search

cncf / tag-app-delivery

📨🚚CNCF App Delivery TAG
https://tag-app-delivery.cncf.io
Apache License 2.0
788 stars 206 forks source link

[Community] GitHub workflows guidelines #543

Open joebowbeer opened 10 months ago

joebowbeer commented 10 months ago

Contribution Description

I'm hoping that TAG App Delivery will take in interest in recommending best practices, patterns, and tools for use in the GitHub workflows employed by CNCF projects.

Looking at the GitHub Actions (and supporting tools) that virtually all the CNCF projects are using to implement their process for releasing their images, manifests and charts, I observe that most of these projects are doing similar things, and every project ends up with a collection of scripts that is fairly similar to all the other projects. I suspect there are some shared principles at work, but documentation is spotty. If there is a best practice guide, I haven't located it.

Is this something tag-app-delivery can assist with?

Related Working Group (WG)

None, this is TAG level (Default)

Contribution type

Other

Why TAG App Delivery?

The release process implemented by CNCF projects, including the set of GitHub workflows and actions, appears to be within the scope of TAG App Delivery, based on its charter.

Related projects/technologies

No response

Affiliation disclosure

No response

Additional collaborators

No response

Additional information

From Slack discussion: https://cloud-native.slack.com/archives/CL3SL0CP5/p1706423269767739

@abangser wrote:

I think that some sort of a targeted investigation and report back about how CNCF projects use GHA and how the patterns emerge would be an interesting research and publication project. But not a small one 😅 We could of course identify smaller milestones like starting with projects within our TAG etc so maybe we can make some headway more quickly.

Michael Lieberman wrote:

I would love to be involved here, at least coming from a security perspective, because we could push more consistency in the space. As mentioned, I’ve been working on a tool (https://github.com/kusaridev/skootrs) to try and set up a suite of things like Github actions for when someone starts a new project so they don’t have to go reinvent the wheel every time.

abangser commented 9 months ago

Hey @joebowbeer I know you have had some chats in Slack, but I also wanted to let you know I have added this issue to the TAG meeting notes for Wednesday Feb 7 at 4pm UTC. Would be great if you are able to attend and discuss further with people and the schedule looks great with a Crossplane presentation as well!

Full details: image