Merge pull request #1 from suzuki-shunsuke/feat/first-pr

feat: implement basic function

Author: suzuki-shunsuke

.github/workflows/deploy.yaml

@@ -0,0 +1,35 @@
+name: Deploy
+on:
+  push:
+    branches:
+    - main
+  pull_request:
+    branches:
+    - main
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v3
+      with:
+        node-version: '17'
+        cache: 'npm'
+    - run: npm install
+    - run: npm run build
+
+    - name: Generate token
+      id: generate_token
+      uses: tibdex/github-app-token@v1
+      if: github.event_name != 'pull_request'
+      with:
+        app_id: ${{ secrets.APP_ID }}
+        private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
+    - uses: peaceiris/actions-gh-pages@v3
+      if: github.event_name != 'pull_request'
+      with:
+        personal_token: ${{ steps.generate_token.outputs.token }}
+        external_repository: suzuki-shunsuke/gha-trigger
+        publish_dir: ./build
+        destination_dir: ./docs

.github/workflows/renovate-config-validator.yaml

@@ -0,0 +1,22 @@
+name: renovate-config-validator
+
+on:
+  pull_request:
+    branches:
+    - main
+    paths:
+    - .github/workflows/renovate-config-validator.yaml
+    - renovate.json
+  push:
+    branches:
+    - main
+    paths:
+    - .github/workflows/renovate-config-validator.yaml
+    - renovate.json
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: suzuki-shunsuke/[email protected]

.gitignore

@@ -0,0 +1,20 @@
+# Dependencies
+/node_modules
+
+# Production
+/build
+
+# Generated files
+.docusaurus
+.cache-loader
+
+# Misc
+.DS_Store
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*

.nvmrc

@@ -0,0 +1 @@
+16.17.0

README.md

@@ -1,2 +1,16 @@
 # gha-trigger-docs
-Document of gha-trigger
+
+Document of [gha-trigger](https://github.com/suzuki-shunsuke/gha-trigger)
+
+https://suzuki-shunsuke.github.io/gha-trigger/
+
+## Launch at localhost
+
+```console
+$ npm i
+$ npm start
+```
+
+## LICENSE
+
+[MIT](LICENSE)

babel.config.js

@@ -0,0 +1,3 @@
+module.exports = {
+  presets: [require.resolve('@docusaurus/core/lib/babel/preset')],
+};

docs/config/_category_.json

@@ -0,0 +1,4 @@
+{
+  "label": "Configuration",
+  "position": 200
+}

docs/config/ci-repository.md

@@ -0,0 +1,101 @@
+---
+sidebar_position: 200
+---
+
+# CI Repository
+
+## CI Repository's GitHub Actions Workflow
+
+- Workflow Dispatch's inputs
+- Checkout `CI Repository` and `Main Repository`
+- Use GitHub App instead of `${{ github.token }}`
+- Update commit statuses
+
+```yaml
+---
+name: Format Rego files
+on:
+  workflow_dispatch:
+    inputs:
+      # payload:
+      #   required: true
+      repo:
+        required: true
+      ref:
+        required: true
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@v1
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+      - uses: actions/checkout@v3
+        with:
+          repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.ref }}
+          token: ${{ steps.generate_token.outputs.token }}
+      - uses: actions/checkout@v2
+        with:
+          path: .test-isolation
+
+      - uses: ./.test-isolation/.github/actions/aqua
+      - uses: suzuki-shunsuke/[email protected]
+        with:
+          github_token: ${{ steps.generate_token.outputs.token }}
+```
+
+## Workflow Dispatch's inputs
+
+```yaml
+on:
+  workflow_dispatch:
+    inputs:
+      # payload:
+      #   required: true
+      repo:
+        required: true
+      ref:
+        required: true
+```
+
+- repo:
+- payload:
+
+## Checkout `CI Repository` and `Main Repository`
+
+```yaml
+- uses: actions/checkout@v3
+  with:
+    repository: ${{ github.event.inputs.repo }}
+    ref: ${{ github.event.inputs.ref }}
+    token: ${{ steps.generate_token.outputs.token }}
+- uses: actions/checkout@v2
+  with:
+    path: .test-isolation
+```
+
+## Use GitHub App instead of `${{ github.token }}`
+
+https://github.com/tibdex/github-app-token
+
+```yaml
+- name: Generate token
+  id: generate_token
+  uses: tibdex/github-app-token@v1
+  with:
+    app_id: ${{ secrets.APP_ID }}
+    private_key: ${{ secrets.APP_PRIVATE_KEY }}
+- uses: actions/checkout@v3
+  with:
+    repository: ${{ github.event.inputs.repo }}
+    ref: ${{ github.event.inputs.ref }}
+    token: ${{ steps.generate_token.outputs.token }}
+```
+
+## Update commit statuses
+
+https://github.com/suzuki-shunsuke/update-commit-status-action

docs/config/index.md

@@ -0,0 +1,55 @@
+---
+sidebar_position: 100
+---
+
+# Configuration
+
+`gha-trigger` supports only environment variables as source of configuration,
+but we are considering other sources such as S3, DynamoDB, AWS AppConfig, and so on.
+
+e.g.
+
+```yaml
+---
+aws:
+  region: us-east-1
+  secretsmanager:
+    region: us-east-1
+    secret_id: test-gha-trigger
+github_app:
+  app_id: 123456789
+events:
+  - matches:
+      - repo_owner: suzuki-shunsuke
+        repo_name: example-terraform-monorepo-2
+        events:
+          - pull_request
+        branches:
+          - main
+    workflows:
+      - repo_owner: suzuki-shunsuke
+        repo_name: example-terraform-monorepo-2-ci
+        workflow_file_name: test_pull_request.yaml
+        ref: pull_request
+  - matches:
+      - repo_owner: suzuki-shunsuke
+        repo_name: example-terraform-monorepo-2
+        events:
+          - push
+        branches:
+          - main
+    workflows:
+      - repo_owner: suzuki-shunsuke
+        repo_name: example-terraform-monorepo-2-ci
+        workflow_file_name: test.yaml
+        ref: main
+```
+
+## Secrets
+
+`gha-trigger` requires the following secrets.
+
+- webhook_secret: GitHub App's Webhook Secret
+- github_app_private_key: GitHub App's private key
+
+`gha-trigger` supports only AWS SecretsManager at the moment.

docs/getting-started.md

@@ -0,0 +1,113 @@
+---
+sidebar_position: 100
+---
+
+# Getting Started
+
+In the Getting Started, you can set up gha-trigger and experience CI with gha-trigger.
+
+## Requirement
+
+- Git
+- Terraform
+- GitHub Account
+- AWS Account
+
+## Steps
+
+1. Create GitHub Repositories from template repositories
+1. Create Webhook Secret
+1. Create GitHub App(s)
+1. Set up Terraform Configuration
+1. Apply Terraform
+1. Try to run CI
+1. Clean up
+
+### Create GitHub Repositories from template repositories
+
+- Main Repository:
+- CI Repository:
+
+### Create Webhook Secret
+
+- https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks
+
+### Create GitHub App(s)
+
+- https://docs.github.com/en/developers/apps/building-github-apps/creating-a-github-app
+
+You have to create GitHub App for two purposes.
+
+1. Receive webhook and trigger GitHub Actions Workflow
+2. Access Main Repository in CI of CI Repository
+
+You can use one GitHub App for the above purposes or can create two GitHub Apps for each purpose.
+
+You have to install GitHub App in Main Repository and CI Repository.
+You can either use the same GitHub App or create GitHub Apps per repository.
+
+In this Getting Started, let's use the same GitHub App for simplicity.
+
+#### 1. Receive webhook and trigger GitHub Actions Workflow
+
+The minimum setting of GitHub App (1).
+
+- Webhook: Active
+- Permissions
+  - Actions: Read and write
+  - Issues: Read-only
+  - Pull requests: Read and write
+- Install this App in both Main Repository and CI Repository
+
+#### 2. Receive webhook and trigger GitHub Actions Workflow
+
+The minimum setting of GitHub App (2).
+
+- Webhook: Inactive
+- Permissions
+  - Commit statuses: Read and write
+  - Contents: Read
+- Install this App in both Main Repository and CI Repository
+- Register GitHub App ID and Private Key as CI Repository's GitHub Secrets
+
+### Set up Terraform Configuration
+
+```console
+$ git clone https://github.com/suzuki-shunsuke/gha-trigger
+$ cd gha-trigger/terraform
+```
+
+[Download a zip file from Release page](https://github.com/suzuki-shunsuke/gha-trigger/releases) on this directory.
+
+Create `config.yaml`, `secret.yaml`, and `terraform.tfvars` from templates.
+
+```console
+$ cp config.yaml.tmpl config.yaml
+$ vi config.yaml
+
+$ cp secret.yaml.tmpl secret.yaml
+$ vi secret.yaml
+
+$ cp terraform.tfvars.tmpl terraform.tfvars
+$ vi terraform.tfvars
+```
+
+### Apply Terraform
+
+Create resources.
+
+```console
+$ terraform apply [-refresh=false]
+```
+
+`-refresh=false` is useful to make terraform commands fast.
+
+### Try
+
+Create a pull request to source repository to test CI.
+
+## Clean up
+
+```
+$ terraform destroy
+```