diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..9e101dd12 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,193 @@ +name: passbook | CI +on: + - push + - release +env: + POSTGRES_DB: passbook + POSTGRES_USER: passbook + POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" + +jobs: + # Linting + pylint: + runs-on: [ubuntu-latest] + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-python@v1 + with: + python-version: '3.7' + - uses: actions/cache@v1 + with: + path: ~/.local/share/virtualenvs/ + key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }} + restore-keys: | + ${{ runner.os }}-pipenv- + - name: Install dependencies + run: pip install -U pip pipenv && pipenv install --dev + - name: Lint with pylint + run: pipenv run pylint passbook + isort: + runs-on: [ubuntu-latest] + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-python@v1 + with: + python-version: '3.7' + - uses: actions/cache@v1 + with: + path: ~/.local/share/virtualenvs/ + key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }} + restore-keys: | + ${{ runner.os }}-pipenv- + - name: Install dependencies + run: pip install -U pip pipenv && pipenv install --dev + - name: Lint with isort + run: pipenv run isort -c + prospector: + runs-on: [ubuntu-latest] + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-python@v1 + with: + python-version: '3.7' + - uses: actions/cache@v1 + with: + path: ~/.local/share/virtualenvs/ + key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }} + restore-keys: | + ${{ runner.os }}-pipenv- + - name: Install dependencies + run: pip install -U pip pipenv && pipenv install --dev + - name: Lint with prospector + run: pipenv run prospector + # Actual CI tests + migrations: + needs: + - pylint + - isort + - prospector + services: + postgres: + image: postgres:latest + env: + POSTGRES_DB: passbook + POSTGRES_USER: passbook + POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" + ports: + - 5432:5432 + redis: + image: redis:latest + ports: + - 6379:6379 + runs-on: [ubuntu-latest] + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-python@v1 + with: + python-version: '3.7' + - uses: actions/cache@v1 + with: + path: ~/.local/share/virtualenvs/ + key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }} + restore-keys: | + ${{ runner.os }}-pipenv- + - name: Install dependencies + run: pip install -U pip pipenv && pipenv install --dev + - name: Run migrations + run: pipenv run ./manage.py migrate + coverage: + needs: + - pylint + - isort + - prospector + services: + postgres: + image: postgres:latest + env: + POSTGRES_DB: passbook + POSTGRES_USER: passbook + POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" + ports: + - 5432:5432 + redis: + image: redis:latest + ports: + - 6379:6379 + runs-on: [ubuntu-latest] + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-python@v1 + with: + python-version: '3.7' + - uses: actions/cache@v1 + with: + path: ~/.local/share/virtualenvs/ + key: ${{ runner.os }}-pipenv-${{ hashFiles('Pipfile.lock') }} + restore-keys: | + ${{ runner.os }}-pipenv- + - name: Install dependencies + run: pip install -U pip pipenv && pipenv install --dev + - name: Run coverage + run: pipenv run ./scripts/coverage.sh + # Build + build-server: + needs: + - migrations + - coverage + runs-on: [ubuntu-latest] + steps: + - uses: actions/checkout@v1 + - name: Docker Login Registry + env: + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD + - name: Building Docker Image + run: docker build --no-cache -t beryju/passbook:${{ github.sha }} -f Dockerfile . + - name: Push Docker Container to Registry + run: docker push beryju/passbook:${{ github.sha }} + build-static: + needs: + - migrations + - coverage + runs-on: [ubuntu-latest] + services: + postgres: + image: postgres:latest + env: + POSTGRES_DB: passbook + POSTGRES_USER: passbook + POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" + redis: + image: redis:latest + steps: + - uses: actions/checkout@v1 + - name: Docker Login Registry + env: + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD + - name: Building Docker Image + run: docker build + --no-cache + --network=$(docker network ls | grep github | awk '{print $1}') + -t beryju/passbook-static:${{ github.sha }} + -f static.Dockerfile . + - name: Push Docker Container to Registry + run: docker push beryju/passbook-static:${{ github.sha }} + package-helm: + needs: + - build-server + - build-static + runs-on: [ubuntu-latest] + steps: + - uses: actions/checkout@v1 + - name: Install Helm + run: | + apt update && apt install -y curl + curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash + helm init + - name: Helm package + run: | + helm dependency update helm/passbook + helm package helm/passbook diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 97382da53..000000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,160 +0,0 @@ -# Global Variables -stages: - - build-base-image - - build-dev-image - - test - - build - - package - - post-release -image: docker.beryju.org/passbook/dev:latest - -variables: - POSTGRES_DB: passbook - POSTGRES_USER: passbook - POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" - -before_script: - - pip install pipenv - # Ensure all dependencies are installed, even those not included in passbook/dev - # According to pipenv docs, -d outputs all packages, however it actually does not - - pipenv lock -r > requirements-all.txt - - pipenv lock -rd >> requirements-all.txt - - pip install -r requirements-all.txt - -create-base-image: - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - before_script: - - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json - script: - - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/base.Dockerfile --destination docker.beryju.org/passbook/base:latest - stage: build-base-image - only: - refs: - - tags - - /^version/.*$/ - -build-dev-image: - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - before_script: - - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json - script: - - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/dev.Dockerfile --destination docker.beryju.org/passbook/dev:latest - stage: build-dev-image - only: - refs: - - tags - - /^version/.*$/ - -isort: - script: - - isort -c -sg env - stage: test - services: - - postgres:latest - - redis:latest -migrations: - script: - - python manage.py migrate - stage: test - services: - - postgres:latest - - redis:latest -prospector: - script: - - prospector - stage: test - services: - - postgres:latest - - redis:latest -pylint: - script: - - pylint passbook - stage: test - services: - - postgres:latest - - redis:latest -coverage: - script: - - ./scripts/coverage.sh - stage: test - services: - - postgres:latest - - redis:latest - -build-passbook-server: - stage: build - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - before_script: - - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json - script: - - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination docker.beryju.org/passbook/server:latest --destination docker.beryju.org/passbook/server:0.7.5-beta - only: - - tags - - /^version/.*$/ -build-docs: - stage: build - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - before_script: - - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json - script: - - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/docs/Dockerfile --destination docker.beryju.org/passbook/docs:latest --destination docker.beryju.org/passbook/docs:0.7.5-beta - only: - - tags - - /^version/.*$/ -build-passbook-static: - stage: build - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - before_script: - - echo "{\"auths\":{\"docker.beryju.org\":{\"auth\":\"$DOCKER_AUTH\"}}}" > /kaniko/.docker/config.json - script: - - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/static.Dockerfile --destination docker.beryju.org/passbook/static:latest --destination docker.beryju.org/passbook/static:0.7.5-beta - only: - - tags - - /^version/.*$/ - # running collectstatic fully initialises django, hence we need that databases - services: - - postgres:latest - - redis:latest - -package-helm: - image: debian:stretch-slim - stage: package - before_script: - - apt update && apt install -y curl - - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash - script: - - helm dependency update helm - - helm package helm - artifacts: - paths: - - passbook-*.tgz - expire_in: 1 week - only: - - tags - - /^version/.*$/ - -notify-sentry: - image: getsentry/sentry-cli - stage: post-release - variables: - SENTRY_URL: https://sentry.beryju.org - SENTRY_ORG: beryjuorg - SENTRY_PROJECT: passbook - before_script: - - apk add curl - script: - - sentry-cli releases new passbook@0.7.5-beta - - sentry-cli releases set-commits --auto passbook@0.7.5-beta - only: - - tags - - /^version/.*$/ diff --git a/Dockerfile b/Dockerfile index 975079cf0..4d3d9ed06 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.beryju.org/passbook/base:latest +FROM beryju/passbook-base:latest COPY ./passbook/ /app/passbook COPY ./manage.py /app/ diff --git a/dev.Dockerfile b/dev.Dockerfile index 9081e6532..fe839c4fe 100644 --- a/dev.Dockerfile +++ b/dev.Dockerfile @@ -1,3 +1,3 @@ -FROM docker.beryju.org/passbook/base:latest +FROM beryju/passbook-base:latest RUN pip install -r /app/requirements-dev.txt --no-cache-dir diff --git a/docker-compose.yml b/docker-compose.yml index 7465f81cd..ff248cb4f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,7 +21,7 @@ services: labels: - traefik.enable=false server: - image: docker.beryju.org/passbook/server:${SERVER_TAG:-latest} + image: beryju/passbook:${SERVER_TAG:-latest} command: - uwsgi - uwsgi.ini @@ -40,7 +40,7 @@ services: - traefik.docker.network=internal - traefik.frontend.rule=PathPrefix:/ worker: - image: docker.beryju.org/passbook/server:${SERVER_TAG:-latest} + image: beryju/passbook:${SERVER_TAG:-latest} command: - celery - worker @@ -60,7 +60,7 @@ services: - PASSBOOK_POSTGRESQL__HOST=postgresql - PASSBOOK_POSTGRESQL__PASSWORD=${PG_PASS:-thisisnotagoodpassword} static: - image: docker.beryju.org/passbook/static:latest + image: beryju/passbook-static:latest networks: - internal labels: diff --git a/docs/k8s/deployment.yml b/docs/k8s/deployment.yml index d480ee22d..616245cbb 100644 --- a/docs/k8s/deployment.yml +++ b/docs/k8s/deployment.yml @@ -19,7 +19,7 @@ spec: spec: containers: - name: passbook-docs - image: "docker.beryju.org/passbook/docs:latest" + image: "beryju/passbook-docs:latest" ports: - name: http containerPort: 80 diff --git a/helm/templates/static-deployment.yaml b/helm/templates/static-deployment.yaml index 596ed814a..dc8a4bb0e 100644 --- a/helm/templates/static-deployment.yaml +++ b/helm/templates/static-deployment.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: {{ .Chart.Name }}-static - image: "docker.beryju.org/passbook/static:{{ .Values.image.tag }}" + image: "beryju/passbook-static:{{ .Values.image.tag }}" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/helm/templates/web-deployment.yaml b/helm/templates/web-deployment.yaml index 3415e874a..25f8efac9 100644 --- a/helm/templates/web-deployment.yaml +++ b/helm/templates/web-deployment.yaml @@ -26,7 +26,7 @@ spec: name: {{ include "passbook.fullname" . }}-config initContainers: - name: passbook-database-migrations - image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}" + image: "beryju/passbook:{{ .Values.image.tag }}" command: - ./manage.py args: @@ -56,7 +56,7 @@ spec: key: postgresql-password containers: - name: {{ .Chart.Name }} - image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}" + image: "beryju/passbook:{{ .Values.image.tag }}" imagePullPolicy: IfNotPresent command: - uwsgi diff --git a/helm/templates/worker-deployment.yaml b/helm/templates/worker-deployment.yaml index f3152edae..f1ec43f1c 100644 --- a/helm/templates/worker-deployment.yaml +++ b/helm/templates/worker-deployment.yaml @@ -26,7 +26,7 @@ spec: name: {{ include "passbook.fullname" . }}-config containers: - name: {{ .Chart.Name }} - image: "docker.beryju.org/passbook/server:{{ .Values.image.tag }}" + image: "beryju/passbook:{{ .Values.image.tag }}" imagePullPolicy: IfNotPresent command: - celery diff --git a/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml b/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml index c1497835d..239531d86 100644 --- a/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml +++ b/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml @@ -25,7 +25,7 @@ spec: value: {{ provider.client.client_secret }} - name: OAUTH2_PROXY_COOKIE_SECRET value: {{ cookie_secret }} - image: docker.beryju.org/passbook/gatekeeper:{{ version }} + image: beryju/passbook-gatekeeper:{{ version }} imagePullPolicy: Always name: passbook-gatekeeper ports: diff --git a/passbook/providers/app_gw/templates/app_gw/setup_modal.html b/passbook/providers/app_gw/templates/app_gw/setup_modal.html index 3f2f26910..8534ef822 100644 --- a/passbook/providers/app_gw/templates/app_gw/setup_modal.html +++ b/passbook/providers/app_gw/templates/app_gw/setup_modal.html @@ -34,7 +34,7 @@ services: passbook_gatekeeper: container_name: gatekeeper - image: docker.beryju.org/passbook/gatekeeper:{{ version }} + image: beryju/passbook-gatekeeper:{{ version }} ports: - 4180:4180 environment: diff --git a/static.Dockerfile b/static.Dockerfile index a371d41a2..76fd727db 100644 --- a/static.Dockerfile +++ b/static.Dockerfile @@ -1,4 +1,4 @@ -FROM docker.beryju.org/passbook/dev:latest as static-build +FROM beryju/passbook-dev:latest as static-build COPY ./passbook/ /app/passbook COPY ./manage.py /app/