From 4f44b2f207efa93e5f783362d89fc4c4b4b265fc Mon Sep 17 00:00:00 2001
From: Maxime Dufour <maxime.dufour@outscale.com>
Date: Fri, 2 Dec 2022 10:31:45 +0000
Subject: [PATCH] Add github action

---
 .github/dependabot.yml                     |  9 ++++
 .github/scripts/check-creds-settings.sh    | 17 +++++++
 .github/scripts/osc-api-check.sh           | 28 ++++++++++
 .github/scripts/release-build.sh           | 40 +++++++++++++++
 .github/scripts/release-check-duplicate.sh | 29 +++++++++++
 .github/scripts/release-pr.sh              | 27 ++++++++++
 .github/scripts/release-push.sh            | 18 +++++++
 .github/workflows/build.yml                | 37 ++++++++++++++
 .github/workflows/cred-scan.yml            | 16 ++++++
 .github/workflows/pull-request.yml         | 59 ++++++++++++++++++++++
 10 files changed, 280 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100755 .github/scripts/check-creds-settings.sh
 create mode 100755 .github/scripts/osc-api-check.sh
 create mode 100755 .github/scripts/release-build.sh
 create mode 100755 .github/scripts/release-check-duplicate.sh
 create mode 100755 .github/scripts/release-pr.sh
 create mode 100755 .github/scripts/release-push.sh
 create mode 100644 .github/workflows/build.yml
 create mode 100644 .github/workflows/cred-scan.yml
 create mode 100644 .github/workflows/pull-request.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..3baad4ea
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,9 @@
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    target-branch: "main"
+    schedule:
+      interval: "daily"
\ No newline at end of file
diff --git a/.github/scripts/check-creds-settings.sh b/.github/scripts/check-creds-settings.sh
new file mode 100755
index 00000000..6523324a
--- /dev/null
+++ b/.github/scripts/check-creds-settings.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+exit_code=0
+if [ -z "$OSC_ACCESS_KEY" ]; then
+    echo "OSC_ACCESS_KEY var is not set, please fix"
+    exit_code=1
+fi
+if [ -z "$OSC_SECRET_KEY" ]; then
+    echo "OSC_SECRET_KEY var is not set, please fix"
+    exit_code=1
+fi
+if [ -z "$OSC_REGION" ]; then
+    echo "OSC_REGION var is not set, please fix"
+    exit_code=1
+fi
+exit $exit_code
\ No newline at end of file
diff --git a/.github/scripts/osc-api-check.sh b/.github/scripts/osc-api-check.sh
new file mode 100755
index 00000000..6c768a55
--- /dev/null
+++ b/.github/scripts/osc-api-check.sh
@@ -0,0 +1,28 @@
+#!/bin/env bash
+set -e
+
+root=$(cd "$(dirname $0)/../.." && pwd)
+if [ -e "$root/.auto-release-abort" ]; then
+    echo "previous step triggered stop, abort"
+    exit 0
+fi
+github_url="https://api.github.com/repos/outscale/osc-api/releases"
+
+if [ -z "$GH_TOKEN" ]; then
+    echo "GH_TOKEN is missing, abort."
+    exit 1
+fi
+
+osc_api_last_release=$(curl -s -H "Authorization: token $GH_TOKEN" $github_url | jq ".[] | select(.prerelease == false) | select(.draft == false) | .tag_name" | sort -r --version-sort | head -n 1 | cut -f 2 -d '"')
+local_api_version=$(cat $root/api_version)
+
+echo "last API version used: $local_api_version"
+echo "last available version: $osc_api_last_release"
+
+if [[ "$local_api_version" = "$osc_api_last_release" ]]; then
+    echo "no update needed, exiting"
+    touch "$root/.auto-release-abort"
+    exit 0
+fi
+
+echo "$osc_api_last_release" > $root/api_version
diff --git a/.github/scripts/release-build.sh b/.github/scripts/release-build.sh
new file mode 100755
index 00000000..13eb99ad
--- /dev/null
+++ b/.github/scripts/release-build.sh
@@ -0,0 +1,40 @@
+#!/bin/env bash
+set -e
+
+root=$(cd "$(dirname $0)/../.." && pwd)
+if [ -e "$root/.auto-release-abort" ]; then
+    echo "previous step triggered stop, abort"
+    exit 0
+fi
+# build new version number
+local_sdk_version=$(cat $root/sdk_version)
+local_sdk_version_major=$(echo $local_sdk_version | cut -d '.' -f 1)
+local_sdk_version_minor=$(echo $local_sdk_version | cut -d '.' -f 2)
+new_sdk_version_minor=$(( local_sdk_version_minor + 1 ))
+new_sdk_version="$local_sdk_version_major.$new_sdk_version_minor.0"
+
+branch_name="autobuild-$new_sdk_version"
+git branch -m $branch_name
+
+echo "$new_sdk_version" > $root/sdk_version
+
+# build release notes
+new_api_version=$(cat $root/api_version)
+release_notes="# $new_sdk_version
+
+ - SDK update for Outscale API v$new_api_version
+
+"
+echo "$release_notes$(cat $root/changelog.md)" > $root/changelog.md
+
+# generate SDK
+cd "$root"
+make gen
+
+# setup git && commit
+git config user.name "Outscale Bot"
+git config user.email "opensource+bot@outscale.com"
+for f in src dist; do
+    git add $f || true
+done
+git commit -asm "osc-sdk-java v$new_sdk_version"
diff --git a/.github/scripts/release-check-duplicate.sh b/.github/scripts/release-check-duplicate.sh
new file mode 100755
index 00000000..452270a0
--- /dev/null
+++ b/.github/scripts/release-check-duplicate.sh
@@ -0,0 +1,29 @@
+#!/bin/env bash
+set -e
+
+root=$(cd "$(dirname $0)/../.." && pwd)
+if [ -e "$root/.auto-release-abort" ]; then
+    echo "previous step triggered stop, abort"
+    exit 0
+fi
+# build new version number
+local_sdk_version=$(cat $root/sdk_version)
+local_sdk_version_major=$(echo $local_sdk_version | cut -d '.' -f 1)
+local_sdk_version_minor=$(echo $local_sdk_version | cut -d '.' -f 2)
+new_sdk_version_minor=$(( local_sdk_version_minor + 1 ))
+new_sdk_version="$local_sdk_version_major.$new_sdk_version_minor.0"
+
+branch_name="autobuild-$new_sdk_version"
+
+if [ -z "$GH_TOKEN" ]; then
+    echo "GH_TOKEN is missing, abort."
+    exit 1
+fi
+
+result=$(curl -s -H "Authorization: token $GH_TOKEN" "https://api.github.com/repos/outscale/osc-sdk-java/pulls" | jq ".[] | select(.title == \"SDK v$new_sdk_version\") | .title")
+
+if [ ! -z "$result" ]; then
+    echo "Pull request seems to alread exist, abort."
+    touch "$root/.auto-release-abort"
+    exit 0
+fi    
diff --git a/.github/scripts/release-pr.sh b/.github/scripts/release-pr.sh
new file mode 100755
index 00000000..96cf897d
--- /dev/null
+++ b/.github/scripts/release-pr.sh
@@ -0,0 +1,27 @@
+#!/bin/env bash
+set -e
+
+root=$(cd "$(dirname $0)/../.." && pwd)
+if [ -e "$root/.auto-release-abort" ]; then
+    echo "previous step triggered stop, abort"
+    exit 0
+fi
+new_sdk_version=$(cat $root/sdk_version)
+branch_name="autobuild-$new_sdk_version"
+osc_api_version="$(cat $root/api_version)"
+
+if [ -z "$GH_TOKEN" ]; then
+    echo "GH_TOKEN is missing, abort."
+    exit 1
+fi
+
+# https://docs.github.com/en/free-pro-team@latest/rest/reference/pulls#create-a-pull-request
+result=$(curl -s -X POST -H "Authorization: token $GH_TOKEN" -d "{\"head\":\"$branch_name\",\"base\":\"main\",\"title\":\"SDK v$new_sdk_version\",\"body\":\"Automatic build of SDK v$new_sdk_version version based on Outscale API v$osc_api_version\"}" "https://api.github.com/repos/outscale/osc-sdk-java/pulls")
+
+errors=$(echo $result | jq .errors)
+
+if [ "$errors" != "null" ]; then
+    echo $errors
+    echo "errors while creating pull request, abort."
+    exit 1
+fi
diff --git a/.github/scripts/release-push.sh b/.github/scripts/release-push.sh
new file mode 100755
index 00000000..57f71e20
--- /dev/null
+++ b/.github/scripts/release-push.sh
@@ -0,0 +1,18 @@
+#!/bin/env bash
+set -e
+
+root=$(cd "$(dirname $0)/../.." && pwd)
+if [ -e "$root/.auto-release-abort" ]; then
+    echo "previous step triggered stop, abort"
+    exit 0
+fi
+new_sdk_version=$(cat $root/sdk_version)
+branch_name="autobuild-$new_sdk_version"
+
+if [ -z "$SSH_PRIVATE_KEY" ]; then
+    echo "SSH_PRIVATE_KEY is missing, abort."
+    exit 1
+fi
+
+echo "$SSH_PRIVATE_KEY" > $root/bot.key
+GIT_SSH_COMMAND="ssh -i $root/bot.key" git push -f origin $branch_name
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 00000000..cb28b19e
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,37 @@
+name: osc-sdk-java release build
+on:
+  workflow_dispatch:
+    inputs:
+      api_version:
+        description: 'Outscale API version'
+        required: true
+
+jobs:
+  auto-build:
+    environment: auto-build
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: main
+      - uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin' 
+          java-version: '11'
+          cache: 'maven'
+      - name: Write Outscale API version to use
+        run: echo "${{ github.event.inputs.api_version }}" > api_version
+      - name: check for release duplicate
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+        run: make release-check-duplicate
+      - name: auto-generate release
+        run: make release-build
+      - name: push release branch
+        run: make release-push
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+      - name: create pull request
+        run: make release-pr
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/cred-scan.yml b/.github/workflows/cred-scan.yml
new file mode 100644
index 00000000..b82ff165
--- /dev/null
+++ b/.github/workflows/cred-scan.yml
@@ -0,0 +1,16 @@
+name: Credential Scanner
+
+on:
+  pull_request:
+    branches:
+    - main
+
+jobs:
+  cred-scan:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@v3
+    - name: Scan credentials
+      uses: outscale-dev/cred-scan@main
+      with:
+        scan_path: "./"
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
new file mode 100644
index 00000000..cc8e9b69
--- /dev/null
+++ b/.github/workflows/pull-request.yml
@@ -0,0 +1,59 @@
+name: pull-request
+
+on:
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  pull-requests: write
+  contents: write
+    
+jobs:
+  reuse-test:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+      - name: Reuse specification test
+        run: make reuse-test
+  examples-test:
+    environment: eu-west-2
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin' 
+          java-version: '11'
+          cache: 'maven'
+      - name: Example tests
+        env:
+          OSC_ACCESS_KEY: ${{ secrets.OSC_ACCESS_KEY }}
+          OSC_SECRET_KEY: ${{ secrets.OSC_SECRET_KEY }}
+          OSC_REGION: ${{ secrets.OSC_REGION }}
+        run: make examples-test
+  regeneration-test:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin' 
+          java-version: '11'
+          cache: 'maven'
+      - name: SDK re-generation test
+        run: make regen-test
+  dependabot-auto-merge:
+    needs: [reuse-test, examples-test, regeneration-test]
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1.1.1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Auto-merge
+        run: gh pr merge --auto --rebase "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}