Merge pull request #3 from acederberg/feature/actions

Feature/actions

.commitlintrc.yaml

@@ -0,0 +1,9 @@
+extends: ['@commitlint/config-conventional']
+rules:
+  subject-case: [0, never, 'sentence-case']
+  subject-full-stop: [2, 'always', '.']
+  type-enum: 
+    - 2
+    - always
+    - ['build', 'chore', 'ci', 'docs', 'feature', 'fix', 'revert', 'wip']
+

.github/workflows/bumpver.yaml

@@ -0,0 +1,109 @@
+---
+# Note: This will run every time that a new release is published because of
+# `on`. Releasing can be controller through the github CLI like
+#
+name: Version.
+on:
+  workflow_dispatch:
+    inputs:
+      kind:
+        default: patch
+        required: true
+        description: |
+          Segment of the version to increment. A value of `tag` indicates 
+          that only the tag should be updated.
+        options:
+          - tag
+          - patch
+          - minor
+          - major
+
+      kind_tag:
+        default: alpha
+        required: true
+        description: | 
+          Tag of the new version. Cannot go backwards, ordered like
+          ``final > beta > alpha``. ``final`` indicates no tag.
+        options:
+          - final
+          - alpha
+          - beta
+      tag_message:
+        required: true
+        description: |
+          Tag message an release body.
+jobs:
+  bumpver:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout.  
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Ensure Python is Installed.
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Cache Pip
+        uses: actions/cache@v3
+        id: bumpver-venv
+        with:
+          path: .venv
+          key: ${{ runner.os }}-venv-release
+
+      - name: Install Dependencies.
+        id: bumpver-depends
+        run: |
+          python3 -m venv .venv
+
+          source .venv/bin/activate
+          python3 -m pip install poetry bumpver
+
+      # NOTE: This will not be published so it is fine that it happens at this
+      #       stage.
+      - name: Build and Verify.
+        id: bumpver-build-and-verify
+        run: |
+          source .venv/bin/activate
+
+          echo "## Build\n\n~~~stdout" >> $GITHUB_STEP_SUMMARY
+          poetry build >> $GITHUB_STEP_SUMMARY
+          echo "~~~\n\n## Twine Check\n\n~~~stdout" >> $GITHUB_STEP_SUMMARY
+          poetry check >> $GITHUB_STEP_SUMMARY
+          echo "~~~" >> $GITHUB_STEP_SUMMARY
+
+      # NOTE: Poetry does have versioning capabilities however they do not 
+      #       appear to have much of an advantage over bumpver.
+      - name: Increment Version.
+        id: bumpver-update
+        run: |
+          source .venv/bin/activate
+
+          echo "## Bumpver Data\n\n" >> $GITHUB_STEP_SUMMARY
+          echo "- kind: ${{ github.event.inputs.kind }}" >> $GITHUB_STEP_SUMMARY
+          echo "- kind_tag: ${{ github.event.inputs.kind_tag }}" >> $GITHUB_STEP_SUMMARY
+
+          git config user.name "github-actions"
+          git config user.email "<>"
+
+          if [[ "${{ github.event.inputs.kind}}" == "tag" ]];
+          then
+            python -m bumpver update \
+              --tag "${{ github.event.inputs.kind_tag }}" \
+              --tag-message "${{ github.event.inputs.tag_message }}" \
+              --commit
+          else
+            python -m bumpver update "--${{ github.event.inputs.kind }}" \
+              --tag "${{ github.event.inputs.kind_tag }}" \
+              --tag-message "${{ github.event.inputs.tag_message }}" \
+              --commit
+          fi
+            
+          git push
+          git push --tags
+
+

.github/workflows/commit_checks.yaml

@@ -0,0 +1,99 @@
+name: Commit Checks.
+on:
+  workflow_dispatch:
+  pull_request:
+    paths-ignore:
+      - '**.rst'
+  push:
+jobs:
+  # NOTE: https://commitlint.js.org/guides/ci-setup.html
+  lint-commit:
+    name: Lint Commit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install required dependencies
+        run: |
+          sudo apt update && sudo apt install -y git curl
+
+          curl -sL https://deb.nodesource.com/setup_20.x | sudo -E bash -
+          sudo DEBIAN_FRONTEND=noninteractive apt install -y nodejs
+
+          npm install conventional-changelog-conventionalcommits
+          npm install commitlint@latest @commitlint/config-conventional
+
+      - name: Print versions
+        run: |
+          echo "git version: $(git --version)" >> $GITHUB_STEP_SUMMARY
+          echo "node version: $(node --version)" >> $GITHUB_STEP_SUMMARY
+          echo "npm version: $(npm --version)" >> $GITHUB_STEP_SUMMARY
+          echo "commitlint version: $(npx commitlint --version)" >> $GITHUB_STEP_SUMMARY
+
+      - name: Validate current commit (last commit) with commitlint
+        if: github.event_name == 'push'
+        run: npx commitlint --last --verbose
+
+
+  lint-python:
+    name: Lint Python Code
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Cache Pip
+        uses: actions/cache@v3
+        id: venv
+        with:
+          path: .venv
+          key: ${{ runner.os }}-venv-${{ hashFiles('poetry.lock') }}
+
+      - name: Venv and Setup 
+        run: |
+          echo -e "## Python Info\n" >> $GITHUB_STEP_SUMMARY
+          echo "- Python Version: \`$( python --version )\`" >> $GITHUB_STEP_SUMMARY
+          echo "- Python Binary: \`$( which python )\`" >> $GITHUB_STEP_SUMMARY
+
+          python -m venv .venv
+          source .venv/bin/activate
+
+          python -m pip install poetry mypy ruff
+          poetry install
+
+      - name: MyPy Check.
+        id: mypy_check
+        run: |
+          source .venv/bin/activate
+
+          echo -e "## MyPy \`./src\`\n\n~~~stdout" >> $GITHUB_STEP_SUMMARY
+          poetry run mypy --config-file pyproject.toml --pretty . >> $GITHUB_STEP_SUMMARY
+          echo -e "~~~\n" >> $GITHUB_STEP_SUMMARY
+        continue-on-error: true
+
+      - name: Ruff Linting.
+        id: ruff
+        run: |
+          source .venv/bin/activate
+
+          echo -e "## Ruff\n\n~~~stdout" >> $GITHUB_STEP_SUMMARY
+          poetry run ruff check --config pyproject.toml --output-format github .>> $GITHUB_STEP_SUMMARY
+          echo -e "~~~\n" >> $GITHUB_STEP_SUMMARY
+        continue-on-error: true
+
+      - run: |
+          if ( \
+            [ "${{ steps.mypy_check.outcome }}" != "success" ] \
+            || [ "${{ steps.ruff.outcome }}" != 'success' ]
+          ); then
+            echo "One or more checks failed. See the summary for details."
+            exit 1
+          fi
+

.github/workflows/deploy.yaml

@@ -0,0 +1,68 @@
+name: Build and Deploy
+on:
+  workflow_dispatch:
+jobs:
+  # NOTE: See [the example](https://github.com/marketplace/actions/build-and-push-docker-images).
+  build:
+    name: Build Server
+    runs-on: ubuntu-latest
+    steps: 
+      - name: Checkout.
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Setup Docker Buildx.
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Server Image.
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/dockerfile
+          target: builder
+          tags: acederberg/blog:latest
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          load: true
+
+  kube:
+    needs:
+      - build
+    name: Deploy to Kubernetes
+    runs-on: ubuntu-latest
+    permissions:   
+      id-token: write   
+      contents: read   
+      actions: read
+    steps:
+      - name: Checkout.
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # NOTE: It is required to apply ``./docker/manifests/sa.yaml`` and 
+      #       generate credentials for that service account, e.g.
+      #       ``kubectl create token ...``.
+      - uses: azure/k8s-set-context@v1
+        with:
+          method: serviceaccount
+          k8s-url: ${{ secrets.K8S_URL }}
+          k8s-secret: ${{ secrets.K8S_SA_TOKEN }}
+        id: setcontext
+
+      # NOTE: Correct imagePullPolicy is necessary for this step to work. 
+      #       Specifying the image version requires special permissions so that
+      #       the action can modify workflow files, thus the latest tag is 
+      #       used.
+      - uses: Azure/k8s-deploy@v5
+        with:
+           namespace: blog
+           manifests: docker/manifests/ci.yaml

docker/manifests/ci.yaml

@@ -0,0 +1,43 @@
+---
+apiVersion: apps/v1
+metadata:
+  namespace: blog
+  name: blog
+  labels:
+    acederberg.io/tier: browser
+    acederberg.io/from: kubectl
+    acederberg.io/component: blog
+kind: Deployment
+spec:
+  selector:
+    matchLabels:
+      acederberg.io/tier: browser
+      acederberg.io/from: kubectl
+      acederberg.io/component: blog
+  template:
+    metadata: 
+      labels:
+        acederberg.io/tier: browser
+        acederberg.io/from: kubectl
+        acederberg.io/component: blog
+    spec:
+      containers:
+        - name: blog
+          image: acederberg/blog:latest
+          imagePullPolicy: Always
+          ports: 
+            - name: captura-http
+              containerPort: 8080
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /
+              port: 8080
+              scheme: HTTP
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+
+
+
+