diff --git a/.github/workflows/build-and-push-component.yaml b/.github/workflows/build-and-push-component.yaml deleted file mode 100644 index 146ff4624..000000000 --- a/.github/workflows/build-and-push-component.yaml +++ /dev/null @@ -1,168 +0,0 @@ -name: 'Build and Push Component' - -on: - workflow_call: - inputs: - image_name: - required: true - type: string - description: 'Name of the image to publish' - image_tag: - required: true - type: string - description: 'Image tag to build and push.' - push: - required: false - type: boolean - description: 'If set to true, push the image.' - default: false - timestamp: - required: true - type: string - description: 'The build timestamp to be used for binaries.' - bake_target_name: - required: true - type: string - description: 'Docker Bake target name.' - post_image_tags: - required: false - type: boolean - description: | - If set to true the image tags pushed to the repository are posted as comment for the Pull Request. - Only works if the event type is `pull_request`. - -jobs: - build-vars: - runs-on: ubuntu-latest - outputs: - digests-cache-name: ${{ steps.build-vars.outputs.digests-cache-name }} - steps: - - name: Set build variables - id: build-vars - run: | - - ## - ## Set digests cache name - ## - ## Example: digest-1234-a2850e9cc4e2b3a3 - ## - - image_name_hash="$(sha256sum <<< "${{ inputs.bake_target_name }}" | cut -f1 -d' ')" - printf "digests-cache-name=digest-%s-%.16s" "${{ github.run_id }}" "${image_name_hash}" >> "$GITHUB_OUTPUT" - - build-and-push: - runs-on: ubuntu-latest - needs: build-vars - strategy: - fail-fast: false - matrix: - platform: - - linux/amd64 - - linux/arm64 - steps: - - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - - - name: Cache Docker layers - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.ref }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Login to GitHub Container Registry - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build - uses: docker/bake-action@7a5dfed3550ca014665af2a27af8fc9d7284b9b3 # v4.5.0 - id: bake - with: - targets: ${{ inputs.bake_target_name }} - set: | - *.platform=${{ matrix.platform }} - *.output=type=image,name=${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=${{ inputs.push }} - *.tags= - *.cache-to=type=local,dest=/tmp/.buildx-cache - *.cache-from=type=local,src=/tmp/.buildx-cache - env: - VERSION: ${{ inputs.image_tag }} - BUILD_TIMESTAMP: ${{ inputs.timestamp }} - COMMIT_HASH: ${{ github.sha }} - BUILD_OPTS: -tags=exclude_graphdriver_btrfs,exclude_graphdriver_devicemapper - - - name: Export digest - if: inputs.push - id: digest - run: | - mkdir -p /tmp/digests - digest=$(jq -r '."${{ inputs.bake_target_name }}"."containerimage.digest"'<<< '${{ steps.bake.outputs.metadata }}') - touch "/tmp/digests/${digest#sha256:}" - echo "digest=${digest#sha256:}" >> "$GITHUB_OUTPUT" - - - name: Upload digests - if: inputs.push - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 - with: - name: ${{ needs.build-vars.outputs.digests-cache-name }}-${{ steps.digest.outputs.digest }} - path: /tmp/digests/* - if-no-files-found: error - retention-days: 1 - compression-level: 0 - - merge-and-push: - if: inputs.push - runs-on: ubuntu-latest - needs: - - build-vars - - build-and-push - steps: - - name: Download digests - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - pattern: ${{ needs.build-vars.outputs.digests-cache-name }}-* - merge-multiple: true - path: /tmp/digests - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - - - name: Login to GitHub Container Registry - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Create manifest list and push - working-directory: /tmp/digests - run: | - # shellcheck disable=SC2046 - docker buildx imagetools create \ - --tag "${{ inputs.image_name }}:${{ inputs.image_tag }}" \ - $(printf '${{ inputs.image_name }}@sha256:%s ' *) - - - name: Inspect image - run: | - docker buildx imagetools inspect ${{ inputs.image_name }}:${{ inputs.image_tag }} - - - name: Save image name - if: inputs.post_image_tags - run: | - mkdir -p /tmp/image-names - echo "${{ inputs.image_name }}:${{ inputs.image_tag }}" >> "/tmp/image-names/${{ inputs.bake_target_name }}" - - - name: Upload image names - if: inputs.post_image_tags - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 - with: - name: image-names-${{ github.run_id }}-${{ inputs.bake_target_name }} - path: /tmp/image-names/* - if-no-files-found: error diff --git a/.github/workflows/build-and-push-components-manual.yml b/.github/workflows/build-and-push-components-manual.yml new file mode 100644 index 000000000..e91e44a4e --- /dev/null +++ b/.github/workflows/build-and-push-components-manual.yml @@ -0,0 +1,14 @@ +name: Build and Push Components Manual + +on: + workflow_dispatch: + +permissions: + packages: write + +jobs: + build-and-push: + uses: ./.github/workflows/build-and-push-components-registry.yml + with: + suffix: "-dev" + image_tag: latest diff --git a/.github/workflows/build-and-push-components-registry.yml b/.github/workflows/build-and-push-components-registry.yml new file mode 100644 index 000000000..c1d945dd5 --- /dev/null +++ b/.github/workflows/build-and-push-components-registry.yml @@ -0,0 +1,97 @@ +name: Build and Push Components Registry + +on: + workflow_call: + inputs: + image_tag: + required: true + type: string + description: 'Image tag to use.' + registry_name: + required: false + type: string + description: 'Name of the registry.' + default: ghcr.io/openclarity + suffix: + required: false + type: string + description: 'Suffix to append to the image name' + default: "" + bake-group: + required: false + type: string + description: 'Name of the Docker Bake group of targets' + default: default + +jobs: + prepare-build: + runs-on: ubuntu-latest + outputs: + timestamp: ${{ steps.timestamp.outputs.timestamp }} + targets: ${{ steps.targets.outputs.targets }} + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Set timestamp + id: timestamp + run: | + ## + ## Set timestamp variable + ## + + echo "timestamp=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "$GITHUB_OUTPUT" + + - name: List targets + id: targets + uses: docker/bake-action/subaction/list-targets@7a5dfed3550ca014665af2a27af8fc9d7284b9b3 # v4.5.0 + with: + target: ${{ inputs.bake-group }} + + build-and-push: + needs: prepare-build + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + targets: ${{ fromJson(needs.prepare-build.outputs.targets) }} + steps: + - name: Checkout code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + + - name: Cache Docker layers + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.ref }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Login to GitHub Container Registry + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build + uses: docker/bake-action@7a5dfed3550ca014665af2a27af8fc9d7284b9b3 # v4.5.0 + id: bake + with: + targets: ${{ matrix.targets }} + set: | + *.platform=linux/amd64,linux/arm64 + *.output=type=image,name=${{ inputs.registry_name }}/${{ matrix.targets }},name-canonical=true,push=true + *.cache-to=type=local,dest=/tmp/.buildx-cache + *.cache-from=type=local,src=/tmp/.buildx-cache + env: + VERSION: ${{ inputs.image_tag }} + BUILD_TIMESTAMP: ${{ needs.prepare-build.outputs.timestamp }} + COMMIT_HASH: ${{ github.sha }} + DOCKER_REGISTRY: ${{ inputs.registry_name }} + SUFFIX: ${{ inputs.suffix }} + DOCKER_TAG: ${{ inputs.image_tag }} + BUILD_OPTS: -tags=exclude_graphdriver_btrfs,exclude_graphdriver_devicemapper diff --git a/.github/workflows/build-and-upload-components.yml b/.github/workflows/build-and-upload-components.yml new file mode 100644 index 000000000..b3609afc2 --- /dev/null +++ b/.github/workflows/build-and-upload-components.yml @@ -0,0 +1,101 @@ +name: Build and Upload Components + +on: + workflow_call: + inputs: + image_tag: + required: true + type: string + description: 'Image tag to use.' + registry_name: + required: false + type: string + description: 'Name of the registry.' + default: openclarity.io + bake-group: + required: false + type: string + description: 'Name of the Docker Bake group of targets' + default: default + +jobs: + prepare-build: + runs-on: ubuntu-latest + outputs: + timestamp: ${{ steps.timestamp.outputs.timestamp }} + targets: ${{ steps.targets.outputs.targets }} + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Set timestamp + id: timestamp + run: | + ## + ## Set timestamp variable + ## + + echo "timestamp=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "$GITHUB_OUTPUT" + + - name: List targets + id: targets + uses: docker/bake-action/subaction/list-targets@7a5dfed3550ca014665af2a27af8fc9d7284b9b3 # v4.5.0 + with: + target: ${{ inputs.bake-group }} + + build-and-upload: + needs: prepare-build + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + targets: ${{ fromJson(needs.prepare-build.outputs.targets) }} + steps: + - name: Checkout code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + + - name: Cache Docker layers + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.ref }} + restore-keys: ${{ runner.os }}-buildx- + + - name: Build + uses: docker/bake-action@7a5dfed3550ca014665af2a27af8fc9d7284b9b3 # v4.5.0 + id: bake + with: + targets: ${{ matrix.targets }} + set: | + *.platform=linux/amd64 + *.output=type=docker,dest=/tmp/${{ matrix.targets }}.tar + *.cache-to=type=local,dest=/tmp/.buildx-cache + *.cache-from=type=local,src=/tmp/.buildx-cache + env: + VERSION: ${{ inputs.image_tag }} + BUILD_TIMESTAMP: ${{ needs.prepare-build.outputs.timestamp }} + COMMIT_HASH: ${{ github.sha }} + DOCKER_REGISTRY: ${{ inputs.registry_name }} + DOCKER_TAG: ${{ inputs.image_tag }} + BUILD_OPTS: -tags=exclude_graphdriver_btrfs,exclude_graphdriver_devicemapper + + - name: Save artifact + run: | + mkdir -p /tmp/artifacts + mv "/tmp/${{ matrix.targets }}.tar" /tmp/artifacts/ + ARTIFACT_NAME="$(echo ${{ matrix.targets }}-${{ inputs.image_tag }} | tr '/' '-')" + echo ARTIFACT_NAME="$ARTIFACT_NAME" >> "$GITHUB_ENV" + + - name: Upload artifact + id: upload-artifacts + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + with: + name: ${{ env.ARTIFACT_NAME }} + path: /tmp/artifacts/${{ matrix.targets }}.tar + if-no-files-found: error + retention-days: 1 + compression-level: 0 + overwrite: true diff --git a/.github/workflows/cache-cleanup.yml b/.github/workflows/cache-cleanup.yml index 01004bfe5..086bc4e98 100644 --- a/.github/workflows/cache-cleanup.yml +++ b/.github/workflows/cache-cleanup.yml @@ -1,6 +1,6 @@ # https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#force-deleting-cache-entries +name: Cache Cleanup -name: Cache cleanup on: pull_request: types: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a13b5a9cb..af2a70dc5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,7 +6,6 @@ on: permissions: packages: write - pull-requests: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -21,12 +20,9 @@ jobs: build: needs: verification name: Build - uses: ./.github/workflows/reusable-build-and-push.yml + uses: ./.github/workflows/build-and-upload-components.yml with: image_tag: ${{ format('pr{0}-{1}', github.event.pull_request.number, github.sha) }} - push: true - use_release_repository: false - post_image_tags: true e2e-docker: needs: build @@ -34,7 +30,6 @@ jobs: uses: ./.github/workflows/reusable-end-to-end-testing.yml with: image_tag: ${{ format('pr{0}-{1}', github.event.pull_request.number, github.sha) }} - use_release_repository: false platform: docker e2e-k8s: @@ -43,7 +38,6 @@ jobs: uses: ./.github/workflows/reusable-end-to-end-testing.yml with: image_tag: ${{ format('pr{0}-{1}', github.event.pull_request.number, github.sha) }} - use_release_repository: false platform: kubernetes success: @@ -58,5 +52,4 @@ jobs: runs-on: ubuntu-latest steps: - name: Echo Success - run: | - echo "::notice Success!" + run: echo "::notice Success!" diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index 866e69974..2981d7784 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -1,4 +1,4 @@ -name: Container image cleanup +name: Container Image Cleanup on: pull_request: diff --git a/.github/workflows/main-merge.yml b/.github/workflows/main-merge.yml index 053664f12..a97f70c74 100644 --- a/.github/workflows/main-merge.yml +++ b/.github/workflows/main-merge.yml @@ -1,4 +1,5 @@ -name: Main merge +name: Main Merge + on: push: branches: @@ -15,8 +16,6 @@ jobs: build-and-push: needs: verification - uses: ./.github/workflows/reusable-build-and-push.yml + uses: ./.github/workflows/build-and-push-components-registry.yml with: image_tag: latest - push: true - use_release_repository: true diff --git a/.github/workflows/manual-build-and-push.yaml b/.github/workflows/manual-build-and-push.yaml deleted file mode 100644 index b247d8a86..000000000 --- a/.github/workflows/manual-build-and-push.yaml +++ /dev/null @@ -1,106 +0,0 @@ -name: Build & Push manually - -on: - workflow_dispatch: - inputs: - registry_name: - required: false - type: string - description: 'Registry name used for container image names. Default is `ghcr.io/openclarity`.' - default: ghcr.io/openclarity - image_tag: - required: true - type: string - description: 'Image tag to build and push.' - git_ref: - required: true - type: string - description: 'The branch, tag or SHA to build.' - push: - required: false - type: boolean - description: 'If set to true, push the image.' - default: false - use_release_repository: - required: false - type: boolean - description: 'If set to true the image is pushed to the release repository otherwise it is pushed to the development.' - default: false - bake-group: - required: false - type: string - description: 'Name of the Docker Bake group of targets' - default: default - -permissions: - packages: write - -jobs: - prepare: - runs-on: ubuntu-latest - outputs: - timestamp: ${{ steps.timestamp.outputs.timestamp }} - registry: ${{ steps.registry.outputs.registry }} - suffix: ${{ steps.suffix.outputs.suffix }} - targets: ${{ steps.targets.outputs.targets }} - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - ref: ${{ github.event.inputs.git_ref }} - - - name: Set timestamp - id: timestamp - run: | - ## - ## Set timestamp variable - ## - - echo "timestamp=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "$GITHUB_OUTPUT" - - - name: Set registry - id: registry - run: | - ## - ## Determine the image name registry - ## - - # Remove trailing slash characters(s) - # shellcheck disable=SC2001 - echo "registry=$(sed -e 's@/*$@@' <<< ${{ inputs.registry_name }})" >> "$GITHUB_OUTPUT" - - - name: Set suffix - id: suffix - run: | - ## - ## Determine the image name suffix based on the release type - ## - - # Set image name suffix - suffix=-dev - if [ "${{ inputs.use_release_repository }}" == "true" ]; then - suffix= - fi - - echo "suffix=${suffix}" >> "$GITHUB_OUTPUT" - - - name: List targets - id: targets - uses: docker/bake-action/subaction/list-targets@7a5dfed3550ca014665af2a27af8fc9d7284b9b3 # v4.5.0 - with: - target: ${{ inputs.bake-group }} - - build-and-push: - needs: - - prepare - strategy: - fail-fast: false - matrix: - target: ${{ fromJson(needs.prepare.outputs.targets) }} - uses: ./.github/workflows/build-and-push-component.yaml - with: - image_name: "${{ needs.prepare.outputs.registry }}/${{ matrix.target }}${{ needs.prepare.outputs.suffix }}" - image_tag: ${{ inputs.image_tag }} - push: ${{ inputs.push }} - timestamp: ${{ needs.prepare.outputs.timestamp }} - bake_target_name: ${{ matrix.target }} diff --git a/.github/workflows/post-release.yaml b/.github/workflows/post-release.yml similarity index 96% rename from .github/workflows/post-release.yaml rename to .github/workflows/post-release.yml index c31abf75d..3a4958fad 100644 --- a/.github/workflows/post-release.yaml +++ b/.github/workflows/post-release.yml @@ -22,9 +22,8 @@ jobs: # shellcheck disable=SC2016 echo "modules=$(find . -name go.mod -type f -print0 | xargs -0 awk '/module/ {print $2}' | jq -c -R '[.,inputs] | map(sub("^github.com\/openclarity\/vmclarity\/";""))')" >> "$GITHUB_OUTPUT" - create_module_tags: - needs: - - prepare + create-module-tags: + needs: prepare name: Create module tags runs-on: ubuntu-latest strategy: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yml similarity index 92% rename from .github/workflows/release.yaml rename to .github/workflows/release.yml index d59a01f7e..a90352eac 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yml @@ -10,48 +10,6 @@ permissions: contents: write jobs: - verification: - name: Verification - uses: ./.github/workflows/reusable-verification.yml - secrets: inherit - - build_and_push: - needs: - - verification - - artifacts - - publish_helm - name: Build & Push - uses: ./.github/workflows/reusable-build-and-push.yml - with: - image_tag: ${{ github.ref_name }} - push: true - use_release_repository: true - - publish_helm: - needs: verification - name: Publish Helm Chart - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Create Helm Chart package - env: - VERSION: ${{ github.ref_name }} - run: make dist-helm-chart - - - name: Login to GitHub Container Registry - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Package and Publish Helm Chart - env: - VERSION: ${{ github.ref_name }} - run: make publish-helm-chart - artifacts: name: Create artifacts runs-on: ubuntu-latest @@ -63,7 +21,7 @@ jobs: uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # NOTE(chrisgacsal): Use actions/cache for caching Go dependency and build caches - # as if provides better flexibility like setting the cache key which reduces cache misses significantly. + # as it provides better flexibility like setting the cache key which reduces cache misses significantly. cache: false go-version-file: '.go-version' @@ -134,12 +92,52 @@ jobs: if-no-files-found: error compression-level: 0 - main_release: + verification: + name: Verification + uses: ./.github/workflows/reusable-verification.yml + secrets: inherit + + publish-helm-chart: + needs: verification + name: Publish Helm Chart + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Create Helm Chart package + env: + VERSION: ${{ github.ref_name }} + run: make dist-helm-chart + + - name: Login to GitHub Container Registry + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Package and Publish Helm Chart + env: + VERSION: ${{ github.ref_name }} + run: make publish-helm-chart + + build-and-push: needs: + - artifacts - verification - - build_and_push - - publish_helm + - publish-helm-chart + name: Build + uses: ./.github/workflows/build-and-push-components-registry.yml + with: + image_tag: ${{ github.ref_name }} + + main-release: + needs: - artifacts + - verification + - publish-helm-chart + - build-and-push name: Release runs-on: ubuntu-latest steps: @@ -160,7 +158,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: make generate-release-notes - - uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 + - name: Upload release + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 with: allowUpdates: true artifactErrorsFailBuild: true diff --git a/.github/workflows/reusable-build-and-push.yml b/.github/workflows/reusable-build-and-push.yml deleted file mode 100644 index 721cb19c3..000000000 --- a/.github/workflows/reusable-build-and-push.yml +++ /dev/null @@ -1,150 +0,0 @@ -name: Build & Push - -on: - workflow_call: - inputs: - registry_name: - required: false - type: string - description: 'Registry name used for container image names. Default is `ghcr.io/openclarity`.' - default: ghcr.io/openclarity - image_tag: - required: true - type: string - description: 'Image tag to build and push.' - push: - required: false - type: boolean - description: 'If set to true, push the image.' - default: false - use_release_repository: - required: false - type: boolean - description: 'If set to true the image is pushed to the release repository otherwise it is pushed to the development.' - default: false - post_image_tags: - required: false - type: boolean - description: | - If set to true the image tags pushed to the repository are posted as comment for the Pull Request. - Only works if the event type is `pull_request`. - bake-group: - required: false - type: string - description: 'Name of the Docker Bake group of targets' - default: default - -jobs: - prepare: - runs-on: ubuntu-latest - outputs: - timestamp: ${{ steps.timestamp.outputs.timestamp }} - registry: ${{ steps.registry.outputs.registry }} - suffix: ${{ steps.suffix.outputs.suffix }} - targets: ${{ steps.targets.outputs.targets }} - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Set timestamp - id: timestamp - run: | - ## - ## Set timestamp variable - ## - - echo "timestamp=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "$GITHUB_OUTPUT" - - - name: Set registry - id: registry - run: | - ## - ## Determine the image name registry - ## - - # Remove trailing slash characters(s) - # shellcheck disable=SC2001 - echo "registry=$(sed -e 's@/*$@@' <<< ${{ inputs.registry_name }})" >> "$GITHUB_OUTPUT" - - - name: Set suffix - id: suffix - run: | - ## - ## Determine the image name suffix based on the release type - ## - - # Set image name suffix - suffix=-dev - if [ "${{ inputs.use_release_repository }}" == "true" ]; then - suffix= - fi - - echo "suffix=${suffix}" >> "$GITHUB_OUTPUT" - - - name: List targets - id: targets - uses: docker/bake-action/subaction/list-targets@7a5dfed3550ca014665af2a27af8fc9d7284b9b3 # v4.5.0 - with: - target: ${{ inputs.bake-group }} - - build-and-push: - needs: - - prepare - strategy: - fail-fast: false - matrix: - target: ${{ fromJson(needs.prepare.outputs.targets) }} - uses: ./.github/workflows/build-and-push-component.yaml - with: - image_name: "${{ needs.prepare.outputs.registry }}/${{ matrix.target }}${{ needs.prepare.outputs.suffix }}" - image_tag: ${{ inputs.image_tag }} - push: ${{ inputs.push }} - timestamp: ${{ needs.prepare.outputs.timestamp }} - bake_target_name: ${{ matrix.target }} - post_image_tags: ${{ inputs.post_image_tags }} - - post-images: - if: github.event_name == 'pull_request' && inputs.post_image_tags - runs-on: ubuntu-latest - needs: - - prepare - - build-and-push - steps: - - name: Download image names - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - pattern: image-names-${{ github.run_id }}-* - merge-multiple: true - path: /tmp/image-names - - - name: Get image names - run: | - ## - ## Cat out the image names from the directory, prefixing (* `) and suffixing (`) them to create - ## markdown list items and saving this multiline string with base64 encoding to a Github env. - ## - ## Example: - ## - ## * `ghcr.io/openclarity/vmclarity-apiserver:latest` - ## * `ghcr.io/openclarity/vmclarity-orchestrator:latest` - ## * `ghcr.io/openclarity/vmclarity-ui-backend:latest` - - set -o pipefail - - EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) - { - echo "image-names<<$EOF"; cat /tmp/image-names/* | sed "s/.*/* \`&\`/"; echo "$EOF" - } >> "$GITHUB_ENV" - - - name: Post comment with image tags - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 - with: - hide_and_recreate: true - hide_classify: "OUTDATED" - skip_unchanged: true - header: image-tags - message: | - Hey! - - Your images are ready: - ${{ env.image-names }} diff --git a/.github/workflows/reusable-end-to-end-testing.yml b/.github/workflows/reusable-end-to-end-testing.yml index 1b1ca0bbf..050fd98fe 100644 --- a/.github/workflows/reusable-end-to-end-testing.yml +++ b/.github/workflows/reusable-end-to-end-testing.yml @@ -1,4 +1,4 @@ -name: End-to-End testing +name: End to End Testing on: workflow_call: @@ -6,64 +6,20 @@ on: image_tag: required: true type: string - description: 'Image tag to build and push.' - registry_name: - required: false - type: string - description: 'Registry name used for container image names. Default is `ghcr.io/openclarity`.' - default: ghcr.io/openclarity - use_release_repository: - required: false - type: boolean - description: 'If set to true the image published to the release repository is used otherwise the development.' - default: false + description: 'Image tag to use.' platform: required: true type: string description: 'Platform used to run end-to-end tests. Supported values are `docker` and `kubernetes`.' + registry_name: + required: false + type: string + description: 'Name of the registry.' + default: openclarity.io jobs: - images: - runs-on: ubuntu-latest - outputs: - apiserver-image: ${{ steps.images.outputs.apiserver-image }} - orchestrator-image: ${{ steps.images.outputs.orchestrator-image }} - ui-backend-image: ${{ steps.images.outputs.ui-backend-image }} - ui-image: ${{ steps.images.outputs.ui-image }} - cli-image: ${{ steps.images.outputs.cli-image }} - cr-discovery-server-image: ${{ steps.images.outputs.cr-discovery-server-image }} - plugin-kics-image: ${{ steps.images.outputs.plugin-kics-image}} - steps: - - name: Set container image names - id: images - run: | - ## - ## Determine the image name suffix based on the release type - ## - - # Remove trailing slash characters(s) - # shellcheck disable=SC2001 - registry="$(sed -e 's@/*$@@' <<< ${{ inputs.registry_name }})" - - # Set image name suffix - suffix=-dev - if [ "${{ inputs.use_release_repository }}" == "true" ]; then - suffix= - fi - - { - echo "apiserver-image=${registry}/vmclarity-apiserver${suffix}" - echo "orchestrator-image=${registry}/vmclarity-orchestrator${suffix}" - echo "ui-backend-image=${registry}/vmclarity-ui-backend${suffix}" - echo "ui-image=${registry}/vmclarity-ui${suffix}" - echo "cli-image=${registry}/vmclarity-cli${suffix}" - echo "cr-discovery-server-image=${registry}/vmclarity-cr-discovery-server${suffix}" - echo "plugin-kics-image=${registry}/vmclarity-plugin-kics${suffix}" - } >> "$GITHUB_OUTPUT" - run: runs-on: ubuntu-latest - needs: images steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -72,7 +28,7 @@ jobs: uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # NOTE(chrisgacsal): Use actions/cache for caching Go dependency and build caches - # as if provides better flexibility like setting the cache key which reduces cache misses significantly. + # as it provides better flexibility like setting the cache key which reduces cache misses significantly. cache: false go-version-file: '.go-version' @@ -118,15 +74,28 @@ jobs: - name: Install btrfs run: sudo apt-get install libbtrfs-dev -y + - name: Download artifacts + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + with: + path: tmp/artifacts + merge-multiple: true + + - name: Load images to local Docker registry + run: | + for image_archive in tmp/artifacts/*.tar; do + docker load --input "$image_archive" + done + docker images + - name: Run end to end tests env: - VMCLARITY_E2E_APISERVER_IMAGE: ${{ format('{0}:{1}', needs.images.outputs.apiserver-image, inputs.image_tag) }} - VMCLARITY_E2E_ORCHESTRATOR_IMAGE: ${{ format('{0}:{1}', needs.images.outputs.orchestrator-image, inputs.image_tag) }} - VMCLARITY_E2E_UI_IMAGE: ${{ format('{0}:{1}', needs.images.outputs.ui-image, inputs.image_tag) }} - VMCLARITY_E2E_UIBACKEND_IMAGE: ${{ format('{0}:{1}', needs.images.outputs.ui-backend-image, inputs.image_tag) }} - VMCLARITY_E2E_SCANNER_IMAGE: ${{ format('{0}:{1}', needs.images.outputs.cli-image, inputs.image_tag) }} - VMCLARITY_E2E_CR_DISCOVERY_SERVER_IMAGE: ${{ format('{0}:{1}', needs.images.outputs.cr-discovery-server-image, inputs.image_tag) }} - VMCLARITY_E2E_PLUGIN_KICS_IMAGE: ${{ format('{0}:{1}', needs.images.outputs.plugin-kics-image, inputs.image_tag) }} + VMCLARITY_E2E_APISERVER_IMAGE: ${{ inputs.registry_name }}/vmclarity-apiserver:${{ inputs.image_tag }} + VMCLARITY_E2E_ORCHESTRATOR_IMAGE: ${{ inputs.registry_name }}/vmclarity-orchestrator:${{ inputs.image_tag }} + VMCLARITY_E2E_UI_IMAGE: ${{ inputs.registry_name }}/vmclarity-ui:${{ inputs.image_tag }} + VMCLARITY_E2E_UIBACKEND_IMAGE: ${{ inputs.registry_name }}/vmclarity-ui-backend:${{ inputs.image_tag }} + VMCLARITY_E2E_SCANNER_IMAGE: ${{ inputs.registry_name }}/vmclarity-cli:${{ inputs.image_tag }} + VMCLARITY_E2E_CR_DISCOVERY_SERVER_IMAGE: ${{ inputs.registry_name }}/vmclarity-cr-discovery-server:${{ inputs.image_tag }} + VMCLARITY_E2E_PLUGIN_KICS_IMAGE: ${{ inputs.registry_name }}/vmclarity-plugin-kics:${{ inputs.image_tag }} VMCLARITY_E2E_PLATFORM: ${{ inputs.platform }} run: | if [[ "${{ inputs.platform }}" == "kubernetes" ]]; then diff --git a/.github/workflows/reusable-verification.yml b/.github/workflows/reusable-verification.yml index ee6504fe5..f6ba2f011 100644 --- a/.github/workflows/reusable-verification.yml +++ b/.github/workflows/reusable-verification.yml @@ -14,7 +14,7 @@ jobs: uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # NOTE(chrisgacsal): Use actions/cache for caching Go dependency and build caches - # as if provides better flexibility like setting the cache key which reduces cache misses significantly. + # as it provides better flexibility like setting the cache key which reduces cache misses significantly. cache: false go-version-file: '.go-version' @@ -55,8 +55,7 @@ jobs: uses: scottbrenner/cfn-lint-action@62f1746de817410fa0058034b4c108ac2692ec81 # v2.4.2 - name: Run linters for Cloudformation - run: | - make lint-cfn + run: make lint-cfn - name: Run linters for Helm run: | @@ -110,7 +109,7 @@ jobs: uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # NOTE(chrisgacsal): Use actions/cache for caching Go dependency and build caches - # as if provides better flexibility like setting the cache key which reduces cache misses significantly. + # as it provides better flexibility like setting the cache key which reduces cache misses significantly. cache: false go-version-file: '.go-version' @@ -155,8 +154,7 @@ jobs: [[ -z "$(git status --porcelain)" ]] || exit 1 - name: Run go vet - run: | - make vet + run: make vet - name: Cache golangci-lint cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 @@ -170,9 +168,7 @@ jobs: - name: Run linters env: GOLANGCI_LINT_CACHE: ${{ github.workspace }}/.golangci.cache - run: | - make lint-go + run: make lint-go - name: Run tests - run: | - make test + run: make test diff --git a/.github/workflows/semantic-pr.yml b/.github/workflows/semantic-pr.yml index 46dd5ea12..61be173e3 100644 --- a/.github/workflows/semantic-pr.yml +++ b/.github/workflows/semantic-pr.yml @@ -1,4 +1,4 @@ -name: "Lint PR title" +name: Lint PR Title on: pull_request_target: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 392351a06..ec08c5cb6 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,4 +1,4 @@ -name: stale +name: Stale on: schedule: