diff --git a/.github/labeler.yml b/.github/labeler.yml index e98f315a01..d94f9641d9 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -66,7 +66,6 @@ area/tools/cli/loadtest: - cmd/tools/cli/loadtest/**/* - pkg/tools/cli/loadtest/**/* - area/internal: - internal/**/* diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index b6b2eb4b39..ec4a14731c 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -1,4 +1,4 @@ -name: 'Upload artifacts to release' +name: "Upload artifacts to release" on: release: types: diff --git a/.github/workflows/build-protobuf.yml b/.github/workflows/build-protobuf.yml index 9436e22a93..3a7f232578 100755 --- a/.github/workflows/build-protobuf.yml +++ b/.github/workflows/build-protobuf.yml @@ -5,11 +5,11 @@ on: - master paths: - "apis/proto/**" - - 'versions/GO_VERSION' + - "versions/GO_VERSION" pull_request: paths: - "apis/proto/**" - - 'versions/GO_VERSION' + - "versions/GO_VERSION" jobs: build: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9f794dd0d4..1140e8e5aa 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -5,16 +5,16 @@ on: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" pull_request: paths: - - '.github/workflows/codeql-analysis.yml' - - '**.go' + - ".github/workflows/codeql-analysis.yml" + - "**.go" schedule: - - cron: '0 1 * * *' + - cron: "0 1 * * *" jobs: CodeQL-Build: diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 05e6a8ecc5..5d8527aa5a 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -1,19 +1,19 @@ -name: 'Coverage' +name: "Coverage" on: push: branches: - master paths: - - '.github/workflows/coverage.yml' - - 'internal/**' - - 'pkg/**' - - 'cmd/**' + - ".github/workflows/coverage.yml" + - "internal/**" + - "pkg/**" + - "cmd/**" pull_request: paths: - - '.github/workflows/coverage.yml' - - 'internal/**' - - 'pkg/**' - - 'cmd/**' + - ".github/workflows/coverage.yml" + - "internal/**" + - "pkg/**" + - "cmd/**" jobs: coverage: diff --git a/.github/workflows/detect-internal-config-changes.yml b/.github/workflows/detect-internal-config-changes.yml index 97a2da6936..1aa7fea303 100644 --- a/.github/workflows/detect-internal-config-changes.yml +++ b/.github/workflows/detect-internal-config-changes.yml @@ -1,9 +1,9 @@ -name: 'Detect internal config changes' +name: "Detect internal config changes" on: pull_request: paths: - - 'internal/config/**' - - '!internal/config/**/*_test.go' + - "internal/config/**" + - "!internal/config/**/*_test.go" jobs: warning: diff --git a/.github/workflows/dockers-agent-ngt-image.yml b/.github/workflows/dockers-agent-ngt-image.yml index f1825a6a72..45ad326a47 100755 --- a/.github/workflows/dockers-agent-ngt-image.yml +++ b/.github/workflows/dockers-agent-ngt-image.yml @@ -1,160 +1,149 @@ -name: 'Build docker image: agent-ngt' +name: "Build docker image: agent-ngt" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/agent/core/ngt/**' - - 'cmd/agent/core/ngt/**' - - 'dockers/base/Dockerfile' - - 'dockers/agent/core/ngt/Dockerfile' - - 'versions/GO_VERSION' - - 'versions/NGT_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/agent/core/ngt/**" + - "cmd/agent/core/ngt/**" + - "dockers/base/Dockerfile" + - "dockers/agent/core/ngt/Dockerfile" + - "versions/GO_VERSION" + - "versions/NGT_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/agent/core/ngt/**' - - 'cmd/agent/core/ngt/**' - - 'dockers/base/Dockerfile' - - 'dockers/agent/core/ngt/Dockerfile' - - 'versions/GO_VERSION' - - 'versions/NGT_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/agent/core/ngt/**" + - "cmd/agent/core/ngt/**" + - "dockers/base/Dockerfile" + - "dockers/agent/core/ngt/Dockerfile" + - "versions/GO_VERSION" + - "versions/NGT_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-agent-ngt-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-agent-ngt- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/agent-ngt` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/agent-ngt - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/agent-ngt - env: - DOCKER_BUILDKIT: 1 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-agent-ngt-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-agent-ngt- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/agent-ngt` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/agent-ngt + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/agent-ngt + env: + DOCKER_BUILDKIT: 1 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/dockers-agent-sidecar-image.yml b/.github/workflows/dockers-agent-sidecar-image.yml index 4839d97b11..03a32e0565 100644 --- a/.github/workflows/dockers-agent-sidecar-image.yml +++ b/.github/workflows/dockers-agent-sidecar-image.yml @@ -1,160 +1,149 @@ -name: 'Build docker image: agent-sidecar' +name: "Build docker image: agent-sidecar" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'internal/db/storage/blob/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/agent/sidecar/**' - - 'cmd/agent/sidecar/**' - - 'dockers/base/Dockerfile' - - 'dockers/agent/sidecar/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "internal/db/storage/blob/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/agent/sidecar/**" + - "cmd/agent/sidecar/**" + - "dockers/base/Dockerfile" + - "dockers/agent/sidecar/Dockerfile" + - "versions/GO_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'internal/db/storage/blob/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/agent/sidecar/**' - - 'cmd/agent/sidecar/**' - - 'dockers/base/Dockerfile' - - 'dockers/agent/sidecar/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "internal/db/storage/blob/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/agent/sidecar/**" + - "cmd/agent/sidecar/**" + - "dockers/base/Dockerfile" + - "dockers/agent/sidecar/Dockerfile" + - "versions/GO_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-agent-sidecar-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-agent-sidecar- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/agent-sidecar` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/agent-sidecar - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/agent-sidecar - env: - DOCKER_BUILDKIT: 1 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-agent-sidecar-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-agent-sidecar- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/agent-sidecar` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/agent-sidecar + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/agent-sidecar + env: + DOCKER_BUILDKIT: 1 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/dockers-backup-manager-cassandra-image.yml b/.github/workflows/dockers-backup-manager-cassandra-image.yml index 4975de13fa..d3c85e8c15 100644 --- a/.github/workflows/dockers-backup-manager-cassandra-image.yml +++ b/.github/workflows/dockers-backup-manager-cassandra-image.yml @@ -1,162 +1,151 @@ -name: 'Build docker image: backup-manager-cassandra' +name: "Build docker image: backup-manager-cassandra" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'internal/db/nosql/cassandra/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/manager/backup/cassandra/**' - - 'cmd/manager/backup/cassandra/**' - - 'dockers/base/Dockerfile' - - 'dockers/manager/backup/cassandra/Dockerfile' - - 'versions/GO_VERSION' - - 'versions/NGT_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "internal/db/nosql/cassandra/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/manager/backup/cassandra/**" + - "cmd/manager/backup/cassandra/**" + - "dockers/base/Dockerfile" + - "dockers/manager/backup/cassandra/Dockerfile" + - "versions/GO_VERSION" + - "versions/NGT_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'internal/db/nosql/cassandra/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/manager/backup/cassandra/**' - - 'cmd/manager/backup/cassandra/**' - - 'dockers/base/Dockerfile' - - 'dockers/manager/backup/cassandra/Dockerfile' - - 'versions/GO_VERSION' - - 'versions/NGT_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "internal/db/nosql/cassandra/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/manager/backup/cassandra/**" + - "cmd/manager/backup/cassandra/**" + - "dockers/base/Dockerfile" + - "dockers/manager/backup/cassandra/Dockerfile" + - "versions/GO_VERSION" + - "versions/NGT_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-manager-backup-cassandra-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-manager-backup-cassandra- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/backup-manager-cassandra` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/backup-manager-cassandra - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/backup-manager-cassandra - env: - DOCKER_BUILDKIT: 1 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-manager-backup-cassandra-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-manager-backup-cassandra- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/backup-manager-cassandra` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/backup-manager-cassandra + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/backup-manager-cassandra + env: + DOCKER_BUILDKIT: 1 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/dockers-backup-manager-mysql-image.yml b/.github/workflows/dockers-backup-manager-mysql-image.yml index 14d5cd80c7..85fc111aba 100644 --- a/.github/workflows/dockers-backup-manager-mysql-image.yml +++ b/.github/workflows/dockers-backup-manager-mysql-image.yml @@ -1,160 +1,149 @@ -name: 'Build docker image: backup-manager-mysql' +name: "Build docker image: backup-manager-mysql" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'internal/db/rdb/mysql/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/manager/backup/mysql/**' - - 'cmd/manager/backup/mysql/**' - - 'dockers/base/Dockerfile' - - 'dockers/manager/backup/mysql/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "internal/db/rdb/mysql/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/manager/backup/mysql/**" + - "cmd/manager/backup/mysql/**" + - "dockers/base/Dockerfile" + - "dockers/manager/backup/mysql/Dockerfile" + - "versions/GO_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'internal/db/rdb/mysql/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/manager/backup/mysql/**' - - 'cmd/manager/backup/mysql/**' - - 'dockers/base/Dockerfile' - - 'dockers/manager/backup/mysql/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "internal/db/rdb/mysql/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/manager/backup/mysql/**" + - "cmd/manager/backup/mysql/**" + - "dockers/base/Dockerfile" + - "dockers/manager/backup/mysql/Dockerfile" + - "versions/GO_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-manager-backup-mysql-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-manager-backup-mysql- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/backup-manager-mysql` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/backup-manager-mysql - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/backup-manager-mysql - env: - DOCKER_BUILDKIT: 1 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-manager-backup-mysql-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-manager-backup-mysql- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/backup-manager-mysql` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/backup-manager-mysql + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/backup-manager-mysql + env: + DOCKER_BUILDKIT: 1 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/dockers-base-image.yml b/.github/workflows/dockers-base-image.yml index 2b0103c645..839ddd0b31 100755 --- a/.github/workflows/dockers-base-image.yml +++ b/.github/workflows/dockers-base-image.yml @@ -1,93 +1,93 @@ -name: 'Build docker image: base' +name: "Build docker image: base" on: push: branches: - master paths: - - 'go.mod' - - 'go.sum' - - 'dockers/base/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "dockers/base/Dockerfile" + - "versions/GO_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'dockers/base/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "dockers/base/Dockerfile" + - "versions/GO_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/base` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS_BASE="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/base - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS_BASE="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/base - env: - DOCKER_BUILDKIT: 1 - PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-base- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/base` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/base + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/base + env: + DOCKER_BUILDKIT: 1 + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" diff --git a/.github/workflows/dockers-ci-container-image.yml b/.github/workflows/dockers-ci-container-image.yml index 4d08abeec5..0581f1d86c 100644 --- a/.github/workflows/dockers-ci-container-image.yml +++ b/.github/workflows/dockers-ci-container-image.yml @@ -1,102 +1,89 @@ -name: 'Build docker image: ci-container' +name: "Build docker image: ci-container" on: push: branches: - master paths: - - 'dockers/ci/**' - - 'versions/GO_VERSION' - - 'versions/NGT_VERSION' + - "dockers/ci/**" + - "versions/GO_VERSION" + - "versions/NGT_VERSION" pull_request: paths: - - 'dockers/ci/**' - - 'versions/GO_VERSION' - - 'versions/NGT_VERSION' + - "dockers/ci/**" + - "versions/GO_VERSION" + - "versions/NGT_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-ci-container-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-ci-container- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/ci-container` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/ci-container - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/ci-container - env: - DOCKER_BUILDKIT: 1 - PLATFORMS: linux/amd64 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-ci-container-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-ci-container- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/ci-container` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/ci-container + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/ci-container + env: + DOCKER_BUILDKIT: 1 + PLATFORMS: linux/amd64 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" diff --git a/.github/workflows/dockers-dev-container-image.yml b/.github/workflows/dockers-dev-container-image.yml index 140a3364c6..819139bec7 100644 --- a/.github/workflows/dockers-dev-container-image.yml +++ b/.github/workflows/dockers-dev-container-image.yml @@ -1,102 +1,89 @@ -name: 'Build docker image: dev-container' +name: "Build docker image: dev-container" on: push: branches: - master paths: - - 'dockers/ci/**' - - 'dockers/dev/**' + - "dockers/ci/**" + - "dockers/dev/**" pull_request: paths: - - 'dockers/ci/**' - - 'dockers/dev/**' + - "dockers/ci/**" + - "dockers/dev/**" schedule: - - cron: '0 1 * * *' + - cron: "0 1 * * *" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-dev-container-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-dev-container- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/dev-container` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/dev-container - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/dev-container - env: - DOCKER_BUILDKIT: 1 - PLATFORMS: linux/amd64 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-dev-container-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-dev-container- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/dev-container` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/dev-container + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/dev-container + env: + DOCKER_BUILDKIT: 1 + PLATFORMS: linux/amd64 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" diff --git a/.github/workflows/dockers-discoverer-k8s-image.yml b/.github/workflows/dockers-discoverer-k8s-image.yml index 99fa4ccd1b..9fe2cbc63f 100755 --- a/.github/workflows/dockers-discoverer-k8s-image.yml +++ b/.github/workflows/dockers-discoverer-k8s-image.yml @@ -1,156 +1,145 @@ -name: 'Build docker image: discoverer-k8s' +name: "Build docker image: discoverer-k8s" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'apis/grpc/**' - - 'pkg/discoverer/k8s/**' - - 'cmd/discoverer/k8s/**' - - 'dockers/base/Dockerfile' - - 'dockers/discoverer/k8s/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "apis/grpc/**" + - "pkg/discoverer/k8s/**" + - "cmd/discoverer/k8s/**" + - "dockers/base/Dockerfile" + - "dockers/discoverer/k8s/Dockerfile" + - "versions/GO_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'apis/grpc/**' - - 'pkg/discoverer/k8s/**' - - 'cmd/discoverer/k8s/**' - - 'dockers/base/Dockerfile' - - 'dockers/discoverer/k8s/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "apis/grpc/**" + - "pkg/discoverer/k8s/**" + - "cmd/discoverer/k8s/**" + - "dockers/base/Dockerfile" + - "dockers/discoverer/k8s/Dockerfile" + - "versions/GO_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-discoverer-k8s-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-discoverer-k8s- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/discoverer-k8s` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/discoverer-k8s - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/discoverer-k8s - env: - DOCKER_BUILDKIT: 1 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-discoverer-k8s-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-discoverer-k8s- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/discoverer-k8s` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/discoverer-k8s + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/discoverer-k8s + env: + DOCKER_BUILDKIT: 1 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/dockers-gateway-vald-image.yml b/.github/workflows/dockers-gateway-vald-image.yml index 3d098eb9de..aa3f3fea00 100755 --- a/.github/workflows/dockers-gateway-vald-image.yml +++ b/.github/workflows/dockers-gateway-vald-image.yml @@ -1,158 +1,147 @@ -name: 'Build docker image: gateway-vald' +name: "Build docker image: gateway-vald" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/gateway/vald/**' - - 'cmd/gateway/vald/**' - - 'dockers/base/Dockerfile' - - 'dockers/gateway/vald/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/gateway/vald/**" + - "cmd/gateway/vald/**" + - "dockers/base/Dockerfile" + - "dockers/gateway/vald/Dockerfile" + - "versions/GO_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/gateway/vald/**' - - 'cmd/gateway/vald/**' - - 'dockers/base/Dockerfile' - - 'dockers/gateway/vald/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/gateway/vald/**" + - "cmd/gateway/vald/**" + - "dockers/base/Dockerfile" + - "dockers/gateway/vald/Dockerfile" + - "versions/GO_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-gateway-vald-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-gateway-vald- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/gateway-vald` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/gateway-vald - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/gateway-vald - env: - DOCKER_BUILDKIT: 1 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-gateway-vald-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-gateway-vald- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/gateway-vald` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/gateway-vald + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/gateway-vald + env: + DOCKER_BUILDKIT: 1 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/dockers-helm-operator-image.yml b/.github/workflows/dockers-helm-operator-image.yml index 443effca5c..fcf38e32c3 100755 --- a/.github/workflows/dockers-helm-operator-image.yml +++ b/.github/workflows/dockers-helm-operator-image.yml @@ -1,150 +1,139 @@ -name: 'Build docker image: helm-operator' +name: "Build docker image: helm-operator" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'dockers/operator/helm/Dockerfile' - - 'charts/vald/Chart.yaml' - - 'charts/vald/values.yaml' - - 'charts/vald/templates/**' - - 'charts/vald-helm-operator/Chart.yaml' - - 'charts/vald-helm-operator/values.yaml' - - 'charts/vald-helm-operator/templates/**' - - 'versions/OPERATOR_SDK_VERSION' + - "dockers/operator/helm/Dockerfile" + - "charts/vald/Chart.yaml" + - "charts/vald/values.yaml" + - "charts/vald/templates/**" + - "charts/vald-helm-operator/Chart.yaml" + - "charts/vald-helm-operator/values.yaml" + - "charts/vald-helm-operator/templates/**" + - "versions/OPERATOR_SDK_VERSION" pull_request: paths: - - 'dockers/operator/helm/Dockerfile' - - 'charts/vald/Chart.yaml' - - 'charts/vald/values.yaml' - - 'charts/vald/templates/**' - - 'charts/vald-helm-operator/Chart.yaml' - - 'charts/vald-helm-operator/values.yaml' - - 'charts/vald-helm-operator/templates/**' - - 'versions/OPERATOR_SDK_VERSION' + - "dockers/operator/helm/Dockerfile" + - "charts/vald/Chart.yaml" + - "charts/vald/values.yaml" + - "charts/vald/templates/**" + - "charts/vald-helm-operator/Chart.yaml" + - "charts/vald-helm-operator/values.yaml" + - "charts/vald-helm-operator/templates/**" + - "versions/OPERATOR_SDK_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-helm-operator-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-helm-operator- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/operator/helm` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/operator/helm - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/operator/helm - env: - DOCKER_BUILDKIT: 1 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-helm-operator-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-helm-operator- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/operator/helm` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: linux/amd64,linux/arm64 + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/operator/helm + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/operator/helm + env: + DOCKER_BUILDKIT: 1 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/dockers-image-scan.yml b/.github/workflows/dockers-image-scan.yml index d48bfe5a96..6ab419d4e4 100644 --- a/.github/workflows/dockers-image-scan.yml +++ b/.github/workflows/dockers-image-scan.yml @@ -1,390 +1,390 @@ -name: 'Docker image scanning' +name: "Docker image scanning" on: schedule: - - cron: '0 1 * * *' + - cron: "0 1 * * *" jobs: agent-ngt: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/agent-ngt - imagename=`make docker/name/agent-ngt` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/agent-ngt + imagename=`make docker/name/agent-ngt` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" agent-sidecar: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/agent-sidecar - imagename=`make docker/name/agent-sidecar` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/agent-sidecar + imagename=`make docker/name/agent-sidecar` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" discoverer-k8s: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/discoverer-k8s - imagename=`make docker/name/discoverer-k8s` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/discoverer-k8s + imagename=`make docker/name/discoverer-k8s` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" gateway-vald: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/gateway-vald - imagename=`make docker/name/gateway-vald` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/gateway-vald + imagename=`make docker/name/gateway-vald` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" meta-redis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/meta-redis - imagename=`make docker/name/meta-redis` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/meta-redis + imagename=`make docker/name/meta-redis` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" meta-cassandra: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/meta-cassandra - imagename=`make docker/name/meta-cassandra` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/meta-cassandra + imagename=`make docker/name/meta-cassandra` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" backup-manager-mysql: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/backup-manager-mysql - imagename=`make docker/name/backup-manager-mysql` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/backup-manager-mysql + imagename=`make docker/name/backup-manager-mysql` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" backup-manager-cassandra: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/backup-manager-cassandra - imagename=`make docker/name/backup-manager-cassandra` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/backup-manager-cassandra + imagename=`make docker/name/backup-manager-cassandra` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" compressor: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/manager-compressor - imagename=`make docker/name/manager-compressor` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/manager-compressor + imagename=`make docker/name/manager-compressor` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" manager-index: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/manager-index - imagename=`make docker/name/manager-index` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/manager-index + imagename=`make docker/name/manager-index` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" operator-helm: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/operator/helm - imagename=`make docker/name/operator/helm` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/operator/helm + imagename=`make docker/name/operator/helm` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" loadtest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - with: - fetch-depth: 2 - - name: Build the Docker image - id: build_image - run: | - make docker/build/loadtest - imagename=`make docker/name/loadtest` - docker tag ${imagename} ${imagename}:${{ github.sha }} - echo "::set-output name=IMAGE_NAME::${imagename}" - env: - DOCKER_BUILDKIT: 1 - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'table' - - name: Run vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - - name: Upload Trivy scan results to Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v1 + with: + fetch-depth: 2 + - name: Build the Docker image + id: build_image + run: | + make docker/build/loadtest + imagename=`make docker/name/loadtest` + docker tag ${imagename} ${imagename}:${{ github.sha }} + echo "::set-output name=IMAGE_NAME::${imagename}" + env: + DOCKER_BUILDKIT: 1 + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "table" + - name: Run vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.build_image.outputs.IMAGE_NAME }}:${{ github.sha }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" diff --git a/.github/workflows/dockers-loadtest-image.yml b/.github/workflows/dockers-loadtest-image.yml index 2e95d0e4e1..aafa831c35 100755 --- a/.github/workflows/dockers-loadtest-image.yml +++ b/.github/workflows/dockers-loadtest-image.yml @@ -1,150 +1,137 @@ -name: 'Build docker image: loadtest' +name: "Build docker image: loadtest" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/tools/cli/loadtest/**' - - 'cmd/tools/cli/loadtest/**' - - 'dockers/base/Dockerfile' - - 'dockers/tools/cli/loadtest/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/tools/cli/loadtest/**" + - "cmd/tools/cli/loadtest/**" + - "dockers/base/Dockerfile" + - "dockers/tools/cli/loadtest/Dockerfile" + - "versions/GO_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/tools/cli/loadtest/**' - - 'cmd/tools/cli/loadtest/**' - - 'dockers/base/Dockerfile' - - 'dockers/tools/cli/loadtest/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/tools/cli/loadtest/**" + - "cmd/tools/cli/loadtest/**" + - "dockers/base/Dockerfile" + - "dockers/tools/cli/loadtest/Dockerfile" + - "versions/GO_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-loadtest-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-loadtest- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/loadtest` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/loadtest - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/loadtest - env: - DOCKER_BUILDKIT: 1 - PLATFORMS: linux/amd64 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-loadtest-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-loadtest- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/loadtest` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/loadtest + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/loadtest + env: + DOCKER_BUILDKIT: 1 + PLATFORMS: linux/amd64 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/dockers-manager-compressor-image.yml b/.github/workflows/dockers-manager-compressor-image.yml index fb4af7f760..2a57871f5f 100644 --- a/.github/workflows/dockers-manager-compressor-image.yml +++ b/.github/workflows/dockers-manager-compressor-image.yml @@ -1,158 +1,147 @@ -name: 'Build docker image: manager-compressor' +name: "Build docker image: manager-compressor" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/manager/compressor/**' - - 'cmd/manager/compressor/**' - - 'dockers/base/Dockerfile' - - 'dockers/manager/compressor/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/manager/compressor/**" + - "cmd/manager/compressor/**" + - "dockers/base/Dockerfile" + - "dockers/manager/compressor/Dockerfile" + - "versions/GO_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/manager/compressor/**' - - 'cmd/manager/compressor/**' - - 'dockers/base/Dockerfile' - - 'dockers/manager/compressor/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/manager/compressor/**" + - "cmd/manager/compressor/**" + - "dockers/base/Dockerfile" + - "dockers/manager/compressor/Dockerfile" + - "versions/GO_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-manager-compressor-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-manager-compressor- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/manager-compressor` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/manager-compressor - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/manager-compressor - env: - DOCKER_BUILDKIT: 1 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-manager-compressor-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-manager-compressor- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/manager-compressor` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/manager-compressor + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/manager-compressor + env: + DOCKER_BUILDKIT: 1 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/dockers-manager-index-image.yml b/.github/workflows/dockers-manager-index-image.yml index cd52a19b7c..c5d7d15f89 100644 --- a/.github/workflows/dockers-manager-index-image.yml +++ b/.github/workflows/dockers-manager-index-image.yml @@ -1,158 +1,147 @@ -name: 'Build docker image: manager-index' +name: "Build docker image: manager-index" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/manager/index/**' - - 'cmd/manager/index/**' - - 'dockers/base/Dockerfile' - - 'dockers/manager/index/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/manager/index/**" + - "cmd/manager/index/**" + - "dockers/base/Dockerfile" + - "dockers/manager/index/Dockerfile" + - "versions/GO_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/manager/index/**' - - 'cmd/manager/index/**' - - 'dockers/base/Dockerfile' - - 'dockers/manager/index/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/manager/index/**" + - "cmd/manager/index/**" + - "dockers/base/Dockerfile" + - "dockers/manager/index/Dockerfile" + - "versions/GO_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-manager-index-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-manager-index- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/manager-index` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/manager-index - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/manager-index - env: - DOCKER_BUILDKIT: 1 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-manager-index-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-manager-index- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/manager-index` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/manager-index + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/manager-index + env: + DOCKER_BUILDKIT: 1 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/dockers-meta-cassandra-image.yml b/.github/workflows/dockers-meta-cassandra-image.yml index cfec7ec5d7..cd60b100b6 100644 --- a/.github/workflows/dockers-meta-cassandra-image.yml +++ b/.github/workflows/dockers-meta-cassandra-image.yml @@ -1,160 +1,149 @@ -name: 'Build docker image: meta-cassandra' +name: "Build docker image: meta-cassandra" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'internal/db/nosql/cassandra/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/meta/cassandra/**' - - 'cmd/meta/cassandra/**' - - 'dockers/base/Dockerfile' - - 'dockers/meta/cassandra/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "internal/db/nosql/cassandra/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/meta/cassandra/**" + - "cmd/meta/cassandra/**" + - "dockers/base/Dockerfile" + - "dockers/meta/cassandra/Dockerfile" + - "versions/GO_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'internal/db/nosql/cassandra/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/meta/cassandra/**' - - 'cmd/meta/cassandra/**' - - 'dockers/base/Dockerfile' - - 'dockers/meta/cassandra/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "internal/db/nosql/cassandra/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/meta/cassandra/**" + - "cmd/meta/cassandra/**" + - "dockers/base/Dockerfile" + - "dockers/meta/cassandra/Dockerfile" + - "versions/GO_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-meta-cassandra-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-meta-cassandra- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/meta-cassandra` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/meta-cassandra - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/meta-cassandra - env: - DOCKER_BUILDKIT: 1 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-meta-cassandra-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-meta-cassandra- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/meta-cassandra` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/meta-cassandra + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/meta-cassandra + env: + DOCKER_BUILDKIT: 1 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/dockers-meta-redis-image.yml b/.github/workflows/dockers-meta-redis-image.yml index 785ab0922b..8a170c7d34 100755 --- a/.github/workflows/dockers-meta-redis-image.yml +++ b/.github/workflows/dockers-meta-redis-image.yml @@ -1,160 +1,149 @@ -name: 'Build docker image: meta-redis' +name: "Build docker image: meta-redis" on: push: branches: - master tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'internal/db/kvs/redis/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/meta/redis/**' - - 'cmd/meta/redis/**' - - 'dockers/base/Dockerfile' - - 'dockers/meta/redis/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "internal/db/kvs/redis/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/meta/redis/**" + - "cmd/meta/redis/**" + - "dockers/base/Dockerfile" + - "dockers/meta/redis/Dockerfile" + - "versions/GO_VERSION" pull_request: paths: - - 'go.mod' - - 'go.sum' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - 'internal/db/kvs/redis/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/meta/redis/**' - - 'cmd/meta/redis/**' - - 'dockers/base/Dockerfile' - - 'dockers/meta/redis/Dockerfile' - - 'versions/GO_VERSION' + - "go.mod" + - "go.sum" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "internal/db/kvs/redis/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/meta/redis/**" + - "cmd/meta/redis/**" + - "dockers/base/Dockerfile" + - "dockers/meta/redis/Dockerfile" + - "versions/GO_VERSION" jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - name: Setup Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - with: - buildkitd-flags: "--debug" - - name: Cache Docker layers (base) - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache-base - key: ${{ runner.os }}-buildx-vald-base-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-base- - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-vald-meta-redis-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-vald-meta-redis- - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.PACKAGE_USER }} - password: ${{ secrets.PACKAGE_TOKEN }} - - name: Image name - id: image_name - run: | - image_name=`make docker/name/meta-redis` - base_platforms=`make docker/platforms` - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - echo "::set-output name=IMAGE_NAME::${image_name}" - echo "::set-output name=BASE_PLATFORMS::${base_platforms}" - - name: Determine tag name (master) - if: github.ref == 'refs/heads/master' - run: | - echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Determine tag name (pull request) - if: github.event_name == 'pull_request' - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - echo "PR-${pr_num}" > versions/VALD_VERSION - echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64 - - name: Determine tag name (tags) - if: startsWith( github.ref, 'refs/tags/') - id: determine_tag - run: | - tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` - echo "::set-output name=TAG_NAME::${tag_name}" - echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV - echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV - env: - PLATFORMS: linux/amd64,linux/arm64 - - name: Build and Push - run: | - make \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/meta-redis - make \ - REPO="ghcr.io/vdaas/vald" \ - DOCKER="docker buildx" \ - DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ - DOCKER_OPTS_BASE="--platform ${BASE_PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS_BASE} --push" \ - TAG="${PRIMARY_TAG}" \ - docker/build/meta-redis - env: - DOCKER_BUILDKIT: 1 - BASE_PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} - BUILDER: ${{ steps.buildx.outputs.name }} - CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" - CACHE_OPTS_BASE: "--cache-from=type=local,src=/tmp/.buildx-cache-base" - LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" - - name: Initialize CodeQL - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/init@v1 - - name: Run vulnerability scanner (table) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'table' - - name: Run vulnerability scanner (sarif) - if: startsWith( github.ref, 'refs/tags/') - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to Security tab - if: startsWith( github.ref, 'refs/tags/') - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - uses: actions/checkout@v2 + - name: Setup QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + buildkitd-flags: "--debug" + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-vald-meta-redis-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-vald-meta-redis- + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.PACKAGE_USER }} + password: ${{ secrets.PACKAGE_TOKEN }} + - name: Image name + id: image_name + run: | + image_name=`make docker/name/meta-redis` + base_platforms=`make docker/platforms` + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "::set-output name=IMAGE_NAME::${image_name}" + echo "::set-output name=BASE_PLATFORMS::${base_platforms}" + - name: Determine tag name (master) + if: github.ref == 'refs/heads/master' + run: | + echo "PRIMARY_TAG=nightly" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Determine tag name (pull request) + if: github.event_name == 'pull_request' + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + echo "PR-${pr_num}" > versions/VALD_VERSION + echo "PRIMARY_TAG=pr-${pr_num}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: linux/amd64 + - name: Determine tag name (tags) + if: startsWith( github.ref, 'refs/tags/') + id: determine_tag + run: | + tag_name=`echo $GITHUB_REF | sed -e 's:^refs/tags/::'` + echo "::set-output name=TAG_NAME::${tag_name}" + echo "PRIMARY_TAG=${tag_name}" >> $GITHUB_ENV + echo "PLATFORMS=${PLATFORMS}" >> $GITHUB_ENV + env: + PLATFORMS: ${{ steps.image_name.outputs.BASE_PLATFORMS }} + - name: Build and Push + run: | + make \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/meta-redis + make \ + REPO="ghcr.io/vdaas/vald" \ + DOCKER="docker buildx" \ + DOCKER_OPTS="--platform ${PLATFORMS} --builder ${BUILDER} ${CACHE_OPTS} ${LABEL_OPTS} --push" \ + TAG="${PRIMARY_TAG}" \ + docker/build/meta-redis + env: + DOCKER_BUILDKIT: 1 + BUILDER: ${{ steps.buildx.outputs.name }} + CACHE_OPTS: "--cache-from=type=local,src=/tmp/.buildx-cache --cache-to=type=local,mode=max,dest=/tmp/.buildx-cache" + LABEL_OPTS: "--label org.opencontainers.image.url=${{ github.event.repository.html_url }} --label org.opencontainers.image.source=${{ github.event.repository.html_url }} --label org.opencontainers.image.revision=${{ github.sha }}" + - name: Initialize CodeQL + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/init@v1 + - name: Run vulnerability scanner (table) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "table" + - name: Run vulnerability scanner (sarif) + if: startsWith( github.ref, 'refs/tags/') + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ steps.image_name.outputs.IMAGE_NAME }}:${{ steps.determine_tag.outputs.TAG_NAME }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + - name: Upload Trivy scan results to Security tab + if: startsWith( github.ref, 'refs/tags/') + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" slack: name: Slack notification needs: build diff --git a/.github/workflows/e2e-bench-agent.yml b/.github/workflows/e2e-bench-agent.yml index 3bd844d095..a246667fcb 100644 --- a/.github/workflows/e2e-bench-agent.yml +++ b/.github/workflows/e2e-bench-agent.yml @@ -1,33 +1,33 @@ -name: 'Run e2e bench: bench-agent' +name: "Run e2e bench: bench-agent" on: push: branches: - master paths: - - '.github/workflows/e2e-bench-agent.yml' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/agent/core/ngt/**' - - 'cmd/agent/core/ngt/**' - - 'hack/benchmark/**' - - 'versions/GO_VERSION' - - 'versions/NGT_VERSION' + - ".github/workflows/e2e-bench-agent.yml" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/agent/core/ngt/**" + - "cmd/agent/core/ngt/**" + - "hack/benchmark/**" + - "versions/GO_VERSION" + - "versions/NGT_VERSION" pull_request: paths: - - '.github/workflows/e2e-bench-agent.yml' - - 'internal/**' - - '!internal/**/*_test.go' - - '!internal/db/**' - - '!internal/k8s/**' - - 'apis/grpc/**' - - 'pkg/agent/core/ngt/**' - - 'cmd/agent/core/ngt/**' - - 'hack/benchmark/**' - - 'versions/GO_VERSION' - - 'versions/NGT_VERSION' + - ".github/workflows/e2e-bench-agent.yml" + - "internal/**" + - "!internal/**/*_test.go" + - "!internal/db/**" + - "!internal/k8s/**" + - "apis/grpc/**" + - "pkg/agent/core/ngt/**" + - "cmd/agent/core/ngt/**" + - "hack/benchmark/**" + - "versions/GO_VERSION" + - "versions/NGT_VERSION" jobs: grpc-sequential: diff --git a/.github/workflows/e2e-deploy.yml b/.github/workflows/e2e-deploy.yml index 8e2edc36c3..626b9f4f1f 100644 --- a/.github/workflows/e2e-deploy.yml +++ b/.github/workflows/e2e-deploy.yml @@ -1,11 +1,11 @@ -name: 'Run e2e deploy test' +name: "Run e2e deploy test" on: push: tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" jobs: e2e-deploy: diff --git a/.github/workflows/helm-lint.yml b/.github/workflows/helm-lint.yml index 5adf10fc0b..7eb8d66fc3 100644 --- a/.github/workflows/helm-lint.yml +++ b/.github/workflows/helm-lint.yml @@ -1,8 +1,8 @@ -name: 'Run Helm lint' +name: "Run Helm lint" on: pull_request: paths: - - 'charts/**' + - "charts/**" jobs: lint-vald-chart: diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index a02a6ae206..9d48090408 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -1,11 +1,11 @@ -name: 'Update Helm charts' +name: "Update Helm charts" on: push: tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" jobs: update-k8s-manifest: diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 847f918de5..a658b2f832 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -1,73 +1,73 @@ name: "Pull Request Labeler" on: -- pull_request + - pull_request jobs: triage: name: Triage runs-on: ubuntu-latest steps: - - uses: actions/labeler@v2 - with: - repo-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Checkout PR branch - uses: actions/checkout@v2 - with: - ref: ${{ github.head_ref }} - fetch-depth: 0 - - name: Add labels - run: | - pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` - branch_name=`cat $GITHUB_EVENT_PATH | jq -r ".pull_request.head.ref"` - type_labels=($(curl -s "https://api.github.com/repos/${REPOSITORY}/labels?per_page=5000" | jq -r ".[].name" | grep -e "^type/")) - send_labels=() + - uses: actions/labeler@v2 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Checkout PR branch + uses: actions/checkout@v2 + with: + ref: ${{ github.head_ref }} + fetch-depth: 0 + - name: Add labels + run: | + pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"` + branch_name=`cat $GITHUB_EVENT_PATH | jq -r ".pull_request.head.ref"` + type_labels=($(curl -s "https://api.github.com/repos/${REPOSITORY}/labels?per_page=5000" | jq -r ".[].name" | grep -e "^type/")) + send_labels=() - git fetch origin master + git fetch origin master - echo "branch name: " $branch_name - for label in ${type_labels[@]} - do - if [[ "${label#type/}" =~ "${branch_name%%/*}" ]] || [[ "${branch_name%%/*}" =~ "${label#type/}" ]]; then - send_labels+=(\"$label\") - fi - done + echo "branch name: " $branch_name + for label in ${type_labels[@]} + do + if [[ "${label#type/}" =~ "${branch_name%%/*}" ]] || [[ "${branch_name%%/*}" =~ "${label#type/}" ]]; then + send_labels+=(\"$label\") + fi + done - size=0 - diff=`git diff --shortstat origin/master...${branch_name} ':!./*\.yaml' ':!./*\.yml' ':!./*\.svg' ':!./apis/*' ':!./design/*'` - if [ -n "$diff" ]; then - echo $diff - size=`echo $diff | awk '{print $4+$6}'` - fi + size=0 + diff=`git diff --shortstat origin/master...${branch_name} ':!./*\.yaml' ':!./*\.yml' ':!./*\.svg' ':!./apis/*' ':!./design/*'` + if [ -n "$diff" ]; then + echo $diff + size=`echo $diff | awk '{print $4+$6}'` + fi - echo "pull request size: " $size + echo "pull request size: " $size - if [ $size -le 29 ]; then - send_labels+=(\"size/S\") - elif [ $size -le 99 ]; then - send_labels+=(\"size/M\") - elif [ $size -le 499 ]; then - send_labels+=(\"size/L\") - elif [ $size -le 999 ]; then - send_labels+=(\"size/XL\") - elif [ $size -le 4999 ]; then - send_labels+=(\"size/XXL\") - else - send_labels+=(\"size/XXXL\") - fi + if [ $size -le 29 ]; then + send_labels+=(\"size/S\") + elif [ $size -le 99 ]; then + send_labels+=(\"size/M\") + elif [ $size -le 499 ]; then + send_labels+=(\"size/L\") + elif [ $size -le 999 ]; then + send_labels+=(\"size/XL\") + elif [ $size -le 4999 ]; then + send_labels+=(\"size/XXL\") + else + send_labels+=(\"size/XXXL\") + fi - if [ ${#send_labels[@]} -gt 0 ]; then - str="$(IFS=,; echo "${send_labels[*]}")" - data="{\"labels\": [$str]}" - echo "send data: " $data - curl --request POST \ - --url "https://api.github.com/repos/${REPOSITORY}/issues/${pr_num}/labels" \ - --header "authorization: Bearer ${GITHUB_TOKEN}" \ - --header 'content-type: application/json' \ - --data "$data" - fi - env: - REPOSITORY: ${{ github.repository }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + if [ ${#send_labels[@]} -gt 0 ]; then + str="$(IFS=,; echo "${send_labels[*]}")" + data="{\"labels\": [$str]}" + echo "send data: " $data + curl --request POST \ + --url "https://api.github.com/repos/${REPOSITORY}/issues/${pr_num}/labels" \ + --header "authorization: Bearer ${GITHUB_TOKEN}" \ + --header 'content-type: application/json' \ + --data "$data" + fi + env: + REPOSITORY: ${{ github.repository }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} remove-duplication: name: Remove duplication needs: diff --git a/.github/workflows/reviewdog-hadolint.yml b/.github/workflows/reviewdog-hadolint.yml index 91ee4c5038..a41f34ab0c 100644 --- a/.github/workflows/reviewdog-hadolint.yml +++ b/.github/workflows/reviewdog-hadolint.yml @@ -14,11 +14,11 @@ # limitations under the License. # -name: 'reviewdog - Dockerfiles' +name: "reviewdog - Dockerfiles" on: pull_request: paths: - - 'dockers/**' + - "dockers/**" jobs: hadolint: diff --git a/.github/workflows/reviewdog-markdown.yml b/.github/workflows/reviewdog-markdown.yml index dda69bb0b2..35f43abee0 100644 --- a/.github/workflows/reviewdog-markdown.yml +++ b/.github/workflows/reviewdog-markdown.yml @@ -14,12 +14,12 @@ # limitations under the License. # -name: 'reviewdog - Markdown' +name: "reviewdog - Markdown" on: pull_request: paths: - - '**.md' - - '**.md.gotmpl' + - "**.md" + - "**.md.gotmpl" jobs: languagetool: @@ -32,8 +32,8 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} reporter: github-pr-review - patterns: '**/*.md **/*.md.gotmpl' + patterns: "**/*.md **/*.md.gotmpl" level: warning language: en-US - disabled_rules: 'DOUBLE_PUNCTUATION,WORD_CONTAINS_UNDERSCORE,ARROWS,CURRENCY,DASH_RULE,EN_QUOTES' - disabled_categories: 'TYPOS' + disabled_rules: "DOUBLE_PUNCTUATION,WORD_CONTAINS_UNDERSCORE,ARROWS,CURRENCY,DASH_RULE,EN_QUOTES" + disabled_categories: "TYPOS" diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml index 9e49cae9b4..cff231d2f2 100755 --- a/.github/workflows/reviewdog.yml +++ b/.github/workflows/reviewdog.yml @@ -18,7 +18,7 @@ name: reviewdog on: pull_request: paths: - - '**.go' + - "**.go" jobs: golangci-lint: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 842905cc0f..c14c268c77 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,23 +1,23 @@ -name: 'Run tests' +name: "Run tests" on: push: branches: - master paths: - - 'go.mod' - - 'go.sum' - - '.github/workflows/test.yml' - - 'internal/**' - - 'pkg/**' - - 'cmd/**' + - "go.mod" + - "go.sum" + - ".github/workflows/test.yml" + - "internal/**" + - "pkg/**" + - "cmd/**" pull_request: paths: - - 'go.mod' - - 'go.sum' - - '.github/workflows/test.yml' - - 'internal/**' - - 'pkg/**' - - 'cmd/**' + - "go.mod" + - "go.sum" + - ".github/workflows/test.yml" + - "internal/**" + - "pkg/**" + - "cmd/**" jobs: test-cmd: diff --git a/.github/workflows/update-protobuf.yml b/.github/workflows/update-protobuf.yml index 4dd34286fb..bec91fe329 100644 --- a/.github/workflows/update-protobuf.yml +++ b/.github/workflows/update-protobuf.yml @@ -2,10 +2,10 @@ name: update protobuf on: push: tags: - - '*.*.*' - - 'v*.*.*' - - '*.*.*-*' - - 'v*.*.*-*' + - "*.*.*" + - "v*.*.*" + - "*.*.*-*" + - "v*.*.*-*" jobs: dispatches: diff --git a/.github/workflows/update_pull_request_and_issue_template.yml b/.github/workflows/update_pull_request_and_issue_template.yml index 800455ac0b..db7f6e13e2 100644 --- a/.github/workflows/update_pull_request_and_issue_template.yml +++ b/.github/workflows/update_pull_request_and_issue_template.yml @@ -1,11 +1,11 @@ -name: 'Update PULL_REQUEST_TEMPLATE and ISSUE_TEMPLATE' +name: "Update PULL_REQUEST_TEMPLATE and ISSUE_TEMPLATE" on: push: branches: - master paths: - - 'versions/GO_VERSION' - - 'versions/NGT_VERSION' + - "versions/GO_VERSION" + - "versions/NGT_VERSION" jobs: update-pr-issue-template: diff --git a/Makefile b/Makefile index e6fb2069e6..4a2c577c74 100644 --- a/Makefile +++ b/Makefile @@ -201,7 +201,6 @@ GO_OPTION_TEST_SOURCES = $(GO_OPTION_SOURCES:%.go=%_test.go) DOCKER ?= docker DOCKER_OPTS ?= -DOCKER_OPTS_BASE ?= DISTROLESS_IMAGE ?= gcr.io/distroless/static DISTROLESS_IMAGE_TAG ?= nonroot @@ -297,6 +296,7 @@ update/goimports: format/yaml: prettier --write \ ".github/**/*.yaml" \ + ".github/**/*.yml" \ "cmd/**/*.yaml" \ "hack/**/*.yaml" \ "k8s/**/*.yaml" diff --git a/Makefile.d/docker.mk b/Makefile.d/docker.mk index a579e54591..b9a7b702c0 100644 --- a/Makefile.d/docker.mk +++ b/Makefile.d/docker.mk @@ -41,7 +41,7 @@ docker/name/base: ## build base image docker/build/base: $(DOCKER) build \ - $(DOCKER_OPTS_BASE) \ + $(DOCKER_OPTS) \ -f dockers/base/Dockerfile \ -t $(REPO)/$(BASE_IMAGE):$(TAG) . \ --build-arg GO_VERSION=$(GO_VERSION) @@ -52,12 +52,12 @@ docker/name/agent-ngt: .PHONY: docker/build/agent-ngt ## build agent-ngt image -docker/build/agent-ngt: docker/build/base +docker/build/agent-ngt: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/agent/core/ngt/Dockerfile \ -t $(REPO)/$(AGENT_IMAGE):$(TAG) . \ - --build-arg BASE_TAG=$(TAG) \ + --build-arg GO_VERSION=$(GO_VERSION) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -68,12 +68,12 @@ docker/name/agent-sidecar: .PHONY: docker/build/agent-sidecar ## build agent-sidecar image -docker/build/agent-sidecar: docker/build/base +docker/build/agent-sidecar: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/agent/sidecar/Dockerfile \ -t $(REPO)/$(AGENT_SIDECAR_IMAGE):$(TAG) . \ - --build-arg BASE_TAG=$(TAG) \ + --build-arg GO_VERSION=$(GO_VERSION) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -84,12 +84,12 @@ docker/name/discoverer-k8s: .PHONY: docker/build/discoverer-k8s ## build discoverer-k8s image -docker/build/discoverer-k8s: docker/build/base +docker/build/discoverer-k8s: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/discoverer/k8s/Dockerfile \ -t $(REPO)/$(DISCOVERER_IMAGE):$(TAG) . \ - --build-arg BASE_TAG=$(TAG) \ + --build-arg GO_VERSION=$(GO_VERSION) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -100,12 +100,12 @@ docker/name/gateway-vald: .PHONY: docker/build/gateway-vald ## build gateway-vald image -docker/build/gateway-vald: docker/build/base +docker/build/gateway-vald: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/gateway/vald/Dockerfile \ -t $(REPO)/$(GATEWAY_IMAGE):$(TAG) . \ - --build-arg BASE_TAG=$(TAG) \ + --build-arg GO_VERSION=$(GO_VERSION) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -116,12 +116,12 @@ docker/name/meta-redis: .PHONY: docker/build/meta-redis ## build meta-redis image -docker/build/meta-redis: docker/build/base +docker/build/meta-redis: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/meta/redis/Dockerfile \ -t $(REPO)/$(META_REDIS_IMAGE):$(TAG) . \ - --build-arg BASE_TAG=$(TAG) \ + --build-arg GO_VERSION=$(GO_VERSION) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -132,12 +132,12 @@ docker/name/meta-cassandra: .PHONY: docker/build/meta-cassandra ## build meta-cassandra image -docker/build/meta-cassandra: docker/build/base +docker/build/meta-cassandra: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/meta/cassandra/Dockerfile \ -t $(REPO)/$(META_CASSANDRA_IMAGE):$(TAG) . \ - --build-arg BASE_TAG=$(TAG) \ + --build-arg GO_VERSION=$(GO_VERSION) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -148,12 +148,12 @@ docker/name/backup-manager-mysql: .PHONY: docker/build/backup-manager-mysql ## build backup-manager-mysql image -docker/build/backup-manager-mysql: docker/build/base +docker/build/backup-manager-mysql: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/manager/backup/mysql/Dockerfile \ -t $(REPO)/$(MANAGER_BACKUP_MYSQL_IMAGE):$(TAG) . \ - --build-arg BASE_TAG=$(TAG) \ + --build-arg GO_VERSION=$(GO_VERSION) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -164,12 +164,12 @@ docker/name/backup-manager-cassandra: .PHONY: docker/build/backup-manager-cassandra ## build backup-manager-cassandra image -docker/build/backup-manager-cassandra: docker/build/base +docker/build/backup-manager-cassandra: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/manager/backup/cassandra/Dockerfile \ -t $(REPO)/$(MANAGER_BACKUP_CASSANDRA_IMAGE):$(TAG) . \ - --build-arg BASE_TAG=$(TAG) \ + --build-arg GO_VERSION=$(GO_VERSION) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -180,12 +180,12 @@ docker/name/manager-compressor: .PHONY: docker/build/manager-compressor ## build manager-compressor image -docker/build/manager-compressor: docker/build/base +docker/build/manager-compressor: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/manager/compressor/Dockerfile \ -t $(REPO)/$(MANAGER_COMPRESSOR_IMAGE):$(TAG) . \ - --build-arg BASE_TAG=$(TAG) \ + --build-arg GO_VERSION=$(GO_VERSION) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -196,12 +196,12 @@ docker/name/manager-index: .PHONY: docker/build/manager-index ## build manager-index image -docker/build/manager-index: docker/build/base +docker/build/manager-index: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/manager/index/Dockerfile \ -t $(REPO)/$(MANAGER_INDEX_IMAGE):$(TAG) . \ - --build-arg BASE_TAG=$(TAG) \ + --build-arg GO_VERSION=$(GO_VERSION) \ --build-arg DISTROLESS_IMAGE=$(DISTROLESS_IMAGE) \ --build-arg DISTROLESS_IMAGE_TAG=$(DISTROLESS_IMAGE_TAG) \ --build-arg UPX_OPTIONS=$(UPX_OPTIONS) @@ -212,12 +212,12 @@ docker/name/ci-container: .PHONY: docker/build/ci-container ## build ci-container image -docker/build/ci-container: docker/build/base +docker/build/ci-container: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/ci/base/Dockerfile \ -t $(REPO)/$(CI_CONTAINER_IMAGE):$(TAG) . \ - --build-arg BASE_TAG=$(TAG) + --build-arg GO_VERSION=$(GO_VERSION) .PHONY: docker/name/dev-container docker/name/dev-container: @@ -251,8 +251,9 @@ docker/name/loadtest: .PHONY: docker/build/loadtest ## build loadtest image -docker/build/loadtest: docker/build/base +docker/build/loadtest: $(DOCKER) build \ $(DOCKER_OPTS) \ -f dockers/tools/cli/loadtest/Dockerfile \ - -t $(REPO)/$(LOADTEST_IMAGE):$(TAG) . + -t $(REPO)/$(LOADTEST_IMAGE):$(TAG) . \ + --build-arg GO_VERSION=$(GO_VERSION) diff --git a/README.md b/README.md index 1e9d527c09..e71f826a13 100755 --- a/README.md +++ b/README.md @@ -123,79 +123,140 @@ make init ## Components - - - - + + - - - - + + - - - + + - - - - + + - - - - + + - - - - + + - - - + + - - - - + + - - - - + + - - - + + - - - - + + - - - - + + - - - - + +
componentimplementationDocker nameDocker build statusComponentDocker image
agentNGTvdaas/vald-agent-ngtAgent NGT + + +
+ + + +
sidecarvdaas/vald-agent-sidecarAgent Sidecar + + +
+ + + +
discovererK8svdaas/vald-discoverer-k8sDiscoverer K8s + + +
+ + + +
gatewayvdaas/vald-gatewayGateway + + +
+ + + +
backup managerMySQLvdaas/vald-manager-backup-mysqlBackup Manager (MySQL) + + +
+ + + +
Cassandravdaas/vald-manager-backup-cassandraBackup Manager (Cassandra) + + +
+ + + +
compressorvdaas/vald-manager-compressorCompressor + + +
+ + + +
metaRedisvdaas/vald-meta-redisMeta (Redis) + + +
+ + + +
Cassandravdaas/vald-meta-cassandraMeta (Cassandra) + + +
+ + + +
index managervdaas/vald-manager-indexIndex Manager + + +
+ + + +
helm-operatorvdaas/vald-helm-operatorHelm Operator + + +
+ + + +
loadtestervdaas/vald-loadtestLoad Test + + +
+ + + +
diff --git a/dockers/agent/core/ngt/Dockerfile b/dockers/agent/core/ngt/Dockerfile index 747a8c518d..4130308efd 100644 --- a/dockers/agent/core/ngt/Dockerfile +++ b/dockers/agent/core/ngt/Dockerfile @@ -14,11 +14,14 @@ # limitations under the License. # +ARG GO_VERSION=latest ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS @@ -28,6 +31,8 @@ ENV PKG agent/core/ngt ENV PKG_INTERNAL agent/internal ENV APP_NAME ngt +COPY --from=golang /usr/local/go $GOROOT + WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO}/internal COPY internal . diff --git a/dockers/agent/sidecar/Dockerfile b/dockers/agent/sidecar/Dockerfile index 746427fb58..983689bf7b 100644 --- a/dockers/agent/sidecar/Dockerfile +++ b/dockers/agent/sidecar/Dockerfile @@ -14,11 +14,14 @@ # limitations under the License. # +ARG GO_VERSION=latest ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS @@ -28,6 +31,8 @@ ENV PKG agent/sidecar ENV PKG_INTERNAL agent/internal ENV APP_NAME sidecar +COPY --from=golang /usr/local/go $GOROOT + WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO}/internal COPY internal . diff --git a/dockers/base/Dockerfile b/dockers/base/Dockerfile index 819bee394e..edb3180639 100644 --- a/dockers/base/Dockerfile +++ b/dockers/base/Dockerfile @@ -13,9 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. # -ARG GO_VERSION +ARG GO_VERSION=latest -FROM golang:${GO_VERSION}-buster AS golang +FROM golang:${GO_VERSION} AS golang FROM ubuntu:devel AS builder diff --git a/dockers/ci/base/Dockerfile b/dockers/ci/base/Dockerfile index d823dcb3b5..12d2d56d46 100644 --- a/dockers/ci/base/Dockerfile +++ b/dockers/ci/base/Dockerfile @@ -14,14 +14,19 @@ # limitations under the License. # +ARG GO_VERSION=latest ARG BASE_TAG=latest +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:${BASE_TAG} AS builder ARG PROTOBUF_VERSION=3.13.0 ARG GOLANGCI_LINT_VERSION=v1.31.0 ARG REVIEWDOG_VERSION=v0.10.2 ARG YQ_VERSION=3.3.4 +COPY --from=golang /usr/local/go $GOROOT + WORKDIR ${GOPATH}/src/github.com/vdaas/vald COPY Makefile . diff --git a/dockers/discoverer/k8s/Dockerfile b/dockers/discoverer/k8s/Dockerfile index e30ef722ed..6aaed41857 100644 --- a/dockers/discoverer/k8s/Dockerfile +++ b/dockers/discoverer/k8s/Dockerfile @@ -14,11 +14,14 @@ # limitations under the License. # +ARG GO_VERSION=latest ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS @@ -27,6 +30,8 @@ ENV REPO vald ENV PKG discoverer/k8s ENV APP_NAME discoverer +COPY --from=golang /usr/local/go $GOROOT + WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO}/internal COPY internal . diff --git a/dockers/gateway/vald/Dockerfile b/dockers/gateway/vald/Dockerfile index 45710bfbe2..c18bc9d341 100644 --- a/dockers/gateway/vald/Dockerfile +++ b/dockers/gateway/vald/Dockerfile @@ -14,11 +14,14 @@ # limitations under the License. # +ARG GO_VERSION=latest ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS @@ -27,6 +30,8 @@ ENV REPO vald ENV PKG gateway/vald ENV APP_NAME vald +COPY --from=golang /usr/local/go $GOROOT + WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO}/internal COPY internal . diff --git a/dockers/manager/backup/cassandra/Dockerfile b/dockers/manager/backup/cassandra/Dockerfile index 9c43145615..b10da468f2 100644 --- a/dockers/manager/backup/cassandra/Dockerfile +++ b/dockers/manager/backup/cassandra/Dockerfile @@ -14,11 +14,14 @@ # limitations under the License. # +ARG GO_VERSION=latest ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS @@ -27,6 +30,8 @@ ENV REPO vald ENV PKG manager/backup/cassandra ENV APP_NAME backup +COPY --from=golang /usr/local/go $GOROOT + WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO}/internal COPY internal . diff --git a/dockers/manager/backup/mysql/Dockerfile b/dockers/manager/backup/mysql/Dockerfile index d6b4a8c93e..a133fab5da 100644 --- a/dockers/manager/backup/mysql/Dockerfile +++ b/dockers/manager/backup/mysql/Dockerfile @@ -14,11 +14,14 @@ # limitations under the License. # +ARG GO_VERSION=latest ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS @@ -27,6 +30,8 @@ ENV REPO vald ENV PKG manager/backup/mysql ENV APP_NAME backup +COPY --from=golang /usr/local/go $GOROOT + WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO}/internal COPY internal . diff --git a/dockers/manager/compressor/Dockerfile b/dockers/manager/compressor/Dockerfile index 4a9cc93fa2..36bf125abc 100644 --- a/dockers/manager/compressor/Dockerfile +++ b/dockers/manager/compressor/Dockerfile @@ -14,11 +14,14 @@ # limitations under the License. # +ARG GO_VERSION=latest ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS @@ -27,6 +30,8 @@ ENV REPO vald ENV PKG manager/compressor ENV APP_NAME compressor +COPY --from=golang /usr/local/go $GOROOT + WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO}/internal COPY internal . diff --git a/dockers/manager/index/Dockerfile b/dockers/manager/index/Dockerfile index a8132e44b2..4cf3624870 100644 --- a/dockers/manager/index/Dockerfile +++ b/dockers/manager/index/Dockerfile @@ -14,11 +14,14 @@ # limitations under the License. # +ARG GO_VERSION=latest ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS @@ -27,6 +30,8 @@ ENV REPO vald ENV PKG manager/index ENV APP_NAME index +COPY --from=golang /usr/local/go $GOROOT + WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO}/internal COPY internal . diff --git a/dockers/meta/cassandra/Dockerfile b/dockers/meta/cassandra/Dockerfile index fa950eb01f..27d7e5ee82 100644 --- a/dockers/meta/cassandra/Dockerfile +++ b/dockers/meta/cassandra/Dockerfile @@ -14,11 +14,14 @@ # limitations under the License. # +ARG GO_VERSION=latest ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS @@ -27,6 +30,8 @@ ENV REPO vald ENV PKG meta/cassandra ENV APP_NAME meta +COPY --from=golang /usr/local/go $GOROOT + WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO}/internal COPY internal . diff --git a/dockers/meta/redis/Dockerfile b/dockers/meta/redis/Dockerfile index 0161b0ed42..ca6a53f7ba 100644 --- a/dockers/meta/redis/Dockerfile +++ b/dockers/meta/redis/Dockerfile @@ -14,11 +14,14 @@ # limitations under the License. # +ARG GO_VERSION=latest ARG BASE_TAG=latest ARG DISTROLESS_IMAGE=gcr.io/distroless/static ARG DISTROLESS_IMAGE_TAG=nonroot ARG UPX_OPTIONS=-9 +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:${BASE_TAG} AS builder ARG UPX_OPTIONS @@ -27,6 +30,8 @@ ENV REPO vald ENV PKG meta/redis ENV APP_NAME meta +COPY --from=golang /usr/local/go $GOROOT + WORKDIR ${GOPATH}/src/github.com/${ORG}/${REPO}/internal COPY internal . diff --git a/dockers/tools/cli/loadtest/Dockerfile b/dockers/tools/cli/loadtest/Dockerfile index 4ce4d06c0f..ce937811ae 100644 --- a/dockers/tools/cli/loadtest/Dockerfile +++ b/dockers/tools/cli/loadtest/Dockerfile @@ -14,6 +14,10 @@ # limitations under the License. # +ARG GO_VERSION=latest + +FROM golang:${GO_VERSION} AS golang + FROM vdaas/vald-base:latest AS builder ENV ORG vdaas @@ -21,6 +25,8 @@ ENV REPO vald ENV APP_NAME loadtest ENV PKG tools/cli/${APP_NAME} +COPY --from=golang /usr/local/go $GOROOT + RUN apt-get update && apt-get install -y --no-install-recommends \ libhdf5-dev \ && ldconfig \ diff --git a/hack/CHANGELOG.template.md b/hack/CHANGELOG.template.md index 19e211870d..8cc324f17b 100644 --- a/hack/CHANGELOG.template.md +++ b/hack/CHANGELOG.template.md @@ -2,19 +2,89 @@ ### Docker images -component | docker pull ---------- | ----------- -agent NGT | `docker pull vdaas/vald-agent-ngt:{{ version }}` -agent sidecar | `docker pull vdaas/vald-agent-sidecar:{{ version }}` -discoverer K8s | `docker pull vdaas/vald-discoverer-k8s:{{ version }}` -gateway | `docker pull vdaas/vald-gateway:{{ version }}` -backup manager MySQL | `docker pull vdaas/vald-manager-backup-mysql:{{ version }}` -backup manager Cassandra | `docker pull vdaas/vald-manager-backup-cassandra:{{ version }}` -compressor | `docker pull vdaas/vald-manager-compressor:{{ version }}` -meta Redis | `docker pull vdaas/vald-meta-redis:{{ version }}` -meta Cassandra | `docker pull vdaas/vald-meta-cassandra:{{ version }}` -index manager | `docker pull vdaas/vald-manager-index:{{ version }}` -Helm operator | `docker pull vdaas/vald-helm-operator:{{ version }}` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
componentDocker pull
Agent NGT + docker pull vdaas/vald-agent-ngt:{{ version }}
+ docker pull ghcr.io/vdaas/vald/vald-agent-ngt:{{ version }} +
Agent sidecar + docker pull vdaas/vald-agent-sidecar:{{ version }}
+ docker pull ghcr.io/vdaas/vald/vald-agent-sidecar:{{ version }} +
Discoverer k8s + docker pull vdaas/vald-discoverer-k8s:{{ version }}
+ docker pull ghcr.io/vdaas/vald/vald-discoverer-k8s:{{ version }} +
Gateway + docker pull vdaas/vald-gateway:{{ version }}
+ docker pull ghcr.io/vdaas/vald/vald-gateway:{{ version }} +
Backup manager MySQL + docker pull vdaas/vald-manager-backup-mysql:{{ version }}
+ docker pull ghcr.io/vdaas/vald/vald-manager-backup-mysql:{{ version }} +
Backup manager Cassandra + docker pull vdaas/vald-manager-backup-cassandra:{{ version }}
+ docker pull ghcr.io/vdaas/vald/vald-manager-backup-cassandra:{{ version }} +
Compressor + docker pull vdaas/vald-manager-compressor:{{ version }}
+ docker pull ghcr.io/vdaas/vald/vald-manager-compressor:{{ version }} +
Meta Redis + docker pull vdaas/vald-meta-redis:{{ version }}
+ docker pull ghcr.io/vdaas/vald/vald-meta-redis:{{ version }} +
Meta Cassandra + docker pull vdaas/vald-meta-cassandra:{{ version }}
+ docker pull ghcr.io/vdaas/vald/vald-meta-cassandra:{{ version }} +
Index Manager + docker pull vdaas/vald-manager-index:{{ version }}
+ docker pull ghcr.io/vdaas/vald/vald-manager-index:{{ version }} +
Helm Operator + docker pull vdaas/vald-helm-operator:{{ version }}
+ docker pull ghcr.io/vdaas/vald/vald-helm-operator:{{ version }} +
### Documents - [GoDoc](https://pkg.go.dev/github.com/vdaas/vald@{{ version }})