL PR + +on: + pull_request: + paths-ignore: + - 'docs/**' + - 'guides/**' + - '**.md' + - 'release-channels.yaml' + +jobs: + Build-ZITADEL: + runs-on: ubuntu-20.04 + env: + DOCKER_BUILDKIT: 1 + steps: + - name: Set up Go + uses: actions/setup-go@v3 + with: + go-version: 1.19 + - name: Source checkout + uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + with: + driver: docker + install: true + - name: Install GoReleaser + uses: goreleaser/goreleaser-action@v3 + with: + install-only: true + version: v1.10.3 + - name: Build and Unit Test + run: GOOS="linux" GOARCH="amd64" goreleaser build --id prod --snapshot --single-target --rm-dist --output .artifacts/zitadel/zitadel + - name: linting + uses: golangci/golangci-lint-action@v3 + with: + version: v1.52 + only-new-issues: true + skip-pkg-cache: true + - name: Publish go coverage + uses: codecov/codecov-action@v3.1.0 + with: + file: .artifacts/codecov/profile.cov + name: go-codecov + # As goreleaser doesn't build a dockerfile in snapshot mode, we have to build it here + - name: Build Docker Image + run: docker build -t zitadel:pr --file build/Dockerfile .artifacts/zitadel + - name: Run E2E Tests + run: docker compose run --service-ports e2e --browser chrome + working-directory: e2e/config/host.docker.internal + env: + ZITADEL_IMAGE: zitadel:pr + - name: Save ZITADEL Logs + if: always() + run: docker compose logs zitadel > ../../../.artifacts/e2e-compose-zitadel.log + working-directory: e2e/config/host.docker.internal + - name: Save Prepare Logs + if: always() + run: docker compose logs prepare > ../../../.artifacts/e2e-compose-prepare.log + working-directory: e2e/config/host.docker.internal + - name: Archive Test Results + if: always() + uses: actions/upload-artifact@v3 + with: + name: pull-request-tests + path: | + e2e/cypress/results + e2e/cypress/videos + e2e/cypress/screenshots + .artifacts/e2e-compose-zitadel.log + .artifacts/e2e-compose-prepare.log + retention-days: 30 diff --git a/.github/workflows/test-docs.yml b/.github/workflows/test-docs.yml new file mode 100644 index 0000000000..7bf3b222b0 --- /dev/null +++ b/.github/workflows/test-docs.yml @@ -0,0 +1,21 @@ +# ATTENTION: Although this workflow doesn't do much, it is still important. +# It is complementary to the workflow in the file test-code.yml. +# It enables to exclude files for the workflow and still mark the Test job as required without having pending PRs. +# GitHub recommends this solution here: +# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks + +name: ZITADEL PR + +on: + pull_request: + paths: + - 'docs/**' + - 'guides/**' + - '**.md' + - 'release-channels.yaml' + +jobs: + Build-ZITADEL: + runs-on: ubuntu-20.04 + steps: + - run: 'echo "No tests for docs are implemented, yet"' diff --git a/.github/workflows/zitadel.yml b/.github/workflows/zitadel.yml new file mode 100644 index 0000000000..2691109f80 --- /dev/null +++ b/.github/workflows/zitadel.yml @@ -0,0 +1,88 @@ +name: ZITADEL Release + +on: + push: + tags-ignore: + - "*" + workflow_dispatch: + +permissions: + contents: write + packages: write + +jobs: + Build: + runs-on: ubuntu-20.04 + env: + DOCKER_BUILDKIT: 1 + steps: + - name: Set up Go + uses: actions/setup-go@v3 + with: + go-version: 1.19 + - name: Source checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Fetch all tags + run: git fetch --force --tags + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + with: + driver: docker + install: true + - name: Tag + id: semantic + uses: cycjimmy/semantic-release-action@v2 + with: + dry_run: false + semantic_version: 19.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: GitHub Container Registry Login + if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch' + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - uses: tibdex/github-app-token@v1 + id: generate-token + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Google Artifact Registry Login + if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch' + uses: docker/login-action@v2 + with: + registry: europe-docker.pkg.dev + username: _json_key_base64 + password: ${{ secrets.GCR_JSON_KEY_BASE64 }} + - uses: goreleaser/goreleaser-action@v3 + name: Publish ZITADEL + if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch' + with: + distribution: goreleaser + version: v1.11.0 + args: release --timeout 50m + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GORELEASER_TOKEN_TAP: ${{ steps.generate-token.outputs.token }} + RELEASE_VERSION: ${{ steps.semantic.outputs.release-version }} # I think this line is not needed. Nevertheless, it's explicit + DISCORD_WEBHOOK_ID: "976058224484687932" + DISCORD_WEBHOOK_TOKEN: "${{ secrets.DISCORD_WEBHOOK_TOKEN }}" + - name: Publish go coverage + uses: codecov/codecov-action@v3.1.0 + with: + file: .artifacts/codecov/profile.cov + name: go-codecov + - name: Bump Chart Version + uses: peter-evans/repository-dispatch@v2 + if: steps.semantic.outputs.new_release_published == 'true' && github.ref == 'refs/heads/main' + with: + token: ${{ steps.generate-token.outputs.token }} + repository: zitadel/zitadel-charts + event-type: zitadel-released + client-payload: '{"semanticoutputs": "${{ steps.semantic.outputs }}"}'