diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index a5de10d..0000000 --- a/.drone.yml +++ /dev/null @@ -1,114 +0,0 @@ -kind: pipeline -name: default -type: kubernetes - -steps: - - name: setup-ci - image: autonomy/build-container:latest - commands: - - git fetch --tags - - install-ci-key - - setup-buildx-amd64-arm64 - environment: - SSH_KEY: - from_secret: ssh_key - DOCKER_CLI_EXPERIMENTAL: enabled - resources: - requests: - cpu: 24000 - memory: 48GiB - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: build-pull-request - image: autonomy/build-container:latest - pull: always - environment: - DOCKER_CLI_EXPERIMENTAL: enabled - commands: - - make - when: - event: - include: - - pull_request - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: build-and-publish - image: autonomy/build-container:latest - pull: always - environment: - GHCR_USERNAME: - from_secret: ghcr_username - GHCR_PASSWORD: - from_secret: ghcr_token - commands: - - docker login ghcr.io --username "$${GHCR_USERNAME}" --password "$${GHCR_PASSWORD}" - - make PUSH=true - when: - event: - exclude: - - pull_request - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - -trigger: - branch: - exclude: - - renovate/* - - dependabot/* - -volumes: - - name: docker-socket - host: - path: /var/ci-docker - - name: docker - temp: {} - - name: ssh - temp: {} ---- -kind: pipeline -type: kubernetes -name: notify - -clone: - disable: true - -steps: - - name: slack - image: plugins/slack - settings: - webhook: - from_secret: slack_webhook - channel: proj-talos-maintainers - when: - status: - - success - - failure - -trigger: - branch: - exclude: - - renovate/* - - dependabot/* - status: - - success - - failure - -depends_on: - - default diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..b53247c --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,101 @@ +name: default +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +on: + push: + branches: + - main + - release-* + tags: + - v* + pull_request: + branches: + - main + - release-* +jobs: + default: + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) + permissions: + contents: read + packages: write + runs-on: + - self-hosted + - pkgs + outputs: + labels: ${{ steps.workflow-run-info.outputs.pullRequestLabels }} + services: + buildkitd: + image: moby/buildkit:buildx-stable-1 + ports: + - 1234:1234 + options: --privileged + volumes: + - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit + - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml + steps: + - name: checkout + uses: actions/checkout@v3 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://localhost:1234 + append: | + - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 + platforms: linux/arm64 + - name: build + run: | + make + - name: Login to registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + username: ${{ github.repository_owner }} + - name: Push to registry + if: github.event_name != 'pull_request' + run: | + make PUSH=true + - name: Retrieve workflow info + id: workflow-run-info + uses: potiuk/get-workflow-origin@v1_5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + reproducibility: + runs-on: + - self-hosted + - pkgs + if: contains(needs.default.outputs.labels, 'integration/reproducibility') + needs: + - default + services: + buildkitd: + image: moby/buildkit:buildx-stable-1 + ports: + - 1234:1234 + options: --privileged + volumes: + - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit + - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml + steps: + - name: checkout + uses: actions/checkout@v3 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://localhost:1234 + append: | + - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 + platforms: linux/arm64 + - name: reproducibility + run: | + make reproducibility-test diff --git a/.github/workflows/cron.yaml b/.github/workflows/cron.yaml new file mode 100644 index 0000000..66aefcd --- /dev/null +++ b/.github/workflows/cron.yaml @@ -0,0 +1,38 @@ +name: weekly +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +on: + schedule: + - cron: '30 1 * * 1' +jobs: + reproducibility: + runs-on: + - self-hosted + - pkgs + services: + buildkitd: + image: moby/buildkit:buildx-stable-1 + ports: + - 1234:1234 + options: --privileged + volumes: + - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit + - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml + steps: + - name: checkout + uses: actions/checkout@v3 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://localhost:1234 + append: | + - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 + platforms: linux/arm64 + - name: reproducibility + run: | + make reproducibility-test diff --git a/.github/workflows/slack-notify.yaml b/.github/workflows/slack-notify.yaml new file mode 100644 index 0000000..3d28228 --- /dev/null +++ b/.github/workflows/slack-notify.yaml @@ -0,0 +1,88 @@ +name: slack-notify +"on": + workflow_run: + workflows: + - default + - weekly + - integration + types: + - completed +jobs: + slack-notify: + runs-on: + - self-hosted + if: ${{ github.event.workflow_run.conclusion != 'skipped' }} + steps: + - name: Retrieve Workflow Run Info + id: retrieve-workflow-run-info + uses: potiuk/get-workflow-origin@v1_5 + with: + sourceRunId: ${{ github.event.workflow_run.id }} + token: ${{ secrets.GITHUB_TOKEN }} + - name: Slack Notify + uses: slackapi/slack-github-action@v1 + with: + channel-id: proj-talos-maintainers + payload: | + { + "attachments": [ + { + "color": "${{ github.event.workflow_run.conclusion == 'success' && '#2EB886' || github.event.workflow_run.conclusion == 'failure' && '#A30002' || '#FFCC00' }}", + "fallback": "test", + "blocks": [ + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "${{ github.event.workflow_run.event == 'pull_request' && format('*Pull Request:* {0} (`{1}`)\n<{2}/pull/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, steps.retrieve-workflow-run-info.outputs.pullRequestNumber, github.event.workflow_run.display_title) || format('*Build:* {0}#{1} (`{2}`)', github.repository, github.sha, github.ref_name) }}" + }, + { + "type": "mrkdwn", + "text": "*Status:*\n`${{ github.event.workflow_run.conclusion }}`" + } + ] + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Author:*\n`${{ github.actor }}`" + }, + { + "type": "mrkdwn", + "text": "*Event:*\n`${{ github.event.workflow_run.event }}`" + } + ] + }, + { + "type": "divider" + }, + { + "type": "actions", + "elements": [ + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Logs" + }, + "url": "${{ github.event.workflow_run.html_url }}" + }, + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Commit" + }, + "url": "${{ github.event.repository.html_url }}/commit/${{ github.sha }}" + } + ] + } + ] + } + ] + } + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/Makefile b/Makefile index 43e0923..1b928bd 100644 --- a/Makefile +++ b/Makefile @@ -40,6 +40,17 @@ local-%: ## Builds the specified target defined in the Dockerfile using the loca @$(MAKE) target-$* TARGET_ARGS="--output=type=local,dest=$(DEST) $(TARGET_ARGS)" @PLATFORM=$(PLATFORM) +reproducibility-test: + @$(MAKE) reproducibility-test-local-reproducibility + +reproducibility-test-local-%: ## Builds the specified target defined in the Pkgfile using the local output type. The build result will be output to the specified local destination. + @rm -rf _out1/ _out2/ + @$(MAKE) local-$* DEST=_out1 + @$(MAKE) local-$* DEST=_out2 TARGET_ARGS="--no-cache" + @touch -ch -t $$(date -d @$(SOURCE_DATE_EPOCH) +%Y%m%d0000) _out1 _out2 + @diffoscope _out1 _out2 + @rm -rf _out1/ _out2/ + target-%: ## Builds the specified target defined in the Dockerfile. The build result will only remain in the build cache. @$(BUILD) \ --target=$* \ diff --git a/reproducibility/pkg.yaml b/reproducibility/pkg.yaml new file mode 100644 index 0000000..b90684f --- /dev/null +++ b/reproducibility/pkg.yaml @@ -0,0 +1,10 @@ +name: reproducibility +variant: scratch +dependencies: + # base is not needed since it's toolchain modified with a local musl build, we're only interested in the reproducibility of files that go into talos + # - stage: base + - stage: install-cni + - stage: talosctl-cni-bundle-install +finalize: + - from: / + to: /