Merge pull request #4 from 1Password/add-release-automation

Add release automation

.VERSION

@@ -0,0 +1 @@
+0.0.2

.github/workflows/release-pr.yml

@@ -0,0 +1,85 @@
+on:
+  create:
+    branches:
+
+name: Open Release PR for review
+
+jobs:
+  # This job is necessary because GitHub does not (yet) support
+  # filtering `create` triggers by branch name.
+  # See: https://github.community/t/trigger-job-on-branch-created/16878/5
+  should_create_pr:
+    name: Check if PR for branch already exists
+    runs-on: ubuntu-latest
+    outputs:
+      result: ${{ steps.is_release_branch_without_pr.outputs.result }}
+    steps:
+      - id: is_release_branch_without_pr
+        name: Find matching PR
+        uses: actions/github-script@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            // Search for an existing PR with head & base
+            //  that match the created branch
+
+            const [releaseBranchName] = context.ref.match("release/v[0-9]+\.[0-9]+\.[0-9]+") || []
+
+            if(!releaseBranchName) { return false }
+
+            const {data: prs} = await github.pulls.list({
+                ...context.repo,
+                state: 'open',
+                head: `1Password:${releaseBranchName}`,
+                base: context.payload.master_branch
+            })
+
+            return prs.length === 0
+
+  create_pr:
+    needs: should_create_pr
+    if: needs.should_create_pr.outputs.result == 'true'
+    name: Create Release Pull Request
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Parse release version
+        id: get_version
+        run: echo "::set-output name=version::$(echo $GITHUB_REF | sed 's|^refs/heads/release/v?*||g')"
+
+      - name: Prepare Pull Request
+        id: prep_pr
+        run: |
+          CHANGELOG_PATH=$(printf "%s/CHANGELOG.md" "${GITHUB_WORKSPACE}")
+
+          LOG_ENTRY=$(awk '/START\/v[0-9]+\.[0-9]+\.[0-9]+*/{f=1; next} /---/{if (f == 1) exit} f' "${CHANGELOG_PATH}")
+          export PR_BODY=$(cat <<EOF
+          This is an automated PR for a new release.
+
+          Please check the following before approving:
+          - [ ] Changelog is accurate. The documented changes for this release are printed below.
+          - [ ] Any files referencing a version number. Confirm it matches the version number in the branch name.
+          ---
+          ## Release Changelog Preview
+          ${LOG_ENTRY}
+          EOF
+          )
+
+          # Sanitizes multiline strings for action outputs (https://medium.com/agorapulse-stories/23f56447d209)
+          PR_BODY="${PR_BODY//'%'/'%25'}"
+          PR_BODY="${PR_BODY//$'\n'/'%0A'}"
+          PR_BODY="${PR_BODY//$'\r'/'%0D'}"
+          echo "::set-output name=pr_body::$(echo "$PR_BODY")"
+
+      - name: Create Pull Request via API
+        id: post_pr
+        uses: octokit/request-action@v2.x
+        with:
+          route: POST /repos/${{ github.repository }}/pulls
+          title: ${{ format('Prepare Release - v{0}', steps.get_version.outputs.version) }}
+          head: ${{ github.ref }}
+          base: ${{ github.event.master_branch }}
+          body: ${{ toJson(steps.prep_pr.outputs.pr_body) }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

CHANGELOG.md

@@ -0,0 +1,34 @@
+[//]: # (START/LATEST)
+# Latest
+
+## Features:
+*
+## Fixes:
+*
+## Security:
+*
+
+---
+
+[//]: # (START/v0.0.2)
+# v0.0.2
+
+## Features:
+* Items can now be accessed by either `vaults/<vault_id>/items/<item_id>` or `vaults/<vault_title>/items/<item_title>`
+
+---
+
+[//]: # (START/v0.0.1)
+
+# v0.0.1
+
+Initial 1Password Operator release
+
+## Features
+* watches for deployment creations with `onepassword` annotations and creates an associated kubernetes secret
+* watches for `onepasswordsecret` crd creations and creates an associated kubernetes secrets
+* watches for changes to 1Password secrets associated with kubernetes secrets and updates the kubernetes secret with changes
+* restart pods when secret has been updated
+* cleanup of kubernetes secrets when deployment or `onepasswordsecret` is deleted
+
+---

Dockerfile

@@ -12,7 +12,15 @@ COPY pkg/ pkg/
 COPY version/ version/
 COPY vendor/ vendor/
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -mod vendor -a -o manager main.go
+ARG operator_version=dev
+RUN CGO_ENABLED=0 \
+    GOOS=linux \
+    GOARCH=amd64 \
+    GO111MODULE=on \
+    go build \
+    -ldflags "-X version.Version=$operator_version" \
+    -mod vendor \
+    -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

Makefile

@@ -0,0 +1,68 @@
+export MAIN_BRANCH ?= main
+
+.DEFAULT_GOAL := help
+.PHONY: test build build/binary build/local clean test/coverage release/prepare release/tag .check_bump_type .check_git_clean help
+
+GIT_BRANCH := $(shell git symbolic-ref --short HEAD)
+WORKTREE_CLEAN := $(shell git status --porcelain 1>/dev/null 2>&1; echo $$?)
+SCRIPTS_DIR := $(CURDIR)/scripts
+
+versionFile = $(CURDIR)/.VERSION
+curVersion := $(shell cat $(versionFile) | sed 's/^v//')
+
+OPERATOR_NAME := onepassword-connect-operator
+DOCKER_IMG_TAG ?= $(OPERATOR_NAME):v$(curVersion)
+
+test:	## Run test suite
+	go test ./...
+
+test/coverage:	## Run test suite with coverage report
+	go test -v ./... -cover
+
+build:	## Build operator Docker image
+	@docker build -f Dockerfile --build-arg operator_version=$(curVersion) -t $(DOCKER_IMG_TAG)
+	@echo "Successfully built and tagged image."
+	@echo "Tag: $(DOCKER_IMG_TAG)"
+
+build/local:	## Build local version of the operator Docker image
+	@docker build -f Dockerfile -t local/$(DOCKER_IMG_TAG)
+
+build/binary: clean	## Build operator binary
+	@mkdir -p dist
+	@go build -mod vendor -a -o manager ./cmd/manager/main.go
+	@mv manager ./dist
+
+clean:
+	rm -rf ./dist
+
+help:	## Prints this help message
+	@grep -E '^[\/a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+
+## Release functions =====================
+
+release/prepare: .check_git_clean	## Updates changelog and creates release branch (call with 'release/prepare version=<new_version_number>')
+
+	@test $(version) || (echo "[ERROR] version argument not set."; exit 1)
+	@git fetch --quiet origin $(MAIN_BRANCH)
+
+	@echo $(version) | tr -d '\n' | tee $(versionFile) &>/dev/null
+
+	@NEW_VERSION=$(version) $(SCRIPTS_DIR)/prepare-release.sh
+
+release/tag: .check_git_clean	## Creates git tag
+	@git pull --ff-only
+	@echo "Applying tag 'v$(curVersion)' to HEAD..."
+	@git tag --sign "v$(curVersion)" -m "Release v$(curVersion)"
+	@echo "[OK] Success!"
+	@echo "Remember to call 'git push --tags' to persist the tag."
+
+## Helper functions =====================
+
+.check_git_clean:
+ifneq ($(GIT_BRANCH), $(MAIN_BRANCH))
+	@echo "[ERROR] Please checkout default branch '$(MAIN_BRANCH)' and re-run this command."; exit 1;
+endif
+ifneq ($(WORKTREE_CLEAN), 0)
+	@echo "[ERROR] Uncommitted changes found in worktree. Address them and try again."; exit 1;
+endif

README.md

@@ -146,10 +146,29 @@ If multiple 1Password vaults/items have the same `title` when using a title in t
 ---
 ## Development
 
+### Creating a Docker image
+
+To create a local version of the Docker image for testing, use the following `Makefile` target:
+```shell
+make build/local
+```
+
+### Building the Operator binary
+```shell
+make build/binary
+```
+
+The binary will be placed inside a `dist` folder within this repository.
+
 ### Running Tests
 
-```bash
-$ go test -v ./... -cover
+```shell
+make test
+```
+
+With coverage:
+```shell
+make test/coverage
 ```
 
 ## Security