Use check-push-rights and dash from kuksa-actions

eclipse · Oct 5, 2023 · cf75004 · cf75004
1 parent f716273
commit cf75004
Show file tree

Hide file tree

Showing 7 changed files with 70 additions and 140 deletions.
diff --git a/.github/actions/check-dash/action.yml b/.github/actions/check-dash/action.yml
diff --git a/.github/workflows/check_push_rights.yml b/.github/workflows/check_push_rights.yml
diff --git a/.github/workflows/kuksa-client.yml b/.github/workflows/kuksa-client.yml
@@ -30,13 +30,13 @@ concurrency:
       cancel-in-progress: true
 
 jobs:
-  checkrights:
-    uses: ./.github/workflows/check_push_rights.yml
+  check_ghcr_push:
+    uses: eclipse-kuksa/kuksa-actions/.github/workflows/check_ghcr_push.yml@2
     secrets: inherit
 
   build-docker:
     runs-on: self-hosted
-    needs: checkrights
+    needs: check_ghcr_push
 
     steps:
     - uses: actions/checkout@v3
@@ -67,7 +67,7 @@ jobs:
     #  uses: docker/setup-buildx-action@v2
 
     - name: Log in to the Container registry
-      if: needs.checkrights.outputs.have_secrets == 'true'
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/login-action@v2
       with:
           registry: ghcr.io
@@ -77,7 +77,7 @@ jobs:
           #password: ${{ secrets.PUSH_CONTAINER_TOKEN }}
 
     - name: Build kuksa command line client docker and push to ghcr.io
-      if: ${{ needs.checkrights.outputs.have_secrets == 'true' && github.event_name != 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/build-push-action@v4
       with:
         platforms: |
@@ -91,8 +91,8 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
 
     # Push currently disabled as it results in 413 Request Entity Too Large
-    - name: Build ephemereal kuksa command line client docker and push to ttl.sh
-      if:  ${{ needs.checkrights.outputs.have_secrets == 'false' || github.event_name == 'pull_request' }}
+    - name: Build ephemeral KUKSA command line client docker and push to ttl.sh
+      if: needs.check_ghcr_push.outputs.push == 'false'
       uses: docker/build-push-action@v4
       with:
         platforms: |

diff --git a/.github/workflows/kuksa_databroker-cli_build.yml b/.github/workflows/kuksa_databroker-cli_build.yml
@@ -36,38 +36,22 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Installing JVM
-        run: sudo apt update && sudo apt-get install -y default-jre
       - uses: actions/checkout@v3
       - name: cargo fmt
         working-directory: ${{github.workspace}}
         run: cargo fmt -- --check
       - name: cargo clippy
         working-directory: ${{github.workspace}}
         run: cargo clippy --all-targets -- -W warnings -D warnings
-
-      - name: "Createbom: License check and Dash output generation"
-        working-directory: ${{github.workspace}}/kuksa_databroker/createbom
-        run: |
-         cargo install cargo-license
-         python3 createbom.py --dash ${{github.workspace}}/dash-databroker-cli-deps ../databroker-cli
-
-      - name: Dash license check
-        uses: ./.github/actions/check-dash
-        with:
-          dashinput: ${{github.workspace}}/dash-databroker-cli-deps
-
-
-
-  checkrights:
-    uses: ./.github/workflows/check_push_rights.yml
+  check_ghcr_push:
+    uses: eclipse-kuksa/kuksa-actions/.github/workflows/check_ghcr_push.yml@2
     secrets: inherit
 
 # Run on selfhosted, because our runner has native ARM build in a remote
 # builder (no need for qemu)
   build-container:
     runs-on: [ self-hosted ]
-    needs: checkrights
+    needs: check_ghcr_push
 
     steps:
     - uses: actions/checkout@v3
@@ -98,7 +82,7 @@ jobs:
     #  uses: docker/setup-buildx-action@v2
 
     - name: Log in to the Container registry
-      if: needs.checkrights.outputs.have_secrets == 'true'
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/login-action@v2
       with:
           registry: ghcr.io
@@ -107,7 +91,7 @@ jobs:
 
     - name: Build kuksa.val databroker CLI container and push to ghcr.io (and ttl.sh)
       id: ghcr-build
-      if: ${{ needs.checkrights.outputs.have_secrets == 'true' && github.event_name != 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/build-push-action@v4
       with:
         platforms: |
@@ -121,8 +105,8 @@ jobs:
           ttl.sh/kuksa.val/kuksa-databroker-cli-${{github.sha}}
         labels: ${{ steps.meta.outputs.labels }}
 
-    - name: Build ephemereal kuksa.val databroker container and push to ttl.sh
-      if: ${{ needs.checkrights.outputs.have_secrets == 'false' || github.event_name == 'pull_request' }}
+    - name: Build ephemeral KUKSA Databroker container and push to ttl.sh
+      if: needs.check_ghcr_push.outputs.push == 'false'
       id: tmp-build
       uses: docker/build-push-action@v4
       with:
@@ -160,3 +144,22 @@ jobs:
         src: /app/
         export: true
         transform: s/app/databroker-cli/
+
+  bom:
+    name: Bill of Material Check
+    runs-on: ubuntu-latest
+    needs: build-container
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: "Createbom: License check and Dash output generation"
+        working-directory: ${{github.workspace}}/kuksa_databroker/createbom
+        run: |
+         cargo install cargo-license
+         python3 createbom.py --dash ${{github.workspace}}/dash-databroker-deps ../databroker
+
+      - name: Dash license check
+        uses: eclipse-kuksa/kuksa-actions/check-dash@2
+        with:
+          dashinput: ${{github.workspace}}/dash-databroker-deps
diff --git a/.github/workflows/kuksa_databroker_build.yml b/.github/workflows/kuksa_databroker_build.yml
@@ -36,8 +36,6 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Installing JVM
-        run: sudo apt update && sudo apt-get install -y default-jre
       - uses: actions/checkout@v3
       - name: cargo fmt
         working-directory: ${{github.workspace}}
@@ -46,17 +44,6 @@ jobs:
         working-directory: ${{github.workspace}}
         run: cargo clippy --all-targets -- -W warnings -D warnings
 
-      - name: "Createbom: License check and Dash output generation"
-        working-directory: ${{github.workspace}}/kuksa_databroker/createbom
-        run: |
-         cargo install cargo-license
-         python3 createbom.py --dash ${{github.workspace}}/dash-databroker-deps ../databroker
-
-      - name: Dash license check
-        uses: ./.github/actions/check-dash
-        with:
-          dashinput: ${{github.workspace}}/dash-databroker-deps
-
   test:
     name: Test
     runs-on: ubuntu-latest
@@ -92,15 +79,15 @@ jobs:
       #     minimum_coverage: 40
 
 
-  checkrights:
-    uses: ./.github/workflows/check_push_rights.yml
+  check_ghcr_push:
+    uses: eclipse-kuksa/kuksa-actions/.github/workflows/check_ghcr_push.yml@2
     secrets: inherit
 
 # Run on selfhosted, because our runner has native ARM build in a remote
 # builder (no need for qemu)
   build-container:
     runs-on: [ self-hosted ]
-    needs: checkrights
+    needs: check_ghcr_push
 
     steps:
     - uses: actions/checkout@v3
@@ -131,7 +118,7 @@ jobs:
     #  uses: docker/setup-buildx-action@v2
 
     - name: Log in to the Container registry
-      if: needs.checkrights.outputs.have_secrets == 'true'
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/login-action@v2
       with:
           registry: ghcr.io
@@ -140,7 +127,7 @@ jobs:
 
     - name: Build kuksa.val databroker container container and push to ghcr.io (and ttl.sh)
       id: ghcr-build
-      if: ${{ needs.checkrights.outputs.have_secrets == 'true' && github.event_name != 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/build-push-action@v4
       with:
         platforms: |
@@ -154,8 +141,8 @@ jobs:
           ttl.sh/kuksa.val/kuksa-databroker-${{github.sha}}
         labels: ${{ steps.meta.outputs.labels }}
 
-    - name: Build ephemereal kuksa.val databroker container and push to ttl.sh
-      if: ${{ needs.checkrights.outputs.have_secrets == 'false' || github.event_name == 'pull_request' }}
+    - name: Build ephemeral KUKSA Databroker container and push to ttl.sh
+      if: needs.check_ghcr_push.outputs.push == 'false'
       id: tmp-build
       uses: docker/build-push-action@v4
       with:
@@ -208,3 +195,22 @@ jobs:
           DATABROKER_IMAGE: ttl.sh/kuksa.val/kuksa-databroker-${{github.sha}}
         run: |
           ${{github.workspace}}/kuksa_databroker/integration_test/run.sh
+
+  bom:
+    name: Bill of Material Check
+    runs-on: ubuntu-latest
+    needs: build-container
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: "Createbom: License check and Dash output generation"
+        working-directory: ${{github.workspace}}/kuksa_databroker/createbom
+        run: |
+         cargo install cargo-license
+         python3 createbom.py --dash ${{github.workspace}}/dash-databroker-deps ../databroker
+
+      - name: Dash license check
+        uses: eclipse-kuksa/kuksa-actions/check-dash@2
+        with:
+          dashinput: ${{github.workspace}}/dash-databroker-deps
diff --git a/.github/workflows/kuksa_val_docker.yml b/.github/workflows/kuksa_val_docker.yml
@@ -16,13 +16,13 @@ concurrency:
       cancel-in-progress: true
 
 jobs:
-  checkrights:
-    uses: ./.github/workflows/check_push_rights.yml
+  check_ghcr_push:
+    uses: eclipse-kuksa/kuksa-actions/.github/workflows/check_ghcr_push.yml@2
     secrets: inherit
 
   build:
     runs-on: [ self-hosted ]
-    needs: checkrights
+    needs: check_ghcr_push
 
     steps:
     - uses: actions/checkout@v3
@@ -45,17 +45,15 @@ jobs:
           type=semver,pattern={{major}}
 
     - name: Log in to the Container registry
-      if: needs.checkrights.outputs.have_secrets == 'true'
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/login-action@v2
       with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-#push to ghcr if we have rights, AND thisis not a PR (current settings in Eclipse orga do not
-#seem to allow us to ever delete pushed images, so try not to push PR images
     - name: Build kuksa.val server container and push to ghcr.io
-      if: ${{ needs.checkrights.outputs.have_secrets == 'true' && github.event_name != 'pull_request' }}
+      if: needs.check_ghcr_push.outputs.push == 'true'
       uses: docker/build-push-action@v4
       with:
         platforms: |
@@ -69,8 +67,8 @@ jobs:
           ttl.sh/kuksa.val/kuksa-server-${{github.sha}}
         labels: ${{ steps.meta.outputs.labels }}
 
-    - name: Build ephemereal kuksa-val docker and push to ttl.sh
-      if: ${{ needs.checkrights.outputs.have_secrets == 'false' || github.event_name == 'pull_request' }}
+    - name: Build ephemeral KUKSA Server docker and push to ttl.sh
+      if: needs.check_ghcr_push.outputs.push == 'false'
       uses: docker/build-push-action@v4
       with:
         platforms: |