From 239db6f8c18fe20a5dde0fdd6a983f43626d9792 Mon Sep 17 00:00:00 2001 From: joss Date: Tue, 23 May 2023 12:21:57 +0100 Subject: [PATCH] feat: Initial commit --- .github/workflows/project.yaml | 24 +++ .github/workflows/release.yaml | 353 ++++++++++++++++++++++++++++++ .gitignore | 378 +++++++++++++++++++++++++++++++++ charts/control/.helmignore | 23 ++ charts/control/Chart.yaml | 6 + charts/control/values.yaml | 10 + containers/jupyter/Dockerfile | 5 + renovate.json | 3 + 8 files changed, 802 insertions(+) create mode 100644 .github/workflows/project.yaml create mode 100644 .github/workflows/release.yaml create mode 100644 .gitignore create mode 100644 charts/control/.helmignore create mode 100644 charts/control/Chart.yaml create mode 100644 charts/control/values.yaml create mode 100644 containers/jupyter/Dockerfile create mode 100644 renovate.json diff --git a/.github/workflows/project.yaml b/.github/workflows/project.yaml new file mode 100644 index 0000000..f05fd61 --- /dev/null +++ b/.github/workflows/project.yaml @@ -0,0 +1,24 @@ +name: Add to Project +on: + issues: + types: [opened, labeled] + pull_request: + types: [opened, labeled] + +jobs: + project: + runs-on: [self-hosted, linux, x64] + + steps: + - name: generate token + id: generate-token + uses: tibdex/github-app-token@v1.8.0 + with: + app_id: ${{ vars.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + + - name: add issue or pr to project + uses: actions/add-to-project@v0.5.0 + with: + project-url: https://github.com/orgs/SwanseaUniversityMedical/projects/6 + github-token: ${{ steps.generate-token.outputs.token }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..c2b9930 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,353 @@ +name: Build and Release Container + +on: + push: + paths: + - '.github/workflows/release.yaml' + - 'plugins/**' + - 'containers/**' + - 'charts/**' + branches: + - '**' + +env: + HARBOR_REGISTRY: ${{ vars.HARBOR_REGISTRY }} + HARBOR_PROJECT: ${{ vars.HARBOR_PROJECT }} + HARBOR_REPO: ${{ vars.HARBOR_REPO }} + HARBOR_USER: ${{ vars.HARBOR_USER }} + HARBOR_TOKEN: ${{ secrets.HARBOR_TOKEN }} + +jobs: + release-jupyter-container: + runs-on: [self-hosted, linux, x64] + + env: + TAG_PREFIX: 'DARE-Jupyter-Container' + TAG_FORMAT: 'DARE-Jupyter-Container-${version}' + HARBOR_JUPYTER_REPO: ${{ vars.HARBOR_REPO }} + + steps: + - name: clone repo + uses: actions/checkout@v3 + + - uses: dorny/paths-filter@v2 + id: container-changes + with: + filters: | + src: + - '.github/workflows/release.yaml' + - 'containers/jupyter/**' + - 'plugins/**' + + - name: build container + if: steps.container-changes.outputs.src == 'true' + run: | + docker build -t image -f "containers/jupyter/Dockerfile" . + + - name: registry login + if: steps.container-changes.outputs.src == 'true' + run: | + echo "$HARBOR_TOKEN" | docker login $HARBOR_REGISTRY -u $HARBOR_USER --password-stdin + + - name: generate token + if: steps.container-changes.outputs.src == 'true' + id: generate-token + uses: tibdex/github-app-token@v1.8.0 + with: + app_id: ${{ vars.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + + - name: semantic release dry run + if: steps.container-changes.outputs.src == 'true' + uses: docker://ghcr.io/codfish/semantic-release-action:v2 + id: semantic-dry + with: + dry_run: true + + branches: | + [ + '+([0-9])?(.{+([0-9]),x}).x', + 'main' + ] + + tag_format: ${{ env.TAG_FORMAT }} + + plugins: |- + [ + ['@semantic-release/commit-analyzer', { + "releaseRules": [ + {"type": "major", "release": "major"}, + {"type": "minor", "release": "minor"}, + {"type": "patch", "release": "patch"}, + {"type": "no-release", "release": false}, + + {"type": "chore", "release": "patch"}, + {"type": "refactor", "release": "patch"}, + {"type": "style", "release": "patch"}, + + {"type": "docs", "release": false}, + {"type": "test", "release": false}, + {"type": "ci", "release": false}, + + {"type": "feat", "release": "minor"}, + + {"type": "revert", "release": "patch"}, + {"type": "perf", "release": "patch"}, + {"type": "fix", "release": "patch"}, + {"type": "build", "release": "patch"}, + ], + }] + ] + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + + - name: semantic release + if: steps.container-changes.outputs.src == 'true' && steps.semantic-dry.outputs.new-release-published == 'true' + uses: docker://ghcr.io/codfish/semantic-release-action:v2 + id: semantic + with: + branches: | + [ + '+([0-9])?(.{+([0-9]),x}).x', + 'main' + ] + + tag_format: ${{ env.TAG_FORMAT }} + + additional_packages: | + ['@semantic-release/exec'] + + plugins: |- + [ + ['@semantic-release/commit-analyzer', { + "releaseRules": [ + {"type": "major", "release": "major"}, + {"type": "minor", "release": "minor"}, + {"type": "patch", "release": "patch"}, + {"type": "no-release", "release": false}, + + {"type": "chore", "release": "patch"}, + {"type": "refactor", "release": "patch"}, + {"type": "style", "release": "patch"}, + + {"type": "docs", "release": false}, + {"type": "test", "release": false}, + {"type": "ci", "release": false}, + + {"type": "feat", "release": "minor"}, + + {"type": "revert", "release": "patch"}, + {"type": "perf", "release": "patch"}, + {"type": "fix", "release": "patch"}, + {"type": "build", "release": "patch"}, + ], + }], + ['@semantic-release/exec', { + "generateNotesCmd": "echo '${ process.env.RELEASE_NOTES }'" + }], + '@semantic-release/release-notes-generator', + ['@semantic-release/github', { + "successComment": false, + "failTitle": false + }] + ] + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + RELEASE_NOTES: | + ``` + echo "" | docker login ${{ env.HARBOR_REGISTRY }} -u --password-stdin + docker pull ${{ env.HARBOR_REGISTRY }}/${{ env.HARBOR_PROJECT }}/${{ env.HARBOR_JUPYTER_REPO }}:${{ steps.semantic-dry.outputs.release-version }} + ``` + + - name: container push to registry + id: container-push + if: steps.container-changes.outputs.src == 'true' && steps.semantic.outputs.new-release-published == 'true' + run: | + docker tag image $HARBOR_REGISTRY/$HARBOR_PROJECT/$HARBOR_JUPYTER_REPO:$TAG + docker push $HARBOR_REGISTRY/$HARBOR_PROJECT/$HARBOR_JUPYTER_REPO:$TAG + env: + TAG: ${{ steps.semantic.outputs.release-version }} + + - name: delete orphaned release on container push failure + uses: dev-drprasad/delete-tag-and-release@v0.2.1 + if: (failure() && steps.container-push.outcome == 'failure') && steps.semantic.outputs.new-release-published == 'true' + with: + tag_name: ${ env.TAG_PREFIX }-${{ steps.semantic.outputs.release-version }} + delete_release: true + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + + release-chart: + needs: release-jupyter-container + runs-on: [ self-hosted, linux, x64 ] + + env: + TAG_PREFIX: 'DARE-Jupyter-Helm' + TAG_FORMAT: 'DARE-Jupyter-Helm-${version}' + + steps: + - name: clone repo + uses: actions/checkout@v3 + + - uses: dorny/paths-filter@v2 + id: chart-changes + with: + filters: | + src: + - '.github/workflows/release.yaml' + - 'charts/**' + + - name: generate token + if: steps.chart-changes.outputs.src == 'true' + id: generate-token + uses: tibdex/github-app-token@v1.8.0 + with: + app_id: ${{ vars.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + + - name: install helm + if: steps.chart-changes.outputs.src == 'true' + uses: azure/setup-helm@v3 + with: + version: 'latest' + token: ${{ steps.generate-token.outputs.token }} + + - name: semantic release dry run + if: steps.chart-changes.outputs.src == 'true' + uses: docker://ghcr.io/codfish/semantic-release-action:v2 + id: semantic-dry + with: + dry_run: true + + branches: | + [ + '+([0-9])?(.{+([0-9]),x}).x', + 'main' + ] + + tag_format: ${{ env.TAG_FORMAT }} + + plugins: |- + [ + ['@semantic-release/commit-analyzer', { + "releaseRules": [ + {"type": "major", "release": "major"}, + {"type": "minor", "release": "minor"}, + {"type": "patch", "release": "patch"}, + {"type": "no-release", "release": false}, + + {"type": "chore", "release": "patch"}, + {"type": "refactor", "release": "patch"}, + {"type": "style", "release": "patch"}, + + {"type": "docs", "release": false}, + {"type": "test", "release": false}, + {"type": "ci", "release": false}, + + {"type": "feat", "release": "minor"}, + + {"type": "revert", "release": "patch"}, + {"type": "perf", "release": "patch"}, + {"type": "fix", "release": "patch"}, + {"type": "build", "release": "patch"}, + ], + }] + ] + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + + - name: helm package + if: steps.chart-changes.outputs.src == 'true' && steps.semantic-dry.outputs.new-release-published == 'true' + run: | + set -x + helm package ./charts/$HARBOR_REPO -d . --version $TAG --app-version $TAG + tar -xzf $(echo *.tgz) -C ./charts $HARBOR_REPO/Chart.yaml + env: + TAG: ${{ steps.semantic-dry.outputs.release-version }} + + - name: semantic release + if: steps.chart-changes.outputs.src == 'true' && steps.semantic-dry.outputs.new-release-published == 'true' + uses: docker://ghcr.io/codfish/semantic-release-action:v2 + id: semantic + with: + branches: | + [ + '+([0-9])?(.{+([0-9]),x}).x', + 'main' + ] + + tag_format: ${{ env.TAG_FORMAT }} + + additional_packages: | + ['@semantic-release/exec', '@semantic-release/git'] + + plugins: |- + [ + ['@semantic-release/commit-analyzer', { + "releaseRules": [ + {"type": "major", "release": "major"}, + {"type": "minor", "release": "minor"}, + {"type": "patch", "release": "patch"}, + {"type": "no-release", "release": false}, + + {"type": "chore", "release": "patch"}, + {"type": "refactor", "release": "patch"}, + {"type": "style", "release": "patch"}, + + {"type": "docs", "release": false}, + {"type": "test", "release": false}, + {"type": "ci", "release": false}, + + {"type": "feat", "release": "minor"}, + + {"type": "revert", "release": "patch"}, + {"type": "perf", "release": "patch"}, + {"type": "fix", "release": "patch"}, + {"type": "build", "release": "patch"}, + ], + }], + ['@semantic-release/exec', { + "generateNotesCmd": "echo '${ process.env.RELEASE_NOTES }'" + }], + '@semantic-release/release-notes-generator', + ['@semantic-release/git', { + "assets": ["./charts/**"], + "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" + }], + ['@semantic-release/github', { + "successComment": false, + "failTitle": false + }] + ] + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + RELEASE_NOTES: | + ``` + helm repo add --pass-credentials --username --password https://${{ env.HARBOR_REGISTRY }}/chartrepo/${{ env.HARBOR_PROJECT }} + helm pull --version ${{ steps.semantic-dry.outputs.release-version }} /${{ env.HARBOR_REPO }} + ls *.tgz + # ${{ env.HARBOR_REPO }}-${{ steps.semantic-dry.outputs.release-version }}.tgz + ``` + + - name: helm push to registry + id: chart-push + if: steps.chart-changes.outputs.src == 'true' && steps.semantic.outputs.new-release-published == 'true' + run: | + set -x + helm plugin install https://github.com/chartmuseum/helm-push + helm repo add --pass-credentials --username "$HARBOR_USER" --password "$HARBOR_TOKEN" harbor https://$HARBOR_REGISTRY/chartrepo/$HARBOR_PROJECT + helm cm-push $(echo *.tgz) harbor + sleep 2 + helm repo update + helm pull harbor/$HARBOR_REPO --version $TAG + env: + TAG: ${{ steps.semantic.outputs.release-version }} + + - name: delete orphaned release on chart push failure + uses: dev-drprasad/delete-tag-and-release@v0.2.1 + if: (failure() && steps.chart-push.outcome == 'failure') && steps.semantic.outputs.new-release-published == 'true' + with: + tag_name: ${ env.TAG_PREFIX }-${{ steps.semantic.outputs.release-version }} + delete_release: true + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0d6b282 --- /dev/null +++ b/.gitignore @@ -0,0 +1,378 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore + +# User-specific files +appsettings.Development.json +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates +.sonarqube +.sonarqube/* +/.sonarqube/out/ +/.sonarqube/conf/ +/.sonarqube/out/* +*.sonar + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Ww][Ii][Nn]32/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Oo]ut/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET Core +project.lock.json +project.fragment.lock.json +artifacts/ + +# ASP.NET Scaffolding +ScaffoldingReadMe.txt + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Coverlet is a free, cross platform Code Coverage Tool +coverage*.json +coverage*.xml +coverage*.info + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ + +# Fody - auto-generated XML schema +FodyWeavers.xsd + +bin +obj +packages +serp-forms-api/appsettings.Development.json +serp-forms-api/appsettings.Development.json + +.idea diff --git a/charts/control/.helmignore b/charts/control/.helmignore new file mode 100644 index 0000000..2a2671c --- /dev/null +++ b/charts/control/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line.. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/control/Chart.yaml b/charts/control/Chart.yaml new file mode 100644 index 0000000..ba01920 --- /dev/null +++ b/charts/control/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 1.0.0 +description: Helm chart for deploying DARE Control. +name: control +type: application +version: 1.0.0 diff --git a/charts/control/values.yaml b/charts/control/values.yaml new file mode 100644 index 0000000..e1b0387 --- /dev/null +++ b/charts/control/values.yaml @@ -0,0 +1,10 @@ +jupyter: + enabled: true + + image: + repository: harbor.ukserp.ac.uk/dare/jupyter + tag: 1.0.0 + pullPolicy: IfNotPresent + pullSecret: "" + uid: 1001 + gid: 1001 diff --git a/containers/jupyter/Dockerfile b/containers/jupyter/Dockerfile new file mode 100644 index 0000000..e8d8b0f --- /dev/null +++ b/containers/jupyter/Dockerfile @@ -0,0 +1,5 @@ +FROM jupyterhub/jupyterhub:4.0.0 + +LABEL org.opencontainers.image.source=https://github.com/SwanseaUniversityMedical/DARE-Jupyter + +# TODO setup a build step for compiling and injecting custom plugins diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..7190a60 --- /dev/null +++ b/renovate.json @@ -0,0 +1,3 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json" +}