Merge pull request #109 from KiraCore/feature/ci-cd-v2

feature/ci-cd-v2 -> release/v0.2.12

Author: asmodat

.github/workflows/branch.yml

@@ -0,0 +1,76 @@
+name: Create version branch & PR <working>/* -> version
+
+on:
+  push:
+    branches: [ feature/*, bugfix/* ]
+
+jobs:
+  auto-pr:
+    name: Automated Master Branch PR
+    runs-on: ubuntu-20.04
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+      pull-requests: write
+    steps:
+          # Work around https://github.com/actions/checkout/issues/760
+          - name: Add safe.directory
+            run: |
+              git config --global --add safe.directory /github/workspace
+              git config --global --add safe.directory $PWD
+          # ref.: https://github.com/actions/checkout, v3.0.0
+          - name: Checkout repository
+            uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+          - name: Extract branch name on pull request
+            shell: bash
+            run: |
+              set -x
+              git branch -r -l
+              echo "(current dir): $PWD" && ls -l ./
+              chmod -Rv 555 ./scripts
+              RELEASE_VER=$(./scripts/version.sh) && echo "RELEASE_VER=$RELEASE_VER" >> $GITHUB_ENV
+              RELEASE_BRANCH="release/$RELEASE_VER" && echo "RELEASE_BRANCH=$RELEASE_BRANCH" >> $GITHUB_ENV
+              REPOSITORY_NAME="${{ github.event.repository.name }}" && echo "REPOSITORY_NAME=$REPOSITORY_NAME" >> $GITHUB_ENV
+              echo "SOURCE_BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+              echo "DEFAULT_BRANCH=${{ github.event.repository.default_branch }}" >> $GITHUB_ENV
+              echo "MASTER_REF=$(git ls-remote https://github.com/kiracore/$REPOSITORY_NAME | head -1 | sed 's/HEAD//')" >> $GITHUB_ENV
+              git ls-remote https://github.com/kiracore/$REPOSITORY_NAME | egrep -q "refs/tags/${RELEASE_VER}$" && echo "RELEASE_EXISTS=true" >> $GITHUB_ENV || echo "RELEASE_EXISTS=false" >> $GITHUB_ENV
+              ( git show-branch "origin/$RELEASE_BRANCH" || git show-branch "remotes/origin/$RELEASE_BRANCH" ) && echo "TARGET_BRANCH_EXISTS=true" >> $GITHUB_ENV || echo "TARGET_BRANCH_EXISTS=false" >> $GITHUB_ENV
+          - name: Print debug data before publishing
+            run: |
+              echo "Repository name: ${{ env.REPOSITORY_NAME }}"
+              echo "  Source branch: ${{ env.SOURCE_BRANCH }}"
+              echo " Default branch: ${{ env.DEFAULT_BRANCH }}"
+              echo "  Master refer.: ${{ env.MASTER_REF }}"
+              echo "Release version: ${{ env.RELEASE_VER }}"
+              echo " Release branch: ${{ env.RELEASE_BRANCH }}"
+              echo " Release exists: ${{ env.RELEASE_EXISTS }}"
+              echo "     Event name: ${{ github.event_name }}"
+              echo "  Target Exists: ${{ env.TARGET_BRANCH_EXISTS }}"
+          # ref.: https://github.com/peterjgrainger/action-create-branch, v2.2.0
+          - name: Create version branch from master
+            uses: peterjgrainger/action-create-branch@c2800a3a9edbba2218da6861fa46496cf8f3195a
+            if: |
+               ( env.TARGET_BRANCH_EXISTS == false || env.TARGET_BRANCH_EXISTS == 'false' ) &&
+               ( env.RELEASE_EXISTS == false || env.RELEASE_EXISTS == 'false' ) && 
+               ( startsWith(env.RELEASE_BRANCH, 'release/v') && contains(env.RELEASE_BRANCH, '.') )
+            env:
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            with:
+              branch: ${{ env.RELEASE_BRANCH }}
+              sha: ${{ env.MASTER_REF }}
+          - name: Create PR from feature to version branch
+            # ref. repo-sync/pull-request is broken, using cea2aj/pull-request instead
+            uses: cea2aj/pull-request@84eb0c3478f13651e5649367941b867ca02d7926
+            if: |
+               ( env.TARGET_BRANCH_EXISTS == false || env.TARGET_BRANCH_EXISTS == 'false' ) &&
+               ( env.RELEASE_EXISTS == false || env.RELEASE_EXISTS == 'false' ) && 
+               ( startsWith(env.RELEASE_BRANCH, 'release/v') && contains(env.RELEASE_BRANCH, '.') )
+            with:
+              github_token: ${{ secrets.REPO_ACCESS }}
+              source_branch: ${{ env.SOURCE_BRANCH }}
+              destination_branch: ${{ env.RELEASE_BRANCH}}
+              pr_title: "${{ env.SOURCE_BRANCH }} -> ${{ env.RELEASE_BRANCH }}" 
+              pr_label: "kira-automation"
+              pr_allow_empty: true

.github/workflows/main.yml

@@ -1,8 +1,8 @@
-name: v*.*.* -PR-> master
+name: release/v*.*.* -PR-> master
 
 on:
   push:
-    branches: [ v*.*.* ]
+    branches: [ v*.*.*, release/v*.*.* ]
 
 # git ls-remote <URL> | head -1 | sed "s/HEAD//"
 jobs:
@@ -16,26 +16,36 @@ jobs:
       id-token: write
       pull-requests: write
     steps:
+          # Work around https://github.com/actions/checkout/issues/760
+          - name: Add safe.directory
+            run: |
+              git config --global --add safe.directory /github/workspace
+              git config --global --add safe.directory $PWD
+          # ref.: https://github.com/actions/checkout, v3.0.0
+          - name: Checkout repository
+            uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
           - name: Extract branch name on pull request
             shell: bash
             run: |
-              echo "SOURCE_BRANCH=$(echo ${GITHUB_REF#refs/heads/} | tr / -)" >> $GITHUB_ENV
+              set -x
+              git branch -r -l
+              echo "SOURCE_BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+              echo "DEFAULT_BRANCH=${{ github.event.repository.default_branch }}" >> $GITHUB_ENV
           - name: Print debug data before publishing
             run: |
-              echo "Source branch: ${{ env.SOURCE_BRANCH }}"
-              echo "   Event name: ${{ github.event_name }}"
-              echo "  Repo. name: ${{ github.event.repository.name }}"
-          # ref.: https://github.com/actions/checkout, v3.0.0
-          - name: Checkout repository
-            uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+              echo " Source branch: ${{ env.DEFAULT_BRANCH }}"
+              echo "Default branch: ${{ env.SOURCE_BRANCH }}"
+              echo "    Event name: ${{ github.event_name }}"
+              echo "    Repo. name: ${{ github.event.repository.name }}"
           - name: Create PR from a version branch to master after version branch push
-            if: startsWith(env.SOURCE_BRANCH, 'v') && contains(env.SOURCE_BRANCH, '.') && !contains(env.SOURCE_BRANCH, '-') && !contains(env.SOURCE_BRANCH, 'rc')
-            uses: repo-sync/pull-request@5ba2c80b97c87b9174c1548141b7acd80f6376e1
+            # ref. repo-sync/pull-request is broken, using cea2aj/pull-request instead
+            uses: cea2aj/pull-request@84eb0c3478f13651e5649367941b867ca02d7926
+            if: startsWith(env.SOURCE_BRANCH, 'release/v') && contains(env.SOURCE_BRANCH, '.')
             with:
               github_token: ${{ secrets.REPO_ACCESS }}
               source_branch: ${{ env.SOURCE_BRANCH }}
-              destination_branch: ${{ github.event.repository.default_branch }}
-              pr_title: "${{ env.SOURCE_BRANCH }} -> ${{ github.event.repository.default_branch }}" 
+              destination_branch: ${{ env.DEFAULT_BRANCH}}
+              pr_title: "${{ env.SOURCE_BRANCH }} -> ${{ env.DEFAULT_BRANCH }}" 
               pr_label: "kira-automation"
               pr_assignee: "asmodat"
               pr_allow_empty: true

.github/workflows/master.yml

@@ -2,7 +2,7 @@ name: Clean spam PRs
 
 on:
   pull_request:
-    branches: [ master, dev, latest, v*.*.*, feature/*, bugfix/* ]
+    branches: [ master, dev, latest, v*.*.*, release/v*.*.*, feature/*, bugfix/* ]
 
 jobs:
   # isolate signing & repo cloning from docker image
@@ -18,6 +18,11 @@ jobs:
       REF_BRANCH: ${{ github.event.pull_request.head.ref }}
       BASE_REF_BRANCH: ${{ github.base_ref }}
     steps:
+          # Work around https://github.com/actions/checkout/issues/760
+          - name: Add safe.directory
+            run: |
+              git config --global --add safe.directory /github/workspace
+              git config --global --add safe.directory $PWD
           # ref.: https://github.com/actions/checkout, v3.0.0
           - name: Checkout repository
             uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
@@ -26,9 +31,16 @@ jobs:
           - name: Extract branch name & release version
             shell: bash
             run: |
-              echo "RELEASE_VER=$(grep -Fn -m 1 'Release: ' ./RELEASE.md | rev | cut -d ":" -f1 | rev | xargs | tr -dc '[:alnum:]\-\.' || echo '')" >> $GITHUB_ENV
-              echo "SOURCE_BRANCH=$(echo ${{ env.REF_BRANCH }} | tr / -)" >> $GITHUB_ENV
-              echo "DESTINATION_BRANCH=$(echo ${{ env.BASE_REF_BRANCH }} | tr / -)" >> $GITHUB_ENV
+              chmod -Rv 555 ./scripts
+              VERSION_REGEX="^(v?)([0-9]+)\.([0-9]+)\.([0-9]+)(-?)([a-zA-Z]+)?(\.?([0-9]+)?)$"
+              REPOSITORY_NAME=${{ github.event.repository.name }}
+              RELEASE_VER=$(./scripts/version.sh) && echo "RELEASE_VER=$RELEASE_VER" >> $GITHUB_ENV
+              RELEASE_BRANCH="release/$RELEASE_VER" && echo "RELEASE_BRANCH=$RELEASE_BRANCH" >> $GITHUB_ENV
+              SOURCE_BRANCH="$(echo ${{ env.REF_BRANCH }})" && echo "SOURCE_BRANCH=$SOURCE_BRANCH" >> $GITHUB_ENV
+              DESTINATION_BRANCH="$(echo ${{ env.BASE_REF_BRANCH }})" && echo "DESTINATION_BRANCH=$DESTINATION_BRANCH" >> $GITHUB_ENV
+              git ls-remote https://github.com/kiracore/$REPOSITORY_NAME | egrep -q "refs/tags/${RELEASE_VER}$" && echo "RELEASE_EXISTS=true" >> $GITHUB_ENV || echo "RELEASE_EXISTS=false" >> $GITHUB_ENV
+              [[ "$SOURCE_BRANCH" =~ $VERSION_REGEX ]] && echo "SOURCE_VERSIONED=true" >> $GITHUB_ENV || echo "SOURCE_VERSIONED=false" >> $GITHUB_ENV
+              [[ "$DESTINATION_BRANCH" =~ $VERSION_REGEX ]] && echo "DESTINATION_VERSIONED=true" >> $GITHUB_ENV || echo "DESTINATION_VERSIONED=false" >> $GITHUB_ENV
           - name: Print debug data before publishing
             run: |
               echo "Source branch name: ${{ env.SOURCE_BRANCH }}"
@@ -38,31 +50,43 @@ jobs:
             uses: dessant/repo-lockdown@0b093279a77b44bbc38e85089b5463dd06b4aea4
             if: |
               ( env.DESTINATION_BRANCH == 'master' || env.DESTINATION_BRANCH == 'dev' || env.DESTINATION_BRANCH == 'latest' ) &&
-              ( !startsWith(env.SOURCE_BRANCH, 'v') && !contains(env.SOURCE_BRANCH, '.') )
+              ( !startsWith(env.SOURCE_BRANCH, 'release/v') && !contains(env.SOURCE_BRANCH, '.') )
             with:
               pr-labels: 'invalid'
               pr-comment: >
                 This repository does not accept pull requests from non version branches
-              close-pr: true
+
+                --- Please CLOSE this PR after acknowledging the issue ---
+              close-pr: false
+              lock-pr: true
+              pr-lock-reason: 'spam'
           - name: Reject invalid PRs to version branches that do NOT originate from feature/* or debug/*
             # ref.: https://github.com/dessant/repo-lockdown
             uses: dessant/repo-lockdown@0b093279a77b44bbc38e85089b5463dd06b4aea4
             if: |
-              ( startsWith(env.DESTINATION_BRANCH, 'v') && contains(env.DESTINATION_BRANCH, '.') ) &&
+              ( startsWith(env.DESTINATION_BRANCH, 'release/v') && contains(env.DESTINATION_BRANCH, '.') ) &&
               ( !startsWith(env.SOURCE_BRANCH, 'feature') && !startsWith(env.SOURCE_BRANCH, 'bugfix') )
             with:
               pr-labels: 'invalid'
               pr-comment: >
                 This repository does not accept pull requests from feature/* & bugfix/* branches
-              close-pr: true
+
+                --- Please CLOSE this PR after acknowledging the issue ---
+              close-pr: false
+              lock-pr: true
+              pr-lock-reason: 'spam'
           - name: Reject invalid PRs to version branches with invalid RELEASE files
             # ref.: https://github.com/dessant/repo-lockdown
             uses: dessant/repo-lockdown@0b093279a77b44bbc38e85089b5463dd06b4aea4
             if: |
-              ( startsWith(env.DESTINATION_BRANCH, 'v') && contains(env.DESTINATION_BRANCH, '.') ) &&
-              ( env.DESTINATION_BRANCH != env.RELEASE_VER )
+              ( startsWith(env.DESTINATION_BRANCH, 'release/v') && contains(env.DESTINATION_BRANCH, '.') ) &&
+              ( env.DESTINATION_BRANCH != env.RELEASE_BRANCH )
             with:
               pr-labels: 'invalid'
               pr-comment: >
-                The release version (${{ env.RELEASE_VER }}) in the ./RELEASE.md file does NOT match the branch name (${{ env.DESTINATION_BRANCH }})
-              close-pr: false
+                The release version (${{ env.RELEASE_VER }}) does NOT match the branch name (${{ env.DESTINATION_BRANCH }})
+
+                --- Please CLOSE this PR after acknowledging the issue ---
+              close-pr: false
+              lock-pr: true
+              pr-lock-reason: 'spam'

.github/workflows/spam.yml

@@ -0,0 +1,10 @@
+bin/
+*/bin
+nfpm_*
+*/nfpm_*
+*-tmp
+*/*-tmp
+*/.build
+*/dist
+*/spec
+*/__pycache__

.gitignore

@@ -0,0 +1,26 @@
+# tools
+KIRA Tools
+
+## Dependencies
+
+```
+VERSION="v0.0.8.0" && cd /tmp && rm -fv ./bash-utils.sh && \
+CHECKSUM="1cfb806eec03956319668b0a4f02f2fcc956ed9800070cda1870decfe2e6206e" && \
+wget https://github.com/KiraCore/tools/releases/download/$VERSION/bash-utils.sh -O ./bash-utils.sh && \
+    FILE_HASH=$(sha256sum ./bash-utils.sh | awk '{ print $1 }' | xargs || echo -n "") && \
+    [ "$FILE_HASH" == "$CHECKSUM" ] && chmod -v 555 ./bash-utils.sh && \
+    ./bash-utils.sh bashUtilsSetup "/var/kiraglob" && . /etc/profile && \
+    bash-utils loadGlobEnvs && utils echoInfo "SUCCESS: bash-utils $(bash-utils bashUtilsVersion) were installed!" || \
+    echo "ERROR: Invalid checksum '$FILE_HASH' or bashUtilsSetup failed"
+```
+
+## Build
+
+```
+# set env variable to your local repos (will vary depending on the user)
+setGlobEnv TOOLS_REPO "/mnt/c/Users/asmodat/Desktop/KIRA/GITHUB/tools"
+
+cd $TOOLS_REPO
+
+make build
+```

DEVME.md

@@ -0,0 +1,10 @@
+.PHONY: test build publish
+
+test:
+	./scripts/test.sh
+
+build:
+	./scripts/build.sh
+
+publish:
+	./scripts/publish.sh

Makefile

@@ -1,2 +1,46 @@
 # tools
 KIRA Network - useful tools & scripts
+
+## Signatures
+
+All files in KIRA repositories are always signed with [cosign](https://github.com/sigstore/cosign/releases)
+
+Cosign requires simple initial setup of the signer keys described more precisely [here](https://dev.to/n3wt0n/sign-your-container-images-with-cosign-github-actions-and-github-container-registry-3mni)
+
+```bash
+# install cosign
+COSIGN_VERSION="v1.7.2" && \
+if [[ "$(uname -m)" == *"ar"* ]] ; then ARCH="arm64"; else ARCH="amd64" ; fi && echo $ARCH && \
+PLATFORM=$(uname) && FILE=$(echo "cosign-${PLATFORM}-${ARCH}" | tr '[:upper:]' '[:lower:]') && \
+ wget https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/$FILE && chmod +x -v ./$FILE && \
+ mv -fv ./$FILE /usr/local/bin/cosign && cosign version
+
+# save KIRA public cosign key
+cat > ./cosign.pub << EOL
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/IrzBQYeMwvKa44/DF/HB7XDpnE+
+f+mU9F/Qbfq25bBWV2+NlYMJv3KvKHNtu3Jknt6yizZjUV4b8WGfKBzFYw==
+-----END PUBLIC KEY-----
+EOL
+
+# download desired files and the corresponding .sig file from: https://github.com/KiraCore/tools/releases
+
+# verify signature of downloaded files
+cosign verify-blob --key=./cosign.pub --signature=./<file>.sig ./<file>
+```
+
+## bash-utils
+
+KIRA bash-utils is a general purpose tool for simplifying scripts & commands
+
+```bash
+# one line install
+TOOLS_VERSION="v0.2.7" && mkdir -p /usr/keys && FILE_NAME="bash-utils.sh" && \
+ if [ -z "$KIRA_COSIGN_PUB" ] ; then KIRA_COSIGN_PUB=/usr/keys/kira-cosign.pub ; fi && \
+ echo -e "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/IrzBQYeMwvKa44/DF/HB7XDpnE+\nf+mU9F/Qbfq25bBWV2+NlYMJv3KvKHNtu3Jknt6yizZjUV4b8WGfKBzFYw==\n-----END PUBLIC KEY-----" > $KIRA_COSIGN_PUB && \
+ wget "https://github.com/KiraCore/tools/releases/download/$TOOLS_VERSION/${FILE_NAME}" -O ./$FILE_NAME && \
+ wget "https://github.com/KiraCore/tools/releases/download/$TOOLS_VERSION/${FILE_NAME}.sig" -O ./${FILE_NAME}.sig && \
+ cosign verify-blob --key="$KIRA_COSIGN_PUB" --signature=./${FILE_NAME}.sig ./$FILE_NAME && \
+ chmod -v 555 ./$FILE_NAME && ./$FILE_NAME bashUtilsSetup "/var/kiraglob" && . /etc/profile && \
+ echoInfo "Installed bash-utils $(bashUtilsVersion)"
+```

README.md

@@ -0,0 +1,5 @@
+Features:
+* Added `strLength, strStartsWith, strEndsWith, setTomlVar` to bash-utils
+
+
+

RELEASE.md

@@ -0,0 +1,5 @@
+.PHONY: test
+
+test:
+	./scripts/test.sh
+	

bash-utils/Makefile

@@ -1,11 +1,16 @@
-# KIRA Bash Utils
+## KIRA Bash Utils
 
 The ultimate collection of various bash-shell function to make access to various system components fast and simple from the CLI level
 
 
-# Install
+### Local Setup
 ```
-cd /tmp && read -p "Input branch name: " BRANCH && \
- wget https://raw.githubusercontent.com/KiraCore/tools/$BRANCH/bash-utils/install.sh -O ./i.sh && \
- chmod 555 ./i.sh && ./i.sh "$BRANCH" "/var/kiraglob" && . /etc/profile || echo "ERROR: Failed kira bash-utils installation"
+./bash-utils.sh utilsSetup "/var/kiraglob"
+```
+
+### Remote Setup
+```
+cd /tmp && rm -fv ./bash-utils.sh && \
+ wget https://raw.githubusercontent.com/KiraCore/tools/latest/bash-utils/bash-utils.sh -O ./bash-utils.sh && \
+ chmod -v 555 ./bash-utils.sh && ./bash-utils.sh bashUtilsSetup "/var/kiraglob"
 ```