diff --git a/.github/workflows/sync-to-gitlab.yml b/.github/workflows/sync-to-gitlab.yml new file mode 100644 index 0000000..4f65f16 --- /dev/null +++ b/.github/workflows/sync-to-gitlab.yml @@ -0,0 +1,38 @@ +name: Sync to GitLab + +# Mirror github.com/beengud/cli to the NHL GitLab repo immediately after every +# merge to main, so the mop projects consume the new CLI from GitLab. +# +# Required GitHub secret (Settings → Secrets and variables → Actions): +# GITLAB_SYNC_TOKEN — GitLab project access token with write_repository scope +# on the mirror repo below. +# +# Required GitHub Actions variable (Settings → Secrets and variables → Actions → Variables): +# GITLAB_MIRROR_URL — host/path of the mirror repo WITHOUT scheme or .git, e.g. +# gitlab.com/nhl/mop/cli +# (confirm the exact path when you create the GitLab repo). + +on: + push: + branches: [main] + workflow_dispatch: {} + +jobs: + sync: + name: Mirror → GitLab + runs-on: ubuntu-latest + steps: + - name: Mirror clone and push to GitLab + env: + GITLAB_SYNC_TOKEN: ${{ secrets.GITLAB_SYNC_TOKEN }} + GITLAB_MIRROR_URL: ${{ vars.GITLAB_MIRROR_URL }} + run: | + if [ -z "$GITLAB_SYNC_TOKEN" ] || [ -z "$GITLAB_MIRROR_URL" ]; then + echo "::error::Set the GITLAB_SYNC_TOKEN secret and GITLAB_MIRROR_URL variable before enabling this workflow." + exit 1 + fi + # A bare mirror clone contains only real refs (no remote-tracking refs), + # so GitLab won't reject the push with "deny updating a hidden ref". + git clone --mirror https://github.com/beengud/cli.git repo + cd repo + git push --mirror "https://oauth2:${GITLAB_SYNC_TOKEN}@${GITLAB_MIRROR_URL}.git" diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..9191358 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,90 @@ +# .gitlab-ci.yml — Observe CLI (GitLab mirror of github.com/beengud/cli) +# +# This repo is the GitLab mirror of github.com/beengud/cli — the TypeScript CLI +# that replaces the deprecated Go observe CLI. On every push to main it: +# 1. Runs the test suite +# 2. Builds the linux/amd64 binary (dist-bin/observe-linux-x64) +# 3. Uploads it to the mop-config project's generic package registry +# 4. Opens an MR in mop-config bumping OBSERVE_CLI_VERSION to the new build +# +# Required CI/CD variables (Settings → CI/CD → Variables): +# MOP_CONFIG_PAT — GitLab token (api scope) on nhl/mop — package upload + MR +# OBSERVE_OPENAPI_SPEC — https://.observeinc.com/v1/openapi +# OBSERVE_GQL_SPEC — https://.observeinc.com/v1/meta +# OBSERVE_GQL_TOKEN — " " +# +# ⚠️ GATE: `bun run codegen` (run by both `test` and `build`) fetches the GraphQL +# schema via introspection, which is DISABLED on standard customer tenants. +# These stages will fail until OBSERVE_GQL_SPEC points at a tenant/endpoint +# with introspection enabled (or codegen is repointed at a committed SDL). +# Tracking: github.com/observeinc/cli/issues/10. + +stages: + - test + - publish + +variables: + MOP_CONFIG_PROJECT_ID: "82631227" # nhl/mop/mop-config — confirm for the new CLI + +default: + image: oven/bun:1 + +test: + stage: test + script: + - bun install --frozen-lockfile + - bun run test + +publish: + stage: publish + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + before_script: + - apt-get update && apt-get install -y --no-install-recommends git curl ca-certificates + script: + - | + VERSION="${CI_COMMIT_TAG:-main-${CI_COMMIT_SHORT_SHA}}" + echo "Building observe CLI ${VERSION} (linux/x64)" + + bun install --frozen-lockfile + bun run build --target linux-x64 + BIN="dist-bin/observe-linux-x64" + test -f "$BIN" || { echo "build did not produce $BIN"; exit 1; } + echo "Binary size: $(du -sh "$BIN" | cut -f1)" + + echo "Uploading to mop-config package registry..." + curl --fail --silent --show-error \ + --header "PRIVATE-TOKEN: ${MOP_CONFIG_PAT}" \ + --upload-file "$BIN" \ + "${CI_API_V4_URL}/projects/${MOP_CONFIG_PROJECT_ID}/packages/generic/observe-cli/${VERSION}/observe-linux-x64" + echo "Uploaded observe-cli ${VERSION}" + + git clone \ + "https://oauth2:${MOP_CONFIG_PAT}@${CI_SERVER_HOST}/nhl/mop/mop-config.git" \ + mop-config-repo + cd mop-config-repo + git config user.email "observe-ci@nhl.com" + git config user.name "observe-ci" + + BRANCH="auto/observe-cli-${VERSION}" + git checkout -b "${BRANCH}" + sed -i "s/OBSERVE_CLI_VERSION:.*/OBSERVE_CLI_VERSION: \"${VERSION}\"/" .gitlab-ci.yml + git add .gitlab-ci.yml + git commit -m "chore: bump observe CLI to ${VERSION}" + git push \ + "https://oauth2:${MOP_CONFIG_PAT}@${CI_SERVER_HOST}/nhl/mop/mop-config.git" \ + "${BRANCH}" + + curl --fail --silent --show-error \ + --request POST \ + --header "PRIVATE-TOKEN: ${MOP_CONFIG_PAT}" \ + --header "Content-Type: application/json" \ + --data "{ + \"source_branch\": \"${BRANCH}\", + \"target_branch\": \"main\", + \"title\": \"chore: bump observe CLI to ${VERSION}\", + \"description\": \"Auto-generated by [observe CI pipeline](${CI_PIPELINE_URL}).\", + \"remove_source_branch\": true + }" \ + "${CI_API_V4_URL}/projects/${MOP_CONFIG_PROJECT_ID}/merge_requests" + echo "MR created in mop-config — review and merge to deploy ${VERSION}"