From 30b3e2e954c913ca0c01fb534c5af253747dfe34 Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Tue, 14 Jan 2025 11:35:09 +0100 Subject: [PATCH 1/9] chore: increase scan timeout --- .github/workflows/kubernetes.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index 67560e5..fd7dd17 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -232,6 +232,8 @@ jobs: severity: ${{ env.IMAGE_SCAN_SEVERITY }} severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }} + env: + TRIVY_TIMEOUT: 10m - name: Push image to GitHub run: | docker push -a ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }} From 977c1c57a20663873d9115613e4a8db09314cf22 Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Tue, 14 Jan 2025 12:20:58 +0100 Subject: [PATCH 2/9] set timeout for all jobs --- .github/workflows/kubernetes.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index fd7dd17..78cb103 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -129,6 +129,7 @@ env: IMAGE_SCAN_SEVERITY: LOW IMAGE_SCAN_SEVERITY_THRESHOLD: CRITICAL IMAGE_SCAN_ANNOTATIONS: true + IMAGE_SCAN_TRIVY_TIMEOUT: 10m jobs: initialize: @@ -233,7 +234,7 @@ jobs: severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }} env: - TRIVY_TIMEOUT: 10m + TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - name: Push image to GitHub run: | docker push -a ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }} @@ -305,6 +306,8 @@ jobs: severity: ${{ env.IMAGE_SCAN_SEVERITY }} severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }} + env: + TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - name: Push image to ECR if: inputs.repository_kind == 'ecr' run: | @@ -370,6 +373,8 @@ jobs: severity: ${{ env.IMAGE_SCAN_SEVERITY }} severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }} + env: + TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - name: Push ${{ matrix.containerfile_targets }} image to ECR run: | docker push -a ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} @@ -443,6 +448,8 @@ jobs: severity: ${{ env.IMAGE_SCAN_SEVERITY }} severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }} + env: + TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - name: Push ${{ matrix.containerfile_targets }} image to ECR run: | docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} From cb84c648c421e7813b2270194d3a9fc5623e792c Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Tue, 14 Jan 2025 12:38:59 +0100 Subject: [PATCH 3/9] set correct dependencies for commit job --- .github/workflows/kubernetes.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index 78cb103..b2d49d1 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -455,7 +455,7 @@ jobs: docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} commit: - needs: [initialize] + needs: [image-build-github-single,image-build-ecr-single,image-build-github-matrix,image-build-ecr-matrix] environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} steps: From e51d298cd31cdcf58ded8d5047d591201dace3b5 Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Tue, 14 Jan 2025 13:07:35 +0100 Subject: [PATCH 4/9] try to remove needs at all --- .github/workflows/kubernetes.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index b2d49d1..84c2912 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -455,7 +455,6 @@ jobs: docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} commit: - needs: [image-build-github-single,image-build-ecr-single,image-build-github-matrix,image-build-ecr-matrix] environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} steps: From cfe3060489458de294f935b45f66c77cf35292e9 Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Tue, 14 Jan 2025 13:28:09 +0100 Subject: [PATCH 5/9] try out workaround --- .github/workflows/kubernetes.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index 84c2912..4182a16 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -182,6 +182,8 @@ jobs: needs: [initialize] environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} + outputs: + finished: true steps: - name: Checkout current git repository uses: actions/checkout@v3 @@ -244,6 +246,8 @@ jobs: needs: [initialize] environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} + outputs: + finished: true steps: - name: Checkout current git repository uses: actions/checkout@v3 @@ -318,6 +322,8 @@ jobs: needs: [initialize] environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} + outputs: + finished: true strategy: matrix: containerfile_targets: ${{ fromJson(inputs.imageTargets) }} @@ -384,6 +390,8 @@ jobs: needs: [initialize] environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} + outputs: + finished: true strategy: matrix: containerfile_targets: ${{ fromJson(inputs.imageTargets) }} @@ -456,6 +464,12 @@ jobs: commit: environment: ${{ github.event.deployment.payload.env }} + needs: [image-build-github-single,image-build-ecr-single,image-build-github-matrix,image-build-github-matrix] + if: | + needs.image-build-github-single.outputs.finished == 'true' || + needs.image-build-ecr-single.outputs.finished == 'true' || + needs.image-build-github-matrix.outputs.finished == 'true' || + needs.image-build-github-matrix.outputs.finished == 'true' runs-on: ${{ inputs.runner }} steps: - name: Checkout ${{ inputs.deploymentRepoURL }} git repository From 39ea0e6617be4db0eac2a742ccca366cb4eee40c Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Tue, 14 Jan 2025 13:37:40 +0100 Subject: [PATCH 6/9] add ecr matrix --- .github/workflows/kubernetes.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index 4182a16..2905142 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -464,12 +464,12 @@ jobs: commit: environment: ${{ github.event.deployment.payload.env }} - needs: [image-build-github-single,image-build-ecr-single,image-build-github-matrix,image-build-github-matrix] + needs: [image-build-github-single,image-build-ecr-single,image-build-github-matrix,image-build-ecr-matrix] if: | needs.image-build-github-single.outputs.finished == 'true' || needs.image-build-ecr-single.outputs.finished == 'true' || needs.image-build-github-matrix.outputs.finished == 'true' || - needs.image-build-github-matrix.outputs.finished == 'true' + needs.image-build-ecr-matrix.outputs.finished == 'true' runs-on: ${{ inputs.runner }} steps: - name: Checkout ${{ inputs.deploymentRepoURL }} git repository From 3bc3e23e9356691eb629d695f27abcc5e6d66654 Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Tue, 14 Jan 2025 15:08:06 +0100 Subject: [PATCH 7/9] try another workaround --- .github/workflows/kubernetes.yaml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index 2905142..d4e8044 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -183,7 +183,7 @@ jobs: environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} outputs: - finished: true + executed: ${{ steps.finalize.outputs.executed }} steps: - name: Checkout current git repository uses: actions/checkout@v3 @@ -240,6 +240,8 @@ jobs: - name: Push image to GitHub run: | docker push -a ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }} + - name: Set output + run: echo "::set-output name=executed::true" image-build-ecr-single: if: inputs.repository_kind == 'ecr' && inputs.imageTargets == '' @@ -247,7 +249,7 @@ jobs: environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} outputs: - finished: true + executed: ${{ steps.finalize.outputs.executed }} steps: - name: Checkout current git repository uses: actions/checkout@v3 @@ -316,6 +318,8 @@ jobs: if: inputs.repository_kind == 'ecr' run: | docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }} + - name: Set output + run: echo "::set-output name=executed::true" image-build-github-matrix: if: inputs.repository_kind == 'github' && inputs.imageTargets != '' @@ -323,7 +327,7 @@ jobs: environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} outputs: - finished: true + executed: ${{ steps.finalize.outputs.executed }} strategy: matrix: containerfile_targets: ${{ fromJson(inputs.imageTargets) }} @@ -384,6 +388,8 @@ jobs: - name: Push ${{ matrix.containerfile_targets }} image to ECR run: | docker push -a ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} + - name: Set output + run: echo "::set-output name=executed::true" image-build-ecr-matrix: if: inputs.repository_kind == 'ecr' && inputs.imageTargets != '' @@ -391,7 +397,7 @@ jobs: environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} outputs: - finished: true + executed: ${{ steps.finalize.outputs.executed }} strategy: matrix: containerfile_targets: ${{ fromJson(inputs.imageTargets) }} @@ -461,15 +467,13 @@ jobs: - name: Push ${{ matrix.containerfile_targets }} image to ECR run: | docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} + - name: Set output + run: echo "::set-output name=executed::true" commit: environment: ${{ github.event.deployment.payload.env }} needs: [image-build-github-single,image-build-ecr-single,image-build-github-matrix,image-build-ecr-matrix] - if: | - needs.image-build-github-single.outputs.finished == 'true' || - needs.image-build-ecr-single.outputs.finished == 'true' || - needs.image-build-github-matrix.outputs.finished == 'true' || - needs.image-build-ecr-matrix.outputs.finished == 'true' + if: needs.image-build-github-single.outputs.executed == 'true' || needs.image-build-ecr-single.outputs.executed == 'true' || needs.image-build-github-matrix.outputs.executed == 'true' || needs.image-build-ecr-matrix.outputs.executed == 'true' runs-on: ${{ inputs.runner }} steps: - name: Checkout ${{ inputs.deploymentRepoURL }} git repository From 9568995c6972c204715dc51e10a145788bc17803 Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Tue, 14 Jan 2025 15:50:37 +0100 Subject: [PATCH 8/9] clean up --- .github/workflows/kubernetes.yaml | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index d4e8044..675dd63 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -182,8 +182,6 @@ jobs: needs: [initialize] environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} - outputs: - executed: ${{ steps.finalize.outputs.executed }} steps: - name: Checkout current git repository uses: actions/checkout@v3 @@ -240,16 +238,12 @@ jobs: - name: Push image to GitHub run: | docker push -a ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }} - - name: Set output - run: echo "::set-output name=executed::true" image-build-ecr-single: if: inputs.repository_kind == 'ecr' && inputs.imageTargets == '' needs: [initialize] environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} - outputs: - executed: ${{ steps.finalize.outputs.executed }} steps: - name: Checkout current git repository uses: actions/checkout@v3 @@ -318,16 +312,12 @@ jobs: if: inputs.repository_kind == 'ecr' run: | docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }} - - name: Set output - run: echo "::set-output name=executed::true" image-build-github-matrix: if: inputs.repository_kind == 'github' && inputs.imageTargets != '' needs: [initialize] environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} - outputs: - executed: ${{ steps.finalize.outputs.executed }} strategy: matrix: containerfile_targets: ${{ fromJson(inputs.imageTargets) }} @@ -388,16 +378,12 @@ jobs: - name: Push ${{ matrix.containerfile_targets }} image to ECR run: | docker push -a ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} - - name: Set output - run: echo "::set-output name=executed::true" image-build-ecr-matrix: if: inputs.repository_kind == 'ecr' && inputs.imageTargets != '' needs: [initialize] environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} - outputs: - executed: ${{ steps.finalize.outputs.executed }} strategy: matrix: containerfile_targets: ${{ fromJson(inputs.imageTargets) }} @@ -467,13 +453,10 @@ jobs: - name: Push ${{ matrix.containerfile_targets }} image to ECR run: | docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} - - name: Set output - run: echo "::set-output name=executed::true" commit: environment: ${{ github.event.deployment.payload.env }} - needs: [image-build-github-single,image-build-ecr-single,image-build-github-matrix,image-build-ecr-matrix] - if: needs.image-build-github-single.outputs.executed == 'true' || needs.image-build-ecr-single.outputs.executed == 'true' || needs.image-build-github-matrix.outputs.executed == 'true' || needs.image-build-ecr-matrix.outputs.executed == 'true' + needs: [initialize] runs-on: ${{ inputs.runner }} steps: - name: Checkout ${{ inputs.deploymentRepoURL }} git repository From 8c1b9a640a86094b097cdbdabf94b459ec976403 Mon Sep 17 00:00:00 2001 From: Kirill Plis Date: Tue, 14 Jan 2025 15:55:16 +0100 Subject: [PATCH 9/9] move needs --- .github/workflows/kubernetes.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index 675dd63..78cb103 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -455,8 +455,8 @@ jobs: docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} commit: - environment: ${{ github.event.deployment.payload.env }} needs: [initialize] + environment: ${{ github.event.deployment.payload.env }} runs-on: ${{ inputs.runner }} steps: - name: Checkout ${{ inputs.deploymentRepoURL }} git repository