Skip to content

Commit

Permalink
add new agents helm template base.
Browse files Browse the repository at this point in the history
Signed-off-by: kpango <[email protected]>
  • Loading branch information
kpango committed Mar 13, 2023
1 parent 089d2ac commit cb51ed1
Show file tree
Hide file tree
Showing 97 changed files with 7,603 additions and 3,667 deletions.
3 changes: 3 additions & 0 deletions .github/actions/detect-docker-image-tags/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ inputs:
description: "image names"
required: false
default: "vdaas/vald-agent-ngt \
vdaas/vald-agent-qbg \
vdaas/vald-agent-sidecar \
vdaas/vald-discoverer-k8s \
vdaas/vald-lb-gateway \
vdaas/vald-manager-index"
Expand All @@ -43,6 +45,7 @@ runs:
run: |
declare -A m=(
["vdaas/vald-agent-ngt"]="agent.image.tag"
["vdaas/vald-agent-qbg"]="agent.image.tag"
["vdaas/vald-agent-sidecar"]="agent.sidecar.image.tag"
["vdaas/vald-discoverer-k8s"]="discoverer.image.tag"
["vdaas/vald-lb-gateway"]="gateway.lb.image.tag"
Expand Down
2 changes: 2 additions & 0 deletions .github/actions/wait-for-docker-image/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ inputs:
description: "image names"
required: false
default: "vdaas/vald-agent-ngt \
vdaas/vald-agent-qbg \
vdaas/vald-agent-sidecar \
vdaas/vald-discoverer-k8s \
vdaas/vald-lb-gateway \
vdaas/vald-manager-index"
Expand Down
153 changes: 153 additions & 0 deletions .github/workflows/dockers-agent-qbg-image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
#
# Copyright (C) 2019-2023 vdaas.org vald team <[email protected]>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: "Build docker image: agent-qbg"
on:
push:
branches:
- main
tags:
- "*.*.*"
- "v*.*.*"
- "*.*.*-*"
- "v*.*.*-*"
paths:
- ".github/actions/docker-build/actions.yaml"
- ".github/workflows/dockers-agent-qbg-image.yml"
- "go.mod"
- "go.sum"
- "internal/**"
- "!internal/**/*_test.go"
- "!internal/db/**"
- "!internal/k8s/**"
- "apis/grpc/**"
- "pkg/agent/core/qbg/**"
- "cmd/agent/core/qbg/**"
- "dockers/agent/core/qbg/Dockerfile"
- "versions/GO_VERSION"
- "versions/NGT_VERSION"
pull_request:
paths:
- ".github/actions/docker-build/actions.yaml"
- ".github/workflows/dockers-agent-qbg-image.yml"
- "go.mod"
- "go.sum"
- "internal/**"
- "!internal/**/*_test.go"
- "!internal/db/**"
- "!internal/k8s/**"
- "apis/grpc/**"
- "pkg/agent/core/qbg/**"
- "cmd/agent/core/qbg/**"
- "dockers/agent/core/qbg/Dockerfile"
- "versions/GO_VERSION"
- "versions/NGT_VERSION"
pull_request_target:
paths:
- ".github/actions/docker-build/actions.yaml"
- ".github/workflows/dockers-agent-qbg-image.yml"
- "go.mod"
- "go.sum"
- "internal/**"
- "!internal/**/*_test.go"
- "!internal/db/**"
- "!internal/k8s/**"
- "apis/grpc/**"
- "pkg/agent/core/qbg/**"
- "cmd/agent/core/qbg/**"
- "dockers/agent/core/qbg/Dockerfile"
- "versions/GO_VERSION"
- "versions/NGT_VERSION"

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ github.event_name }}
cancel-in-progress: true

jobs:
build:
strategy:
max-parallel: 4
runs-on: ubuntu-latest
if: ${{ (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) || (github.event.pull_request.head.repo.fork == true && github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'ci/approved')) }}
steps:
- uses: actions/checkout@v3
- name: set git config
run: |
git config --global --add safe.directory ${GITHUB_WORKSPACE}
- name: Setup QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: all
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
with:
buildkitd-flags: "--debug"
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASS }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.PACKAGE_USER }}
password: ${{ secrets.PACKAGE_TOKEN }}
- name: Build and Publish
id: build_and_publish
uses: ./.github/actions/docker-build
with:
target: agent-qbg
builder: ${{ steps.buildx.outputs.name }}
- name: Initialize CodeQL
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/init@v2
- name: Run vulnerability scanner (table)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}"
format: "table"
- name: Run vulnerability scanner (sarif)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.build_and_publish.outputs.IMAGE_NAME }}:${{ steps.build_and_publish.outputs.PRIMARY_TAG }}"
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-results.sarif"
- name: Upload Trivy scan results to Security tab
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: "trivy-results.sarif"
slack:
name: Slack notification
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' || startsWith( github.ref, 'refs/tags/')
steps:
- uses: technote-space/workflow-conclusion-action@v2
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: 8398a7/action-slack@v3
with:
author_name: agent-qbg image build
status: ${{ env.WORKFLOW_CONCLUSION }}
only_mention_fail: channel
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_NOTIFY_WEBHOOK_URL }}
33 changes: 33 additions & 0 deletions .github/workflows/dockers-image-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,39 @@ jobs:
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: "trivy-results.sarif"
agent-qbg:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: set git config
run: |
git config --global --add safe.directory ${GITHUB_WORKSPACE}
- name: Build the Docker image
id: build_image
run: |
make docker/build/agent-qbg
imagename=`make docker/name/agent-qbg`
docker tag ${imagename} ${imagename}:${{ github.sha }}
echo "IMAGE_NAME=${imagename}" >> $GITHUB_OUTPUT
env:
DOCKER_BUILDKIT: 1
- name: Run vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}"
format: "table"
- name: Run vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}"
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-results.sarif"
severity: "HIGH,CRITICAL"
- name: Upload Trivy scan results to Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: "trivy-results.sarif"
agent-sidecar:
runs-on: ubuntu-latest
steps:
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -47,5 +47,6 @@ hack/go.mod.default3

# for mac
.DS_Store
.nvimlog

telepresence.log
Empty file removed .nvimlog
Empty file.
Loading

0 comments on commit cb51ed1

Please sign in to comment.