-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathactions.yaml
276 lines (249 loc) · 10.3 KB
/
actions.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
variables:
- name: REGISTRY1_USERNAME
default: ""
- name: REGISTRY1_PASSWORD
default: ""
- name: GH_TOKEN
default: ""
- name: GITLAB_REGISTRY_USER
default: ""
- name: GITLAB_REGISTRY_URL
default: ""
- name: GITLAB_REGISTRY_TOKEN
default: ""
- name: GHCR_REGISTRY_USER
default: ""
- name: GHCR_REGISTRY_TOKEN
default: ""
- name: CHAINGUARD_IDENTITY
default: ""
- name: CHAINGUARD_TOKEN
default: ""
- name: CHART_PATH
default: chart/
- name: GROUP_NAME
default: package
- name: COMMON_ZARF
default: "true"
- name: TYPE
default: ""
- name: FLAVOR
default: ""
- name: OPTIONS
default: ""
- name: LOG_DIR
default: /tmp
- name: GO_VERSION
default: 1.23.1
tasks:
- name: debug-output
description: Print debug output from a k8s cluster
actions:
- description: Print basic debug info for a k8s cluster
cmd: |
echo "::group::kubectl get all"
uds zarf tools kubectl get all -A || echo "failed" | tee ${{ .variables.LOG_DIR }}/debug-k-get-all.log
echo "::endgroup::"
echo "::group::kubectl get pv,pvc"
uds zarf tools kubectl get pv,pvc -A || echo "failed" | tee ${{ .variables.LOG_DIR }}/debug-k-get-pv-pvc.log
echo "::endgroup::"
echo "::group::kubectl get package"
uds zarf tools kubectl get package -A || echo "failed" | tee ${{ .variables.LOG_DIR }}/debug-k-get-package.log
echo "::endgroup::"
echo "::group::kubectl get events"
uds zarf tools kubectl get events -A --sort-by='.lastTimestamp' || echo "failed" | tee ${{ .variables.LOG_DIR }}/debug-k-get-events.log
echo "::endgroup::"
echo "::group::kubectl describe nodes"
uds zarf tools kubectl describe nodes k3d-uds-server-0 || echo "failed" | tee ${{ .variables.LOG_DIR }}/debug-k-describe-node.log
echo "::endgroup::"
- name: clean-gh-runner
description: Cleanup unneeded files to free space on a GitHub runner
actions:
- description: Clean up space on the GitHub runner
cmd: |
if [ "$CI" = "true" ]; then
df -h
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
sudo rm -rf /opt/ghc
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo docker image prune --all --force
df -h
fi
- name: save-logs
description: Save Pod and Node logs from a cluster and fix permissions
actions:
- description: Pull logs from containerd
cmd: |
CONTAINER_NAME="k3d-uds-server-0"
if docker ps | grep -q "$CONTAINER_NAME"; then
echo "Container $CONTAINER_NAME is running. Proceeding with log copy..."
docker cp "${CONTAINER_NAME}:/var/log/" ${{ .variables.LOG_DIR }}/uds-containerd-logs
else
echo "Container $CONTAINER_NAME is not running. Skipping log copy."
fi
- description: Dump Node Logs
cmd: |
docker ps --filter "name=k3d" --format "{{.Names}}" | while read -r line; do
docker logs "$line" 2> "${{ .variables.LOG_DIR }}/$line.log"
done
- description: Fix log permissions
cmd: |
sudo chown "$USER" ${{ .variables.LOG_DIR }}/zarf-*.log || echo ""
sudo chown "$USER" ${{ .variables.LOG_DIR }}/uds-*.log || echo ""
- name: setup-environment
description: Setup the runner environment for testing UDS Packages
actions:
- description: Install dependencies
task: install-deps
- description: authenticate to the registries
task: authenticate-registries
- name: install-deps
description: Install the runner dependencies for testing UDS Packages
actions:
- description: Install k3d
env:
# renovate: datasource=github-tags depName=k3d-io/k3d versioning=semver-coerced
- K3D_VERSION=v5.8.1
cmd: |
curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG="${K3D_VERSION}" bash
- task: determine-arch
- description: Install Lula
env:
# renovate: datasource=github-tags depName=defenseunicorns/lula versioning=semver-coerced
- LULA_VERSION=v0.16.0
cmd: |
curl -o /usr/local/bin/lula -L \
"https://github.com/defenseunicorns/lula/releases/download/${LULA_VERSION}/lula_${LULA_VERSION}_$(uname -s)_${{ .variables.ARCH }}" \
&& chmod +x /usr/local/bin/lula
- description: Install uds-releaser
env:
# renovate: datasource=github-tags depName=defenseunicorns/uds-releaser versioning=semver-coerced
- UDS_RELEASER_VERSION=v0.0.6
cmd: |
curl -o /usr/local/bin/uds-releaser -L \
"https://github.com/defenseunicorns/uds-releaser/releases/download/${UDS_RELEASER_VERSION}/uds-releaser_${UDS_RELEASER_VERSION}_$(uname -s)_${{ .variables.ARCH }}" \
&& chmod +x /usr/local/bin/uds-releaser
- name: authenticate-registries
description: Log in to the registries for testing and publishing UDS Packages
actions:
- description: Iron Bank Login
if: ${{ ne .variables.REGISTRY1_USERNAME "" }}
task: registry-login
with:
registry: registry1.dso.mil
registry_username: ${{ .variables.REGISTRY1_USERNAME }}
registry_token: ${{ .variables.REGISTRY1_PASSWORD }}
- description: Chainguard Login
if: ${{ ne .variables.CHAINGUARD_IDENTITY "" }}
cmd: |
if [ -z "$GITLAB_CI" ]; then
curl -o /usr/local/bin/chainctl -L \
"https://dl.enforce.dev/chainctl/latest/chainctl_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/aarch64/arm64/')" \
&& chmod +x /usr/local/bin/chainctl
fi
LOGIN_ARGS="--identity \"${{ .variables.CHAINGUARD_IDENTITY }}\""
TOKEN=${{ .variables.CHAINGUARD_TOKEN }}
if [ -n "$TOKEN" ]; then
LOGIN_ARGS="$LOGIN_ARGS --identity-token \"$TOKEN\""
fi
if eval chainctl auth login "$LOGIN_ARGS" -v=0; then
echo Logged in as ${{ .variables.CHAINGUARD_IDENTITY }}!
else
echo Unable to assume the identity ${{ .variables.CHAINGUARD_IDENTITY }}.
exit 1
fi
if ! eval chainctl auth configure-docker "$LOGIN_ARGS" -v=0; then
echo Unable to register credential helper as ${{ .variables.CHAINGUARD_IDENTITY }}.
exit 1
fi
- description: GHCR Registry Login
if: ${{ ne .variables.GH_TOKEN "" }}
task: registry-login
with:
registry: ghcr.io
registry_username: dummy
registry_token: ${{ .variables.GH_TOKEN }}
- description: Gitlab Registry Login
if: ${{ ne .variables.GITLAB_REGISTRY_USER "" }}
task: registry-login
with:
registry: ${{ .variables.GITLAB_REGISTRY_URL }}
registry_username: ${{ .variables.GITLAB_REGISTRY_USER }}
registry_token: ${{ .variables.GITLAB_REGISTRY_TOKEN }}
- description: GHCR Registry Login from GitLab
if: ${{ ne .variables.GHCR_REGISTRY_USER "" }}
task: registry-login
with:
registry: ghcr.io
registry_username: ${{ .variables.GHCR_REGISTRY_USER }}
registry_token: ${{ .variables.GHCR_REGISTRY_TOKEN }}
- description: Package Specific CI Setup
cmd: |
if uds run --list | grep -q 'ci-setup'; then
./uds run ci-setup --no-progress
fi
- name: test-deploy
description: Test a deployment of a UDS package/bundle
actions:
- description: Test installing the package/bundle
if: ${{ eq .variables.TYPE "install" }}
cmd: |
if uds run --list | grep -q 'test-package'; then
./uds run test-package --set FLAVOR=${{ .variables.FLAVOR }} ${{ .variables.OPTIONS }} --no-progress
else
./uds run test-install --set FLAVOR=${{ .variables.FLAVOR }} ${{ .variables.OPTIONS }} --no-progress
fi
- description: Test upgrading the package/bundle
if: ${{ eq .variables.TYPE "upgrade" }}
cmd: ./uds run test-upgrade --set FLAVOR=${{ .variables.FLAVOR }} ${{ .variables.OPTIONS }} --no-progress
- name: verify-badge
description: Perform verification to assist with UDS badge certification
actions:
- task: determine-arch
- description: Setup Go environment
cmd: |
PLATFORM=$(uname -s | tr '[:upper:]' '[:lower:]')
curl -OL "https://go.dev/dl/go${{ .variables.GO_VERSION }}.${PLATFORM}-${{ .variables.ARCH }}.tar.gz" && \
sudo tar -C /usr/local -xzf "go${{ .variables.GO_VERSION }}.${PLATFORM}-${{ .variables.ARCH }}.tar.gz"
echo 'export PATH="$PATH:/usr/local/go/bin"' >> ~/.bashrc
- description: Setup Helm
cmd: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
- description: Test installing the package
cmd: |
uds run badge:verify-badge \
--set CHART_PATH="${{ .variables.CHART_PATH }}" \
--set GROUP_NAME="${{ .variables.GROUP_NAME }}" \
--set COMMON_ZARF="${{ .variables.COMMON_ZARF }}"
# Common tasks
- name: determine-arch
description: Determine the architecture of the current machine
actions:
- description: Set Arch
cmd: |
ARCH=$(uname -m) && [ "$ARCH" = "x86_64" ] && ARCH='amd64'; [ "$ARCH" = "aarch64" ] && ARCH='arm64'; echo "$ARCH"
shell:
linux: bash
darwin: bash
setVariables:
- name: ARCH
- name: registry-login
description: Log in to an OCI registry
inputs:
registry:
description: The registry to log in to
required: true
registry_username:
description: The username to log in with
required: true
default: replace-me
registry_token:
description: The token to log in with
required: true
actions:
- description: Registry Login
cmd: |
set -x
echo "${{ .inputs.registry_token }}" | ./uds zarf tools registry login -u "${{ .inputs.registry_username }}" --password-stdin "${{ .inputs.registry }}"