Skip to content

Commit

Permalink
change login user and token for ghcr.io & small refactor (#2268)
Browse files Browse the repository at this point in the history
Signed-off-by: kpango <[email protected]>
  • Loading branch information
kpango authored and ykadowak committed Dec 20, 2023
1 parent b7b3c17 commit 6f10e65
Show file tree
Hide file tree
Showing 82 changed files with 6,425 additions and 441 deletions.
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,4 @@ assignees: ""
- Go Version: 1.21.5
- Docker Version: 20.10.8
- Kubernetes Version: v1.28.4
- NGT Version: 2.1.5
- NGT Version: 2.1.6
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/security_issue_report.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ assignees: ""
- Go Version: 1.21.5
- Docker Version: 20.10.8
- Kubernetes Version: v1.28.4
- NGT Version: 2.1.5
- NGT Version: 2.1.6
2 changes: 1 addition & 1 deletion .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
- Go Version: 1.21.5
- Docker Version: 20.10.8
- Kubernetes Version: v1.28.4
- NGT Version: 2.1.5
- NGT Version: 2.1.6

### Checklist:

Expand Down
1 change: 1 addition & 0 deletions .github/actions/docker-build/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ runs:
make \
REMOTE="true" \
DOCKER="docker" \
BUILDKIT_INLINE_CACHE=0 \
DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${LABEL_OPTS} --label org.opencontainers.image.version=${PRIMARY_TAG} --label org.opencontainers.image.title=${TARGET}" \
EXTRA_TAGS="${EXTRA_TAGS}" \
TAG="${PRIMARY_TAG}" \
Expand Down
17 changes: 10 additions & 7 deletions .github/workflows/_docker-image-scan.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,28 +21,31 @@ on:
type: string
description: "Build target. e.g. `agent-ngt`"
required: true

jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- uses: actions/checkout@v4
- name: Set Git config
run: |
git config --global --add safe.directory ${GITHUB_WORKSPACE}
- name: Build the Docker image
id: build_image
run: |
make docker/build/${TARGET}
make \
REMOTE="false" \
DOCKER="docker" \
BUILDKIT_INLINE_CACHE=0 \
DOCKER_OPTS="${LABEL_OPTS} --label org.opencontainers.image.version=${PRIMARY_TAG} --label org.opencontainers.image.title=${TARGET}" \
TAG="${PRIMARY_TAG}" \
docker/build/${TARGET}
imagename=`make docker/name/${TARGET}`
docker tag ${imagename} ${imagename}:${{ github.sha }}
echo "IMAGE_NAME=${imagename}" >> $GITHUB_OUTPUT
env:
DOCKER_BUILDKIT: 1
TARGET: ${{ inputs.target }}

LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}"
PRIMARY_TAG: ${{ github.sha }}
- name: Scan the Docker image
uses: ./.github/actions/scan-docker-image
with:
Expand Down
38 changes: 17 additions & 21 deletions .github/workflows/_docker-image.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,18 +26,15 @@ on:
description: "If it is specified, specified platforms will be used."
required: false
default: ""

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref != 'refs/heads/main' && github.ref || github.sha }}-${{ github.event_name }}-${{ inputs.target }}
cancel-in-progress: true

jobs:
dump-contexts-to-log:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/dump-context

build:
runs-on: ubuntu-latest
if: ${{ (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) || (github.event.pull_request.head.repo.fork == true && github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'ci/approved')) || (github.event_name == 'push' && github.ref == 'refs/heads/main') || startsWith( github.ref, 'refs/tags/') }}
Expand All @@ -50,59 +47,58 @@ jobs:
else
echo ref=${{ github.sha }} >> $GITHUB_OUTPUT
fi
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
ref: ${{ steps.ref.outputs.ref }}

- name: Set Git config
run: |
git config --global --add safe.directory ${GITHUB_WORKSPACE}
- name: Setup QEMU
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v3
with:
platforms: all

image: tonistiigi/binfmt:master
platforms: linux/amd64,linux/arm64
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
with:
buildkitd-flags: "--debug"

version: latest
platforms: linux/amd64,linux/arm64
driver-opts: |
image=moby/buildkit:master
network=host
buildkitd-flags: "--debug --oci-worker-gc=false"
- name: Login to DockerHub
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASS }}

- name: Login to GitHub Container Registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
username: ${{ secrets.PACKAGE_USER }}
password: ${{ secrets.PACKAGE_TOKEN }}

- name: Build and Publish
id: build_and_publish
uses: ./.github/actions/docker-build
with:
target: ${{ inputs.target }}
platforms: ${{ inputs.platforms }}
builder: ${{ steps.buildx.outputs.name }}

- name: Scan the Docker image
if: startsWith( github.ref, 'refs/tags/')
uses: ./.github/actions/scan-docker-image
with:
image_ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}"

slack:
runs-on: ubuntu-latest
needs: [build]
if: github.ref == 'refs/heads/main' || startsWith( github.ref, 'refs/tags/')
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/notify-slack
with:
author_name: ${{ inputs.target }} image build
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/build-binaries.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,15 @@ jobs:
dump-contexts-to-log:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/dump-context

build-linux:
runs-on: ubuntu-latest
container:
image: ghcr.io/vdaas/vald/vald-ci-container:nightly
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 10

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/build-protobuf.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,15 @@ jobs:
dump-contexts-to-log:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/dump-context

build:
runs-on: ubuntu-latest
container:
image: ghcr.io/vdaas/vald/vald-ci-container:nightly
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4

- name: Set Git config
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/chatops-help.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
dump-contexts-to-log:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/dump-context

print:
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/chatops.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
dump-contexts-to-log:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/dump-context

label:
Expand Down Expand Up @@ -131,7 +131,7 @@ jobs:
BRANCH: ${{ steps.check_comments_rebase.outputs.BRANCH_NAME }}
USERNAME: ${{ steps.check_comments_rebase.outputs.COMMENTER_USERNAME }}

- uses: actions/checkout@v3
- uses: actions/checkout@v4
if: steps.check_comments_rebase.outputs.BOOL_TRIGGERED == 'true' && steps.check_permissions.outputs.EXECUTABLE == 'true'
with:
fetch-depth: 0
Expand Down Expand Up @@ -216,7 +216,7 @@ jobs:
PR_AUTHOR: ${{ github.event.issue.user.login }}
API_URL: ${{ github.event.issue.comments_url }}

- uses: actions/checkout@v3
- uses: actions/checkout@v4
if: steps.check_comments_gen_test.outputs.BOOL_TRIGGERED == 'true' && steps.check_permissions.outputs.EXECUTABLE == 'true'
with:
fetch-depth: 0
Expand Down Expand Up @@ -340,7 +340,7 @@ jobs:
USERNAME: ${{ steps.check_comments_format.outputs.COMMENTER_USERNAME }}
API_URL: ${{ github.event.issue.comments_url }}

- uses: actions/checkout@v3
- uses: actions/checkout@v4
if: steps.check_comments_format.outputs.BOOL_TRIGGERED == 'true' && steps.check_permissions.outputs.EXECUTABLE == 'true'
with:
fetch-depth: 0
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
dump-contexts-to-log:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/dump-context

codeql-build:
Expand All @@ -46,7 +46,7 @@ jobs:
image: ghcr.io/vdaas/vald/vald-ci-container:nightly
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/coverage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,15 @@ jobs:
dump-contexts-to-log:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/dump-context

coverage:
runs-on: ubuntu-latest
container:
image: ghcr.io/vdaas/vald/vald-ci-container:nightly
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 10

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/detect-internal-config-changes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
dump-contexts-to-log:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/dump-context

warning:
Expand Down
52 changes: 33 additions & 19 deletions .github/workflows/dockers-image-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,54 +17,68 @@ name: "Docker image scanning"
on:
schedule:
- cron: "0 1 * * *"

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref != 'refs/heads/main' && github.ref || github.sha }}-${{ github.event_name }}
cancel-in-progress: true

jobs:
dump-contexts-to-log:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: ./.github/actions/dump-context

agent-ngt:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: agent-ngt

agent-sidecar:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: agent-sidecar

ci-container:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: ci-container
dev-container:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: dev-container
discoverer-k8s:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: discoverer-k8s

manager-index:
gateway-lb:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: manager-index

operator-helm:
target: gateway-lb
gateway-filter:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: operator/helm

target: gateway-filter
index-correction:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: index-correction
index-creation:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: index-creation
index-save:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: index-save
loadtest:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: loadtest

gateway-lb:
manager-index:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: gateway-lb

gateway-filter:
target: manager-index
operator-helm:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: gateway-filter
target: operator/helm
readreplica-rotate:
uses: ./.github/workflows/_docker-image-scan.yaml
with:
target: readreplica-rotate
Loading

0 comments on commit 6f10e65

Please sign in to comment.