From c00d640b8eb8078020d805a41b32fd855a7fe623 Mon Sep 17 00:00:00 2001 From: Carlos Salas Date: Thu, 5 Sep 2024 13:38:38 +0200 Subject: [PATCH] feat: update workflows after moving to buildx Signed-off-by: Carlos Salas --- .../nightly-chart-and-image-publish.yaml | 2 +- .github/workflows/nightly-test-release.yaml | 43 +++---------------- .github/workflows/release-workflow.yml | 29 +++---------- .github/workflows/release_build/action.yaml | 14 ++---- .github/workflows/test_chart.yaml | 2 +- .github/workflows/trivy.yml | 2 +- 6 files changed, 19 insertions(+), 73 deletions(-) diff --git a/.github/workflows/nightly-chart-and-image-publish.yaml b/.github/workflows/nightly-chart-and-image-publish.yaml index 1781a631..4dce86da 100644 --- a/.github/workflows/nightly-chart-and-image-publish.yaml +++ b/.github/workflows/nightly-chart-and-image-publish.yaml @@ -32,7 +32,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build docker image - run: make docker-build-all TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }} + run: make docker-build TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }} - name: Push docker image run: make docker-push-all TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }} diff --git a/.github/workflows/nightly-test-release.yaml b/.github/workflows/nightly-test-release.yaml index 39a04fd2..04d48bb6 100644 --- a/.github/workflows/nightly-test-release.yaml +++ b/.github/workflows/nightly-test-release.yaml @@ -4,6 +4,9 @@ on: schedule: - cron: "0 0 * * *" # Run every day at midnight (UTC) workflow_dispatch: # Allow running manually on demand + push: + branches: + - migrate-to-buildx env: RELEASE_TAG: t9.9.9-fake @@ -17,7 +20,8 @@ jobs: steps: - uses: actions/checkout@v4.1.7 with: - ref: main + ref: migrate-to-buildx + #ref: main fetch-depth: 0 - name: Set and push fake tag for release run: | @@ -39,11 +43,11 @@ jobs: strategy: matrix: destination: [ghcr] - arch: [amd64, arm64] include: - destination: ghcr registry: ghcr.io - username: ${{ github.actor }} + #username: ${{ github.actor }} + username: salasberryfin password: GITHUB_TOKEN image: GHCR_IMAGE secret_registry: false @@ -53,43 +57,10 @@ jobs: username: ${{ matrix.username }} registry: ${{ matrix.registry }} tag: t9.9.9-fake - arch: ${{ matrix.arch }} image: ${{ matrix.image }} secret_registry: ${{ matrix.secret_registry }} secrets: inherit - multiarch: - name: Publish multiarch image - needs: [build-push-services] - runs-on: ubuntu-latest - permissions: - packages: write - contents: read - strategy: - matrix: - destination: [ghcr] - include: - - destination: ghcr - registry: ghcr.io - username: ${{ github.actor }} - password: GITHUB_TOKEN - image: GHCR_IMAGE - secret_registry: false - steps: - - name: Checkout - uses: actions/checkout@v4.1.7 - with: - ref: ${{ env.RELEASE_TAG }} - fetch-depth: 0 - - name: Docker login - uses: docker/login-action@v3 - with: - registry: ${{ matrix.secret_registry && secrets[matrix.registry] || matrix.registry }} - username: ${{ matrix.secret_registry && secrets[matrix.username] || matrix.username }} - password: ${{ secrets[matrix.password] }} - - name: Publish multiarch - run: CONTROLLER_IMG=${{ vars[matrix.image] }} TAG=${{ env.RELEASE_TAG }} make docker-push-manifest-rancher-turtles - release: name: Create helm release needs: [build-push-services] diff --git a/.github/workflows/release-workflow.yml b/.github/workflows/release-workflow.yml index 7dee18f4..eeac8185 100644 --- a/.github/workflows/release-workflow.yml +++ b/.github/workflows/release-workflow.yml @@ -25,22 +25,17 @@ on: description: Destination registry for image push required: true - tag: type: string description: Tag for the built image required: true - arch: - type: string - description: Architecture for the image - required: true - org: type: string description: Organization part of the image name required: false - default: "rancher" + default: "salasberryfin" + #default: "rancher" jobs: build: @@ -62,7 +57,6 @@ jobs: id: image uses: ./.github/workflows/release_build with: - arch: ${{ inputs.arch }} tag: ${{ inputs.tag }} org: ${{ inputs.org }} registry: ${{ inputs.secret_registry && secrets[inputs.registry] || inputs.registry }} @@ -85,24 +79,11 @@ jobs: - name: Sign image with cosign uses: ./.github/workflows/release_sign with: - image: ${{ format('{0}-{1}', vars[inputs.image], inputs.arch) }} + image: ${{ vars[inputs.image] }} digest: ${{ needs.build.outputs.digest }} - identity: https://github.com/${{ inputs.org }}/turtles/.github/workflows/release-workflow.yml@${{ github.ref }} + identity: https://github.com/${{ inputs.org }}/rancher-turtles/.github/workflows/release-workflow.yml@${{ github.ref }} + #identity: https://github.com/${{ inputs.org }}/turtles/.github/workflows/release-workflow.yml@${{ github.ref }} oids-issuer: https://token.actions.githubusercontent.com registry: ${{ inputs.secret_registry && secrets[inputs.registry] || inputs.registry }} username: ${{ inputs.secret_registry && secrets[inputs.username] || inputs.username }} password: ${{ secrets[inputs.password] }} - - provenance: - needs: [sign, build] - permissions: - actions: read - id-token: write - packages: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0 - with: - digest: ${{ needs.build.outputs.digest }} - image: ${{ format('{0}-{1}', vars[inputs.image], inputs.arch) }} - secrets: - registry-username: ${{ inputs.secret_registry && secrets[inputs.username] || inputs.username }} - registry-password: ${{ secrets[inputs.password] }} diff --git a/.github/workflows/release_build/action.yaml b/.github/workflows/release_build/action.yaml index c4d56564..d1d461d7 100644 --- a/.github/workflows/release_build/action.yaml +++ b/.github/workflows/release_build/action.yaml @@ -1,10 +1,6 @@ name: "Build release" description: "Builds release image and pushes to the registry" inputs: - arch: - description: "Architecture of the built image" - required: true - type: string tag: description: "Image tag" type: string @@ -12,7 +8,8 @@ inputs: org: description: "Organization part of the image path" required: false - default: "rancher" + default: "salasberryfin" + #default: "rancher" type: string registry: description: "The registry to login" @@ -47,12 +44,9 @@ runs: registry: ${{ inputs.registry }} username: ${{ inputs.username }} password: ${{ inputs.password }} - - name: Build docker image - shell: bash - run: make docker-build-${{ inputs.arch }} TAG=${{ inputs.tag }} REGISTRY=${{ inputs.registry }} ORG=${{ inputs.org }} - - name: Push docker image to registry + - name: Build & Push docker image shell: bash - run: make docker-push-${{ inputs.arch }} TAG=${{ inputs.tag }} REGISTRY=${{ inputs.registry }} ORG=${{ inputs.org }} + run: make docker-build TAG=${{ inputs.tag }} REGISTRY=${{ inputs.registry }} ORG=${{ inputs.org }} - name: Store image and digest shell: bash id: image_info diff --git a/.github/workflows/test_chart.yaml b/.github/workflows/test_chart.yaml index 91dc7cbb..63450e8b 100644 --- a/.github/workflows/test_chart.yaml +++ b/.github/workflows/test_chart.yaml @@ -44,7 +44,7 @@ jobs: go-version: '=1.22.0' - name: Build docker image - run: make docker-build + run: make docker-build-local - name: Add CAPI operator chart repo run: helm repo add capi-operator https://kubernetes-sigs.github.io/cluster-api-operator diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 8ca5d0b1..f047a16d 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@v4.1.7 - name: Build an image run: | - TAG=${{ github.sha }} ARCH=amd64 make docker-build + TAG=${{ github.sha }} ARCH=amd64 make docker-build-local - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d with: