diff --git a/.github/workflows/atlas-image-build.yaml b/.github/workflows/atlas-image-build.yaml deleted file mode 100644 index 9c4b41ced07..00000000000 --- a/.github/workflows/atlas-image-build.yaml +++ /dev/null @@ -1,62 +0,0 @@ -name: build-mongodb-atlas-tools-image - -on: - workflow_dispatch: - inputs: - tag: - description: 'MongoDB Atlas image tag in the format x.y.z' - required: true - type: string - -env: - REGISTRY: ghcr.io - IMAGE_NAME: kanisterio/mongodb-atlas - -jobs: - check-files: - runs-on: ubuntu-latest - outputs: - changed: ${{ steps.changed-files.outputs.any_changed }} - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - uses: tj-actions/changed-files@v37 - name: Get changed files - id: changed-files - with: - files: docker/mongodb-atlas/Dockerfile - - build: - permissions: - contents: read - packages: write - runs-on: ubuntu-latest - needs: check-files - if: needs.check-files.outputs.changed == 'true' - steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Image metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=sha - {{date 'YYYY.MM.DD-HHmm'}} - ${{ inputs.tag }} - - name: Login to GHCR - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v4 - with: - context: "{{defaultContext}}:docker/mongodb-atlas" - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/grype-vulnerability-scanner.yaml b/.github/workflows/grype-vulnerability-scanner.yaml deleted file mode 100644 index 322406db465..00000000000 --- a/.github/workflows/grype-vulnerability-scanner.yaml +++ /dev/null @@ -1,60 +0,0 @@ -name: container vulnerability scanning -on: [workflow_dispatch] -jobs: - vulnerability-scanner: - runs-on: ubuntu-20.04 - steps: - - name: Create repo directory before checking out latest code - run: mkdir -p repo - - name: Checkout the latest code - uses: actions/checkout@v3 - with: - ref: master - path: repo - - name: Read JSON file - id: valid-image-json - run: | - EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) - echo "images_list<<$EOF" >> $GITHUB_OUTPUT - cat repo/build/valid_images.json >> $GITHUB_OUTPUT - echo "$EOF" >> $GITHUB_OUTPUT - - name: Reading output variable - run: echo ${{fromJson(steps.valid-image-json.outputs.images_list)}} - outputs: - valid_images: ${{steps.valid-image-json.outputs.images_list}} - report-analysis: - runs-on: ubuntu-20.04 - needs: - - vulnerability-scanner - strategy: - max-parallel: 3 - fail-fast: false - matrix: - images: ${{fromJson(needs.vulnerability-scanner.outputs.valid_images).images}} - steps: - - name: Printing Image Registry - id: image-registry - run: echo "image_registry=${{fromJson(needs.vulnerability-scanner.outputs.valid_images).image_registry}}" >> "$GITHUB_ENV" - - name: Printing Image Tag - id: image-tag - run: echo "image_tag=${{fromJson(needs.vulnerability-scanner.outputs.valid_images).tag}}" >> "$GITHUB_ENV" - - name: Printing Image Path - run: echo "image_path=${{env.image_registry}}/${{matrix.images}}:${{env.image_tag}}" >> "$GITHUB_ENV" - - name: Running vulnerability scanner - uses: anchore/scan-action@v3 - id: vulnerability-scanning - with: - image: ${{env.image_path}} - fail-build: false - output-format: json - only-fixed: true - - name: Create repo directory before checking out latest code - run: mkdir -p repo - - name: Checkout the latest code - uses: actions/checkout@v3 - with: - ref: master - path: repo - - name: Parsing vulnerability scanner report - run: go run repo/pkg/tools/grype_report_parser_tool.go -s "High,Critical" -p results.json - diff --git a/.github/workflows/kanister-image-build.yaml b/.github/workflows/kanister-image-build.yaml deleted file mode 100644 index 803bd924669..00000000000 --- a/.github/workflows/kanister-image-build.yaml +++ /dev/null @@ -1,65 +0,0 @@ -name: build-kanister-image - -on: - workflow_dispatch: - inputs: - tag: - description: 'Image tag in the format vx.x.x' - required: true - type: string - -env: - REGISTRY: ghcr.io - IMAGE_NAME: kanisterio/build - -jobs: - # TODO: Enable following when we want to automate this workflow on push to master branch - # check-files: - # runs-on: ubuntu-latest - # outputs: - # changed: ${{ steps.changed-files.outputs.any_changed }} - # steps: - # - uses: actions/checkout@v3 - # with: - # fetch-depth: 0 - # - uses: tj-actions/changed-files@v35 - # name: Get changed files - # id: changed-files - # with: - # files: docker/build/Dockerfile - - build: - permissions: - contents: read - packages: write - - runs-on: ubuntu-latest - # TODO: Uncomment following when we enable check-file job - # needs: check-files - # if: needs.check-files.outputs.changed == 'true' - steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Image metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=sha - {{date 'YYYY.MM.DD-HHmm'}} - ${{ inputs.tag }} - - name: Login to GHCR - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v4 - with: - context: "{{defaultContext}}:docker/build" - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml deleted file mode 100644 index cf9286886d8..00000000000 --- a/.github/workflows/main.yaml +++ /dev/null @@ -1,94 +0,0 @@ -on: - push: - branches: - - master - pull_request: - branches: - - master -jobs: - gomod: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v3 - - run: make go-mod-tidy - - run: make go-mod-download - - run: tar -cvf ./src.tar.gz ./ # preserve file permissions - - uses: actions/upload-artifact@v3 - with: - name: src - path: ./src.tar.gz - lint: - runs-on: ubuntu-20.04 - needs: gomod - steps: - - uses: actions/download-artifact@v3 - with: - name: src - - run: tar -xvf ./src.tar.gz - - run: make golint - test: - runs-on: ubuntu-20.04 - needs: [gomod, lint] - strategy: - fail-fast: false - matrix: - testSuite: [test, integration-test, helm-test] - steps: - - uses: actions/download-artifact@v3 - with: - name: src - - uses: helm/kind-action@v1.8.0 - - run: tar -xvf ./src.tar.gz - - run: | - make install-csi-hostpath-driver - make install-minio - if: matrix.testSuite == 'integration-test' || matrix.testSuite == 'helm-test' - # A test (CRDSuite) that runs as part of `make test` requies atleast one CRD to - # be present on the cluster. That's why we are only installing csi-hostpath-driver - # before running `make test`, to create some CRDs on the cluster. - - run: | - make install-csi-hostpath-driver - make install-minio - if: matrix.testSuite == 'test' - - run: make ${{ matrix.testSuite }} - build: - runs-on: ubuntu-20.04 - needs: [gomod, lint, test] - strategy: - matrix: - bin: [controller, kanctl, kando] - steps: - - uses: actions/download-artifact@v3 - with: - name: src - - run: tar -xvf ./src.tar.gz - - run: make build BIN=${{ matrix.bin }} GOBORING=true - docs: - runs-on: ubuntu-20.04 - needs: gomod - steps: - - uses: actions/download-artifact@v3 - with: - name: src - - run: tar -xvf ./src.tar.gz - - run: make docs - release: - runs-on: ubuntu-20.04 - needs: [test, build] - if: github.ref_name == 'master' || startsWith(github.ref, 'refs/tags') - permissions: - packages: write - steps: - - uses: actions/download-artifact@v3 - with: - name: src - - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - run: sudo rm -rf /usr/share/dotnet - - run: sudo rm -rf "$AGENT_TOOLSDIRECTORY" - - run: tar -xvf ./src.tar.gz - - run: make release-snapshot - - run: ./build/push_images.sh diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml deleted file mode 100644 index dff76ac8b34..00000000000 --- a/.github/workflows/stale.yaml +++ /dev/null @@ -1,27 +0,0 @@ -on: - schedule: - - cron: "0 0 * * *" -jobs: - stale: - runs-on: ubuntu-latest - permissions: - issues: write - pull-requests: write - steps: - - uses: actions/stale@v8 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - days-before-stale: 90 - days-before-close: 30 - close-issue-label: rotten - close-pr-label: rotten - stale-issue-label: stale - stale-pr-label: stale - exempt-issue-labels: frozen - exempt-pr-labels: frozen - close-issue-message: This issue is closed due to inactivity. Feel free to reopen it, if it's still relevant. - close-pr-message: This PR is closed due to inactivity. Feel free to reopen it, if it's still relevant. - stale-issue-message: This issue is marked as stale due to inactivity. Add a new comment to reactivate it. - stale-pr-message: This PR is marked as stale due to inactivity. Add a new comment to reactivate it. - remove-issue-stale-when-updated: true - remove-pr-stale-when-updated: true