From 655cd090e2995c8070a70b1e39e01a1ac3c27897 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 14:24:25 -0500 Subject: [PATCH 01/18] Add c program entrypoint --- src/arch_info.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 src/arch_info.c diff --git a/src/arch_info.c b/src/arch_info.c new file mode 100644 index 0000000..893b702 --- /dev/null +++ b/src/arch_info.c @@ -0,0 +1,29 @@ +#include + +int main() +{ +#if defined(__x86_64__) + printf("linux/amd64\n"); +#elif defined(__aarch64__) + printf("linux/arm64\n"); +#elif defined(__riscv) && (__riscv_xlen == 64) + printf("linux/riscv64\n"); +#elif defined(__PPC64__) || defined(__ppc64__) + printf("linux/ppc64le\n"); +#elif defined(__s390x__) + printf("linux/s390x\n"); +#elif defined(__i386__) + printf("linux/386\n"); +#elif defined(__mips64) && defined(__MIPSEL__) + printf("linux/mips64le\n"); +#elif defined(__mips64) + printf("linux/mips64\n"); +#elif defined(__arm__) && defined(__ARM_ARCH_7A__) + printf("linux/arm/v7\n"); +#elif defined(__arm__) && (defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6Z__) || defined(__ARM_ARCH_6ZK__) || defined(__ARM_ARCH_6T2__)) + printf("linux/arm/v6\n"); +#else + printf("Architecture: Unknown\n"); +#endif + return 0; +} From 6249c661e27378897aab0768adc82ea5c743a165 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 14:25:46 -0500 Subject: [PATCH 02/18] Add Dockerfile for cross-compilation and minimal output image --- Dockerfile | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..39a407d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,32 @@ +# Stage 1: Set up the cross-compilation environment +FROM --platform=$BUILDPLATFORM tonistiigi/xx:latest AS xx + +# Base image for the build +FROM --platform=$BUILDPLATFORM debian:bookworm AS build + +# Copy the xx scripts for setting up the cross-compilation environment +COPY --from=xx / / + +# Install build dependencies +RUN apt-get update && apt-get install -y \ + clang + +# Set up the working directory +WORKDIR /workspace + +# Copy the C source file into the image +COPY src/arch_info.c . + +# Compile the program for the target platform +ARG TARGETPLATFORM +RUN xx-apt install -y libc6-dev gcc +RUN xx-clang --static -o arch_info arch_info.c + +# Stage 2: Create the final minimal output image +FROM scratch + +# Copy the compiled binary from the build stage +COPY --from=build /workspace/arch_info / + +# Set the entry point to the compiled binary +ENTRYPOINT ["/arch_info"] From f3a27ad919a20d4683f902e5fd3625fc54e9748e Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 15:02:57 -0500 Subject: [PATCH 03/18] Add diagnostics workflow for runner and environment information --- .github/workflows/diagnostics.yml | 34 +++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/diagnostics.yml diff --git a/.github/workflows/diagnostics.yml b/.github/workflows/diagnostics.yml new file mode 100644 index 0000000..5416453 --- /dev/null +++ b/.github/workflows/diagnostics.yml @@ -0,0 +1,34 @@ +--- +name: "Diagnostics" + +# This workflow outputs diagnostic information about the runner and the environment + +on: + workflow_call: + +permissions: + contents: read + +jobs: + diagnostics: + name: "Diagnostics" + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # tag=v2.6.1 + with: + egress-policy: block + allowed-endpoints: > + azure.archive.ubuntu.com:443 + azure.archive.ubuntu.com:80 + packages.microsoft.com:443 + www.githubstatus.com:443 + + - name: Check GitHub Status + uses: crazy-max/ghaction-github-status@df4d23a4977438215339cf0fafceda8d9af8a0e5 # tag=v4.0.0 + with: + overall_threshold: major + packages_threshold: major_outage + + - name: Dump context + uses: crazy-max/ghaction-dump-context@8b55fa205ab4530d36f787a4de1009afaaa7f3b4 # tag=v2.1.0 From cf93bd30624d4a79c85a2b7c05678a188d18755f Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 15:04:06 -0500 Subject: [PATCH 04/18] Add CSV to JSON workflow --- .github/workflows/csv-to-json.yml | 34 +++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/csv-to-json.yml diff --git a/.github/workflows/csv-to-json.yml b/.github/workflows/csv-to-json.yml new file mode 100644 index 0000000..c1ec473 --- /dev/null +++ b/.github/workflows/csv-to-json.yml @@ -0,0 +1,34 @@ +--- +name: "CSV to JSON" + +# This workflow converts a comma-separated list of platforms to a JSON array. + +on: + workflow_call: + inputs: + csv: + description: "Comma-separated list" + required: true + type: string + outputs: + json: + description: "JSON array" + value: ${{ jobs.convert.outputs.json }} + +jobs: + convert: + name: "Convert platforms CSV to JSON" + runs-on: ubuntu-latest + outputs: + json: ${{ steps.csv-to-json.outputs.json }} + steps: + - name: Harden Runner + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # tag=v2.6.1 + with: + egress-policy: block + allowed-endpoints: > + + - name: Convert CSV to JSON + id: csv-to-json + run: | + echo "json=$(echo -n ${{ inputs.csv }} | jq --raw-input --compact-output 'split(",")')" >> $GITHUB_OUTPUT From 229cf5e2c62fa62c402ff30b4056274adf8ec269 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 15:05:18 -0500 Subject: [PATCH 05/18] Simplify configuration workflow --- .github/workflows/_config.yml | 43 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/.github/workflows/_config.yml b/.github/workflows/_config.yml index e5e62c8..bee2d63 100644 --- a/.github/workflows/_config.yml +++ b/.github/workflows/_config.yml @@ -3,27 +3,26 @@ name: "Config" on: workflow_call: + inputs: + platforms: + description: "The platforms to build (CSV)" + default: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x + required: false + type: string + outputs: + image_name: + description: "The Docker image name" + value: felddy/reusable-workflow + platforms_csv: + description: "The platforms to build (CSV)" + value: ${{ inputs.platforms }} + platforms_json: + description: "The platforms to build (JSON)" + value: ${{ jobs.csv-to-json.outputs.json }} jobs: - diagnostics: - name: "Diagnostics" - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # tag=v2.6.1 - with: - egress-policy: block - allowed-endpoints: > - azure.archive.ubuntu.com:443 - azure.archive.ubuntu.com:80 - packages.microsoft.com:443 - www.githubstatus.com:443 - - - name: Check GitHub Status - uses: crazy-max/ghaction-github-status@df4d23a4977438215339cf0fafceda8d9af8a0e5 # tag=v4.0.0 - with: - overall_threshold: major - packages_threshold: major_outage - - - name: Dump context - uses: crazy-max/ghaction-dump-context@8b55fa205ab4530d36f787a4de1009afaaa7f3b4 # tag=v2.1.0 + csv-to-json: + name: "Convert CSV to JSON" + uses: ./.github/workflows/csv-to-json.yml + with: + csv: ${{ inputs.platforms }} From f4f15c8cede3da2008e8bb740bfb249d4ed210ed Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 15:05:53 -0500 Subject: [PATCH 06/18] Add calls to diagnostics and metadata workflows --- .github/workflows/_build.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml index 70e1bcd..125cb5c 100644 --- a/.github/workflows/_build.yml +++ b/.github/workflows/_build.yml @@ -19,10 +19,21 @@ permissions: contents: read jobs: + diagnostics: + name: "Diagnostics" + uses: ./.github/workflows/diagnostics.yml + config: name: "Config" uses: ./.github/workflows/_config.yml + metadata: + name: "Metadata" + needs: [config] + uses: ./.github/workflows/docker-metadata.yml + with: + image_name: ${{ needs.config.outputs.image_name }} + lint: name: "Lint" needs: From 2d42dba0d7b58966b49123800f228fe0f87230e5 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 15:16:39 -0500 Subject: [PATCH 07/18] Add build-image-for-testing job to workflow --- .github/workflows/_build.yml | 14 ++++++++++++++ .github/workflows/_config.yml | 3 +++ 2 files changed, 17 insertions(+) diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml index 125cb5c..cd46fd8 100644 --- a/.github/workflows/_build.yml +++ b/.github/workflows/_build.yml @@ -39,3 +39,17 @@ jobs: needs: - config uses: ./.github/workflows/common-lint.yml + + build-image-for-testing: + name: "Build image for testing" + needs: + - config + - lint + - metadata + uses: ./.github/workflows/docker-build-image.yml + with: + cache_from_scopes: ${{ needs.config.outputs.test_platform }} + cache_to_scope: ${{ needs.config.outputs.test_platform }} + image_archive_name_stem: ${{ needs.config.outputs.test_platform }} + image_labels: ${{ needs.metadata.outputs.image_labels }} + platforms: ${{ needs.config.outputs.test_platform }} diff --git a/.github/workflows/_config.yml b/.github/workflows/_config.yml index bee2d63..a93e154 100644 --- a/.github/workflows/_config.yml +++ b/.github/workflows/_config.yml @@ -19,6 +19,9 @@ on: platforms_json: description: "The platforms to build (JSON)" value: ${{ jobs.csv-to-json.outputs.json }} + test_platform: + description: "The platform to use for testing" + value: linux/amd64 jobs: csv-to-json: From 203c32aab7d9e442eb0cf570eb1e734b9384f4f8 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 15:31:28 -0500 Subject: [PATCH 08/18] Add artifact name to configuration --- .github/workflows/_build.yml | 1 + .github/workflows/_config.yml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml index cd46fd8..479a32e 100644 --- a/.github/workflows/_build.yml +++ b/.github/workflows/_build.yml @@ -48,6 +48,7 @@ jobs: - metadata uses: ./.github/workflows/docker-build-image.yml with: + artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }} cache_from_scopes: ${{ needs.config.outputs.test_platform }} cache_to_scope: ${{ needs.config.outputs.test_platform }} image_archive_name_stem: ${{ needs.config.outputs.test_platform }} diff --git a/.github/workflows/_config.yml b/.github/workflows/_config.yml index a93e154..9df5953 100644 --- a/.github/workflows/_config.yml +++ b/.github/workflows/_config.yml @@ -10,6 +10,9 @@ on: required: false type: string outputs: + image_archive_artifact_name: + description: "The name of the image archives artifact" + value: image-archives image_name: description: "The Docker image name" value: felddy/reusable-workflow From 678851c6ca0fd9cfd1449ca2782255ecd6a85b50 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 16:09:39 -0500 Subject: [PATCH 09/18] Add new entries to .gitignore file --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 937e21d..b277fed 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,7 @@ ## Python ## __pycache__ .mypy_cache +.pytest_cache .python-version +*.egg-info +venv From a3df5cce3fc04c6fe6962608adb9ead96efc0c11 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 16:10:50 -0500 Subject: [PATCH 10/18] Add Python setup needed for testing --- requirements-dev.txt | 1 + requirements-test.txt | 3 +- requirements.txt | 3 +- setup.py | 86 +++++++++++++++++++++++++++++++++++++++++++ src/_version.py | 3 ++ 5 files changed, 92 insertions(+), 4 deletions(-) create mode 100644 setup.py create mode 100644 src/_version.py diff --git a/requirements-dev.txt b/requirements-dev.txt index d84ee68..cb51627 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,2 +1,3 @@ --requirement requirements-test.txt ipython +semver diff --git a/requirements-test.txt b/requirements-test.txt index 66f74db..a4af5aa 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,2 +1 @@ ---requirement requirements.txt -pre-commit +-e .[test] diff --git a/requirements.txt b/requirements.txt index 0a8547b..d6e1198 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1 @@ -setuptools -wheel +-e . diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..e457913 --- /dev/null +++ b/setup.py @@ -0,0 +1,86 @@ +""" +This is the setup module for the reusable-workflows project. + +Based on: + +- https://packaging.python.org/distributing/ +- https://github.com/pypa/sampleproject/blob/master/setup.py +- https://blog.ionelmc.ro/2014/05/25/python-packaging/#the-structure +""" + +# Standard Python Libraries +from glob import glob +from os.path import basename, splitext + +# Third-Party Libraries +from setuptools import find_packages, setup + + +def readme(): + """Read in and return the contents of the project's README.md file.""" + with open("README.md", encoding="utf-8") as f: + return f.read() + + +def package_vars(version_file): + """Read in and return the variables defined by the version_file.""" + pkg_vars = {} + with open(version_file) as f: + exec(f.read(), pkg_vars) # nosec + return pkg_vars + + +setup( + name="reusable-workflows", + # Versions should comply with PEP440 + version=package_vars("src/_version.py")["__version__"], + description="reusable workflows for GitHub Actions", + long_description=readme(), + long_description_content_type="text/markdown", + url="https://github.com/felddy", + # The project's main homepage + download_url="https://github.com/felddy/reusable-workflows", + # Author details + author="Mark Feldhousen", + author_email="markf@geekpad.com", + license="License :: OSI Approved :: MIT License", + # See https://pypi.python.org/pypi?%3Aaction=list_classifiers + classifiers=[ + "Development Status :: 5 - Production/Stable", + "Environment :: Other Environment", + "Intended Audience :: Developers", + "License :: OSI Approved :: MIT License", + "Natural Language :: English", + "Operating System :: POSIX", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", + "Topic :: Software Development :: Build Tools", + ], + python_requires=">=3.8", + # What does your project relate to? + keywords="workflows, github, actions, reusable, docker, pytest, pre-commit", + packages=find_packages(where="src"), + package_dir={"": "src"}, + py_modules=[splitext(basename(path))[0] for path in glob("src/*.py")], + install_requires=[ + "semver == 3.0.2", + "setuptools == 69.0.3", + "wheel == 0.42.0", + ], + extras_require={ + "test": [ + "coverage == 6.5.0", + "coveralls == 3.3.1", + "docker == 7.0.0", + "pre-commit == 3.6.0", + "pytest == 7.4.4", + "pytest-cov == 4.1.0", + "pytest-lazy-fixture == 0.6.3", + ] + }, +) diff --git a/src/_version.py b/src/_version.py new file mode 100644 index 0000000..40eaca0 --- /dev/null +++ b/src/_version.py @@ -0,0 +1,3 @@ +"""This file defines the version of this module.""" + +__version__ = "0.0.1" From 4ccd87a885d7186f4b80cf52f712a18750a388fd Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 16:12:59 -0500 Subject: [PATCH 11/18] Add pytest configuration and utilities Add tests for Docker container --- .bandit.yml | 2 +- pytest.ini | 8 +++++ tests/__init__.py | 1 + tests/conftest.py | 73 +++++++++++++++++++++++++++++++++++++++++ tests/container_test.py | 23 +++++++++++++ 5 files changed, 106 insertions(+), 1 deletion(-) create mode 100644 pytest.ini create mode 100644 tests/__init__.py create mode 100644 tests/conftest.py create mode 100644 tests/container_test.py diff --git a/.bandit.yml b/.bandit.yml index 8ba42d1..2b618f6 100644 --- a/.bandit.yml +++ b/.bandit.yml @@ -10,4 +10,4 @@ tests: # - B102 skips: -# - B101 # skip "assert used" check since assertions are required in pytests + - B101 # skip "assert used" check since assertions are required in pytests diff --git a/pytest.ini b/pytest.ini new file mode 100644 index 0000000..46eebb8 --- /dev/null +++ b/pytest.ini @@ -0,0 +1,8 @@ +[pytest] +addopts = --capture=no --color=yes --runslow --verbose -rA + +log_cli = true +log_cli_level = INFO + +markers = + slow: marks tests as slow (deselect with '-m "not slow"') diff --git a/tests/__init__.py b/tests/__init__.py new file mode 100644 index 0000000..778d900 --- /dev/null +++ b/tests/__init__.py @@ -0,0 +1 @@ +"""pytest configurations and utilities.""" diff --git a/tests/conftest.py b/tests/conftest.py new file mode 100644 index 0000000..092db6c --- /dev/null +++ b/tests/conftest.py @@ -0,0 +1,73 @@ +"""pytest configuration.""" + +# Standard Python Libraries +import os + +# Third-Party Libraries +import docker +import pytest + +MAIN_SERVICE_NAME = "main" + +client = docker.from_env() + + +@pytest.fixture(autouse=True) +def group_github_log_lines(request): + """Group log lines when running in GitHub actions.""" + # Group output from each test with workflow log groups + # https://help.github.com/en/actions/reference/workflow-commands-for-github-actions#grouping-log-lines + + if os.environ.get("GITHUB_ACTIONS") != "true": + # Not running in GitHub actions + yield + return + # Group using the current test name + print() + print(f"::group::{request.node.name}") + yield + print() + print("::endgroup::") + + +@pytest.fixture(scope="session") +def main_container(image_tag): + """Fixture for the main Foundry container.""" + container = client.containers.run( + image_tag, + detach=True, + environment={}, + name=MAIN_SERVICE_NAME, + ) + yield container + container.remove(force=True) + + +def pytest_addoption(parser): + """Add new commandline options to pytest.""" + parser.addoption( + "--runslow", action="store_true", default=False, help="run slow tests" + ) + parser.addoption( + "--image-tag", + action="store", + default="local/test-image:latest", + help="image tag to test", + ) + + +@pytest.fixture(scope="session") +def image_tag(request): + """Get the image tag to test.""" + return request.config.getoption("--image-tag") + + +def pytest_collection_modifyitems(config, items): + """Modify collected tests based on custom marks and commandline options.""" + if config.getoption("--runslow"): + # --runslow given in cli: do not skip slow tests + return + skip_slow = pytest.mark.skip(reason="need --runslow option to run") + for item in items: + if "slow" in item.keywords: + item.add_marker(skip_slow) diff --git a/tests/container_test.py b/tests/container_test.py new file mode 100644 index 0000000..04775a1 --- /dev/null +++ b/tests/container_test.py @@ -0,0 +1,23 @@ +#!/usr/bin/env pytest -vs +"""Tests for Docker container.""" + +# Standard Python Libraries +import time + + +def test_container_running(main_container): + """Test that the container has started.""" + # Wait until the container is running or timeout. + for _ in range(10): + main_container.reload() + if main_container.status != "created": + break + time.sleep(1) + assert main_container.status in ("exited", "running") + + +def test_wait_for_container_exit(main_container): + """Wait for version container to exit cleanly.""" + assert ( + main_container.wait()["StatusCode"] == 0 + ), "The container did not exit cleanly" From f5a41a9544d66d32a78233816dcc72ef4c276846 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 16:13:24 -0500 Subject: [PATCH 12/18] Add test-image job to build workflow --- .github/workflows/_build.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml index 479a32e..6b50180 100644 --- a/.github/workflows/_build.yml +++ b/.github/workflows/_build.yml @@ -54,3 +54,15 @@ jobs: image_archive_name_stem: ${{ needs.config.outputs.test_platform }} image_labels: ${{ needs.metadata.outputs.image_labels }} platforms: ${{ needs.config.outputs.test_platform }} + + test-image: + name: "Test image" + needs: + - build-image-for-testing + - config + uses: ./.github/workflows/docker-pytest-image.yml + with: + data_artifact_name: ${{ needs.config.outputs.data_artifact_name }} + data_artifact_path: ${{ needs.config.outputs.data_artifact_path }} + image_artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }} + image_archive_name: ${{ needs.build-image-for-testing.outputs.image_archive_name }} From b5e31569659bfaf86d6af852f73ecbb4ce287e2e Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 16:21:20 -0500 Subject: [PATCH 13/18] Remove unused data_artifact_path variable and add data_artifact_name output --- .github/workflows/_build.yml | 1 - .github/workflows/_config.yml | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml index 6b50180..5650d2a 100644 --- a/.github/workflows/_build.yml +++ b/.github/workflows/_build.yml @@ -63,6 +63,5 @@ jobs: uses: ./.github/workflows/docker-pytest-image.yml with: data_artifact_name: ${{ needs.config.outputs.data_artifact_name }} - data_artifact_path: ${{ needs.config.outputs.data_artifact_path }} image_artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }} image_archive_name: ${{ needs.build-image-for-testing.outputs.image_archive_name }} diff --git a/.github/workflows/_config.yml b/.github/workflows/_config.yml index 9df5953..ee24614 100644 --- a/.github/workflows/_config.yml +++ b/.github/workflows/_config.yml @@ -10,6 +10,9 @@ on: required: false type: string outputs: + data_artifact_name: + description: "The name of the test data artifact" + value: test-output image_archive_artifact_name: description: "The name of the image archives artifact" value: image-archives From a8ab8b46ae2f962f1a36bb2721c5ea36689b0294 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 16:28:15 -0500 Subject: [PATCH 14/18] Add data directory creation and permission setup --- .github/workflows/docker-pytest-image.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-pytest-image.yml b/.github/workflows/docker-pytest-image.yml index 454e69e..a4df1d8 100644 --- a/.github/workflows/docker-pytest-image.yml +++ b/.github/workflows/docker-pytest-image.yml @@ -149,8 +149,9 @@ jobs: # Tag the image with the a test tag docker tag "${image_id}" "${{ env.TEST_IMAGE_TAG }}" - - name: Set data directory permissions + - name: Ensure data directory exists run: | + mkdir -p ${{ inputs.data_artifact_path }} chmod a+rwx ${{ inputs.data_artifact_path }} - name: Run tests From 209ff537d0f48e8cf094efd9738c309a29287e9d Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 16:34:21 -0500 Subject: [PATCH 15/18] Add build-each-platform job to build different platforms --- .github/workflows/_build.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml index 5650d2a..98e5e72 100644 --- a/.github/workflows/_build.yml +++ b/.github/workflows/_build.yml @@ -65,3 +65,25 @@ jobs: data_artifact_name: ${{ needs.config.outputs.data_artifact_name }} image_artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }} image_archive_name: ${{ needs.build-image-for-testing.outputs.image_archive_name }} + + build-each-platform: + name: "Build platform" + needs: + - config + - lint + - metadata + - test-image + if: github.event_name != 'pull_request' + strategy: + matrix: + platform: ${{ fromJson(needs.config.outputs.platforms_json) }} + exclude: + - platform: ${{ needs.config.outputs.test_platform }} + uses: ./.github/workflows/docker-build-image.yml + with: + artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }} + cache_from_scopes: ${{ matrix.platform }} + cache_to_scope: ${{ matrix.platform }} + image_labels: ${{ needs.metadata.outputs.image_labels }} + image_archive_name_stem: ${{ matrix.platform }} + platforms: ${{ matrix.platform }} From a4abb30557ade2418945c784922173b32b23bf75 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 16:36:08 -0500 Subject: [PATCH 16/18] Remove unnecessary dependency in lint job --- .github/workflows/_build.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml index 98e5e72..e8d60d6 100644 --- a/.github/workflows/_build.yml +++ b/.github/workflows/_build.yml @@ -36,8 +36,6 @@ jobs: lint: name: "Lint" - needs: - - config uses: ./.github/workflows/common-lint.yml build-image-for-testing: From 5fa16058d87dcb1979bcb4994c1c60157df16014 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 16:40:44 -0500 Subject: [PATCH 17/18] Add generate-sboms job to build workflow --- .github/workflows/_build.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml index e8d60d6..33f08a3 100644 --- a/.github/workflows/_build.yml +++ b/.github/workflows/_build.yml @@ -85,3 +85,14 @@ jobs: image_labels: ${{ needs.metadata.outputs.image_labels }} image_archive_name_stem: ${{ matrix.platform }} platforms: ${{ matrix.platform }} + + generate-sboms: + name: "Bill of Materials" + needs: + - build-each-platform + - config + permissions: + contents: write + uses: ./.github/workflows/sbom-artifact.yml + with: + image_artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }} From bdedb03e0a2f94aed5c8fa6d5359a97de4b5f263 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 17 Jan 2024 18:13:04 -0500 Subject: [PATCH 18/18] Add Docker secrets and publish image and docs workflows --- .github/workflows/_build.yml | 55 ++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml index 33f08a3..a907d16 100644 --- a/.github/workflows/_build.yml +++ b/.github/workflows/_build.yml @@ -96,3 +96,58 @@ jobs: uses: ./.github/workflows/sbom-artifact.yml with: image_artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }} + + docker-secrets: + name: "Docker secrets" + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # tag=v2.6.1 + with: + egress-policy: block + + - name: Check docker.com credentials + run: | + return_code=0 + if [ -z "${{ secrets.DOCKER_USERNAME }}" ]; then + echo "::warning::Set the DOCKER_USERNAME secret." + return_code=1 + fi + if [ -z "${{ secrets.DOCKER_PASSWORD }}" ]; then + echo "::warning::Set the DOCKER_PASSWORD secret." + return_code=1 + fi + exit $return_code + + build-multi-arch-image: + name: "Publish image" + needs: + - build-each-platform + - config + - docker-secrets + - metadata + if: github.event_name != 'pull_request' + permissions: + packages: write + uses: ./.github/workflows/docker-multi-arch-push.yml + with: + artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }} + image_tags: ${{ needs.metadata.outputs.image_tags }} + secrets: + docker_password: ${{ secrets.DOCKER_PASSWORD }} + docker_username: ${{ secrets.DOCKER_USERNAME }} + + publish-readme: + name: "Publish docs" + needs: + - build-multi-arch-image + - config + - docker-secrets + - metadata + if: needs.metadata.outputs.latest == 'true' + uses: ./.github/workflows/docker-publish-description.yml + with: + image_name: ${{ needs.config.outputs.image_name }} + secrets: + docker_password: ${{ secrets.DOCKER_PASSWORD }} + docker_username: ${{ secrets.DOCKER_USERNAME }}