(feat) Re-add CICD and (to my great regret) the trunk checks. (#1)

* (feat) Re-add CICD and (to my great regret) the trunk checks. * (feat) A trunk.yaml * (fix) Modify trunk.yaml * (fix) Checkov and yamllint configs * (feat) Add mlc_config.json * (fix) Remove spurious stuff from deployment gha
Zilliqa · May 22, 2024 · 4d36d1f · 4d36d1f
1 parent 5fe158c
commit 4d36d1f
Show file tree

Hide file tree

Showing 10 changed files with 470 additions and 0 deletions.
diff --git a/.github/dependabot-update.yml b/.github/dependabot-update.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/ci-linting.yml b/.github/workflows/ci-linting.yml
@@ -0,0 +1,37 @@
+name: "Linting"
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  release:
+    types:
+      - created
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    name: "Linting"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 6.0.2
+
+      - name: "Installing dependencies"
+        run: |
+          pnpm i
+
+      - name: Trunk cache
+        id: cache-trunk
+        uses: actions/[email protected]
+        with:
+          path: ~/.cache/trunk/
+          key: ${{ runner.os }}-trunk
+
+      - name: Trunk Check
+        uses: trunk-io/[email protected]
diff --git a/.github/workflows/cicd-prd.yml b/.github/workflows/cicd-prd.yml
@@ -0,0 +1,94 @@
+name: "CICD production"
+
+on:
+  # On merge
+  push:
+    branches:
+      - main
+  # On release
+  release:
+    types: [published]
+
+jobs:
+  build-makefile:
+    permissions:
+      id-token: write
+      contents: write
+    runs-on: ubuntu-22.04
+    name: "Build image with Makefile"
+    strategy:
+      fail-fast: false
+      matrix:
+        application: [developer-portal]
+        include:
+          - application: developer-portal
+            image_name: developer-portal
+            path: .
+            tag_length: 8
+            tag_latest: false
+    env:
+      DOCKER_DOMAIN: asia-docker.pkg.dev
+      REGISTRY: asia-docker.pkg.dev/prj-p-devops-services-tvwmrf63/zilliqa-public
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          fetch-depth: 0
+
+      - name: "Authenticate to Google Cloud - production"
+        id: google-auth
+        uses: "google-github-actions/auth@v1"
+        with:
+          token_format: "access_token"
+          workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}"
+          service_account: "${{ secrets.GCP_PRD_GITHUB_SA_DOCKER_REGISTRY }}"
+          create_credentials_file: true
+
+      - name: Login to the registry - production
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.DOCKER_DOMAIN }}
+          username: "oauth2accesstoken"
+          password: "${{ steps.google-auth.outputs.access_token }}"
+
+      - name: Get tag version - production
+        if: github.event_name == 'push'
+        id: set-tag
+        uses: Zilliqa/gh-actions-workflows/actions/generate-tag@v1
+        with:
+          tag: ${{ env.REGISTRY }}/${{ matrix.image_name }}
+          length: ${{ matrix.tag_length }}
+
+      - name: "Build and push ${{ matrix.application }} - production"
+        if: github.event_name == 'push'
+        env:
+          ENVIRONMENT: prd
+          IMAGE_TAG: ${{ steps.set-tag.outputs.tags }}
+        run: |
+          cd ${{ matrix.path }}
+          make image/build-and-push
+
+      - name: "Build and push ${{ matrix.application }} - production"
+        if: github.event_name == 'release'
+        env:
+          ENVIRONMENT: prd
+          IMAGE_TAG: ${{ env.REGISTRY }}/${{ matrix.image_name }}:${{ github.ref_name }}
+          ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }}
+          ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }}
+        run: |
+          cd ${{ matrix.path }}
+          make image/build-and-push
+
+      - name: "Build and push ${{ matrix.application }} tag latest - production"
+        if: matrix.tag_latest == true && github.event_name == 'release'
+        env:
+          ENVIRONMENT: prd
+          IMAGE_TAG: ${{ env.REGISTRY }}/${{ matrix.image_name }}:latest
+          ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }}
+          ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }}
+        run: |
+          cd ${{ matrix.path }}
+          make image/build-and-push
diff --git a/.github/workflows/cicd-stg.yml b/.github/workflows/cicd-stg.yml
@@ -0,0 +1,84 @@
+name: "CICD staging"
+
+on:
+  # Test run before merging
+  pull_request:
+    branches:
+      - main
+      - users/richard/readd-cicd
+  # On merged
+  push:
+    branches:
+      - main
+
+jobs:
+  build-makefile:
+    permissions:
+      id-token: write
+      contents: write
+    runs-on: ubuntu-22.04
+    # To test deployments, remove the github.ref_name clause: see devops/docs/z2-testing-apps.md - rrw 2024-04-12
+    # && github.ref_name == 'main'
+    if: github.actor != 'dependabot[bot]'
+    name: "Build image with Makefile"
+    strategy:
+      fail-fast: false
+      matrix:
+        application: [developer-portal]
+        include:
+          - application: developer-portal
+            image_name: developer-portal
+            path: .
+            tag_length: 8
+            tag_latest: false
+    env:
+      DOCKER_DOMAIN: asia-docker.pkg.dev
+      REGISTRY: asia-docker.pkg.dev/prj-d-devops-services-4dgwlsse/zilliqa-public
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          fetch-depth: 0
+
+      - name: "Authenticate to Google Cloud - staging"
+        id: google-auth
+        uses: "google-github-actions/auth@v1"
+        with:
+          token_format: "access_token"
+          workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}"
+          service_account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}"
+          create_credentials_file: true
+
+      - name: Login to the registry - staging
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.DOCKER_DOMAIN }}
+          username: "oauth2accesstoken"
+          password: "${{ steps.google-auth.outputs.access_token }}"
+
+      - name: Get tag version - staging
+        id: set-tag
+        uses: Zilliqa/gh-actions-workflows/actions/generate-tag@v1
+        with:
+          tag: ${{ env.REGISTRY }}/${{ matrix.image_name }}
+          length: ${{ matrix.tag_length }}
+
+      - name: "Build and push ${{ matrix.application }} - staging"
+        env:
+          ENVIRONMENT: stg
+          IMAGE_TAG: ${{ steps.set-tag.outputs.tags }}
+        run: |
+          cd ${{ matrix.path }}
+          make image/build-and-push
+
+      - name: "Build and push ${{ matrix.application }} tag latest - staging"
+        if: ${{ matrix.tag_latest == true }}
+        env:
+          ENVIRONMENT: stg
+          IMAGE_TAG: "${{ env.REGISTRY }}/${{ matrix.image_name }}:latest"
+        run: |
+          cd ${{ matrix.path }}
+          make image/build-and-push
diff --git a/.github/workflows/link-check.yml b/.github/workflows/link-check.yml
@@ -0,0 +1,15 @@
+name: Check Markdown links
+
+on: push
+
+jobs:
+  markdown-link-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - uses: gaurav-nelson/github-action-markdown-link-check@v1
+        with:
+          use-quiet-mode: "yes"
+          use-verbose-mode: "yes"
+          config-file: "mlc_config.json"
+          folder-path: "zq1/docs,zq2/docs"
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,51 @@
+node_modules/
+Debug/
+*~
+**/~
+**/*~
+**/node_modules
+._*
+**/._*
+
+.docusaurus/node_modules
+.DS_STORE
+.rpt2_cache
+lerna-debug.log
+yarn-error.log
+dist
+includes
+tsconfig.tsbuildinfo
+.env
+.idea/
+coverage
+devTestOnly/
+@zilliqa-js*
+bazel-*
+.husky
+tsconfig.tsbuildinfo
+**/tsconfig.tsbuildinfotsconfig.tsbuildinfo
+**/tsconfig.tsbuildinfo
+.trunk/
+
+.secrets.*
+secrets.*
+secrets/*
+**/.secrets.*
+**/secrets.*
+**/secrets/*
+.secret.*
+secret.*
+secret/*
+**/.secret.*
+**/secret.*
+**/secret/*
+
+.infra/
+.infra/*
+.infra/**
+
+*_env
+**/*_env
+
+target/
+**/target/
diff --git a/.trunk/configs/.checkov.yaml b/.trunk/configs/.checkov.yaml
@@ -0,0 +1,2 @@
+skip-check:
+  - CKV2_GHA_1
diff --git a/.trunk/configs/.yamllint.yaml b/.trunk/configs/.yamllint.yaml
@@ -0,0 +1,7 @@
+rules:
+  quoted-strings:
+    required: only-when-needed
+    extra-allowed: ["{|}| ", "."]
+  key-duplicates: {}
+  octal-values:
+    forbid-implicit-octal: true
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
@@ -0,0 +1,60 @@
+# This file controls the behavior of Trunk: https://docs.trunk.io/cli
+# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
+version: 0.1
+cli:
+  version: 1.22.1
+# Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
+plugins:
+  sources:
+    - id: trunk
+      ref: v1.5.0
+      uri: https://github.com/trunk-io/plugins
+# Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
+runtimes:
+  enabled:
+    - [email protected]
+    - [email protected]
+# This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
+lint:
+  enabled:
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - git-diff-check
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+  ignore:
+    - linters: [gitleaks]
+      paths:
+        - zq2/docs/api # Contains a lot of hashes, etc. that are interpreted as secrets
+        - zq1/docs/api # Contains a lot of hashes, etc. that are interpreted as secrets
+        - zq1/docs/scilla/interface.md # contains a lot of hashes
+        - zq1/docs/indexer             # contains a lot of hashes
+        - zq2/docs/ecosystem/indexer             # contains a lot of hashes
+        - zq1/docs/developers/transaction-lifecycle # Contains examples.
+        - zq1/docs/developers/developer-toolings
+        - zq1/docs/exchanges
+    - linters: [ALL]
+      paths:
+        - Dockerfile # Annoying, but trunk is now very opinionated on how you write dockerfiles.
+        - zq2/docs/js/** # trunk does not know this is looking for metamask in the user's browser.
+        - zq2/docs/index.md # contains legitimate empty links
+        - .trunk/*out/**
+
+actions:
+  enabled:
+    - trunk-announce
+    - trunk-check-pre-push
+    - trunk-fmt-pre-commit
+    - trunk-upgrade-available