diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/assign-reviewers.yml | 26 | ||||
| -rw-r--r-- | .github/workflows/build-images.yml | 20 | ||||
| -rw-r--r-- | .github/workflows/checks.yml | 83 | ||||
| -rw-r--r-- | .github/workflows/component-build-images.yml | 219 | ||||
| -rw-r--r-- | .github/workflows/dependabot-auto-update-protobuf-diff.yml | 35 | ||||
| -rw-r--r-- | .github/workflows/fossa.yml | 23 | ||||
| -rw-r--r-- | .github/workflows/gradle-wrapper-validation.yml | 21 | ||||
| -rw-r--r-- | .github/workflows/label-pr.yml | 63 | ||||
| -rw-r--r-- | .github/workflows/nightly-release.yml | 23 | ||||
| -rw-r--r-- | .github/workflows/ossf-scorecard.yml | 50 | ||||
| -rw-r--r-- | .github/workflows/release.yml | 22 | ||||
| -rw-r--r-- | .github/workflows/run-integration-tests.yml | 23 | ||||
| -rw-r--r-- | .github/workflows/stale.yml | 29 |
13 files changed, 637 insertions, 0 deletions
diff --git a/.github/workflows/assign-reviewers.yml b/.github/workflows/assign-reviewers.yml new file mode 100644 index 0000000..8ede7ab --- /dev/null +++ b/.github/workflows/assign-reviewers.yml @@ -0,0 +1,26 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 +# assigns reviewers to pull requests in a similar way as CODEOWNERS, but doesn't require reviewers +# to have write access to the repository +# see .github/component_owners.yaml for the list of components and their owners +name: Assign reviewers + +on: + # pull_request_target is needed instead of just pull_request + # because repository write permission is needed to assign reviewers + pull_request_target: + +permissions: + contents: read + +jobs: + assign-reviewers: + permissions: + pull-requests: write # required for assigning reviewers to PRs + if: github.repository == 'open-telemetry/opentelemetry-demo' + runs-on: ubuntu-latest + steps: + - uses: dyladan/component-owners@main + with: + # using this action to request review only (not assignment) + assign-owners: false diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml new file mode 100644 index 0000000..b37fea8 --- /dev/null +++ b/.github/workflows/build-images.yml @@ -0,0 +1,20 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 +name: Test image generation + +on: + push: + paths: + - 'src/**' + - 'test/**' + +permissions: + contents: read + +jobs: + build_images: + permissions: + contents: read + packages: write + if: github.repository == 'open-telemetry/opentelemetry-demo' + uses: ./.github/workflows/component-build-images.yml diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml new file mode 100644 index 0000000..b6fb10d --- /dev/null +++ b/.github/workflows/checks.yml @@ -0,0 +1,83 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 +name: Checks + +on: + push: + branches: [main] + pull_request: + branches: [main] + workflow_dispatch: + +permissions: + contents: read + +jobs: + build_images: + permissions: # required by the reusable workflow + contents: read + packages: write + uses: ./.github/workflows/component-build-images.yml + with: + push: false + version: 'dev' + + markdownlint: + runs-on: ubuntu-latest + steps: + - name: check out code + uses: actions/checkout@v5 + - name: install dependencies + run: npm install + - name: run markdownlint + run: make markdownlint + + yamllint: + runs-on: ubuntu-latest + steps: + - name: check out code + uses: actions/checkout@v5 + - uses: actions/setup-python@v6 + with: + python-version: '3.x' + - name: install yamllint + run: make install-yamllint + - name: run yamllint + run: yamllint . -f github + + misspell: + runs-on: ubuntu-latest + steps: + - name: check out code + uses: actions/checkout@v5 + - name: run misspell + run: make misspell + + checklinks: + name: linkspector + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + - name: Run linkspector + uses: umbrelladocs/action-linkspector@v1 + with: + level: info + fail_level: any + config_file: '.linkspector.yml' + + sanity: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + - name: run sanitycheck.py + run: python3 ./internal/tools/sanitycheck.py + + checklicense: + runs-on: ubuntu-latest + steps: + - name: check out code + uses: actions/checkout@v5 + - name: install tools + run: make install-tools + - name: run checklicense + run: make checklicense diff --git a/.github/workflows/component-build-images.yml b/.github/workflows/component-build-images.yml new file mode 100644 index 0000000..a4c9544 --- /dev/null +++ b/.github/workflows/component-build-images.yml @@ -0,0 +1,219 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 + +on: + workflow_call: + inputs: + push: + description: Should the images be pushed + default: false + required: false + type: boolean + version: + description: The version used when tagging the image + default: 'dev' + required: false + type: string + dockerhub_repo: + description: Docker Hub repository + default: 'otel/demo' + required: false + type: string + ghcr_repo: + description: GHCR repository + default: 'ghcr.io/open-telemetry/demo' + required: false + type: string + +permissions: + contents: read + +jobs: + protobufcheck: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v5 + - name: Generate + run: make clean docker-generate-protobuf + - name: Check Clean Work Tree + run: make check-clean-work-tree + + build_and_push_images: + runs-on: ubuntu-latest + needs: protobufcheck + + permissions: + contents: read + packages: write + + env: + RELEASE_VERSION: "${{ github.event.release.tag_name }}" + + strategy: + fail-fast: false + matrix: + file_tag: + - file: ./src/accounting/Dockerfile + tag_suffix: accounting + context: ./ + setup-qemu: true + - file: ./src/ad/Dockerfile + tag_suffix: ad + context: ./ + setup-qemu: true + - file: ./src/cart/src/Dockerfile + tag_suffix: cart + context: ./ + setup-qemu: false + - file: ./src/checkout/Dockerfile + tag_suffix: checkout + context: ./ + setup-qemu: true + - file: ./src/currency/Dockerfile + tag_suffix: currency + context: ./ + setup-qemu: true + - file: ./src/email/Dockerfile + tag_suffix: email + context: ./ + setup-qemu: true + - file: ./src/flagd-ui/Dockerfile + tag_suffix: flagd-ui + context: ./ + setup-qemu: true + - file: ./src/fraud-detection/Dockerfile + tag_suffix: fraud-detection + context: ./ + setup-qemu: true + - file: ./src/frontend/Dockerfile + tag_suffix: frontend + context: ./ + setup-qemu: true + - file: ./src/frontend-proxy/Dockerfile + tag_suffix: frontend-proxy + context: ./ + setup-qemu: true + - file: ./src/frontend/Dockerfile.cypress + tag_suffix: frontend-tests + context: ./ + setup-qemu: true + - file: ./src/image-provider/Dockerfile + tag_suffix: image-provider + context: ./ + setup-qemu: true + - file: ./src/kafka/Dockerfile + tag_suffix: kafka + context: ./ + setup-qemu: true + - file: ./src/load-generator/Dockerfile + tag_suffix: load-generator + context: ./ + setup-qemu: true + - file: ./src/opensearch/Dockerfile + tag_suffix: opensearch + context: ./ + setup-qemu: true + - file: ./src/payment/Dockerfile + tag_suffix: payment + context: ./ + setup-qemu: true + - file: ./src/postgres/Dockerfile + tag_suffix: postgresql + context: ./ + setup-qemu: true + - file: ./src/product-catalog/Dockerfile + tag_suffix: product-catalog + context: ./ + setup-qemu: true + - file: ./src/quote/Dockerfile + tag_suffix: quote + context: ./ + setup-qemu: true + - file: ./src/recommendation/Dockerfile + tag_suffix: recommendation + context: ./ + setup-qemu: true + - file: ./src/shipping/Dockerfile + tag_suffix: shipping + context: ./ + setup-qemu: true + - file: ./test/tracetesting/Dockerfile + tag_suffix: traceBasedTests + context: ./ + setup-qemu: true + + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 + - name: Load environment variables from .env file + run: | + if [ -f .env ]; then + # Filter out comments and empty lines, then add each variable to $GITHUB_ENV + grep -vE '^\s*#|^\s*$' .env | while read -r line; do + echo "$line" >> $GITHUB_ENV + done + else + echo ".env file not found!" + exit 1 + fi + - name: Check for changes and set push options + id: check_changes + run: | + DOCKERFILE_DIR=$(dirname ${{ matrix.file_tag.file }}) + FILES_CHANGED=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} -- $DOCKERFILE_DIR) + FORCE_PUSH=${{ inputs.push }} + if [ "$FORCE_PUSH" = true ]; then + echo "Force push is enabled, proceeding with build." + echo "skip=false" >> "$GITHUB_OUTPUT" + elif [ -z "$FILES_CHANGED" ]; then + echo "No changes in ${{ matrix.file_tag.context }}, skipping build." + echo "skip=true" >> "$GITHUB_OUTPUT" + else + echo "Changes detected in ${{ matrix.file_tag.context }}, proceeding with build." + echo "skip=false" >> "$GITHUB_OUTPUT" + fi + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + if: ${{ inputs.push }} + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + if: ${{ inputs.push }} + - name: Set up QEMU + if: ${{ matrix.file_tag.setup-qemu }} + uses: docker/setup-qemu-action@v3 + with: + image: tonistiigi/binfmt:master + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + buildkitd-config-inline: | + [worker.oci] + max-parallelism = 2 + - name: Matrix Build and push demo images + if: steps.check_changes.outputs.skip == 'false' + uses: docker/build-push-action@v6.18.0 + with: + context: ${{ matrix.file_tag.context }} + file: ${{ matrix.file_tag.file }} + platforms: linux/amd64,linux/arm64 + push: ${{ inputs.push }} + build-args: | + OTEL_JAVA_AGENT_VERSION=${{ env.OTEL_JAVA_AGENT_VERSION }} + OPENTELEMETRY_CPP_VERSION=${{ env.OPENTELEMETRY_CPP_VERSION }} + TRACETEST_IMAGE_VERSION=${{ env.TRACETEST_IMAGE_VERSION }} + tags: | + ${{ inputs.dockerhub_repo }}:${{ inputs.version }}-${{matrix.file_tag.tag_suffix }} + ${{ inputs.dockerhub_repo }}:latest-${{matrix.file_tag.tag_suffix }} + ${{ inputs.ghcr_repo }}:${{ inputs.version }}-${{ matrix.file_tag.tag_suffix }} + ${{ inputs.ghcr_repo }}:latest-${{ matrix.file_tag.tag_suffix }} + cache-from: type=gha + cache-to: type=gha diff --git a/.github/workflows/dependabot-auto-update-protobuf-diff.yml b/.github/workflows/dependabot-auto-update-protobuf-diff.yml new file mode 100644 index 0000000..96dd1bd --- /dev/null +++ b/.github/workflows/dependabot-auto-update-protobuf-diff.yml @@ -0,0 +1,35 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 + +on: + pull_request: + branches: [ main ] + +permissions: + contents: read + +jobs: + dependabot-auto-update-protobuf-diff: + permissions: + contents: write + pull-requests: write + runs-on: ubuntu-latest + # Only run this job if the PR is opened by dependabot and the last commit is from dependabot + if: github.event.pull_request.user.login == 'dependabot[bot]' + steps: + - name: Checkout + uses: actions/checkout@v5 + with: + ref: ${{ github.head_ref }} + token: ${{ secrets.DEPENDABOT_TOKEN }} + - name: Generate + run: make clean docker-generate-protobuf + - name: Commit only if there are changes + run: | + if ! git diff --quiet; then + git config user.name "dependabot[bot]" + git config user.email "49699333+dependabot[bot]@users.noreply.github.com" + git add . + git commit -s -m "chore: update protobuf" + git push + fi diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml new file mode 100644 index 0000000..9c79918 --- /dev/null +++ b/.github/workflows/fossa.yml @@ -0,0 +1,23 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 + +name: FOSSA scanning + +on: + push: + branches: + - main + +permissions: + contents: read + +jobs: + fossa: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + + - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0 + with: + api-key: ${{secrets.FOSSA_API_KEY}} + team: OpenTelemetry diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml new file mode 100644 index 0000000..6bc5888 --- /dev/null +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -0,0 +1,21 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 +name: Gradle wrapper validation +on: + pull_request: + paths: + - '**/gradle/wrapper/**' + push: + paths: + - '**/gradle/wrapper/**' + +permissions: + contents: read + +jobs: + validation: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + + - uses: gradle/actions/wrapper-validation@v4.4.3 diff --git a/.github/workflows/label-pr.yml b/.github/workflows/label-pr.yml new file mode 100644 index 0000000..f9273e8 --- /dev/null +++ b/.github/workflows/label-pr.yml @@ -0,0 +1,63 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 +# adds a label to a pull request if certain files are changed +name: Label Pull Requests + +on: + pull_request_target: + types: [opened, synchronize, reopened] + +permissions: + contents: read + +jobs: + label: + runs-on: ubuntu-latest + permissions: + pull-requests: write + contents: read + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Check for changed files + id: file_changes + uses: dorny/paths-filter@v3 + with: + list-files: shell + filters: | + docsUpdateRequired: + - 'src/flagd/**' + helmUpdateRequired: + - '.env' + - 'docker-compose*.yml' + - 'src/flagd/**' + - 'src/grafana/**' + - 'src/otel-collector/**' + - 'src/prometheus/**' + + - name: "Add Label: docs-update-required" + if: steps.file_changes.outputs.docsUpdateRequired == 'true' + uses: actions/github-script@v8 + with: + script: | + const issue_number = context.issue.number; + github.rest.issues.addLabels({ + issue_number: issue_number, + owner: context.repo.owner, + repo: context.repo.repo, + labels: ['docs-update-required'] + }) + + - name: "Add Label: helm-update-required" + if: steps.file_changes.outputs.helmUpdateRequired == 'true' + uses: actions/github-script@v8 + with: + script: | + const issue_number = context.issue.number; + github.rest.issues.addLabels({ + issue_number: issue_number, + owner: context.repo.owner, + repo: context.repo.repo, + labels: ['helm-update-required'] + }) diff --git a/.github/workflows/nightly-release.yml b/.github/workflows/nightly-release.yml new file mode 100644 index 0000000..c569af7 --- /dev/null +++ b/.github/workflows/nightly-release.yml @@ -0,0 +1,23 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 +name: Nightly Release + +on: + schedule: + # Runs at 00:00 UTC every day + - cron: '0 0 * * *' + +permissions: + contents: read + +jobs: + build_and_push_images: + permissions: # required by the reusable workflow + contents: read + packages: write + uses: ./.github/workflows/component-build-images.yml + if: github.repository == 'open-telemetry/opentelemetry-demo' + with: + push: true + version: nightly-${{ github.run_id }} + secrets: inherit diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml new file mode 100644 index 0000000..5e95e29 --- /dev/null +++ b/.github/workflows/ossf-scorecard.yml @@ -0,0 +1,50 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 + +name: OSSF Scorecard + +on: + push: + branches: + - main + schedule: + - cron: "25 11 * * 3" # once a week + workflow_dispatch: + +permissions: read-all + +jobs: + analysis: + runs-on: ubuntu-latest + permissions: + # Needed for Code scanning upload + security-events: write + # Needed for GitHub OIDC token if publish_results is true + id-token: write + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 + with: + results_file: results.sarif + results_format: sarif + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable + # uploads of run results in SARIF format to the repository Actions tab. + # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts + - name: "Upload artifact" + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard (optional). + # Commenting out will disable upload of results to your repo's Code Scanning dashboard + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 + with: + sarif_file: results.sarif diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..60eb1b6 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,22 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 +name: "Build and Publish" + +on: + release: + types: [published] + +permissions: + contents: read + +jobs: + build_and_push_images: + permissions: # required by the reusable workflow + contents: read + packages: write + uses: ./.github/workflows/component-build-images.yml + if: github.repository == 'open-telemetry/opentelemetry-demo' + with: + push: true + version: ${{ github.event.release.tag_name }} + secrets: inherit diff --git a/.github/workflows/run-integration-tests.yml b/.github/workflows/run-integration-tests.yml new file mode 100644 index 0000000..a64c774 --- /dev/null +++ b/.github/workflows/run-integration-tests.yml @@ -0,0 +1,23 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 +name: Integration Tests + +on: + pull_request_review: + types: + - submitted + +permissions: + contents: read + +jobs: + run_tests: + runs-on: ubuntu-latest + name: "Run CI" + if: github.event.review.state == 'APPROVED' + steps: + - name: check out code + uses: actions/checkout@v5 + - name: run tracetesting + run: | + make build && docker system prune -f && make run-tracetesting diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..eab3dee --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,29 @@ +# Copyright The OpenTelemetry Authors +# SPDX-License-Identifier: Apache-2.0 +# Syntax: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions +# Github Actions Stale: https://github.com/actions/stale + +name: "Close stale pull requests" +on: + schedule: + - cron: "12 3 * * *" # arbitrary time not to DDOS GitHub + +permissions: + contents: read + +jobs: + stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v10 + with: + stale-pr-message: 'This PR was marked stale due to lack of activity. It will be closed in 7 days.' + close-pr-message: 'Closed as inactive. Feel free to reopen if this PR is still being worked on.' + operations-per-run: 400 + days-before-pr-stale: 7 + days-before-issue-stale: -1 + days-before-pr-close: 7 + days-before-issue-close: -1 |