Implement suffix image support for self-hosted workflows #71
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "e2e: noscience, gha" | |
on: | |
push: | |
pull_request: | |
branches: | |
- master | |
env: | |
CIUXCONFIG: /tmp/ciux.sh | |
CIUX_VERSION: 927153e3f | |
GHA_BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
SUFFIX: noscience | |
jobs: | |
build: | |
name: Build image | |
runs-on: ubuntu-22.04 | |
outputs: | |
image: ${{ steps.export.outputs.IMAGE }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '1.21.4' | |
- name: Install ciux | |
run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}" | |
- name: Build fink-broker image for k8s | |
run: | | |
./build.sh -s "${{ env.SUFFIX }}" -r "${{ env.CI_REPO }}" | |
- name: Export fink-broker image | |
id: export | |
run: | | |
$(ciux get image --check $PWD --suffix "${{ env.SUFFIX }}" --env) | |
mkdir -p artifacts | |
if [ $CIUX_BUILD = true ]; then | |
echo "Export $CIUX_IMAGE_URL to archive" | |
docker save "$CIUX_IMAGE_URL" > artifacts/image.tar | |
else | |
echo "Using existing image $CIUX_IMAGE_URL" | |
touch artifacts/emtpy | |
fi | |
echo "IMAGE=$CIUX_IMAGE_URL" >> "$GITHUB_OUTPUT" | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: docker-artifact | |
path: artifacts | |
integration-tests: | |
name: Run integration tests | |
runs-on: ubuntu-22.04 | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '1.21.4' | |
- name: Install ciux | |
run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}" | |
- name: Ciux project ignition | |
run: | | |
ciux ignite --selector ci --branch="$GHA_BRANCH_NAME" $PWD --suffix noscience | |
- name: Create k8s (kind) cluster | |
run: | | |
ktbx install kind | |
ktbx install kubectl | |
ktbx create -s | |
- name: Install olm and argocd operators | |
run: | | |
ktbx install olm | |
ktbx install argocd | |
- name: Run argoCD | |
run: | | |
./e2e/argocd.sh | |
- name: Download image | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-artifact | |
path: artifacts | |
- name: Load container image inside kind | |
run: | | |
if [ -f artifacts/image.tar ]; then | |
echo "Loading image from archive" | |
docker load --input artifacts/image.tar | |
else | |
echo "Using existing image" | |
fi | |
- name: Install fink-alert-simulator pre-requisites (argo-workflows) | |
run: | | |
. "$CIUXCONFIG" | |
. "$FINK_ALERT_SIMULATOR_DIR"/prereq-install.sh | |
- name: Run fink-alert-simulator | |
run: | | |
. "$CIUXCONFIG" | |
"$FINK_ALERT_SIMULATOR_DIR"/argo-submit.sh | |
argo watch @latest | |
# - name: Setup tmate session | |
# uses: mxschmitt/action-tmate@v3 | |
- name: Install fink-broker pre-requisites (JDK, Spark) | |
run: | | |
sudo apt-get -y update | |
sudo apt-get -y install openjdk-8-jdk-headless | |
./e2e/prereq-install.sh | |
- name: Run fink-broker | |
run: | | |
./e2e/fink-start.sh | |
- name: Check results | |
run: | | |
./e2e/check-results.sh | |
image-analysis: | |
name: Analyze image | |
runs-on: ubuntu-22.04 | |
permissions: | |
security-events: write | |
needs: build | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Download image | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-artifact | |
path: artifacts | |
- name: Load image in local registry | |
run: | | |
if [ -f artifacts/image.tar ]; then | |
echo "Loading image ${{ needs.build.outputs.image }} from archive" | |
docker load --input artifacts/image.tar | |
else | |
echo "Using existing image ${{ needs.build.outputs.image }}" | |
fi | |
- name: Scan fink-broker image | |
uses: anchore/scan-action@v3 | |
id: scan | |
with: | |
image: "${{ needs.build.outputs.image }}" | |
fail-build: false | |
- name: Display SARIF report | |
run: | | |
cat ${{ steps.scan.outputs.sarif }} | |
- name: upload Anchore scan SARIF report | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: ${{ steps.scan.outputs.sarif }} | |
push: | |
name: Push fink-broker image to IN2P3 registry | |
runs-on: ubuntu-22.04 | |
needs: [build, integration-tests] | |
steps: | |
- name: Download image | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-artifact | |
path: artifacts | |
- name: Load image in local registry | |
run: | | |
docker load --input artifacts/image.tar | |
echo "IMAGE=$(cat artifacts/image-tag)" >> $GITHUB_ENV | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
registry: gitlab-registry.in2p3.fr | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_TOKEN }} | |
- name: Push image to IN2P3 registry | |
run: | | |
docker push "${{ needs.build.outputs.image }}" |