From 8db2f60f5b118e385e0345c9ccdf30d15f453537 Mon Sep 17 00:00:00 2001 From: Jozef Volak Date: Tue, 1 Aug 2023 10:08:46 +0200 Subject: [PATCH] remove forked github actions --- .github/workflows/labels.yml | 9 --- .github/workflows/release.yml | 131 --------------------------------- .github/workflows/security.yml | 94 ----------------------- 3 files changed, 234 deletions(-) delete mode 100644 .github/workflows/labels.yml delete mode 100644 .github/workflows/release.yml delete mode 100644 .github/workflows/security.yml diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml deleted file mode 100644 index 96d8772e0..000000000 --- a/.github/workflows/labels.yml +++ /dev/null @@ -1,9 +0,0 @@ -name: Label commenter -on: - issues: - types: [labeled, unlabeled] - pull_request_target: - types: [labeled, unlabeled] -jobs: - stale: - uses: krakendio/.github/.github/workflows/label-commenter.yml@main diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 263951332..000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,131 +0,0 @@ -on: - release: - types: [created] -name: Handle Release -jobs: - builder: - name: Generate builder containers - runs-on: ubuntu-20.04 - steps: - - name: Checkout the repository - uses: actions/checkout@master - - name: Set the environment variables - run: | - echo "GOLANG_VERSION=$(grep -m 1 GOLANG_VERSION Makefile | sed 's/^.*= //g')" >> $GITHUB_ENV - echo "ALPINE_VERSION=$(grep -m 1 ALPINE_VERSION Makefile | sed 's/^.*= //g')" >> $GITHUB_ENV - - name: Log in to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: | - krakend/builder - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - - name: Docker meta - id: meta-linux-generic - uses: docker/metadata-action@v4 - with: - images: | - krakend/builder - flavor: | - suffix=-linux-generic,onlatest=true - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - - name: Build and push KrakenD plugin builder (Alpine) - id: container-build - uses: docker/build-push-action@v2 - with: - context: . - file: Dockerfile-builder - build-args: | - GOLANG_VERSION=${{ env.GOLANG_VERSION }} - ALPINE_VERSION=${{ env.ALPINE_VERSION }} - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - name: Build and push KrakenD plugin builder (Linux generic) - id: container-build-linux-generic - uses: docker/build-push-action@v2 - with: - context: . - file: Dockerfile-builder-linux - build-args: | - GOLANG_VERSION=${{ env.GOLANG_VERSION }} - push: true - tags: ${{ steps.meta-linux-generic.outputs.tags }} - labels: ${{ steps.meta-linux-generic.outputs.labels }} - - name: Install cosign - uses: sigstore/cosign-installer@v3.0.1 - - name: Sign image (Alpine) - run: | - cosign sign -y "docker.io/krakend/builder@${{ steps.container-build.outputs.digest }}" - - name: Sign image (Linux generic) - run: | - cosign sign -y "docker.io/krakend/builder@${{ steps.container-build-linux-generic.outputs.digest }}" - generate: - name: Create release-artifacts - runs-on: ubuntu-20.04 - needs: builder - steps: - - name: Checkout the repository - uses: actions/checkout@master - - name: Import GPG key - id: import_gpg - uses: crazy-max/ghaction-import-gpg@v5 - with: - gpg_private_key: ${{ secrets.PGP_SIGNING_KEY }} - fingerprint: "5B270F2E01E375FD9D5635E25DE6FD698AD6FDD2" - - name: List keys - run: gpg -K - - name: Generate the artifacts for Debian/Ubuntu/Redhat/Centos (AMD64/ARM64) - uses: docker://krakend/builder:latest-linux-generic - with: - args: sh -c "git config --global --add safe.directory /github/workspace; - export CGO_ENABLED=1 CC=aarch64-linux-gnu-gcc ARCH=arm64 OS_TAG=_generic-linux GOARCH=arm64 GOHOSTARCH=amd64 EXTRA_LDFLAGS='-extld=aarch64-linux-gnu-gcc'; - make -e build && make -e tgz; - make clean; - export CC= GOARCH=amd64 ARCH=amd64 OS_TAG=_generic-linux EXTRA_LDFLAGS=; - make -e build && make -e tgz;" - - name: Build DEB package (AMD64) - uses: docker://krakend/fpm:deb - with: - entrypoint: /bin/bash - args: -c "make -e deb-release" - - name: Build RPM package (AMD64) - uses: docker://krakend/fpm:rpm - with: - entrypoint: /bin/bash - args: -c "echo '${{ secrets.PGP_SIGNING_KEY }}' > pgp.key; - gpg --import pgp.key; - cp builder/files/rpmmacros /etc/rpm/macros; - make -e rpm-release && - rpmsign --addsign *rpm" - - name: Generate the artifacts for Alpine (AMD64/ARM64) - uses: docker://krakend/builder:latest - with: - args: sh -c "export GOARCH=amd64 ARCH=amd64 OS_TAG=_alpine; - make -e build && make -e tgz; - make clean; - export CGO_ENABLED=1 ARCH=arm64 OS_TAG=_alpine GOARCH=arm64 GOHOSTARCH=amd64; - export CC=aarch64-linux-musl-gcc EXTRA_LDFLAGS='-extldflags=-fuse-ld=bfd -extld=aarch64-linux-musl-gcc'; - make -e build && make -e tgz" - - name: ASC files - run: for i in $(ls *.tar.gz *.deb *.rpm); - do gpg --armor --detach $i; - sha512sum $i >> checksums.txt; - done - - name: Upload the artifacts - uses: skx/github-action-publish-binaries@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - args: '*.tar.gz *.asc *.deb *.rpm checksums.txt' diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml deleted file mode 100644 index 038d8cf2e..000000000 --- a/.github/workflows/security.yml +++ /dev/null @@ -1,94 +0,0 @@ ---- -name: security - -# Run for all pushes to master and pull requests when Go or YAML files change -on: - push: - branches: - - master - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '23 20 * * 2' - -jobs: - security-repo-scan: - name: security-repo-scan - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@master - with: - scan-type: 'fs' - security-checks: 'vuln,secret' - ignore-unfixed: true - format: 'sarif' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - skip-dirs: 'tests' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' - - image-scan: - strategy: - matrix: - config: - - image: krakend/builder - dockerfile: Dockerfile-builder - - image: krakend/krakend-ce - dockerfile: Dockerfile - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Set the environment variables - run: | - echo "GOLANG_VERSION=$(grep -m 1 GOLANG_VERSION Makefile | sed 's/^.*= //g')" >> $GITHUB_ENV - echo "ALPINE_VERSION=$(grep -m 1 ALPINE_VERSION Makefile | sed 's/^.*= //g')" >> $GITHUB_ENV - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: | - ${{ matrix.config.image }} - tags: | - type=sha - - - name: "Build image ${{ matrix.config.image }}" - uses: docker/build-push-action@v2 - with: - context: . - file: ${{ matrix.config.dockerfile }} - build-args: | - GOLANG_VERSION=${{ env.GOLANG_VERSION }} - ALPINE_VERSION=${{ env.ALPINE_VERSION }} - push: false - load: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Run Trivy vulnerability scanner in image mode - uses: aquasecurity/trivy-action@master - with: - scan-type: 'image' - image-ref: ${{ steps.meta.outputs.tags }} - security-checks: 'vuln,secret' - ignore-unfixed: true - format: 'sarif' - output: 'trivy-results.sarif' - severity: 'HIGH,CRITICAL' - skip-dirs: 'tests' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file