Rewrite agones-bot, commit to Agones repo (#3923)

* Rewrite agones-bot, commit to Agones repo

This is a direct rip-off of the Quilkin
https://github.com/googleforgames/quilkin/tree/main/build/ci/github-bot
with some name changes. I also re-adapted the template to match our
existing format.

To see it in action:
* success: #3917 (comment)
* failure: #3917 (comment)

It is already deployed, so this is a commit-after-the-fact.

* Fix lint; fix dry run bug

* Skip on cancel as well

* Address review comments

* Add link to agones-bot in CONTRIBUTING

CONTRIBUTING.md

@@ -80,8 +80,7 @@ If you are working on a new feature, you may need to take feature stages into ac
 Continuous integration is provided by [Google Cloud Container Builder](https://cloud.google.com/container-builder/),
 through the [cloudbuilder.yaml](./cloudbuild.yaml) file found at the root of the directory.
 
-Build success/failure with relevant details are pushed automatically to pull requests via the not (yet 😉) opensourced
-build system.
+Build success/failure with relevant details are pushed automatically to pull requests via [agones-bot](./build/agones-bot/README.md).
 
 See the [Container Builder documentation](https://cloud.google.com/container-builder/docs/) for more details on
 how to edit and expand the build process.

build/agones-bot/Dockerfile

@@ -0,0 +1,22 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM golang:1.21 AS build-env
+COPY . /go-src
+WORKDIR /go-src
+RUN CGO_ENABLED=0 go build -o /go-app .
+
+FROM gcr.io/distroless/static-debian12
+COPY --from=build-env /go-app /
+ENTRYPOINT ["/go-app", "--alsologtostderr", "--v=0"]

build/agones-bot/Makefile

@@ -0,0 +1,38 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# To redeploy agones-bot:
+#   make
+
+STORAGE ?= gs://agones-bot-pr-commenter-config
+
+current_dir := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+
+all: build deploy
+
+# build: creates the project Cloud Build custom build step and hosts it on gcr.io
+build:
+	gcloud builds submit . --project=agones-images --config=cloudbuild.yaml $(ARGS)
+
+# deploy pushes a new version to Cloud Run
+deploy:
+	gsutil cp $(current_dir)/agones-bot-pr-commenter.yaml $(STORAGE)
+	gcloud run deploy agones-bot-pr-commenter \
+		--project=agones-images \
+		--image="us-docker.pkg.dev/agones-images/build/agones-bot" \
+		--service-account=agones-bot-pr-commenter@agones-images.iam.gserviceaccount.com \
+		--platform managed \
+		--no-allow-unauthenticated \
+		--region=us-west3 \
+		--update-env-vars="CONFIG_PATH=$(STORAGE)/github.yaml"

build/agones-bot/README.md

@@ -0,0 +1,30 @@
+# agones-bot Github Notification Bot
+
+This is the bot that created comments on GitHub pull requests whenever a
+[Google Cloud Build](https://cloud.google.com/build) build passes or fails.
+
+## Setup
+
+### Image
+
+Run `make build` to submit the cloud build to create the image that will be hosted on
+[Cloud Run](https://cloud.google.com/run).
+
+### Secrets
+
+It is expected that there will be a secret named `agones-bot-pr-commenter` with a 
+[Github auth token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) stored
+in it, and `agones-bot-pr-commenter@agones-images.iam.gserviceaccount.com` has the
+role `roles/secretmanager.secretAccessor` for the `gh-token` secret.
+
+### Deployment
+
+Run `make deploy` to copy the config to the appropriate bucket, and deploy the notifier image to Cloud Run.
+
+### Connect to Cloud Build
+
+Follow https://cloud.google.com/build/docs/subscribe-build-notifications to create the
+[Google Cloud PubSub topics](https://cloud.google.com/pubsub) for Google Cloud Build. 
+
+Follow https://cloud.google.com/run/docs/triggering/pubsub-push to setup the Notifier service to be triggered from
+PubSub with the `cloud-builds` pubsub topic.

build/agones-bot/agones-bot-pr-commenter.yaml

@@ -0,0 +1,25 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: cloud-build-notifiers/v1
+kind: GithubNotifier
+metadata:
+  name: github-notifier
+spec:
+  notification:
+    filter: build.status == Build.Status.SUCCESS
+    delivery:
+  secrets:
+    - name: agones-bot-pr-commenter
+      value: projects/agones-images/secrets/agones-bot-pr-commenter/versions/latest

build/agones-bot/cloudbuild.yaml

@@ -0,0 +1,26 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+steps:
+  - name: gcr.io/cloud-builders/docker
+    args:
+      - build
+      - --tag=${_REGISTRY}/agones-bot:latest
+      - '.'
+images:
+  - ${_REGISTRY}/agones-bot
+options:
+  dynamic_substitutions: true
+substitutions:
+  _REGISTRY: "us-docker.pkg.dev/${PROJECT_ID}/build"

build/agones-bot/go.mod

@@ -0,0 +1,79 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+module github-bot
+
+go 1.21
+
+require (
+	github.com/GoogleCloudPlatform/cloud-build-notifiers/lib/notifiers v0.0.0-20210219212036-163c92a64b27
+	github.com/Masterminds/sprig/v3 v3.2.3
+	github.com/golang/glog v1.2.0
+	github.com/google/go-github/v57 v57.0.0
+	golang.org/x/oauth2 v0.15.0
+	google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917
+)
+
+require (
+	cloud.google.com/go v0.111.0 // indirect
+	cloud.google.com/go/cloudbuild v1.15.0 // indirect
+	cloud.google.com/go/compute v1.23.3 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v1.1.5 // indirect
+	cloud.google.com/go/longrunning v0.5.4 // indirect
+	cloud.google.com/go/secretmanager v1.11.4 // indirect
+	cloud.google.com/go/storage v1.36.0 // indirect
+	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver/v3 v3.2.0 // indirect
+	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/cel-go v0.18.2 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/uuid v1.5.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/huandu/xstrings v1.3.3 // indirect
+	github.com/imdario/mergo v0.3.11 // indirect
+	github.com/mitchellh/copystructure v1.0.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.0 // indirect
+	github.com/shopspring/decimal v1.2.0 // indirect
+	github.com/spf13/cast v1.3.1 // indirect
+	github.com/stoewer/go-strcase v1.3.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
+	go.opentelemetry.io/otel v1.21.0 // indirect
+	go.opentelemetry.io/otel/metric v1.21.0 // indirect
+	go.opentelemetry.io/otel/trace v1.21.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	google.golang.org/api v0.155.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect
+	google.golang.org/grpc v1.60.1 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/client-go v11.0.0+incompatible // indirect
+)