Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Always build & test Zarf Agent during pull requests; publish latest Zarf Agent on release #651

Merged
merged 21 commits into from
Aug 1, 2022
Merged
Show file tree
Hide file tree
Changes from 19 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 33 additions & 26 deletions .github/workflows/build-rust-injector.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
name: Build Rust Binary

env:
zarfInjectorPath: 'src/injector/stage1/target/x86_64-unknown-linux-musl/release/zarf-injector'
name: Publish Injector Stage I

on:
workflow_dispatch:
Expand All @@ -12,48 +9,58 @@ on:
branchName:
description: "Branch to build the injector from"
required: false
default: 'master'
default: "master"

jobs:
build-injector:
runs-on: ubuntu-latest
runs-on: self-hosted
steps:
- name: "Dependency: Install cosign"
uses: sigstore/[email protected]

- name: "Dependency: Setup rust toolchain"
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path
echo "$HOME/.cargo/bin" >> $GITHUB_PATH

- name: "Checkout Repo"
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.branchName }}

- name: "Install cosign"
uses: sigstore/[email protected]

- name: "Install Rust And Build"
uses: gmiam/[email protected]
with:
args: cargo build --target x86_64-unknown-linux-musl --release --manifest-path src/injector/stage1/Cargo.toml
- name: "Build Rust Binary for x86_64"
working-directory: src/injector/stage1
run: |
cargo build --target x86_64-unknown-linux-musl --release
strip target/x86_64-unknown-linux-musl/release/zarf-injector

- name: "Strip The Binary Down"
run: sudo strip ${{ env.zarfInjectorPath }}

- name: "Upload Rust Binary"
uses: actions/upload-artifact@v3
with:
name: zarf-injector
path: ${{ env.zarfInjectorPath }}
- name: "Build Rust Binary for aarch64"
working-directory: src/injector/stage1
run: |
rustup target add aarch64-unknown-linux-musl
curl https://musl.cc/aarch64-linux-musl-cross.tgz | tar -xz
export PATH="$PWD/aarch64-linux-musl-cross/bin:$PATH"
cargo build --target aarch64-unknown-linux-musl --release
aarch64-linux-musl-strip target/aarch64-unknown-linux-musl/release/zarf-injector

- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: "Upload Binary To DockerHub"
run: cosign upload blob -f ${{ env.zarfInjectorPath }} defenseunicorns/zarf-injector:${{ github.event.inputs.versionTag }}
- name: "Upload Binaries To DockerHub"
working-directory: src/injector/stage1/target
run: |
cosign upload blob -f x86_64-unknown-linux-musl/release/zarf-injector defenseunicorns/zarf-injector:amd64-${{ github.event.inputs.versionTag }}
cosign upload blob -f aarch64-unknown-linux-musl/release/zarf-injector defenseunicorns/zarf-injector:arm64-${{ github.event.inputs.versionTag }}

- name: "Sign the binary"
run: cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:${{ github.event.inputs.versionTag }}
- name: "Sign the binaries"
run: |
cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:amd64-${{ github.event.inputs.versionTag }}
cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:arm64-${{ github.event.inputs.versionTag }}
env:
COSIGN_EXPERIMENTAL: 1
AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.COSIGN_AWS_ACCESS_KEY }}

66 changes: 0 additions & 66 deletions .github/workflows/build-zarf-agent.yml

This file was deleted.

21 changes: 13 additions & 8 deletions .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,21 @@ name: docs
on:
pull_request:
paths:
- '**.md'
- '**.jpg'
- '**.png'
- '**.gif'
- '**.svg'
- 'adr/**'
- 'docs/**'
- "**.md"
- "**.jpg"
- "**.png"
- "**.gif"
- "**.svg"
- "adr/**"
- "docs/**"

# Abort prior jobs in the same workflow / PR
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
validate:
runs-on: ubuntu-latest
steps:
- run: 'echo "Not required, non-code changes only." '
- run: 'echo "Not required, non-code changes only." '
10 changes: 7 additions & 3 deletions .github/workflows/labels.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,15 @@ on:
pull_request:
types: [labeled, unlabeled, opened, edited, synchronize]

# Abort prior jobs in the same workflow / PR
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
enforce:
runs-on: ubuntu-latest
steps:
- uses: yogevbd/[email protected]
with:
BANNED_LABELS: "needs-docs,needs-tests,needs-adr,needs-git-sign-off"
- uses: yogevbd/[email protected]
with:
BANNED_LABELS: "needs-docs,needs-tests,needs-adr,needs-git-sign-off"
56 changes: 39 additions & 17 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,31 +3,56 @@ name: Publish Zarf Packages on Tag
on:
push:
tags:
- 'v*'
- "v*"

jobs:
push-resources:
runs-on: self-hosted
steps:
- name: Install GoLang
- name: "Dependency: Install Golang"
uses: actions/setup-go@v3
with:
go-version: 1.18.x

- name: Checkout Repo
- name: "Dependency: Install Docker Buildx"
id: buildx
uses: docker/setup-buildx-action@v2

- name: "Checkout Repo"
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: "Setup caching"
uses: actions/cache@v3
- name: "Build CLI"
run: make build-cli-linux

- name: "Zarf Agent: Login to Docker Hub"
uses: docker/login-action@v2
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: "Zarf Agent: Build and Publish the Image"
run: |
cp build/zarf build/zarf-linux-amd64 && cp build/zarf-arm build/zarf-linux-arm64
docker buildx build --push linux/arm64/v8,linux/amd64 --tag defenseunicorns/zarf-agent:$GITHUB_REF_NAME .

- name: "Zarf Agent: Sign the Image"
run: cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=$GITHUB_REF_NAME defenseunicorns/zarf-agent:$GITHUB_REF_NAME
env:
COSIGN_EXPERIMENTAL: 1
AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.COSIGN_AWS_ACCESS_KEY }}

# Builds init packages since GoReleaser won't handle this for us
- name: "Build init-packages For Release"
run: |
make init-package ARCH=amd64 AGENT_IMAGE=defenseunicorns/zarf-agent:$GITHUB_REF_NAME
make init-package ARCH=arm64 AGENT_IMAGE=defenseunicorns/zarf-agent:$GITHUB_REF_NAME

- name: "Run Tests"
run: sudo env "PATH=$PATH" CI=true APPLIANCE_MODE=true make test-e2e ARCH=amd64

# Set up AWS credentials for GoReleaser to upload backups of artifacts to S3
- name: Set AWS Credentials
Expand All @@ -37,12 +62,6 @@ jobs:
aws-secret-access-key: ${{ secrets.AWS_GOV_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1

# Builds init packages since GoReleaser won't handle this for us
- name: "Build init-packages For Release"
run: |
make build-cli-linux-amd init-package ARCH=amd64
make init-package ARCH=arm64

# Create the GitHub release notes, upload artifact backups to S3, publish homebrew recipe
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v3
Expand All @@ -53,3 +72,6 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.ZARF_ORG_PROJECT_TOKEN }}

- name: "Cleanup"
run: sudo make destroy
30 changes: 25 additions & 5 deletions .github/workflows/test-k3d.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,26 +10,46 @@ on:
- "adr/**"
- "docs/**"

# Abort prior jobs in the same workflow / PR
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
validate:
runs-on: self-hosted
steps:
- name: "Install GoLang"
- name: "Dependency: Install Golang"
uses: actions/setup-go@v3
with:
go-version: 1.18.x

- name: "Checkout Repo"
uses: actions/checkout@v3
- name: "Dependency: Install Docker Buildx"
id: buildx
uses: docker/setup-buildx-action@v2

- name: "K3d cluster init"
- name: "Dependency: K3d cluster init"
run: k3d cluster delete && k3d cluster create

- name: "Checkout Repo"
uses: actions/checkout@v3

- name: "Build CLI"
run: make build-cli-linux-amd ARCH=amd64

- name: "Zarf Agent: Login to Docker Hub"
uses: docker/login-action@v2
with:
username: zarfdev
password: ${{ secrets.ZARF_DEV_DOCKERHUB }}

- name: "Zarf Agent: Build and Publish the Image"
run: |
cp build/zarf build/zarf-linux-amd64
docker buildx build --push --platform linux/amd64 --tag zarfdev/agent:$GITHUB_SHA .

- name: "Make Packages"
run: make init-package build-examples ARCH=amd64
run: make init-package build-examples ARCH=amd64 AGENT_IMAGE=zarfdev/agent:$GITHUB_SHA

- name: "Run Tests"
# NOTE: This test run will create its own K3d cluster. A single cluster will be used throughout the test run.
Expand Down
24 changes: 22 additions & 2 deletions .github/workflows/test-k3s.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,23 +10,43 @@ on:
- "adr/**"
- "docs/**"

# Abort prior jobs in the same workflow / PR
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
validate:
runs-on: self-hosted
steps:
- name: "Install GoLang"
- name: "Dependency: Install Golang"
uses: actions/setup-go@v3
with:
go-version: 1.18.x

- name: "Dependency: Install Docker Buildx"
id: buildx
uses: docker/setup-buildx-action@v2

- name: "Checkout Repo"
uses: actions/checkout@v3

- name: "Build CLI"
run: make build-cli-linux-amd ARCH=amd64

- name: "Zarf Agent: Login to Docker Hub"
uses: docker/login-action@v2
with:
username: zarfdev
password: ${{ secrets.ZARF_DEV_DOCKERHUB }}

- name: "Zarf Agent: Build and Publish the Image"
run: |
cp build/zarf build/zarf-linux-amd64
docker buildx build --push --platform linux/amd64 --tag zarfdev/agent:$GITHUB_SHA .

- name: "Make Packages"
run: make init-package build-examples ARCH=amd64
run: make init-package build-examples ARCH=amd64 AGENT_IMAGE=zarfdev/agent:$GITHUB_SHA

- name: "Run Tests"
# NOTE: "PATH=$PATH" preserves the default user $PATH. This is needed to maintain the version of go installed
Expand Down
Loading