Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cherry pick image builder #1019

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 26 additions & 28 deletions .github/workflows/create-release.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
name: "Create release"

permissions:
id-token: write # This is required for requesting the JWT token
contents: read # This is required for actions/checkouts

on:
workflow_dispatch:
inputs:
Expand All @@ -16,7 +20,6 @@ jobs:
check-prerequisites:
name: Check release prerequisites
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4
Expand All @@ -40,11 +43,31 @@ jobs:
exit 1
fi

build-image:
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: istio-manager
dockerfile: Dockerfile
context: .
build-args: |
VERSION=${{ github.event.inputs.name }}
tags: "${{ github.event.inputs.name }}"

build-image-experimental:
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: istio-manager
dockerfile: Dockerfile
context: .
build-args: |
VERSION=${{ github.event.inputs.name }}-experimental
GO_BUILD_TAGS=experimental
tags: "${{ github.event.inputs.name }}-experimental"

create-draft:
name: Create draft release
runs-on: ubuntu-latest
needs: [check-prerequisites]

needs: [check-prerequisites, build-image, build-image-experimental]
steps:
- name: Checkout code
uses: actions/checkout@v4
Expand Down Expand Up @@ -84,31 +107,6 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 0

- uses: autotelic/action-wait-for-status-check@6556cf50c8fb6608412945382eae73581f56cbb4
name: Build image
id: wait-for-build
with:
token: ${{ secrets.GITHUB_TOKEN }}
statusName: "rel-istio-build"
intervalSeconds: "30"
timeoutSeconds: "1800"
- name: Check that module build status is success
if: steps.wait-for-build.outputs.state != 'success'
run: exit 1

- uses: autotelic/action-wait-for-status-check@6556cf50c8fb6608412945382eae73581f56cbb4
name: Verify build of experimental image
id: wait-for-experimental-build
with:
token: ${{ secrets.GITHUB_TOKEN }}
statusName: "rel-istio-experimental-build"
intervalSeconds: "30"
timeoutSeconds: "300"
- name: Check that experimental module build status is success
if: steps.wait-for-experimental-build.outputs.state != 'success'
run: exit 1

- name: Publish release assets
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
142 changes: 142 additions & 0 deletions .github/workflows/pull-integration-gardener-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
# This workflow is responsible for all kinds of integration tests run on pull request to release branch.
# Those tests depend on a container image, so in the first job we wait for the image build to succeed.

name: PR-release Integration Gardener

on:
# pull_request_target runs workflows from the base of PR
# It allows the workflow to get the repository secrets
pull_request_target:
types: [ synchronize, opened, reopened, ready_for_review ]
branches:
- 'release-**'

jobs:
filter-changes:
name: List relevant VCS changes
outputs:
check: ${{ steps.changed-files.outputs.any_modified }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275
id: changed-files
with:
files_ignore: |
docs/**
**/*.md
OWNERS
CODEOWNERS
sec-scanners-config.yaml
.github/**
.**
- name: List all changed files
run: echo '${{ steps.changed-files.outputs.all_changed_files }}'

build-image:
name: Build manager image
needs: [ filter-changes ]
if: ${{ github.event.pull_request.draft == false && needs.filter-changes.outputs.check == 'true' }}
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: istio-manager
dockerfile: Dockerfile
context: .
build-args: |
VERSION=PR-${{ github.event.pull_request.head.sha }}

istio-integration-gcp:
name: Istio integration test GCP
runs-on: ubuntu-latest
needs: [build-image]
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- run: ./tests/integration/scripts/gardener-kubeconfig.sh
shell: bash
env:
GARDENER_TOKEN: ${{ secrets.GARDENER_TOKEN }}
- uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- run: make gardener-istio-integration-test
shell: bash
env:
IMG: "europe-docker.pkg.dev/kyma-project/dev/istio-manager:PR-${{github.event.number}}"
GARDENER_KUBECONFIG: "/home/runner/work/istio/istio/gardener_kubeconfig.yaml"
GARDENER_PROJECT_NAME: "goats"
GARDENER_PROVIDER_SECRET_NAME: "goat"
GARDENER_PROVIDER: "gcp"
GARDENER_REGION: "europe-west3"
GARDENER_CLUSTER_VERSION: "1.29.7"
MACHINE_TYPE: "n2-standard-4"
DISK_SIZE: 50
DISK_TYPE: "pd-standard"
SCALER_MAX: 20
SCALER_MIN: 3

istio-integration-aws-specific:
name: Istio integration test AWS specific
runs-on: ubuntu-latest
needs: [build-image]
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- run: ./tests/integration/scripts/gardener-kubeconfig.sh
shell: bash
env:
GARDENER_TOKEN: ${{ secrets.GARDENER_TOKEN }}
- uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- run: make gardener-aws-integration-test
shell: bash
env:
IMG: "europe-docker.pkg.dev/kyma-project/dev/istio-manager:PR-${{github.event.number}}"
GARDENER_KUBECONFIG: "/home/runner/work/istio/istio/gardener_kubeconfig.yaml"
GARDENER_PROJECT_NAME: "goats"
GARDENER_PROVIDER_SECRET_NAME: "aws-gardener-access"
GARDENER_PROVIDER: "aws"
GARDENER_CLUSTER_VERSION: "1.29.7"
GARDENER_REGION: "eu-west-1"
MACHINE_TYPE: "m5.xlarge"
DISK_SIZE: 50
DISK_TYPE: "gp2"
SCALER_MAX: 3
SCALER_MIN: 1

istio-integration-gcp-specific:
name: Istio integration test GCP specific
runs-on: ubuntu-latest
needs: [build-image]
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- run: ./tests/integration/scripts/gardener-kubeconfig.sh
shell: bash
env:
GARDENER_TOKEN: ${{ secrets.GARDENER_TOKEN }}
- uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- run: make gardener-gcp-integration-test
shell: bash
env:
IMG: "europe-docker.pkg.dev/kyma-project/dev/istio-manager:PR-${{github.event.number}}"
GARDENER_KUBECONFIG: "/home/runner/work/istio/istio/gardener_kubeconfig.yaml"
GARDENER_PROJECT_NAME: "goats"
GARDENER_PROVIDER_SECRET_NAME: "goat"
GARDENER_PROVIDER: "gcp"
GARDENER_REGION: "europe-west3"
GARDENER_CLUSTER_VERSION: "1.29.7"
MACHINE_TYPE: "n2-standard-4"
DISK_SIZE: 50
DISK_TYPE: "pd-standard"
SCALER_MAX: 20
SCALER_MIN: 3
1 change: 0 additions & 1 deletion .github/workflows/pull-integration-gardener.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ on:
pull_request_target:
types: [ synchronize, opened, reopened, ready_for_review ]
branches:
- 'release-**'
- 'main'

jobs:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/verify-commit-pins.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,4 @@ jobs:
actions/checkout
actions/setup-go
actions/upload-artifact
kyma-project/test-infra
6 changes: 3 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ ARG TARGETARCH
ARG GO_BUILD_TAGS
ARG VERSION=dev

WORKDIR /workspace
WORKDIR /istio-build
# Copy the Go Modules manifests
COPY go.mod go.mod
COPY go.sum go.sum
Expand Down Expand Up @@ -33,8 +33,8 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH:-amd64} go build -
# Refer to https://github.com/GoogleContainerTools/distroless for more details
FROM gcr.io/distroless/static:nonroot
WORKDIR /
COPY --from=builder /workspace/manager .
COPY --from=builder /workspace/istio_install .
COPY --from=builder /istio-build/manager .
COPY --from=builder /istio-build/istio_install .

USER 65532:65532

Expand Down
Loading