Skip to content

Commit

Permalink
Implement 'nobuild' procedure on CI
Browse files Browse the repository at this point in the history 
Do not build the image is source code has not changed.
And also:
- Remove strimzi/minio install scripts prior to argocd
- Add source code pathes to ciux
- Remove 'minimal' parameter
- Add suppport for image scan
- Retrieve image url from ciuxconfig for e2e tests
- Implement suffix image support for self-hosted workflows
- Implement common workflow for CI and self-hosted
- Promote remote image by tagging it with skopeo
- Install argo-workflow with ktbx
- Bump ktbx to v1.1.1-rc13
- Parametrize kind version on ci
- Increase startup wait time for broker pods
- Add support for private registry certificates
- Improve image push and tag in CI
  • Loading branch information
Your Name committed Feb 14, 2024
1 parent 7ec11d2 commit 902cb09
Show file tree
Hide file tree
Showing 18 changed files with 368 additions and 626 deletions.
6 changes: 5 additions & 1 deletion .ciux
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
apiVersion: v1alpha1
registry: gitlab-registry.in2p3.fr/astrolabsoftware/fink
sourcePathes:
- fink_broker
- bin
- deps
dependencies:
- url: https://github.com/astrolabsoftware/fink-alert-simulator
# If true repository will be locally cloned
Expand Down Expand Up @@ -28,7 +32,7 @@ dependencies:
- image: gitlab-registry.in2p3.fr/astrolabsoftware/fink/spark-py:k8s-3.4.1
labels:
build: "true"
- package: github.com/k8s-school/[email protected]rc11
- package: github.com/k8s-school/[email protected]rc14
labels:
itest: "optional"
ci: "true"
Expand Down
241 changes: 241 additions & 0 deletions .github/workflows/e2e-common.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,241 @@
name: "Reusable workflow for Fink self-hosted e2e tests"
on:
workflow_call:
inputs:
suffix:
required: true
type: string
ci_repo:
required: true
type: string
runner:
required: true
type: string
kind_version:
required: true
type: string
secrets:
registry_username:
required: true
registry_token:
required: true
env:
CIUXCONFIG: /tmp/ciux.sh
CIUX_VERSION: a1ab5c126
GHA_BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
SUFFIX: ${{ inputs.suffix }}
CI_REPO: ${{ inputs.ci_repo }}
# Override the self-hosted runner value
POD_NAMESPACE: default
jobs:
build:
name: Build image
runs-on: ${{ fromJSON(inputs.runner) }}
outputs:
image: ${{ steps.export.outputs.IMAGE }}
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/setup-go@v4
with:
go-version: '1.21.4'
- name: Install ciux
run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
- name: Build fink-broker image for k8s
run: |
./build.sh -s "${{ env.SUFFIX }}" -r "${{ env.CI_REPO }}"
- name: Export fink-broker image
id: export
run: |
# Cannot use CIUXCONFIG because it may not have been created yet
# TODO make it simpler!
$(ciux get image --check $PWD --suffix "${{ env.SUFFIX }}" --tmp-registry "${{ env.CI_REPO }}" --env)
mkdir -p artifacts
if [ $CIUX_BUILD = true ]; then
if [ -n "${{ env.CI_REPO }}" ]; then
echo "Pushing image $CIUX_IMAGE_URL to CI internal registry"
docker push $CIUX_IMAGE_URL
touch artifacts/empty
else
echo "Export $CIUX_IMAGE_URL to Github artifact store"
docker save "$CIUX_IMAGE_URL" > artifacts/image.tar
fi
else
echo "Using existing image $CIUX_IMAGE_URL"
touch artifacts/empty
fi
echo "IMAGE=$CIUX_IMAGE_URL" >> "$GITHUB_OUTPUT"
- uses: actions/upload-artifact@v2
with:
name: docker-artifact
path: artifacts
integration-tests:
name: Run integration tests
runs-on: ${{ fromJSON(inputs.runner) }}
outputs:
new_image: ${{ steps.promote.outputs.NEW_IMAGE }}
promoted_image: ${{ steps.promote.outputs.PROMOTED_IMAGE }}
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/setup-go@v4
with:
go-version: '1.21.4'
- name: Install ciux
run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
- name: Ciux project ignition
run: |
ciux ignite --selector ci --branch="$GHA_BRANCH_NAME" $PWD --suffix "${{ env.SUFFIX }}" --tmp-registry "${{ env.CI_REPO }}"
- name: Create k8s (kind) cluster
run: |
# v0.20.0 does not work on self-hosted runners
ktbx install kind --kind-version=${{ inputs.kind_version }}
ktbx install kubectl
# Configure private registry if needed
./e2e/kind-config.sh -r "${{ env.CI_REPO }}"
ktbx create -s
- name: Install olm and argocd operators
run: |
ktbx install olm
ktbx install argocd
- name: Install argo-workflows (fink-alert-simulator pre-requisite)
run: |
ktbx install argowf
- name: Run argoCD
run: |
./e2e/argocd.sh
- name: Download image
uses: actions/download-artifact@v3
with:
name: docker-artifact
path: artifacts
- name: Load container image inside kind
run: |
if [ -f artifacts/image.tar ]; then
echo "Loading image from archive"
kind load image-archive artifacts/image.tar
docker exec -- kind-control-plane crictl image
else
echo "Using existing image"
fi
- name: Run fink-alert-simulator
run: |
. "$CIUXCONFIG"
"$FINK_ALERT_SIMULATOR_DIR"/argo-submit.sh
argo watch @latest
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
- name: Install fink-broker pre-requisites (JDK, Spark)
run: |
sudo apt-get -y update
sudo apt-get -y install openjdk-8-jdk-headless
./e2e/prereq-install.sh
- name: Run fink-broker
run: |
./e2e/fink-start.sh
- name: Check results
run: |
./e2e/check-results.sh
- name: Promote fink-broker image
id: promote
run: |
. "$CIUXCONFIG"
echo "PROMOTED_IMAGE=$CIUX_IMAGE_REGISTRY/$CIUX_IMAGE_NAME/$FINKCTL_VERSION" >> "$GITHUB_OUTPUT"
echo "NEW_IMAGE=$CIUX_BUILD" >> "$GITHUB_OUTPUT"
image-analysis:
name: Analyze image
runs-on: ${{ fromJSON(inputs.runner) }}
permissions:
security-events: write
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Download image
uses: actions/download-artifact@v3
with:
name: docker-artifact
path: artifacts
- name: Load image in local registry
run: |
if [ -f artifacts/image.tar ]; then
echo "Loading image ${{ needs.build.outputs.image }} from archive"
docker load --input artifacts/image.tar
else
echo "Using existing image ${{ needs.build.outputs.image }}"
fi
- name: Scan fink-broker image
uses: anchore/scan-action@v3
id: scan
with:
image: "${{ needs.build.outputs.image }}"
fail-build: false
- name: Display SARIF report
run: |
cat ${{ steps.scan.outputs.sarif }}
- name: upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
push:
env:
NEW_IMAGE: ${{ needs.integration-tests.outputs.new_image }}
IMAGE: ${{ needs.build.outputs.image }}
PROMOTED_IMAGE: ${{ needs.integration-tests.outputs.promoted_image }}
name: Push fink-broker image to IN2P3 registry
runs-on: ${{ fromJSON(inputs.runner) }}
needs: [build, integration-tests]
steps:
- name: Download image
uses: actions/download-artifact@v3
with:
name: docker-artifact
path: artifacts
- name: Load image in local registry
run: |
if [ $NEW_IMAGE = true ]; then
# GHA setup
if [ -f artifacts/image.tar ]; then
echo "Loading image "$IMAGE" from archive"
docker load --input artifacts/image.tar
# Self-hosted runners, new image is stored in the local registry
elif [ -n "$CI_REPO" ]; then
echo "Pulling image "$IMAGE" from $CI_REPO"
docker pull "$IMAGE"
else
echo "Error: no image found"
exit 1
fi
else
echo "Using existing image $IMAGE"
fi
- name: Login to DockerHub
uses: docker/login-action@v2
with:
registry: gitlab-registry.in2p3.fr
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Push image to official registry
run: |
if [ $NEW_IMAGE = true ]; then
echo "Push image $PROMOTED_IMAGE"
docker tag "$IMAGE" "$PROMOTED_IMAGE"
docker push "$PROMOTED_IMAGE"
else
if which skopeo; then
echo "skopeo is already installed"
else
echo "Install skopeo"
sudo apt-get update -y
sudo apt-get install -y skopeo
fi
echo "Add image tag $PROMOTED_IMAGE to $IMAGE"
skopeo copy docker://$IMAGE docker://$PROMOTED_IMAGE
fi
Loading

0 comments on commit 902cb09

Please sign in to comment.