From fd0ce7f29035edce0589b9da2e1ad6e1ea8b8357 Mon Sep 17 00:00:00 2001 From: ArnaudTa <33383276+ArnaudTA@users.noreply.github.com> Date: Sun, 16 Mar 2025 21:55:15 +0100 Subject: [PATCH] chore: :green_heart: variabilize ci --- .github/ISSUE_TEMPLATE/config.yml | 4 ++-- .github/workflows/build.yml | 28 ++++++++++++++++++++++------ .github/workflows/cd.yml | 2 +- .github/workflows/scan.yml | 23 +++++++++++++++++++---- ci/scripts/run-tests.sh | 4 ++-- 5 files changed, 46 insertions(+), 15 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index b565340e..75256e22 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,8 +1,8 @@ blank_issues_enabled: true contact_links: - name: 📚 Documentation - url: https://cloud-pi-native.fr + url: https://pas.encore.de.site about: Cet outil de suivi des problèmes n'est pas destiné aux problèmes de documentation. Veuillez ouvrir un ticket sur le dépôt de documentation. - name: 🚀 Déploiement - url: https://github.com/cloud-pi-native/socle + url: https://github.com/Kontainer/socle about: Cet outil de suivi des problèmes n'est pas destiné aux problèmes de déploiement de la plateforme. Veuillez ouvrir un ticket sur le dépôt de socle. diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8f374654..3270bf7e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -45,9 +45,8 @@ on: default: ghcr.io NAMESPACE: description: Target namespace to the given registry - required: true + required: false type: string - default: cloud-pi-native/console BUILD_AMD64: description: Build for amd64 required: true @@ -69,6 +68,21 @@ on: type: number jobs: + expose-vars: + runs-on: ubuntu-latest + if: ${{ !github.event.pull_request.draft }} + outputs: + REGISTRY_NAMESPACE: ${{ steps.set-default.outputs.REGISTRY_NAMESPACE }} + steps: + - name: Set Default Repository Name + id: set-default + run: | + REGISTRY_NAMESPACE=${{ inputs.NAMESPACE }} + if [[ -z "$REGISTRY_NAMESPACE" ]]; then + REGISTRY_NAMESPACE="${{ github.repository }}" + fi + echo "REGISTRY_NAMESPACE=$REGISTRY_NAMESPACE" >> $GITHUB_OUTPUT + matrix: name: Generate matrix runs-on: ubuntu-latest @@ -94,6 +108,7 @@ jobs: runs-on: ${{ matrix.runners }} needs: - matrix + - expose-vars strategy: matrix: runners: ${{ (inputs.BUILD_AMD64 && inputs.BUILD_ARM64 && !inputs.USE_QEMU && fromJson('["ubuntu-latest", "ARM64"]')) || (inputs.BUILD_ARM64 && !inputs.USE_QEMU && fromJson('["ARM64"]')) || fromJson('["ubuntu-latest"]') }} @@ -138,7 +153,7 @@ jobs: file: ${{ matrix.images.build.dockerfile }} provenance: false platforms: ${{ (inputs.BUILD_AMD64 && inputs.BUILD_ARM64 && inputs.USE_QEMU && 'linux/amd64,linux/arm64') || (inputs.BUILD_ARM64 && 'linux/arm64') || (inputs.BUILD_AMD64 && 'linux/amd64') }} - outputs: type=image,name=${{ inputs.REGISTRY }}/${{ inputs.NAMESPACE }}/${{ matrix.images.name }},push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name=${{ inputs.REGISTRY }}/${{ needs.expose-vars.outputs.REGISTRY_NAMESPACE }}/${{ matrix.images.name }},push-by-digest=true,name-canonical=true,push=true build-args: | APP_VERSION=${{ inputs.TAG || steps.short-sha.outputs.SHORT_SHA }} # cache-from: type=gha @@ -174,6 +189,7 @@ jobs: needs: - matrix - build + - expose-vars strategy: matrix: images: ${{ fromJSON(needs.matrix.outputs.build-matrix) }} @@ -192,7 +208,7 @@ jobs: id: meta uses: docker/metadata-action@v5 with: - images: ${{ inputs.REGISTRY }}/${{ inputs.NAMESPACE }}/${{ matrix.images.name }} + images: ${{ inputs.REGISTRY }}/${{ needs.expose-vars.outputs.REGISTRY_NAMESPACE }}/${{ matrix.images.name }} tags: | type=raw,value=${{ needs.matrix.outputs.lower-branch }},enable=${{ github.head_ref != 'main' }} type=raw,value=${{ inputs.TAG }},enable=${{ inputs.TAG != '' }} @@ -212,11 +228,11 @@ jobs: working-directory: /tmp/digests/${{ matrix.images.name }} run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ inputs.REGISTRY }}/${{ inputs.NAMESPACE }}/${{ matrix.images.name }}@sha256:%s ' *) + $(printf '${{ inputs.REGISTRY }}/${{ needs.expose-vars.outputs.REGISTRY_NAMESPACE }}/${{ matrix.images.name }}@sha256:%s ' *) - name: Inspect image run: | - docker buildx imagetools inspect ${{ inputs.REGISTRY }}/${{ inputs.NAMESPACE }}/${{ matrix.images.name }}:${{ steps.meta.outputs.version }} + docker buildx imagetools inspect ${{ inputs.REGISTRY }}/${{ needs.expose-vars.outputs.REGISTRY_NAMESPACE }}/${{ matrix.images.name }}:${{ steps.meta.outputs.version }} preview: name: Redeploy preview app diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 27e9ea66..687ff47e 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -93,4 +93,4 @@ jobs: env: GH_TOKEN: ${{ secrets.HELM_CHART_TOKEN }} run: | - gh workflow --repo cloud-pi-native/helm-charts run update-chart.yaml -f APP_VERSION=${{ needs.release.outputs.major-tag }}.${{ needs.release.outputs.minor-tag }}.${{ needs.release.outputs.patch-tag }} -f CHART_NAME=dso-console + gh workflow --repo ${{ github.repository_owner }}/helm-charts run update-chart.yaml -f APP_VERSION=${{ needs.release.outputs.major-tag }}.${{ needs.release.outputs.minor-tag }}.${{ needs.release.outputs.patch-tag }} -f CHART_NAME=dso-console diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 59ca1552..f6a81cba 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -21,9 +21,8 @@ on: default: ghcr.io NAMESPACE: description: Target namespace to the given registry - required: true + required: false type: string - default: cloud-pi-native/console TAG: description: Tag used to scan images required: true @@ -31,6 +30,21 @@ on: default: latest jobs: + expose-vars: + runs-on: ubuntu-latest + if: ${{ !github.event.pull_request.draft }} + outputs: + REGISTRY_NAMESPACE: ${{ steps.set-default.outputs.REGISTRY_NAMESPACE }} + steps: + - name: Set Default Repository Name + id: set-default + run: | + REGISTRY_NAMESPACE=${{ inputs.NAMESPACE }} + if [[ -z "$REGISTRY_NAMESPACE" ]]; then + REGISTRY_NAMESPACE="${{ github.repository }}" + fi + echo "REGISTRY_NAMESPACE=$REGISTRY_NAMESPACE" >> $GITHUB_OUTPUT + matrix: name: Generate matrix runs-on: ubuntu-latest @@ -50,6 +64,7 @@ jobs: runs-on: ubuntu-latest needs: - matrix + - expose-vars strategy: matrix: images: ${{ fromJSON(needs.matrix.outputs.build-matrix) }} @@ -60,7 +75,7 @@ jobs: - name: Run Trivy vulnerability scanner on images uses: aquasecurity/trivy-action@master with: - image-ref: "${{ inputs.REGISTRY }}/${{ inputs.NAMESPACE }}/${{ matrix.images.name }}:${{ inputs.TAG }}" + image-ref: "${{ inputs.REGISTRY }}/${{ needs.expose-vars.outputs.REGISTRY_NAMESPACE }}/${{ matrix.images.name }}:${{ inputs.TAG }}" format: template template: "@/contrib/sarif.tpl" vuln-type: "os,library" @@ -78,7 +93,7 @@ jobs: - name: Warn about error if: failure() run: | - echo ":warning: The Trivy scan report for image `${{ inputs.REGISTRY }}/${{ inputs.NAMESPACE }}/${{ matrix.images.name }}:${{ inputs.TAG }}` was not successfully completed and could not be uploaded to the Github Security Panel." >> $GITHUB_STEP_SUMMARY + echo ":warning: The Trivy scan report for image `${{ inputs.REGISTRY }}/${{ needs.expose-vars.outputs.REGISTRY_NAMESPACE }}/${{ matrix.images.name }}:${{ inputs.TAG }}` was not successfully completed and could not be uploaded to the Github Security Panel." >> $GITHUB_STEP_SUMMARY config-scan: name: Scan config files vulnerabilities diff --git a/ci/scripts/run-tests.sh b/ci/scripts/run-tests.sh index 66307719..fae1d025 100755 --- a/ci/scripts/run-tests.sh +++ b/ci/scripts/run-tests.sh @@ -169,8 +169,8 @@ if [ "$RUN_E2E_TESTS" == "true" ]; then npm run kube:e2e-ci -- --cache-dir=.turbo/cache --log-order=stream $BROWSER_ARGS else if [[ -n "$TAG" ]]; then - docker pull ghcr.io/cloud-pi-native/console/server:$TAG && docker tag ghcr.io/cloud-pi-native/console/server:$TAG dso-console/server:prod - docker pull ghcr.io/cloud-pi-native/console/client:$TAG && docker tag ghcr.io/cloud-pi-native/console/client:$TAG dso-console/client:prod + docker pull ghcr.io/kontainerizr/console/server:$TAG && docker tag ghcr.io/kontainerizr/console/server:$TAG dso-console/server:prod + docker pull ghcr.io/kontainerizr/console/client:$TAG && docker tag ghcr.io/kontainerizr/console/client:$TAG dso-console/client:prod fi npm run docker:e2e-ci -- --cache-dir=.turbo/cache --log-order=stream $BROWSER_ARGS fi