-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build in Github CI #41
base: master
Are you sure you want to change the base?
Conversation
@rahman-lb can you and the team please take care of this for both los-csi and lb-csi |
@majst01 can you add a few lines of description to the PR ? |
I'm testing this change on internal repo, will merge after passing the tests. |
What was the output of the failing test ? |
done, hope this helps |
@rahman-lb pls merge both here and in lb-csi. Also, you may want to prepare the plugin for the next release (CC @ronen-lb) now to avoid having to do it in the last few days before 3.9.1. |
@majst01 can you check why PR check is failing ? |
The logs from the build in the CI are not visible here, at least for me, which makes it hard to tell, can you send me the logs over ? |
BTW: any reason why not building in github actions and publish the container to the github container registry for every PR ? |
That will be the right approach, eliminate outside dependencies and let this repo hold everything needed including build artifacts. |
I can provide a separate PR to build on github actions and publish to ghcr.io if you are willing to merge. |
Now added the build and push of the container to ghcr.io in the github actions, but to be able to pull the container without credentials, someone with repo admin rights must enable anonymous pulls here: https://github.com/LightBitsLabs/los-csi/pkgs/container/los-csi |
@majst01 I think you have access to upload packages using your PAT token, try to download the already published image , if you run into permission then i can allow anonymous download or give you permission for read/write. Unless someone has any objection, it seems to me that publishing images to ghcr.io is the right approach. I'll be happy to merge Gitub actions into main. |
Sure i know this, but to be able to take the container image pushed from a PR, it would be nice to be able to test this in our integration tests without adding a pull secret which is not required for the released images.
|
WORKDIR /work | ||
COPY . . | ||
|
||
RUN make build |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@majst01 I'm not sure, how this change worked for you becuase you're copying the content of the /deploy folder into the container which doesn't include the source code and make file but you're trying to build binary which requires the source code and make file. Ideally, we want to keep the binary build up outside the Dockerfile. This is the reason for the current CI failure, i removed this change from this PR #44 and CI jobs are passing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The COPY . .
instruction copies the whole directory into the container. The Build succeeded in the github CI as you can see here in the pipeline. As i dont know how your CI works and the logs are not visible i can not tell why this failed.
Building binaries inside a multistage container build is best practice, because you do not relay on the CI infrastructure which is unknown for contributors and might change.
Quality Gate failedFailed conditions |
This will close several bugs and CVEs by:
golang.org/x/*
dependencies to their actual released versionsgoogle.golang.org/protobuf
andgoogle.golang.org/grpc
with their latest versionsGet rid of the
vendor
directory which is by now a good practice even in big and important projects likekubernetes
Build and publish the container image in the github actions and push it to ghcr.io