From 73404e478c4edb2946c3e63d1a042ec61f864de0 Mon Sep 17 00:00:00 2001
From: devthejo <devthejo@protonmail.com>
Date: Wed, 15 Nov 2023 17:25:47 +0100
Subject: [PATCH] feat(actions): builkit + uptag wip

---
 .forgejo/workflows/{ci-cd.yaml => build.yaml} |  51 +--------
 .forgejo/workflows/deploy.yaml                |  37 ++++++
 buildkit/action.yml                           | 106 ++++++++++++++++++
 uptag/action.yaml                             |  29 +++++
 4 files changed, 175 insertions(+), 48 deletions(-)
 rename .forgejo/workflows/{ci-cd.yaml => build.yaml} (54%)
 create mode 100644 .forgejo/workflows/deploy.yaml
 create mode 100644 buildkit/action.yml
 create mode 100644 uptag/action.yaml

diff --git a/.forgejo/workflows/ci-cd.yaml b/.forgejo/workflows/build.yaml
similarity index 54%
rename from .forgejo/workflows/ci-cd.yaml
rename to .forgejo/workflows/build.yaml
index 998c77e..8123e70 100644
--- a/.forgejo/workflows/ci-cd.yaml
+++ b/.forgejo/workflows/build.yaml
@@ -1,19 +1,10 @@
 # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
-name: CI-CD
+name: Build
 on:
   workflow_call:
-    inputs:
-      app:
-        required: false
-        type: string
-      env:
-        required: true
-        type: string
     secrets:
       M8A_ORG_BOT_PACKAGE_TOKEN:
         required: true
-      M8A_ORG_BOT_REPO_TOKEN:
-        required: true
 
 concurrency:
   cancel-in-progress: true
@@ -30,9 +21,6 @@ jobs:
       image: devthefuture/act-runner:latest
       volumes:
       - /buildkit-certs:/buildkit-certs
-    # permissions:
-    #   contents: read
-    #   packages: write
     steps:
       - name: ⏬ Checkout code repository
         uses: actions/checkout@v4
@@ -53,9 +41,8 @@ jobs:
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }},priority=200
 
       - name: 📦 Build and push Docker image
-        uses: https://codeberg.org/devthefuture/buildkit-actions/build-push@main
+        uses: devthefuture/actions/buildkit@main
         with:
-          # path: build
           # context: .
           # file: Dockerfile
           tags: ${{ steps.meta.outputs.tags }}
@@ -63,36 +50,4 @@ jobs:
           registry: git.devthefuture.org
           registry-username: "org-bot-${{ github.repository_owner }}"
           registry-password: ${{ secrets.M8A_ORG_BOT_PACKAGE_TOKEN }}
-  
-  deploy:
-    runs-on: ubuntu-latest
-    needs:
-    - build
-    container:
-      image: devthefuture/act-runner:latest
-    steps:
-      - name: 🎡 Check out the Helm chart repository
-        uses: actions/checkout@v4
-        with:
-          # path: appsets
-          repository: "${{ github.repository_owner }}/appsets"
-          token: ${{ secrets.M8A_ORG_BOT_REPO_TOKEN }}
-          ref: "main"
-      
-      - name: 🚀 Upgrade image tag
-        # working-directory: appsets
-        env:
-          CD_APP: ${{ inputs.app || github.event.repository.name }}
-          CD_ENV: ${{ inputs.env }}
-        shell: bash
-        run: |
-          IFS=',' read -ra TAGS_ARRAY <<< "${{ steps.meta.outputs.tags }}"
-          IMAGE=${TAGS_ARRAY[0]}
-          TAG=${IMAGE##*:}
-          echo "Using tag: $TAG"
-          yq e '.image.tag = "'$TAG'"' -i apps/$CD_APP/envs/$CD_ENV/values.yaml
-          git config user.name "forgejo-actions"
-          git config user.email "bot@devthefuture.org"
-          git add .
-          git commit --allow-empty -m "chore: update image tag to ${GITHUB_REF#refs/tags/}"
-          git push origin HEAD
\ No newline at end of file
+  
\ No newline at end of file
diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml
new file mode 100644
index 0000000..e6ca56e
--- /dev/null
+++ b/.forgejo/workflows/deploy.yaml
@@ -0,0 +1,37 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Deploy
+on:
+  workflow_call:
+    inputs:
+      app:
+        required: false
+        type: string
+      env:
+        required: true
+        type: string
+    secrets:
+      M8A_ORG_BOT_REPO_TOKEN:
+        required: true
+
+concurrency:
+  cancel-in-progress: true
+  group: ${{ github.workflow }}-${{ github.event.ref }}
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    container:
+      image: devthefuture/act-runner:latest
+    steps:
+      - name: 🎡 Check out the Helm chart repository
+        uses: actions/checkout@v4
+        with:
+          repository: "${{ github.repository_owner }}/appsets"
+          token: ${{ secrets.M8A_ORG_BOT_REPO_TOKEN }}
+          ref: "main"
+      
+      - name: 🚀 Upgrade image tag
+        uses: devthefuture/actions/uptag@main
+        with:
+          app: ${{ inputs.app }}
+          env: ${{ inputs.env }}
\ No newline at end of file
diff --git a/buildkit/action.yml b/buildkit/action.yml
new file mode 100644
index 0000000..ad87ce3
--- /dev/null
+++ b/buildkit/action.yml
@@ -0,0 +1,106 @@
+name: 'Buildkit build and push image'
+description: 'Build docker image using buildkits buildctl'
+inputs:
+  path:
+    description: 'Root directory'
+    required: false
+    default: '.'
+  context:
+    description: 'Folder to use as context during image build'
+    required: false
+    default: '.'
+  dockerfile:
+    description: 'Dockerfile path to use for the build'
+    required: false
+    default: 'Dockerfile'
+  platforms:
+    description: 'Platform(s) that the image should be build for, multiple platforms can be specified comma separated (linux/amd64,linux/arm64)'
+    required: true
+    default: 'linux/amd64'
+  tags:
+    description: 'Tags to build to the image'
+    required: true
+    default: ''
+  labels:
+    description: 'Labels for the image'
+    required: false
+    default: ''
+  buildkit-daemon-address:
+    description: 'Address of the buildkit daemon to use'
+    required: true
+    default: 'tcp://buildkit-service.buildkit-service.svc:1234'
+  buildkit-cert-ca-file:
+    description: 'The ca certificate file to use for the buildkit client'
+    required: true
+    default: '/buildkit-certs/ca.pem'
+  buildkit-cert-file:
+    description: 'The certificate file to use for the buildkit client'
+    required: true
+    default: '/buildkit-certs/cert.pem'
+  buildkit-cert-key-file:
+    description: 'The certificate key file to use for the buildkit client'
+    required: true
+    default: '/buildkit-certs/key.pem'
+  push:
+    description: 'Defines whether the image should be pushed to the registry or not, default is true'
+    required: false
+    default: "true"
+  build-args:
+    description: 'Build arguments to be passed to the build'
+    required: false
+  secrets:
+    description: 'Build secrets to be passed to the build'
+    required: false
+  registry:
+    description: 'The docker registry to push built images'
+    required: false
+  registry-username:
+    description: 'The docker registry user'
+    required: false
+  registry-password:
+    description: 'The docker registry password'
+    required: false
+runs:
+  using: 'composite'
+  steps:
+    - shell: bash
+      run: |
+        cd "${{ inputs.path }}"
+
+        # hanlde secrets to args
+        declare -a secret_args
+        while IFS='=' read -r key val; do
+          if [[ -n "$key" && -n "$val" ]]; then
+            val="${val%\'*}"
+            val="${val%\"*}"
+            val="${val#\'}"
+            val="${val#\"}"
+            export SECRET_ENV_${key}="${val}"
+            secret_args+=("--secret id=${key},env=SECRET_ENV_${key}")
+          fi
+        done <<< "${{ inputs.secrets }}"
+
+        # login to docker registry
+        export DOCKER_CONFIG=~/.docker
+        if [ -n "${{ inputs.registry }}" ]; then
+          mkdir -p $DOCKER_CONFIG
+          echo "{\"auths\":{\"${{ inputs.registry }}\":{\"username\":\"${{ inputs.registry-username }}\",\"password\":\"${{ inputs.registry-password }}\"}}}" > $DOCKER_CONFIG/config.json
+        fi
+
+        # build and push using buildkit
+        buildctl \
+          --addr ${{ inputs.buildkit-daemon-address }} \
+          --tlscacert ${{ inputs.buildkit-cert-ca-file }} \
+          --tlscert ${{ inputs.buildkit-cert-file }} \
+          --tlskey ${{ inputs.buildkit-cert-key-file }} \
+          build \
+            --frontend dockerfile.v0 \
+            --local context=${{ inputs.context }} \
+            --local dockerfile=${{ inputs.context }} \
+            --opt platform=${{ inputs.platforms }} \
+            $(echo "${{ inputs.build-args }}" | sed -r '/^\s*$/d' - | sed -r 's/(.*)/--opt build-arg:\1 \\/' -) \
+            $(echo "${{ inputs.labels }}" | sed -r '/^\s*$/d' - | sed -r 's/(.*)/--opt label:\1 \\/' -) \
+            "${secret_args[@]}" \
+            --target=${{ inputs.target }} \
+            --opt filename=./${{ inputs.dockerfile }} \
+            --output type=image,\"name=$(echo "${{ inputs.tags }}" | paste -sd ',' -)\",push=${{ inputs.push }}
diff --git a/uptag/action.yaml b/uptag/action.yaml
new file mode 100644
index 0000000..3549ddc
--- /dev/null
+++ b/uptag/action.yaml
@@ -0,0 +1,29 @@
+name: Upgrade tag in appsets
+description: "Set image tag in values of an application for appsets of an organization"
+inputs:
+  app:
+    description: "The app directory name, default to repository name"
+    required: false
+  env:
+    description: "The env directory name"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+  - name: 🚀 Upgrade image tag
+    env:
+      CD_APP: ${{ inputs.app || github.event.repository.name }}
+      CD_ENV: ${{ inputs.env }}
+    shell: bash
+    run: |
+      IFS=',' read -ra TAGS_ARRAY <<< "${{ steps.meta.outputs.tags }}"
+      IMAGE=${TAGS_ARRAY[0]}
+      TAG=${IMAGE##*:}
+      echo "Using tag: $TAG"
+      yq e '.image.tag = "'$TAG'"' -i apps/$CD_APP/envs/$CD_ENV/values.yaml
+      git config user.name "forgejo-actions"
+      git config user.email "bot@devthefuture.org"
+      git add .
+      git commit --allow-empty -m "chore: update image tag to ${GITHUB_REF#refs/tags/}"
+      git push origin HEAD
\ No newline at end of file