From 7a4a323c6d629b9134e74b2f43ff4f13e28d5126 Mon Sep 17 00:00:00 2001 From: Peter Balogh Date: Wed, 30 Aug 2023 16:53:01 +0200 Subject: [PATCH 1/8] add github actions --- .github/CODEOWNERS | 11 +++ .github/ISSUE_TEMPLATE/BUG_REPORT.md | 36 +++++++ .github/ISSUE_TEMPLATE/feature_request.md | 25 +++++ .github/PULL_REQUEST_TEMPLATE.md | 26 +++++ .github/dependabot.yml | 17 ++++ .github/settings.yml | 87 +++++++++++++++++ .../workflows/build-and-push-component.yaml | 80 ++++++++++++++++ .github/workflows/ci.yml | 62 ++++++++++++ .github/workflows/main-merge.yml | 16 ++++ .github/workflows/release.yaml | 96 +++++++++++++++++++ .github/workflows/reusable-build-and-push.yml | 79 +++++++++++++++ .github/workflows/stale.yml | 18 ++++ 12 files changed, 553 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 .github/ISSUE_TEMPLATE/BUG_REPORT.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/dependabot.yml create mode 100644 .github/settings.yml create mode 100644 .github/workflows/build-and-push-component.yaml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/main-merge.yml create mode 100644 .github/workflows/release.yaml create mode 100644 .github/workflows/reusable-build-and-push.yml create mode 100644 .github/workflows/stale.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..663a869 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,11 @@ +# CODEOWNERS reference: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners + +# These owners will be the default owners for everything in +# the repo. Unless a later match takes precedence, +# the following users/teams will be requested for +# review when someone opens a pull request. +* @openclarity/vmclarity-maintainers + +# Enforces admin protections for repo configuration via probot settings app. +# ref: https://github.com/probot/settings#security-implications +.github/settings.yml @openclarity/vmclarity-admins diff --git a/.github/ISSUE_TEMPLATE/BUG_REPORT.md b/.github/ISSUE_TEMPLATE/BUG_REPORT.md new file mode 100644 index 0000000..8eaadea --- /dev/null +++ b/.github/ISSUE_TEMPLATE/BUG_REPORT.md @@ -0,0 +1,36 @@ +--- +name: Bug Report +about: Report a bug to help us improve +title: '' +labels: '' +assignees: '' + +--- + +## Description + +Please provide a description of the problem. + +## Expected Behavior + +Please describe what you expected would happen. + +## Actual Behavior + +Please describe what happened instead. + +## Affected Version + +Please provide the version number where this issue was encountered. + +## Steps to Reproduce + +1. First step +1. Second step +1. etc. + +## Checklist + + +- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md) +- [ ] I have verified this does not duplicate an existing issue diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..2af6aba --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,25 @@ +--- +name: Feature Request +about: Suggest a feature for this project +title: '' +labels: '' +assignees: '' + +--- + +## Problem Statement + +Please describe the problem to be addressed by the proposed feature. + +## Proposed Solution + +Please describe what you envision the solution to this problem would look like. + +## Alternatives Considered + +Please briefly describe which alternatives, if any, have been considered, including merits of alternate approaches and +tradeoffs being made. + +## Additional Context + +Please provide any other information that may be relevant. diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..57cf939 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,26 @@ +## Description + +Please provide a meaningful description of what this change will do, or is for. Bonus points for including links to +related issues, other PRs, or technical references. + +Note that by _not_ including a description, you are asking reviewers to do extra work to understand the context of this +change, which may lead to your PR taking much longer to review, or result in it not being reviewed at all. + +## Type of Change + +[ ] Bug Fix +[ ] New Feature +[ ] Breaking Change +[ ] Refactor +[ ] Documentation +[ ] Other (please describe) + +## Checklist + +- [ ] I have read the [contributing guidelines](https://github.com/openclarity/vmclarity/blob/main/CONTRIBUTING.md) +- [ ] Existing issues have been referenced (where applicable) +- [ ] I have verified this change is not present in other open pull requests +- [ ] Functionality is documented +- [ ] All code style checks pass +- [ ] New code contribution is covered by automated tests +- [ ] All new and existing tests pass diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..5e526a9 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +version: 2 +updates: +- package-ecosystem: gomod + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 +- package-ecosystem: docker + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 diff --git a/.github/settings.yml b/.github/settings.yml new file mode 100644 index 0000000..4166a45 --- /dev/null +++ b/.github/settings.yml @@ -0,0 +1,87 @@ +repository: + # See https://developer.github.com/v3/repos/#edit for all available settings. + + # The name of the repository. Changing this will rename the repository + name: vmclarity + + # A short description of the repository that will show up on GitHub + description: VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities + + # A URL with more information about the repository + homepage: openclarity.io + + # Updates the default branch for this repository. + default_branch: main + + # Either `true` to enable automated security fixes, or `false` to disable + # automated security fixes. + enable_automated_security_fixes: true + + # Either `true` to enable vulnerability alerts, or `false` to disable + # vulnerability alerts. + enable_vulnerability_alerts: true + + # Either `true` to allow squash-merging pull requests, or `false` to prevent + # squash-merging. + allow_squash_merge: true + + # Either `true` to allow merging pull requests with a merge commit, or `false` + # to prevent merging pull requests with merge commits. + allow_merge_commit: false + + # Either `true` to allow rebase-merging pull requests, or `false` to prevent + # rebase-merging. + allow_rebase_merge: true + + # Either `true` to enable automatic deletion of branches on merge, or `false` to disable + delete_branch_on_merge: false + +# See https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions for available options +teams: + - name: vmclarity-admins + # The permission to grant the team. Can be one of: + # * `pull` - can pull, but not push to or administer this repository. + # * `push` - can pull and push, but not administer this repository. + # * `admin` - can pull, push and administer this repository. + # * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions. + permission: admin + + - name: vmclarity-maintainers + permission: maintain + +# Collaborators: give specific users access to this repository. +# See https://docs.github.com/en/rest/reference/collaborators for available options +collaborators: [] + +branches: + - name: main + # https://docs.github.com/en/rest/reference/repos#update-branch-protection + # Branch Protection settings. Set to null to disable + protection: + # Required. Require at least one approving review on a pull request, before merging. Set to null to disable. + required_pull_request_reviews: + # The number of approvals required. (1-6) + required_approving_review_count: 1 + # Dismiss approved reviews automatically when a new commit is pushed. + dismiss_stale_reviews: true + # Blocks merge until code owners have reviewed. + require_code_owner_reviews: true + # Specify which users and teams can dismiss pull request reviews. Pass an empty dismissal_restrictions object to disable. User and team dismissal_restrictions are only available for organization-owned repositories. Omit this parameter for personal repositories. + dismissal_restrictions: + users: [] + teams: [] + # Required. Require status checks to pass before merging. Set to null to disable + required_status_checks: + # Required. Require branches to be up to date before merging. + strict: true + # Required. The list of status checks to require in order to merge into this branch + contexts: [] + # Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable. + enforce_admins: true + # Prevent merge commits from being pushed to matching branches + required_linear_history: true + # Required. Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable. + restrictions: + apps: [] + users: [] + teams: [] diff --git a/.github/workflows/build-and-push-component.yaml b/.github/workflows/build-and-push-component.yaml new file mode 100644 index 0000000..dc53edb --- /dev/null +++ b/.github/workflows/build-and-push-component.yaml @@ -0,0 +1,80 @@ +name: 'Build and Push Component' + +on: + workflow_call: + inputs: + dockerfile: + required: true + type: string + description: 'Dockerfile to build and push' + image_name: + required: true + type: string + description: 'Name of the image to publish' + image_tag: + required: true + type: string + description: 'Image tag to build and push.' + push: + required: false + type: string + description: 'If set to true, push the image.' + default: false + upload: + required: false + type: string + description: 'If set to true, upload the image.' + default: false + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.ref }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set build output env var + if: ${{ inputs.upload == 'true' }} + run: | + echo "OUTPUTS=type=docker,dest=/tmp/${{ inputs.image_name }}.tar" >> $GITHUB_ENV + + - name: Build + uses: docker/build-push-action@v4 + with: + context: . + platforms: linux/amd64,linux/arm64 + tags: ghcr.io/openclarity/${{ inputs.image_name }}:${{ inputs.image_tag }} + file: ${{ inputs.dockerfile }} + push: ${{ inputs.push }} + outputs: "${{ env.OUTPUTS }}" + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + build-args: | + VERSION=${{ inputs.image_tag }} + BUILD_TIMESTAMP=${{ needs.timestamp.outputs.timestamp }} + COMMIT_HASH=${{ github.sha }} + + - name: Upload artifact + if: ${{ inputs.upload == 'true' }} + uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.image_name }} + path: /tmp/${{ inputs.image_name }}.tar diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..513a4c2 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,62 @@ +name: CI +on: + pull_request: + merge_group: + +env: + GO_VERSION: "1.20" + +jobs: + api-verification: + name: API Verification + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Generate API code + run: make gen-api + + # This step will evaluate the repo status and exit if found changes + # This should detect if the most up-to-date generated API code was pushed + - name: Changes validation + run: | + [[ -z "$(git status --porcelain)" ]] || exit 1 + + verification: + needs: api-verification + name: Verification + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Check licenses + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: make license-check + + - name: Setup Cloud Formation Linter with Latest Version + uses: scottbrenner/cfn-lint-action@v2 + + - name: Run verification + run: make check + + build: + needs: verification + name: Build + uses: ./.github/workflows/reusable-build-and-push.yml + with: + image_tag: ${{ github.sha }} + push: false + upload: false diff --git a/.github/workflows/main-merge.yml b/.github/workflows/main-merge.yml new file mode 100644 index 0000000..b6a5afb --- /dev/null +++ b/.github/workflows/main-merge.yml @@ -0,0 +1,16 @@ +name: Main merge +on: + push: + branches: + - main + +permissions: + packages: write + +jobs: + build_and_push: + uses: ./.github/workflows/reusable-build-and-push.yml + with: + image_tag: latest + push: true + upload: false diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..2b0eeb0 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,96 @@ +name: Release +on: + push: + tags: + - "v[0-9]+.[0-9]+.[0-9]+" + +permissions: + packages: write + contents: write + +env: + GO_VERSION: "1.20" + +jobs: + verification: + name: Verification + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Check licenses + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: make license-check + + - name: Setup Cloud Formation Linter with Latest Version + uses: scottbrenner/cfn-lint-action@v2 + + - name: Run verification + run: make check + + build_and_push: + needs: verification + name: Build & Push + uses: ./.github/workflows/reusable-build-and-push.yml + with: + image_tag: ${{ github.ref_name }} + push: true + upload: false + + main_release: + needs: build_and_push + name: Release + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Render cloudformation + id: render_cloudformation + run: | + sed -i 's/ghcr.io\/openclarity\/vmclarity-backend:latest/ghcr.io\/openclarity\/vmclarity-backend:${{ github.ref_name }}/g' installation/aws/VmClarity.cfn + sed -i 's/ghcr.io\/openclarity\/vmclarity-cli:latest/ghcr.io\/openclarity\/vmclarity-cli:${{ github.ref_name }}/g' installation/aws/VmClarity.cfn + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v4 + with: + version: v1.16.0 + args: release --clean --skip-validate + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # TODO(sambetts) We need to publish a tag in the format "api/" tag + # so that go mod is able to import the api module without overriding. We need + # to work out how to do this cleanly from github actions on release so that + # we don't need to manage it manually. We could do something this which will + # create another release: + # + # api_release: + # needs: release + # name: Release API Module + # runs-on: ubuntu-latest + # steps: + # - name: Checkout + # uses: actions/checkout@v3 + # with: + # fetch-depth: 0 + # - name: Release API + # uses: softprops/action-gh-release@v1 + # with: + # name: VMClarity {{ github.ref }} API + # body: See main {{ github.ref }} release for release notes. + # tag_name: api/{{ github.ref }} diff --git a/.github/workflows/reusable-build-and-push.yml b/.github/workflows/reusable-build-and-push.yml new file mode 100644 index 0000000..3476ca2 --- /dev/null +++ b/.github/workflows/reusable-build-and-push.yml @@ -0,0 +1,79 @@ +name: Build & Push + +on: + workflow_call: + inputs: + image_tag: + required: true + type: string + description: 'Image tag to build and push.' + push: + required: false + type: string + description: 'If set to true, push the image.' + default: false + upload: + required: false + type: string + description: 'If set to true, upload the image.' + default: false + +jobs: + timestamp: + runs-on: ubuntu-latest + outputs: + timestamp: ${{ steps.timestamp.outputs.timestamp }} + steps: + - name: Get current timestamp + id: timestamp + run: echo "::set-output name=timestamp::$(date -u +'%Y-%m-%dT%H:%M:%SZ')" + + vmclarity-apiserver: + needs: timestamp + uses: ./.github/workflows/build-and-push-component.yaml + with: + dockerfile: Dockerfile.apiserver + image_name: vmclarity-apiserver + image_tag: ${{ inputs.image_tag }} + push: ${{ inputs.push }} + upload: ${{ inputs.upload }} + + vmclarity-orchestrator: + needs: timestamp + uses: ./.github/workflows/build-and-push-component.yaml + with: + dockerfile: Dockerfile.orchestrator + image_name: vmclarity-orchestrator + image_tag: ${{ inputs.image_tag }} + push: ${{ inputs.push }} + upload: ${{ inputs.upload }} + + vmclarity-ui-backend: + needs: timestamp + uses: ./.github/workflows/build-and-push-component.yaml + with: + dockerfile: Dockerfile.uibackend + image_name: vmclarity-ui-backend + image_tag: ${{ inputs.image_tag }} + push: ${{ inputs.push }} + upload: ${{ inputs.upload }} + + vmclarity-ui: + needs: timestamp + uses: ./.github/workflows/build-and-push-component.yaml + with: + dockerfile: Dockerfile.ui + image_name: vmclarity-ui + image_tag: ${{ inputs.image_tag }} + push: ${{ inputs.push }} + upload: ${{ inputs.upload }} + + vmclarity-cli: + needs: timestamp + uses: ./.github/workflows/build-and-push-component.yaml + with: + dockerfile: Dockerfile.cli + image_name: vmclarity-cli + image_tag: ${{ inputs.image_tag }} + push: ${{ inputs.push }} + upload: ${{ inputs.upload }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..392351a --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,18 @@ +name: stale + +on: + schedule: + - cron: "0 0 * * 0" + workflow_dispatch: + +jobs: + mark-stale: + uses: openclarity/.github/.github/workflows/_stale.yml@main + permissions: + issues: write + pull-requests: write + with: + days-until-stale: 60 + days-until-close: 14 + stale-label: "stale" + exempt-label: "no-stale" From 16924764dafb7778ea80744f099f6be157e0743f Mon Sep 17 00:00:00 2001 From: Peter Balogh Date: Wed, 30 Aug 2023 17:03:18 +0200 Subject: [PATCH 2/8] update --- .github/ISSUE_TEMPLATE/BUG_REPORT.md | 2 +- .github/PULL_REQUEST_TEMPLATE.md | 4 +- .github/dependabot.yml | 30 +++--- .github/settings.yml | 4 +- .github/workflows/ci.yml | 25 ----- .github/workflows/release.yaml | 28 ------ .github/workflows/reusable-build-and-push.yml | 91 ++++++++++--------- 7 files changed, 67 insertions(+), 117 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/BUG_REPORT.md b/.github/ISSUE_TEMPLATE/BUG_REPORT.md index 8eaadea..e399d37 100644 --- a/.github/ISSUE_TEMPLATE/BUG_REPORT.md +++ b/.github/ISSUE_TEMPLATE/BUG_REPORT.md @@ -32,5 +32,5 @@ Please provide the version number where this issue was encountered. ## Checklist -- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md) +- [ ] I have read the [contributing guidelines](https://github.com/openclarity/yara-rule-server/blob/main/CONTRIBUTING.md) - [ ] I have verified this does not duplicate an existing issue diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 57cf939..053746e 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -13,11 +13,11 @@ change, which may lead to your PR taking much longer to review, or result in it [ ] Breaking Change [ ] Refactor [ ] Documentation -[ ] Other (please describe) +[ ] Other (please describe) ## Checklist -- [ ] I have read the [contributing guidelines](https://github.com/openclarity/vmclarity/blob/main/CONTRIBUTING.md) +- [ ] I have read the [contributing guidelines](https://github.com/openclarity/yara-rule-server/blob/main/CONTRIBUTING.md) - [ ] Existing issues have been referenced (where applicable) - [ ] I have verified this change is not present in other open pull requests - [ ] Functionality is documented diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5e526a9..237a401 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,17 +1,17 @@ version: 2 updates: -- package-ecosystem: gomod - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 -- package-ecosystem: docker - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 -- package-ecosystem: github-actions - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 + - package-ecosystem: gomod + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + - package-ecosystem: docker + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 diff --git a/.github/settings.yml b/.github/settings.yml index 4166a45..ecd09df 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -2,10 +2,10 @@ repository: # See https://developer.github.com/v3/repos/#edit for all available settings. # The name of the repository. Changing this will rename the repository - name: vmclarity + name: yara-rule-server # A short description of the repository that will show up on GitHub - description: VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities + description: YARA rule server download and compile rules into one binary file. # A URL with more information about the repository homepage: openclarity.io diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 513a4c2..ef46f14 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,29 +7,7 @@ env: GO_VERSION: "1.20" jobs: - api-verification: - name: API Verification - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Generate API code - run: make gen-api - - # This step will evaluate the repo status and exit if found changes - # This should detect if the most up-to-date generated API code was pushed - - name: Changes validation - run: | - [[ -z "$(git status --porcelain)" ]] || exit 1 - verification: - needs: api-verification name: Verification runs-on: ubuntu-latest steps: @@ -46,9 +24,6 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: make license-check - - name: Setup Cloud Formation Linter with Latest Version - uses: scottbrenner/cfn-lint-action@v2 - - name: Run verification run: make check diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2b0eeb0..6fa87ac 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -54,12 +54,6 @@ jobs: with: fetch-depth: 0 - - name: Render cloudformation - id: render_cloudformation - run: | - sed -i 's/ghcr.io\/openclarity\/vmclarity-backend:latest/ghcr.io\/openclarity\/vmclarity-backend:${{ github.ref_name }}/g' installation/aws/VmClarity.cfn - sed -i 's/ghcr.io\/openclarity\/vmclarity-cli:latest/ghcr.io\/openclarity\/vmclarity-cli:${{ github.ref_name }}/g' installation/aws/VmClarity.cfn - - name: Set up Go uses: actions/setup-go@v4 with: @@ -72,25 +66,3 @@ jobs: args: release --clean --skip-validate env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # TODO(sambetts) We need to publish a tag in the format "api/" tag - # so that go mod is able to import the api module without overriding. We need - # to work out how to do this cleanly from github actions on release so that - # we don't need to manage it manually. We could do something this which will - # create another release: - # - # api_release: - # needs: release - # name: Release API Module - # runs-on: ubuntu-latest - # steps: - # - name: Checkout - # uses: actions/checkout@v3 - # with: - # fetch-depth: 0 - # - name: Release API - # uses: softprops/action-gh-release@v1 - # with: - # name: VMClarity {{ github.ref }} API - # body: See main {{ github.ref }} release for release notes. - # tag_name: api/{{ github.ref }} diff --git a/.github/workflows/reusable-build-and-push.yml b/.github/workflows/reusable-build-and-push.yml index 3476ca2..6188b7b 100644 --- a/.github/workflows/reusable-build-and-push.yml +++ b/.github/workflows/reusable-build-and-push.yml @@ -28,52 +28,55 @@ jobs: id: timestamp run: echo "::set-output name=timestamp::$(date -u +'%Y-%m-%dT%H:%M:%SZ')" - vmclarity-apiserver: + yara-rule-server: needs: timestamp - uses: ./.github/workflows/build-and-push-component.yaml - with: - dockerfile: Dockerfile.apiserver - image_name: vmclarity-apiserver - image_tag: ${{ inputs.image_tag }} - push: ${{ inputs.push }} - upload: ${{ inputs.upload }} + runs-on: ubuntu-latest + steps: + - name: Checkout codeyara-rule-server + uses: actions/checkout@v3 - vmclarity-orchestrator: - needs: timestamp - uses: ./.github/workflows/build-and-push-component.yaml - with: - dockerfile: Dockerfile.orchestrator - image_name: vmclarity-orchestrator - image_tag: ${{ inputs.image_tag }} - push: ${{ inputs.push }} - upload: ${{ inputs.upload }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 - vmclarity-ui-backend: - needs: timestamp - uses: ./.github/workflows/build-and-push-component.yaml - with: - dockerfile: Dockerfile.uibackend - image_name: vmclarity-ui-backend - image_tag: ${{ inputs.image_tag }} - push: ${{ inputs.push }} - upload: ${{ inputs.upload }} + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.ref }} + restore-keys: | + ${{ runner.os }}-buildx- - vmclarity-ui: - needs: timestamp - uses: ./.github/workflows/build-and-push-component.yaml - with: - dockerfile: Dockerfile.ui - image_name: vmclarity-ui - image_tag: ${{ inputs.image_tag }} - push: ${{ inputs.push }} - upload: ${{ inputs.upload }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - vmclarity-cli: - needs: timestamp - uses: ./.github/workflows/build-and-push-component.yaml - with: - dockerfile: Dockerfile.cli - image_name: vmclarity-cli - image_tag: ${{ inputs.image_tag }} - push: ${{ inputs.push }} - upload: ${{ inputs.upload }} + - name: Set build output env var + if: ${{ inputs.upload == 'true' }} + run: | + echo "OUTPUTS=type=docker,dest=/tmp/yara-rule-server.tar" >> $GITHUB_ENV + + - name: Build + uses: docker/build-push-action@v4 + with: + context: . + platforms: linux/amd64,linux/arm64 + tags: ghcr.io/openclarity/yara-rule-server:${{ inputs.image_tag }} + file: Dockerfile + push: ${{ inputs.push }} + outputs: "${{ env.OUTPUTS }}" + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + build-args: | + VERSION=${{ inputs.image_tag }} + BUILD_TIMESTAMP=${{ needs.timestamp.outputs.timestamp }} + COMMIT_HASH=${{ github.sha }} + + - name: Upload artifact + if: ${{ inputs.upload == 'true' }} + uses: actions/upload-artifact@v3 + with: + name: yara-rule-server + path: /tmp/yara-rule-server.tar From d27a98f5e4f4498e82a2bba7a064f9329a028a60 Mon Sep 17 00:00:00 2001 From: Peter Balogh Date: Wed, 30 Aug 2023 17:04:34 +0200 Subject: [PATCH 3/8] fix --- .github/workflows/release.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6fa87ac..4c0cef2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -29,9 +29,6 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: make license-check - - name: Setup Cloud Formation Linter with Latest Version - uses: scottbrenner/cfn-lint-action@v2 - - name: Run verification run: make check From 38c7274d70374cac0d1209355ac795125c972e1a Mon Sep 17 00:00:00 2001 From: Peter Balogh Date: Wed, 30 Aug 2023 17:07:11 +0200 Subject: [PATCH 4/8] fix: lint error --- cmd/root.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/root.go b/cmd/root.go index 5cb289d..1f99487 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -87,5 +87,5 @@ func initLogger() { } func run(cmd *cobra.Command, args []string) { - + logger.Infoln("running command") } From 5bee00d3946997e0d571250bc6621082e1fda733 Mon Sep 17 00:00:00 2001 From: Peter Balogh Date: Thu, 31 Aug 2023 08:58:31 +0200 Subject: [PATCH 5/8] update workflow --- .github/workflows/reusable-build-and-push.yml | 57 +++---------------- 1 file changed, 7 insertions(+), 50 deletions(-) diff --git a/.github/workflows/reusable-build-and-push.yml b/.github/workflows/reusable-build-and-push.yml index 6188b7b..ccea2a4 100644 --- a/.github/workflows/reusable-build-and-push.yml +++ b/.github/workflows/reusable-build-and-push.yml @@ -30,53 +30,10 @@ jobs: yara-rule-server: needs: timestamp - runs-on: ubuntu-latest - steps: - - name: Checkout codeyara-rule-server - uses: actions/checkout@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.ref }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set build output env var - if: ${{ inputs.upload == 'true' }} - run: | - echo "OUTPUTS=type=docker,dest=/tmp/yara-rule-server.tar" >> $GITHUB_ENV - - - name: Build - uses: docker/build-push-action@v4 - with: - context: . - platforms: linux/amd64,linux/arm64 - tags: ghcr.io/openclarity/yara-rule-server:${{ inputs.image_tag }} - file: Dockerfile - push: ${{ inputs.push }} - outputs: "${{ env.OUTPUTS }}" - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - build-args: | - VERSION=${{ inputs.image_tag }} - BUILD_TIMESTAMP=${{ needs.timestamp.outputs.timestamp }} - COMMIT_HASH=${{ github.sha }} - - - name: Upload artifact - if: ${{ inputs.upload == 'true' }} - uses: actions/upload-artifact@v3 - with: - name: yara-rule-server - path: /tmp/yara-rule-server.tar + uses: ./.github/workflows/build-and-push-component.yaml + with: + dockerfile: Dockerfile + image_name: yara-rule-server + image_tag: ${{ inputs.image_tag }} + push: ${{ inputs.push }} + upload: ${{ inputs.upload }} From d1ebf0794885340d87dd3b3f4f6c537de9db4b2e Mon Sep 17 00:00:00 2001 From: Peter Balogh Date: Thu, 31 Aug 2023 09:00:15 +0200 Subject: [PATCH 6/8] delete branch on merge true --- .github/settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/settings.yml b/.github/settings.yml index ecd09df..1988c28 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -34,7 +34,7 @@ repository: allow_rebase_merge: true # Either `true` to enable automatic deletion of branches on merge, or `false` to disable - delete_branch_on_merge: false + delete_branch_on_merge: true # See https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions for available options teams: From b3fdf847a161525aa24f9618bce6e3debbaa821f Mon Sep 17 00:00:00 2001 From: Peter Balogh Date: Wed, 6 Sep 2023 10:03:07 +0200 Subject: [PATCH 7/8] update release --- .github/workflows/release.yaml | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4c0cef2..e332d22 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -47,19 +47,23 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: ${{ env.GO_VERSION }} + - name: Changelog + uses: Bullrich/generate-release-changelog@master + id: Changelog + env: + REPO: ${{ github.repository }} - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v4 + - name: Create Release + id: create_release + uses: softprops/action-gh-release@v1 with: - version: v1.16.0 - args: release --clean --skip-validate - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + tag_name: ${{ github.ref_name }} + name: ${{ github.ref_name }} + body: | + ${{ steps.Changelog.outputs.changelog }} + draft: false + prerelease: false From c3e6d6661d6a5eb3b090c1b27e9f33f34c64570b Mon Sep 17 00:00:00 2001 From: Peter Balogh Date: Wed, 6 Sep 2023 10:43:59 +0200 Subject: [PATCH 8/8] remove comment --- .github/ISSUE_TEMPLATE/BUG_REPORT.md | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/BUG_REPORT.md b/.github/ISSUE_TEMPLATE/BUG_REPORT.md index e399d37..4d763ad 100644 --- a/.github/ISSUE_TEMPLATE/BUG_REPORT.md +++ b/.github/ISSUE_TEMPLATE/BUG_REPORT.md @@ -31,6 +31,5 @@ Please provide the version number where this issue was encountered. ## Checklist - - [ ] I have read the [contributing guidelines](https://github.com/openclarity/yara-rule-server/blob/main/CONTRIBUTING.md) - [ ] I have verified this does not duplicate an existing issue