upgrade ks: fix bug of gc pipelineruns (#994) #1332

Workflow file for this run

	name: Build
	# Need GitHub secret: DOCKER_HUB_USER, DOCKER_HUB_SECRETS, GHCR_TOKEN

	on:
	push:
	branches:
	- master
	tags:
	- 'v..*'
	paths-ignore:
	- "**.md"
	- "LICENSE"
	- "docs/**"
	- ".devcontainer/**"
	- "*.ya?ml" # ignore all yaml files(with suffix yaml or yml) in the root of the repository
	- "!codecov.yml"
	- "!.golangci.yml"
	- "!config/**"
	- "OWNERS"
	- "PROJECT"

	jobs:
	BuildController:
	runs-on: ubuntu-20.04
	steps:
	- uses: actions/checkout@v2
	- name: Docker meta for kubesphere
	id: meta
	if: github.repository_owner == 'kubesphere'
	uses: docker/metadata-action@v3
	with:
	images: \|
	kubespheredev/devops-controller
	ghcr.io/${{ github.repository_owner }}/devops-controller
	tags: \|
	type=schedule
	type=ref,event=branch,suffix=-{{sha}}
	type=ref,event=pr,suffix=-{{sha}}
	type=semver,pattern={{version}},prefix=v
	- name: Docker meta for Contributors
	id: metaContributors
	if: github.repository_owner != 'kubesphere'
	uses: docker/metadata-action@v3
	with:
	images: \|
	ghcr.io/${{ github.repository_owner }}/devops-controller
	tags: \|
	type=schedule
	type=ref,event=branch,suffix=-{{sha}}
	type=ref,event=pr,suffix=-{{sha}}
	type=semver,pattern={{version}},prefix=v
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Login to DockerHub
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKER_HUB_USER }}
	password: ${{ secrets.DOCKER_HUB_SECRETS }}
	- name: Login to GHCR
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GHCR_TOKEN }}
	- name: Build env
	id: build_env
	run: \|
	if [ "${{ github.event_name }}" == "pull_request" ]
	then
	echo "::set-output name=platforms::linux/amd64"
	echo "::set-output name=push::false"
	echo "::set-output name=load::true"
	echo "::set-output name=ref::pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")"
	else
	echo "::set-output name=platforms::linux/amd64,linux/arm64"
	echo "::set-output name=push::true"
	echo "::set-output name=load::false"
	echo "::set-output name=ref::${{github.ref_name}}"
	fi
	echo "::set-output name=short_sha::${GITHUB_SHA::7}"
	- name: Build and push Docker images
	uses: docker/[email protected]
	if: github.repository_owner == 'kubesphere'
	with:
	file: config/dockerfiles/controller-manager/Dockerfile
	tags: ${{ steps.meta.outputs.tags }}
	push: ${{ steps.build_env.outputs.push }}
	load: ${{ steps.build_env.outputs.load }}
	labels: ${{ steps.meta.outputs.labels }}
	platforms: ${{ steps.build_env.outputs.platforms }}
	provenance: false
	sbom: false
	- name: Build and push Docker images for Contributors
	uses: docker/[email protected]
	if: github.repository_owner != 'kubesphere'
	with:
	file: config/dockerfiles/controller-manager/Dockerfile
	tags: ${{ steps.metaContributors.outputs.tags }}
	push: ${{ steps.build_env.outputs.push }}
	load: ${{ steps.build_env.outputs.load }}
	labels: ${{ steps.metaContributors.outputs.labels }}
	platforms: ${{ steps.build_env.outputs.platforms }}
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	if: github.event_name == 'pull_request'
	with:
	image-ref: 'ghcr.io/${{github.repository_owner}}/devops-controller:${{ steps.build_env.outputs.ref }}-${{ steps.build_env.outputs.short_sha }}'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	trivyignores: .github/workflows/.trivyignore

	BuildAPIServer:
	runs-on: ubuntu-20.04
	steps:
	- uses: actions/checkout@v2
	- name: Docker meta for kubesphere
	id: meta
	if: github.repository_owner == 'kubesphere'
	uses: docker/metadata-action@v3
	with:
	images: \|
	kubespheredev/devops-apiserver
	ghcr.io/${{ github.repository_owner }}/devops-apiserver
	tags: \|
	type=schedule
	type=ref,event=branch,suffix=-{{sha}}
	type=ref,event=pr,suffix=-{{sha}}
	type=semver,pattern={{version}},prefix=v
	- name: Docker meta for Contributors
	id: metaContributors
	if: github.repository_owner != 'kubesphere'
	uses: docker/metadata-action@v3
	with:
	images: \|
	ghcr.io/${{ github.repository_owner }}/devops-apiserver
	tags: \|
	type=schedule
	type=ref,event=branch,suffix=-{{sha}}
	type=ref,event=pr,suffix=-{{sha}}
	type=semver,pattern={{version}},prefix=v
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Login to DockerHub
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKER_HUB_USER }}
	password: ${{ secrets.DOCKER_HUB_SECRETS }}
	- name: Login to GHCR
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GHCR_TOKEN }}
	- name: Build env
	id: build_env
	run: \|
	if [ "${{ github.event_name }}" == "pull_request" ]
	then
	echo "::set-output name=platforms::linux/amd64"
	echo "::set-output name=push::false"
	echo "::set-output name=load::true"
	echo "::set-output name=ref::pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")"
	else
	echo "::set-output name=platforms::linux/amd64,linux/arm64"
	echo "::set-output name=push::true"
	echo "::set-output name=load::false"
	echo "::set-output name=ref::${{github.ref_name}}"
	fi
	echo "::set-output name=short_sha::${GITHUB_SHA::7}"
	- name: Build and push Docker images
	uses: docker/[email protected]
	if: github.repository_owner == 'kubesphere'
	with:
	file: config/dockerfiles/apiserver/Dockerfile
	tags: ${{ steps.meta.outputs.tags }}
	push: ${{ steps.build_env.outputs.push }}
	load: ${{ steps.build_env.outputs.load }}
	labels: ${{ steps.meta.outputs.labels }}
	platforms: ${{ steps.build_env.outputs.platforms }}
	provenance: false
	sbom: false
	- name: Build and push Docker images for Contributors
	uses: docker/[email protected]
	if: github.repository_owner != 'kubesphere'
	with:
	file: config/dockerfiles/apiserver/Dockerfile
	tags: ${{ steps.metaContributors.outputs.tags }}
	push: ${{ steps.build_env.outputs.push }}
	load: ${{ steps.build_env.outputs.load }}
	labels: ${{ steps.metaContributors.outputs.labels }}
	platforms: ${{ steps.build_env.outputs.platforms }}
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	if: github.event_name == 'pull_request'
	with:
	image-ref: 'ghcr.io/${{github.repository_owner}}/devops-apiserver:${{ steps.build_env.outputs.ref }}-${{ steps.build_env.outputs.short_sha }}'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	trivyignores: .github/workflows/.trivyignore

	BuildTools:
	runs-on: ubuntu-20.04
	steps:
	- uses: actions/checkout@v2
	- name: Docker meta for kubesphere
	id: meta
	if: github.repository_owner == 'kubesphere'
	uses: docker/metadata-action@v3
	with:
	images: \|
	kubespheredev/devops-tools
	ghcr.io/${{ github.repository_owner }}/devops-tools
	tags: \|
	type=schedule
	type=ref,event=branch,suffix=-{{sha}}
	type=ref,event=pr,suffix=-{{sha}}
	type=semver,pattern={{version}},prefix=v
	- name: Docker meta for Contributors
	id: metaContributors
	if: github.repository_owner != 'kubesphere'
	uses: docker/metadata-action@v3
	with:
	images: \|
	ghcr.io/${{ github.repository_owner }}/devops-tools
	tags: \|
	type=schedule
	type=ref,event=branch,suffix=-{{sha}}
	type=ref,event=pr,suffix=-{{sha}}
	type=semver,pattern={{version}},prefix=v
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Login to DockerHub
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKER_HUB_USER }}
	password: ${{ secrets.DOCKER_HUB_SECRETS }}
	- name: Login to GHCR
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GHCR_TOKEN }}
	- name: Build env
	id: build_env
	run: \|
	if [ "${{ github.event_name }}" == "pull_request" ]
	then
	echo "::set-output name=platforms::linux/amd64"
	echo "::set-output name=push::false"
	echo "::set-output name=load::true"
	echo "::set-output name=ref::pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")"
	else
	echo "::set-output name=platforms::linux/amd64,linux/arm64"
	echo "::set-output name=push::true"
	echo "::set-output name=load::false"
	echo "::set-output name=ref::${{github.ref_name}}"
	fi
	echo "::set-output name=short_sha::${GITHUB_SHA::7}"
	- name: Build and push Docker images
	uses: docker/[email protected]
	if: github.repository_owner == 'kubesphere'
	with:
	file: config/dockerfiles/tools/Dockerfile
	tags: ${{ steps.meta.outputs.tags }}
	push: ${{ steps.build_env.outputs.push }}
	load: ${{ steps.build_env.outputs.load }}
	labels: ${{ steps.meta.outputs.labels }}
	platforms: ${{ steps.build_env.outputs.platforms }}
	provenance: false
	sbom: false
	- name: Build and push Docker images for Contributors
	uses: docker/[email protected]
	if: github.repository_owner != 'kubesphere'
	with:
	file: config/dockerfiles/tools/Dockerfile
	tags: ${{ steps.metaContributors.outputs.tags }}
	push: ${{ steps.build_env.outputs.push }}
	load: ${{ steps.build_env.outputs.load }}
	labels: ${{ steps.metaContributors.outputs.labels }}
	platforms: ${{ steps.build_env.outputs.platforms }}
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	if: github.event_name == 'pull_request'
	with:
	image-ref: 'ghcr.io/${{github.repository_owner}}/devops-tools:${{ steps.build_env.outputs.ref }}-${{ steps.build_env.outputs.short_sha }}'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	trivyignores: .github/workflows/.trivyignore

	UnitTest:
	name: Test
	runs-on: ubuntu-20.04
	steps:
	- name: Set up Go 1.17
	uses: actions/[email protected]
	with:
	go-version: 1.17
	id: go
	- name: Check out code into the Go module directory
	uses: actions/[email protected]
	- name: Test
	run: \|
	make test
	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v1
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: coverage.out
	flags: unittests
	name: codecov-umbrella
	fail_ci_if_error: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

upgrade ks: fix bug of gc pipelineruns (#994) #1332

Workflow file

upgrade ks: fix bug of gc pipelineruns (#994) #1332

Jobs

Run details

Workflow file for this run