feat: add timoni module (#280)

.github/actions/check-new-releases/action.yml

@@ -20,43 +20,56 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.
 
+inputs:
+  registry:
+    required: true
+
 outputs:
-  release-container:
-    value: ${{ steps.release-check.outputs.release-container }}
   release-helm:
     value: ${{ steps.release-check.outputs.release-helm }}
+  release-timoni:
+    value: ${{ steps.release-check.outputs.release-timoni }}
+  release-container:
+    value: ${{ steps.release-check.outputs.release-container }}
+  new-releases:
+    value: ${{ steps.release-check.outputs.new-releases }}
 
 runs:
   using: composite
   steps:
   - name: Check new releases
     id: release-check
     shell: bash
+    env:
+      registry: ${{ inputs.registry }}
     run: |
-      chart_path=./helm/gke-metadata-server/Chart.yaml
-
-      yq e '.appVersion' $chart_path > container-version.txt
-      container_image=ghcr.io/matheuscscp/gke-metadata-server:$(cat container-version.txt)
-
-      yq e '.version' $chart_path > helm-version.txt
-      helm_image=oci://ghcr.io/matheuscscp/gke-metadata-server-helm
-      helm_version=$(cat helm-version.txt)
-
-      container_exists=$(docker pull $container_image > /dev/null && echo yes || echo no)
-      helm_exists=$(helm pull $helm_image --version $helm_version > /dev/null && echo yes || echo no)
-      if [ "$helm_exists" == "yes" ] && [ "$container_exists" == "no" ]; then
-        echo "Must bump .version inside $chart_path when bumping .appVersion."
-        exit 1
-      elif [ "$helm_exists" == "no" ] && [ "$container_exists" == "yes" ]; then
-        echo "Need to release new version of the Helm Chart image."
-        echo "release-container=no" >> $GITHUB_OUTPUT
-        echo "release-helm=yes" >> $GITHUB_OUTPUT
-      elif [ "$helm_exists" == "no" ] && [ "$container_exists" == "no" ]; then
-        echo "Need to release new versions for both images."
-        echo "release-container=yes" >> $GITHUB_OUTPUT
-        echo "release-helm=yes" >> $GITHUB_OUTPUT
+      profile_url=${registry}/matheuscscp
+      oci_url=oci://${profile_url}
+
+      helm_image=${oci_url}/gke-metadata-server-helm
+      timoni_image=${oci_url}/gke-metadata-server-timoni
+      container_image=${profile_url}/gke-metadata-server:$(yq .container versions.yaml)
+
+      helm_version=$(yq .helm versions.yaml)
+      timoni_version=$(yq .timoni versions.yaml)
+
+      release_helm=$(helm pull $helm_image --version $helm_version > /dev/null && echo no || echo yes)
+      release_timoni=$(timoni mod pull $timoni_image --version $timoni_version -o /dev/null > /dev/null && echo no || echo yes)
+      release_container=$(docker pull $container_image > /dev/null && echo no || echo yes)
+
+      echo release-helm=$release_helm >> $GITHUB_OUTPUT
+      echo release-timoni=$release_timoni >> $GITHUB_OUTPUT
+      echo release-container=$release_container >> $GITHUB_OUTPUT
+
+      if [ "$release_helm" == "yes" ] || [ "$release_timoni" == "yes" ] || [ "$release_container" == "yes" ]; then
+        echo new-releases=yes >> $GITHUB_OUTPUT
       else
-        echo "Both versions already exist. No release needed."
-        echo "release-container=no" >> $GITHUB_OUTPUT
-        echo "release-helm=no" >> $GITHUB_OUTPUT
+        echo new-releases=no >> $GITHUB_OUTPUT
+      fi
+
+      if [ "$release_container" == "yes" ]; then
+        if [ "$release_helm" == "no" ] || [ "$release_timoni" == "no" ]; then
+          echo "When releasing a new container image, must also release new versions of the Helm Chart and Timoni Module."
+          exit 1
+        fi
       fi

.github/actions/ci-checks/action.yml

@@ -27,6 +27,7 @@ runs:
   - uses: actions/setup-go@v4
     with:
       go-version: 1.22.2
+      cache: false
 
   - run: make tidy
     shell: bash

.github/actions/ci-login/action.yml → .github/actions/ci-setup/action.yml

@@ -29,6 +29,8 @@ inputs:
 runs:
   using: composite
   steps:
+  - uses: cue-lang/[email protected]
+  - uses: stefanprodan/timoni/actions/setup@main
   - uses: google-github-actions/auth@v2
     with:
       project_id: gke-metadata-server
@@ -39,9 +41,3 @@ runs:
       registry: ghcr.io
       username: ${{ github.actor }}
       password: ${{ inputs.github-token }}
-  - run: helm registry login $registry -u $username -p $password
-    shell: bash
-    env:
-      registry: ghcr.io
-      username: ${{ github.actor }}
-      password: ${{ inputs.github-token }}

.github/actions/release-container/action.yml

@@ -33,7 +33,7 @@ runs:
   steps:
   - id: release
     run: |
-      container_with_tag=${image}:$(cat container-version.txt)
+      container_with_tag=${image}:$(yq .container versions.yaml)
       docker tag ghcr.io/matheuscscp/gke-metadata-server/test@$(cat container-digest.txt) $container_with_tag
       docker push $container_with_tag
 

.github/actions/release-timoni/action.yml

@@ -0,0 +1,42 @@
+# MIT License
+#
+# Copyright (c) 2023 Matheus Pimenta
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+inputs:
+  registry:
+    required: true
+
+outputs:
+  timoni-with-digest:
+    value: ${{ steps.release.outputs.timoni-with-digest }}
+
+runs:
+  using: composite
+  steps:
+  - id: release
+    run: |
+      src=docker://ghcr.io/matheuscscp/gke-metadata-server/test/timoni@$(cat timoni-digest.txt)
+      dst=docker://${repository}:$(yq .timoni versions.yaml)
+      skopeo copy $src $dst
+      echo "timoni-with-digest=${repository}@$(cat timoni-digest.txt)" >> $GITHUB_OUTPUT
+    shell: bash
+    env:
+      repository: ${{ inputs.registry }}/matheuscscp/gke-metadata-server-timoni

.github/workflows/pull-request.yml

@@ -35,33 +35,43 @@ jobs:
       id-token: write
       packages: write
       pull-requests: write
+
     steps:
     - uses: actions/checkout@v4
 
-    - uses: ./.github/actions/ci-login/
+    - uses: ./.github/actions/ci-setup/
       with:
         google-service-account-name: pull-request
         github-token: ${{ secrets.GITHUB_TOKEN }}
 
     - id: check-new-releases
       uses: ./.github/actions/check-new-releases/
+      with:
+        registry: ghcr.io
 
     - name: Prepare New Releases Check PR Comment
       env:
-        RELEASE_CONTAINER: ${{ steps.check-new-releases.outputs.release-container }}
-        RELEASE_HELM: ${{ steps.check-new-releases.outputs.release-helm }}
+        release_helm: ${{ steps.check-new-releases.outputs.release-helm }}
+        release_timoni: ${{ steps.check-new-releases.outputs.release-timoni }}
+        release_container: ${{ steps.check-new-releases.outputs.release-container }}
       run: |
         touch new-releases-check.txt
-        if [ "$RELEASE_CONTAINER" == "yes" ]; then
-          echo "This pull request will release version $(cat container-version.txt) of the Container." >> new-releases-check.txt
+        if [ "$release_container" == "yes" ]; then
+          echo "This pull request will release version $(yq .container versions.yaml) of the Container." >> new-releases-check.txt
+          if [ "$release_helm" == "yes" ] || [ "$release_timoni" == "yes" ]; then
+            echo "" >> new-releases-check.txt
+          fi
         fi
-        if [ "$RELEASE_CONTAINER" == "yes" ] && [ "$RELEASE_HELM" == "yes" ]; then
-          echo "" >> new-releases-check.txt
+        if [ "$release_helm" == "yes" ]; then
+          echo "This pull request will release version $(yq .helm versions.yaml) of the Helm Chart." >> new-releases-check.txt
+          if [ "$release_timoni" == "yes" ]; then
+            echo "" >> new-releases-check.txt
+          fi
         fi
-        if [ "$RELEASE_HELM" == "yes" ]; then
-          echo "This pull request will release version $(cat helm-version.txt) of the Helm Chart." >> new-releases-check.txt
+        if [ "$release_timoni" == "yes" ]; then
+          echo "This pull request will release version $(yq .timoni versions.yaml) of the Timoni Module." >> new-releases-check.txt
         fi
-        if [ "$RELEASE_CONTAINER" == "no" ] && [ "$RELEASE_HELM" == "no" ]; then
+        if [ "$release_helm" == "no" ] && [ "$release_timoni" == "no" ] && [ "$release_container" == "no" ]; then
           echo "No version releases in this pull request." >> new-releases-check.txt
         fi
     - name: Comment New Releases Check on PR

.github/workflows/release.yml

@@ -43,19 +43,21 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
-    - uses: ./.github/actions/ci-login/
+    - uses: ./.github/actions/ci-setup/
       with:
         google-service-account-name: release
         github-token: ${{ secrets.GITHUB_TOKEN }}
 
     - id: check-new-releases
       uses: ./.github/actions/check-new-releases/
+      with:
+        registry: ghcr.io
 
     - uses: ./.github/actions/ci-checks/
-      if: steps.check-new-releases.outputs.release-container == 'yes' || steps.check-new-releases.outputs.release-helm == 'yes'
+      if: steps.check-new-releases.outputs.new-releases == 'yes'
 
     - uses: sigstore/[email protected]
-      if: steps.check-new-releases.outputs.release-container == 'yes' || steps.check-new-releases.outputs.release-helm == 'yes'
+      if: steps.check-new-releases.outputs.new-releases == 'yes'
 
     - name: Release Container in GitHub Container Registry
       id: release-container-ghcr
@@ -72,7 +74,7 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
-        gh release create v$(cat container-version.txt) \
+        gh release create v$(yq .container versions.yaml) \
           container-digest.txt \
           --repo="$GITHUB_REPOSITORY" \
           --generate-notes \
@@ -93,8 +95,29 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
-        gh release create helm-v$(cat helm-version.txt) \
+        gh release create helm-v$(yq .helm versions.yaml) \
           helm-digest.txt \
           --repo="$GITHUB_REPOSITORY" \
           --generate-notes \
           --latest=false
+
+    - name: Release Timoni Module in GitHub Container Registry
+      id: release-timoni-ghcr
+      if: steps.check-new-releases.outputs.release-timoni == 'yes'
+      uses: ./.github/actions/release-timoni/
+      with:
+        registry: ghcr.io
+    - uses: ./.github/actions/sign-and-verify-image/
+      if: steps.check-new-releases.outputs.release-timoni == 'yes'
+      with:
+        image: ${{ steps.release-timoni-ghcr.outputs.timoni-with-digest }}
+    - name: Release Timoni Module in GitHub
+      if: steps.check-new-releases.outputs.release-timoni == 'yes'
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        gh release create timoni-v$(yq .timoni versions.yaml) \
+          timoni-digest.txt \
+          --repo="$GITHUB_REPOSITORY" \
+          --generate-notes \
+          --latest=false

.gitignore

@@ -4,3 +4,5 @@ terraform.*
 *.txt
 *.logs
 *.tgz
+Chart.yaml
+config.cue