Add GH Actions

Author: DarthSim

.github/workflows/build-templates.yml

@@ -0,0 +1,59 @@
+name: Build templates
+
+on:
+  workflow_call:
+    outputs:
+      artifact-key:
+        description: "The key of the uploaded artifact"
+        value: "dist-${{ github.run_id }}-${{ github.run_attempt }}"
+      templates:
+        description: "Template filenames and descriptions"
+        value: ${{ jobs.build.outputs.templates }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      templates: ${{ steps.build.outputs.templates }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.9
+          cache: pip
+      - name: Install dependencies
+        run: pip install -r requirements.txt
+      - name: Build templates
+        id: build
+        run: |
+          mkdir dist
+
+          python template.py -o dist/ecs-fargate-full.yml --launch-type=fargate
+          echo "ecs-fargate-full.yml => Fargate" >> templates.txt
+
+          python template.py -o dist/ecs-fargate-no-network.yml --launch-type=fargate -N
+          echo "ecs-fargate-no-network.yml => Fargate (no network)" >> templates.txt
+
+          python template.py -o dist/ecs-fargate-no-cluster.yml --launch-type=fargate -C -N
+          echo "ecs-fargate-no-cluster.yml => Fargate (no cluster, no network)" >> templates.txt
+
+          python template.py -o dist/ecs-ec2-full.yml --launch-type=ec2
+          echo "ecs-ec2-full.yml => EC2" >> templates.txt
+
+          python template.py -o dist/ecs-ec2-no-network.yml --launch-type=ec2 -N
+          echo "ecs-ec2-no-network.yml => EC2 (no network)" >> templates.txt
+
+          python template.py -o dist/ecs-ec2-no-cluster.yml --launch-type=ec2 -C -N
+          echo "ecs-ec2-no-cluster.yml => EC2 (no cluster, no network)" >> templates.txt
+
+          echo 'templates<<EOF' >> $GITHUB_OUTPUT
+          cat templates.txt >> $GITHUB_OUTPUT
+          echo 'EOF' >> $GITHUB_OUTPUT
+      - name: Upload templates
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-${{ github.run_id }}-${{ github.run_attempt }}
+          path: dist
+          retention-days: 1

.github/workflows/build.yml

@@ -0,0 +1,26 @@
+name: Build
+
+on:
+  push:
+    branches: ["**"]
+  pull_request:
+
+jobs:
+  build:
+    uses: ./.github/workflows/build-templates.yml
+  lint-templates:
+    needs: build
+    uses: ./.github/workflows/lint-templates.yml
+    with:
+      artifact-key: ${{ needs.build.outputs.artifact-key }}
+  upload-templates:
+    if: github.ref == 'refs/heads/master'
+    permissions:
+      contents: read
+      id-token: write
+    needs: [build, lint-templates]
+    uses: ./.github/workflows/upload-templates.yml
+    with:
+      artifact-key: ${{ needs.build.outputs.artifact-key }}
+      tag: latest
+    secrets: inherit

.github/workflows/lint-templates.yml

@@ -0,0 +1,30 @@
+name: Lint templates
+
+on:
+  workflow_call:
+    inputs:
+      artifact-key:
+        required: true
+        type: string
+
+jobs:
+  build-and-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Download templates
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.artifact-key }}
+          path: dist
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.9
+          cache: pip
+          cache-dependency-path: requirements-dev.txt
+      - name: Install dev dependencies
+        run: pip install -r requirements-dev.txt
+      - name: Lint templates
+        run: cfn-lint dist/*.yml

.github/workflows/lint.yml

@@ -0,0 +1,23 @@
+name: Lint
+
+on:
+  push:
+    branches: ["**"]
+  pull_request:
+
+jobs:
+  build-and-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.9
+          cache: pip
+          cache-dependency-path: requirements-dev.txt
+      - name: Install dev dependencies
+        run: pip install -r requirements-dev.txt
+      - name: Lint with flake8
+        run: flake8 ./template.py

.github/workflows/release.yml

@@ -0,0 +1,59 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+*'
+
+jobs:
+  build:
+    uses: ./.github/workflows/build-templates.yml
+  lint-templates:
+    needs: build
+    uses: ./.github/workflows/lint-templates.yml
+    with:
+      artifact-key: ${{ needs.build.outputs.artifact-key }}
+  upload-templates:
+    permissions:
+      contents: read
+      id-token: write
+    needs: [build, lint-templates]
+    uses: ./.github/workflows/upload-templates.yml
+    with:
+      artifact-key: ${{ needs.build.outputs.artifact-key }}
+      tag: ${{ github.ref_name }}
+    secrets: inherit
+  release:
+    needs: [build, lint-templates, upload-templates]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Prepare notes
+        id: prepare-notes
+        env:
+          TEMPLATES: ${{ needs.build.outputs.templates }}
+        run: |
+          # Extract changelog entries between this and previous version headers
+          escaped_version=$(echo ${GITHUB_REF_NAME#v} | sed -e 's/[]\/$*.^[]/\\&/g')
+          awk "BEGIN{inrelease=0} /## \[${escaped_version}\]/{inrelease=1;next} /## \[[0-9]+\.[0-9]+\.[0-9]+.*\]/{inrelease=0;exit} {if (inrelease) print}" CHANGELOG.md \
+            > RELEASE_NOTES.txt
+
+          echo "" >> RELEASE_NOTES.txt
+          echo "| Template | |" >> RELEASE_NOTES.txt
+          echo "| --- | --- |" >> RELEASE_NOTES.txt
+          echo "$TEMPLATES" | awk 'BEGIN{FS=" => "}{print "| " $2 " | [![](assets/launch-stack.svg)](https://console.aws.amazon.com/cloudformation/home#/stacks/new?stackName=imgproxy&templateURL=https://imgproxy-cf.s3.amazonaws.com/${{ github.ref_name }}/" $1 ") |"}' >> RELEASE_NOTES.txt
+
+          # Write prerelease="true" env if tag name has any suffix after vMAJOR.MINOR.PATCH
+          if [[ ${GITHUB_REF_NAME} =~ ^v[0-9]+\.[0-9]+\.[0-9]+.+ ]]; then
+            echo 'prerelease="true"' >> $GITHUB_OUTPUT
+          else
+            echo 'prerelease="false"' >> $GITHUB_OUTPUT
+          fi
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          body_path: RELEASE_NOTES.txt
+          prerelease: ${{ fromJSON(steps.prepare-notes.outputs.prerelease) }}

.github/workflows/upload-templates.yml

@@ -0,0 +1,32 @@
+name: Upload Templates to S3
+
+on:
+  workflow_call:
+    inputs:
+      artifact-key:
+        required: true
+        type: string
+      tag:
+        required: true
+        type: string
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          audience: sts.amazonaws.com
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+      - name: Download templates
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.artifact-key }}
+          path: dist
+      - name: Upload templates
+        run: aws s3 cp dist s3://imgproxy-cf/${{ inputs.tag }} --recursive

README.md

@@ -18,6 +18,11 @@
   <a href="https://discord.gg/5GgpXgtC9u">Discord</a>
 </h4>
 
+<p align="center">
+<a href="https://github.com/imgproxy/imgproxy-cloudformation/actions"><img alt="GH Build" src="https://img.shields.io/github/actions/workflow/status/imgproxy/imgproxy-cloudformation/build.yml?branch=master&label=Build&style=for-the-badge" /></a>
+<a href="https://github.com/imgproxy/imgproxy-cloudformation/actions"><img alt="GH Lint" src="https://img.shields.io/github/actions/workflow/status/imgproxy/imgproxy-cloudformation/lint.yml?branch=master&label=Lint&style=for-the-badge" /></a>
+</p>
+
 ---
 
 [imgproxy](https://imgproxy.net) is a fast and secure standalone server for resizing and converting remote images. The main principles of imgproxy are simplicity, speed, and security.
@@ -28,6 +33,9 @@ This repository contains a [troposphere](https://github.com/cloudtools/troposphe
 
 We prepared a few pre-built templates that you can use right away. Just click on a link, set the required options, and you're ready to process your images.
 
+> [!NOTE]
+> The links in the README point to the templates built from the `master` branch. If you want to use a specific version, you can find the links in the [releases](https://github.com/imgproxy/imgproxy-cloudformation/releases) section.
+
 ### Full intallation
 
 These templates create all the required resources, plug-n-play:

requirements-dev.txt

@@ -0,0 +1,2 @@
+flake8>=6.1.0
+cfn-lint>=0.83.6