From 0356ec8980de324754816bc82f3fe9bcbf7dfde6 Mon Sep 17 00:00:00 2001 From: Guy Owen Date: Tue, 3 Oct 2023 16:33:56 +1100 Subject: [PATCH 1/3] [DDS-1576] Goodbye CircleCI. --- .circleci/config.yml | 166 ------------------------------------------- 1 file changed, 166 deletions(-) delete mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 672670fa..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,166 +0,0 @@ -version: 2.1 -orbs: - slack: circleci/slack@4.10.1 -jobs: - lint: - docker: - - image: singledigital/ci-buildx:4.x - steps: - - checkout - - setup_remote_docker - - run: - name: Run custom lints - command: ./.circleci/scripts/custom-lints.sh - build: - docker: - - image: singledigital/ci-buildx:4.x - environment: - GOSS_FILES_STRATEGY: cp - DOCKER_VERSION: 20.10.7 - DOCKERHUB_NAMESPACE: singledigital - DOCKER_CLI_EXPERIMENTAL: enabled - CIRCLE_ARTIFACT_DOMAIN: output.circle-artifacts.com - steps: - - checkout - - setup_remote_docker - - run: - name: Prepare the docker context - command: | - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - docker context create dpc - docker buildx create --platform linux/amd64,linux/arm64 dpc --name dpc --use - docker buildx inspect --bootstrap - - run: - name: Prepare the manifest - command: IMAGE_TAG=$(.circleci/scripts/tag.sh) docker buildx bake -f bake.hcl --print --no-cache - - run: - name: Build the images - command: IMAGE_TAG=$(.circleci/scripts/tag.sh) docker buildx bake -f bake.hcl --no-cache - - - run: - name: Start the containers - command: IMAGE_TAG=$(.circleci/scripts/tag.sh) docker-compose up -d - - run: - name: Scan the images with clair - command: | - docker images | grep bay | awk '{ print $1 }' | tail -n +2 | sed '/multiarch/d' >> images.txt - for image in `cat images.txt`; do - echo "scanning image: $image" - for line in $(docker ps --format "table {{.Image}}\t{{.ID}}" | grep -e arminc/clair-local-scan -e ovotech/clair-scanner -e clair-db | awk '{print $2}'); - do - echo "container name $line" - docker stop $line - docker rm $line - sleep 5 - done - sleep 50 - mkdir -p /docker-tars - mkdir -p /clair-reports/reports - docker save -o /docker-tars/scan.tar $image - bash .circleci/scripts/runclairscan.sh /docker-tars >> /clair-reports/reports/myclair.log - done - echo "clair log" - cat /clair-reports/reports/myclair.log - - - store_artifacts: - path: /clair-reports/reports - - - - run: - name: Install goss - command: curl -fsSL https://goss.rocks/install | sh && goss --version - # Sleeping to ensure the supervisord has started. - - run: sleep 30s - - run: - name: Test images - command: IMAGE_TAG=$(.circleci/scripts/tag.sh) tests/run.sh - - run: - name: Build the AWX EE - command: | - pip install --upgrade ansible-builder - cd images/awx-ee - ansible-builder build \ - --file execution-environment.yml \ - --build-arg PYCMD="/usr/local/bin/python3" \ - --build-arg PKGMGR="/usr/bin/apt-get" \ - --verbosity 3 - - - slack/notify: - channel: G015H7K158D - event: fail - template: basic_fail_1 - - deploy: - docker: - - image: singledigital/ci-buildx:4.x - environment: - GOSS_FILES_STRATEGY: cp - DOCKER_VERSION: 20.10.7 - DOCKERHUB_NAMESPACE: singledigital - DOCKER_CLI_EXPERIMENTAL: enabled - steps: - - checkout - - setup_remote_docker - - run: - name: Log in to dockerhub - command: docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_PASSWORD - - run: - name: Git Log in to GitHub Docker registry - command: | - GITHUB_USER=$(curl -sSL -H "Authorization:token $GITHUB_TOKEN" https://api.github.com/user | jq -r .login) - echo $GITHUB_TOKEN | docker login ghcr.io --username $GITHUB_USER --password-stdin - - run: - name: Create the builder for multiarch - command: | - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - docker context create dpc - docker buildx create --platform linux/amd64,linux/arm64 dpc --name dpc --use - docker buildx inspect --bootstrap - - run: - name: Push images to dockerhub - command: | - IMAGE_TAG=$(.circleci/scripts/tag.sh) - if [[ "$IMAGE_TAG" = 0 ]]; then - echo "==> Skip deployment..." - else - echo "==> Push images with $IMAGE_TAG" - IMAGE_TAG=$(.circleci/scripts/tag.sh) docker buildx bake -f bake.hcl --push --no-cache - echo "==> Push the AWX Executor Environment image" - pip install --upgrade ansible-builder - cd images/awx-ee - ansible-builder create -f execution-environment.yml - docker buildx create --name sdp-amd-arm --platform linux/amd64,linux/arm64 --use - docker buildx bake --progress=plain --push --provenance false - fi - -workflows: - version: 2 - build_and_test: - jobs: - - lint - - build: - context: - - sdpdeploy -# - pr_comment: -# context: -# - sdpdeploy -# requires: -# - build - - deploy: - requires: - - build - - lint - - weekly_build: - jobs: - - build - - deploy: - requires: - - build - triggers: - - schedule: - cron: 0 20 * * 0 - filters: - branches: - only: - - 5.x From f7a871e3945ac6033df33dbf25bcef2fa36134cc Mon Sep 17 00:00:00 2001 From: Guy Owen Date: Tue, 3 Oct 2023 17:12:09 +1100 Subject: [PATCH 2/3] [DDS-1576] Added workflow trigger for merges. --- .github/workflows/build-deploy.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index 2b6001de..05fcdca8 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -7,6 +7,9 @@ on: push: branches: - "build/**" + pull_request_target: + types: + - closed env: REGISTRY: ghcr.io From 231e1a8b6e015466e9f8bf5820d7d0b364aae5f9 Mon Sep 17 00:00:00 2001 From: Guy Owen Date: Wed, 4 Oct 2023 11:44:45 +1100 Subject: [PATCH 3/3] [DDS-1576] Added conditionals for runs. --- .github/workflows/build-deploy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index 05fcdca8..eb91bd64 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -6,7 +6,7 @@ on: workflow_dispatch: push: branches: - - "build/**" + - 'build/**' pull_request_target: types: - closed @@ -15,6 +15,7 @@ env: REGISTRY: ghcr.io jobs: buildx: + if: github.event.pull_request.merged == true || startsWith(github.head_ref, 'build/') || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest strategy: matrix: