refactor(make)[NO-TICKET]: replace make with task (#43)

* refactor(make)[NO-TICKET]: replace make with task

Signed-off-by: Georgy Khromov <[email protected]>

* refactor(make)[NO-TICKET]: replace make with task

Signed-off-by: Georgy Khromov <[email protected]>

* refactor(make)[NO-TICKET]: replace make with task

Signed-off-by: Georgy Khromov <[email protected]>

* refactor(make)[NO-TICKET]: replace make with task

Signed-off-by: Georgy Khromov <[email protected]>

* refactor(make)[NO-TICKET]: replace make with task

Signed-off-by: Georgy Khromov <[email protected]>

* refactor(make)[NO-TICKET]: replace make with task

Signed-off-by: Georgy Khromov <[email protected]>

* refactor(make)[NO-TICKET]: replace make with task

Signed-off-by: Georgy Khromov <[email protected]>

* refactor(make)[NO-TICKET]: replace make with task

Signed-off-by: Georgy Khromov <[email protected]>

* refactor(githubActions)[NO-TICKET]: add workflows for tag and backport

Signed-off-by: Georgy Khromov <[email protected]>

* refactor(make)[NO-TICKET]: update README.md

Signed-off-by: Georgy Khromov <[email protected]>

---------

Signed-off-by: Georgy Khromov <[email protected]>

Author: ggkhrmv

.github/workflows/backport.yaml

@@ -0,0 +1,33 @@
+name: Backport
+
+on:
+  # NOTE(negz): This is a risky target, but we run this action only when and if
+  # a PR is closed, then filter down to specifically merged PRs. We also don't
+  # invoke any scripts, etc from within the repo. I believe the fact that we'll
+  # be able to review PRs before this runs makes this fairly safe.
+  # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+  pull_request_target:
+    types: [closed]
+
+jobs:
+  # NOTE(negz): I tested many backport GitHub actions before landing on this
+  # one. Many do not support merge commits, or do not support pull requests with
+  # more than one commit. This one does. It also handily links backport PRs with
+  # new PRs, and provides commentary and instructions when it can't backport.
+  # The main gotchas with this action are that it _only_ supports merge commits,
+  # and that PRs _must_ be labelled before they're merged to trigger a backport.
+  open-pr:
+    runs-on: ubuntu-22.04
+    if: github.event.pull_request.merged
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Open Backport PR
+        uses: zeebe-io/[email protected]
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_workspace: ${{ github.workspace }}
+          version: v0.0.4

.github/workflows/ci.yaml

@@ -6,28 +6,43 @@ on:
       - "release-*"
   pull_request:
     branches: [ main ]
+  workflow_dispatch: {}
+
+env:
+  GO_VERSION: '1.24'
+
 jobs:
   compile:
     name: Compile
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
       - name: Set up Go 1.x
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
-          go-version: '1.24'
+          go-version: ${{ env.GO_VERSION }}
         id: go
+
+      - name: Set up Task
+        uses: arduino/setup-task@v1
+        with:
+          version: 3.x
+
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
       - name: Restore Go build cache
-        uses: actions/cache@v3
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
+
       - name: Get dependencies
         run: go mod download
+
       - name: build
-        run: make
+        run: task
+
   test:
     name: Unit Test
     runs-on: ubuntu-latest
@@ -36,13 +51,21 @@ jobs:
       GOPATH: /home/runner/go
     steps:
       - uses: actions/checkout@v3
+
       - name: Setup Golang
         uses: actions/setup-go@v4
         with:
-          go-version: '1.24'
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Install Task
+        uses: arduino/setup-task@v1
+        with:
+          version: 3.x
+
       - name: Restore Go build cache
         uses: actions/cache@v3
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
-      - run: make test
+
+      - run: task test

.github/workflows/golangci-lint.yaml

@@ -5,7 +5,11 @@ on:
       - master
       - main
   pull_request:
+  workflow_dispatch:
 
+env:
+  GO_VERSION: '1.24'
+  GOLANGCI_LINT_VERSION: 'v2.1.6'
 
 permissions:
   contents: read
@@ -18,12 +22,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
+
       - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # pin@v4
         with:
-          go-version: '1.24'
+          go-version: ${{ env.GO_VERSION }}
           cache: false
+
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v8
         with:
-          version: v2.1.6
+          version: ${{ env.GOLANGCI_LINT_VERSION }}
 

.github/workflows/release.yaml

@@ -15,8 +15,6 @@ jobs:
     if: github.repository == 'argoproj-labs/argocd-rbac-operator'
     env:
       REGISTRY_URL: quay.io
-      ORG: argoprojlabs
-      REPO: argocd-rbac-operator
     name: Release
     steps:
       - name: Checkout
@@ -29,37 +27,23 @@ jobs:
         with:
           go-version: '1.24'
 
-      - name: Set env
-        run: echo "VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+      - name: Set up task
+        uses: arduino/setup-task@v1
+        with:
+          version: 3.x
 
       - name: Restore go build cache
         uses: actions/cache@v4
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
 
-      - name: Build operator and Tag Latest
-        run: make docker-build
-        env:
-          IMG: ${{ env.REGISTRY_URL }}/${{ env.ORG }}/${{ env.REPO }}:latest
-      
-      - name: Build operator and Tag Version
-        run: make docker-build
-        env:
-          IMG: ${{ env.REGISTRY_URL }}/${{ env.ORG }}/${{ env.REPO }}:${{ env.VERSION }}
-
       - name: Login to Registry
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY_URL }}
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_TOKEN }}
 
-      - name: Push latest operator
-        run: make docker-push
-        env:
-          IMG: ${{ env.REGISTRY_URL }}/${{ env.ORG }}/${{ env.REPO }}:latest
-      - name: Push latest operator
-        run: make docker-push
-        env:
-          IMG: ${{ env.REGISTRY_URL }}/${{ env.ORG }}/${{ env.REPO }}:${{ env.VERSION }}
+      - name: Buildand push operator to registry
+        run: task docker-buildx

.github/workflows/tag.yaml

@@ -0,0 +1,26 @@
+name: Tag
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Release version (e.g. v0.1.0)'
+        required: true
+      message:
+        description: 'Tag message'
+        required: true
+
+jobs:
+  create-tag:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Create Tag
+        uses: negz/create-tag@v1
+        with:
+          version: ${{ github.event.inputs.version }}
+          message: ${{ github.event.inputs.message }}
+          token: ${{ secrets.GITHUB_TOKEN }}

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.24 AS builder
+FROM --platform=${BUILDPLATFORM} golang:1.24 AS builder
 ARG TARGETOS
 ARG TARGETARCH