Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate the Pipeline from Azure to Github actions #571

Merged
merged 12 commits into from
Aug 7, 2023
Merged

Migrate the Pipeline from Azure to Github actions #571

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
878da16
update pipeline
shubham-cmyk Aug 2, 2023
0498038
fix : container_quality_dockerfile_lint
shubham-cmyk Aug 2, 2023
086cf09
fix bugs
shubham-cmyk Aug 2, 2023
418786c
fix : build_container_image and build_go_binary
shubham-cmyk Aug 2, 2023
fdf9bd8
fix the image scanning
shubham-cmyk Aug 2, 2023
5710d42
Remove the trivy scan
shubham-cmyk Aug 2, 2023
eb6487e
Move trivy scan
shubham-cmyk Aug 2, 2023
fce4fe1
change
shubham-cmyk Aug 2, 2023
1624165
add scanner
shubham-cmyk Aug 2, 2023
5a9c336
fix image Name
shubham-cmyk Aug 2, 2023
4fca139
remove scan
shubham-cmyk Aug 2, 2023
8d7de6b
UPDATE ACCESS TOKEN
shubham-cmyk Aug 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 0 additions & 28 deletions .azure-pipelines/pipeline.yaml
View file
Open in desktop

This file was deleted.

144 changes: 144 additions & 0 deletions .github/workflows/operator-ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
name: CI
on:
pull_request:
branches:
- master
push:
branches:
- master

env:
GolangVersion: 1.17
ApplicationName: redis-operator
DockerImagName: docker.io/opstree/redis-operator
BuildDocs: true
AppVersion: "v0.15.0"
DOCKERFILE_PATH: '**/Dockerfile'

jobs:
gofmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: ${{ env.GolangVersion }}
- name: Check Go Fmt
run: |
gofmt_files=$(go fmt ./... | wc -l)
if [[ ${gofmt_files} > 0 ]]
then
echo "Please format golang files using:- go fmt ./..."
exit 1
else
echo "All files are formated using gofmt"
fi

govet:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: ${{ env.GolangVersion }}
- name: Run Go Vet
run: go vet ./...

code_quality_golang_ci_lint:
needs: [gofmt, govet]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: ${{ env.GolangVersion }}
- name: Install GolangCI-Lint
run: |
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.40.0
- name: Run GolangCI-Lint
run: ./bin/golangci-lint run --timeout 5m0s ./...

container_quality_dockerfile_lint:
needs: [gofmt, govet]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Execute dockerlinter
uses: hadolint/[email protected]
with:
dockerfile: Dockerfile
ignore: DL3007,DL3018

build_go_binary:
needs: [code_quality_golang_ci_lint]
runs-on: ubuntu-latest
strategy:
matrix:
arch: ['amd64', 'arm64']
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Setup Go Environment
uses: actions/setup-go@v2
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Set GOARCH
run: echo "GOARCH=${{ matrix.arch }}" >> $GITHUB_ENV
- name: Build Go Binary
run: go build -o ${{ github.workspace }}/${{ env.APPLICATION_NAME }}
- name: Archive Binary
run: |
mkdir -p ${{ github.workspace }}/compiled/${{ matrix.arch }}
zip ${{ github.workspace }}/compiled/${{ matrix.arch }}/${{ env.APPLICATION_NAME }}-${{ matrix.arch }}.zip ${{ github.workspace }}/${{ env.APPLICATION_NAME }}

build_scan_container_image:
needs: [container_quality_dockerfile_lint]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Build arm64 image
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/arm64
push: false
tags: ${{ env.DockerImagName }}:arm64

- name: Build amd64 image
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/amd64
push: false
tags: ${{ env.DockerImagName }}:amd64
- name: Build multi-arch image
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/arm64,linux/amd64
push: false
tags: ${{ env.DockerImagName }}:latest

gosec_scan:
needs: [build_go_binary]
runs-on: ubuntu-latest

steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Gosec Scan
uses: securego/gosec@master
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOSEC_OUTPUT: "junit-xml:/github/workspace/gosec-results.xml"

150 changes: 150 additions & 0 deletions .github/workflows/release-images.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
name: Release container images

on:
pull_request:
types: [closed]
branches:
- master

env:
ApplicationName: redis-operator
QuayImageName: quay.io/opstree/redis-operator
AppVersion: "v0.15.0"
DOCKERFILE_PATH: '**/Dockerfile'

jobs:
setup:
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Login to Quay.io
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.ACCESS_TOKEN }}

build_arm64:
needs: setup
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Check existing AppVersion
id: check_version_arm64
run: |
EXISTS=$(curl -s https://quay.io/api/v1/repository/${{ env.QuayImageName }}/tag/?specificTag=${{ env.AppVersion }}-arm64 | jq '.tags | length')
echo "::set-output name=exists::$EXISTS"

- name: Build and push arm64 image
if: steps.check_version_arm64.outputs.exists == '0'
uses: docker/build-push-action@v2
with:
context: .
file: ${{ env.DOCKERFILE_PATH }}
platforms: linux/arm64
push: true
tags: ${{ env.QuayImageName }}:${{ env.AppVersion }}-arm64

build_amd64:
needs: setup
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Check existing AppVersion
id: check_version_amd64
run: |
EXISTS=$(curl -s https://quay.io/api/v1/repository/${{ env.QuayImageName }}/tag/?specificTag=${{ env.AppVersion }}-amd64 | jq '.tags | length')
echo "::set-output name=exists::$EXISTS"

- name: Build and push amd64 image
if: steps.check_version_amd64.outputs.exists == '0'
uses: docker/build-push-action@v2
with:
context: .
file: ${{ env.DOCKERFILE_PATH }}
platforms: linux/amd64
push: true
tags: ${{ env.QuayImageName }}:${{ env.AppVersion }}-amd64

build_multi_arch:
needs: setup
if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Check existing AppVersion
id: check_version_multi_arch
run: |
EXISTS=$(curl -s https://quay.io/api/v1/repository/${{ env.QuayImageName }}/tag/?specificTag=${{ env.AppVersion }} | jq '.tags | length')
echo "::set-output name=exists::$EXISTS"

- name: Build and push multi-arch image
if: steps.check_version_multi_arch.outputs.exists == '0'
uses: docker/build-push-action@v2
with:
context: .
file: ${{ env.DOCKERFILE_PATH }}
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ env.QuayImageName }}:${{ env.AppVersion }}

- name: Build and push multi-arch latest image
uses: docker/build-push-action@v2
with:
context: .
file: ${{ env.DOCKERFILE_PATH }}
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ env.QuayImageName }}:latest

trivy_scan:
needs: [build_arm64, build_amd64, build_multi_arch]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run Trivy vulnerability scanner for arm64 image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.QuayImageName }}:${{ env.AppVersion }}-arm64
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-arm64.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
- name: Run Trivy vulnerability scanner for amd64 image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.QuayImageName }}:${{ env.AppVersion }}-amd64
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-amd64.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
- name: Run Trivy vulnerability scanner for multi-arch image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.QuayImageName }}:${{ env.AppVersion }}
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-latest.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
- name: Run Trivy vulnerability scanner for latest image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.QuayImageName }}:latest
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-latest.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
Loading