Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor build workflow #102

Merged
merged 3 commits into from
Sep 27, 2022
Merged

Refactor build workflow #102

merged 3 commits into from
Sep 27, 2022

Conversation

ben-harvey
Copy link
Contributor

@ben-harvey ben-harvey commented Sep 26, 2022
edited
Loading

There were some issues with the existing build workflow:

  • the use of kind/k8s seemed overly complicated for just running one docker container for testing
  • periodically the workflow timed out either waiting for a pod or waiting for the runner on the pod to register, and the workflow timeout is 6 hours which is too long
  • console output from the runner is not visible when run on kind
  • the runner test doesn't cover the case when there is already a runner registered to the repo when the test runs (i.e. it doesn't confirm that the job is actually running on the self-hosted runner that the test creates)
  • it relies on scheduling a second workflow from a separate file on the test runner

The new approach leverages a few things:

  • GitHub runners can run Docker directly
  • Different job steps run on separate VMs on the hosted runner
  • Labeling and naming a runner lets you query info about and schedule jobs on a specific runner
  • You can set timeouts on specific jobs

New steps:

  1. Set a UUID that will be used both in setting up the test runner and in scheduling the job on the test runner. This entailed a small change in the script that configures the runner.
  2. Build the image (using the GitHub Cache API to set/fetch cached layers) but don't push it yet
  3. Run Trivy and Dockle tests on the image
  4. Push the image to ECR with only a tag for the commit SHA
  5. Run the image, passing in the UUID to name and label the runner (the console output from the runner appears in the workflow logs)
  6. In a separate job, poll GitHub until the runner with the UUID is ready. Time out if it takes longer than 10 minutes (average is 4-5 minutes)
  7. Once ready, schedule a test job on the runner, specifying the UUID label
  8. If the branch is 'main', add the 'latest tag to the ECR image

Screen Shot 2022-09-26 at 10 46 47 AM

Actions added:

Testing:

I ran the workflow a lot and confirmed the pushes/tags in ECR

crbudzeak
crbudzeak approved these changes Sep 26, 2022
View reviewed changes
Copy link
Contributor

@crbudzeak crbudzeak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, LGTM!

@ben-harvey ben-harvey merged commit 87e5f8e into main Sep 27, 2022
@ben-harvey ben-harvey deleted the bharvey-ci branch September 27, 2022 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crbudzeak crbudzeak crbudzeak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ben-harvey @crbudzeak