diff --git a/.github/actions/docker-build-artifacts/action.yml b/.github/actions/docker-build-artifacts/action.yml index e7f3d88a..36046bb4 100644 --- a/.github/actions/docker-build-artifacts/action.yml +++ b/.github/actions/docker-build-artifacts/action.yml @@ -41,17 +41,17 @@ runs: shell: bash working-directory: ${{ inputs.WORKING_DIRECTORY }} run: | - env REPO_PASSWORD='${{ env.REPO_PASSWORD }}' docker build \ + env REPO_PASSWORD='${{ env.REPO_PASSWORD }}' DEPLOYMENT_TOKEN='${{ env.DEPLOYMENT_TOKEN }}' docker build \ --build-arg BUILD_NUMBER="${GITHUB_RUN_ID}" \ --build-arg GIT_SHA="$(echo ${GITHUB_SHA} | cut -c1-10)" \ --build-arg MAINTAINER="${{ inputs.MAINTAINER }}" \ --build-arg REPO_DOMAIN="${{ inputs.REPO_DOMAIN }}" \ --build-arg REPO_USERNAME="${{ env.REPO_USERNAME }}" \ --file "${{ inputs.DOCKERFILE }}" \ - --no-cache \ --platform linux/${{ inputs.PLATFORM }} \ --progress=plain \ --secret id=REPO_PASSWORD,env=REPO_PASSWORD \ + --secret id=DEPLOYMENT_TOKEN,env=DEPLOYMENT_TOKEN \ --tag artifacts-${GITHUB_RUN_ID}:${GITHUB_SHA} \ --ulimit nofile=1024000:1024000 \ . 2>&1 | tee -a ${{ inputs.BUILD_LOG_FILENAME }} diff --git a/.github/actions/docker/action.yml b/.github/actions/docker/action.yml index 799888cc..85eccc72 100644 --- a/.github/actions/docker/action.yml +++ b/.github/actions/docker/action.yml @@ -47,6 +47,10 @@ inputs: default: 'true' description: 'Whenever the container should be tested on pr.' required: false + CONTAINER_TEST_RUN_OPTIONS: + default: '' + description: 'Custom options for the docker run command that executes the test' + required: false CONTAINER_TEST_COMMAND: default: '' description: 'A custom command to test the docker container.' @@ -124,7 +128,7 @@ runs: - name: Build and export to Docker uses: docker/build-push-action@v5 - if: inputs.PLATFORMS == 'linux/amd64' && inputs.TAG_ONLY == 'false' + if: inputs.TAG_ONLY == 'false' with: load: true tags: | @@ -133,7 +137,8 @@ runs: # cache-to: type=gha,mode=max file: ${{ inputs.FILE }} context: ${{ inputs.CONTEXT }} - platforms: ${{ inputs.PLATFORMS }} + # cannot use multiple platforms with `load`, build a single arch image for validation purposes in CI + platforms: linux/amd64 build-args: ${{ env.BUILD_ARGS }} secrets: ${{ env.DOCKER_SECRETS }} @@ -143,15 +148,12 @@ runs: shell: bash run: | docker images - echo "${{ steps.meta.outputs.tags }}" - docker run -d --rm --name test ${{ fromJSON(steps.meta.outputs.json).tags[0] }} ${{ inputs.CONTAINER_TEST_COMMAND }} + echo "Starting container for image: ${{ steps.meta.outputs.tags }}" + docker run -d --rm --name test ${{ inputs.CONTAINER_TEST_RUN_OPTIONS }} ${{ fromJSON(steps.meta.outputs.json).tags[0] }} sleep 20 - docker logs test > logs.txt - EXECUTIONLOG=$(cat logs.txt) - EXECUTIONLOG="${EXECUTIONLOG//'%'/'%25'}" - EXECUTIONLOG="${EXECUTIONLOG//$'\n'/'%0A'}" - EXECUTIONLOG="${EXECUTIONLOG//$'\r'/'%0D'}" - echo "name=container-logs::$EXECUTIONLOG" >> $GITHUB_OUTPUT + docker ps + docker logs test + ${{ inputs.CONTAINER_TEST_COMMAND }} - name: Build and push if: inputs.PUSH == 'true' # && inputs.TAG_ONY == 'false' diff --git a/.github/actions/test-ruby/action.yml b/.github/actions/test-ruby/action.yml index 1464eb13..1bf14d69 100644 --- a/.github/actions/test-ruby/action.yml +++ b/.github/actions/test-ruby/action.yml @@ -26,10 +26,6 @@ inputs: required: false description: Reviewdog report default: 'false' - RUN_TESTS: - required: false - default: 'true' - description: Whenever you wanna run tests. runs: using: "composite" @@ -123,7 +119,6 @@ runs: shell: bash - name: Run Tests - if: inputs.RUN_TESTS != 'false' run: | bundle exec rspec -f j -o tmp/rspec_results.json -f p shell: bash diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 083445bf..35aee999 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -77,6 +77,10 @@ on: type: boolean default: true description: 'Whenever the container should be tested on pr.' + CONTAINER_TEST_RUN_OPTIONS: + type: string + default: '' + description: 'Custom options for the docker run command that executes the test' CONTAINER_TEST_COMMAND: type: string default: '' @@ -225,7 +229,7 @@ jobs: uses: actions/checkout@v4 with: repository: signalwire/actions-template - ref: main + ref: ryanwi/container-test-run-options path: actions - uses: ./actions/.github/actions/gpg @@ -273,6 +277,7 @@ jobs: IMAGE_REPO: ${{ inputs.IMAGE_REPO }} BUILD_ARGS: ${{ inputs.BUILD_ARGS }} CONTAINER_TEST: ${{ inputs.CONTAINER_TEST }} + CONTAINER_TEST_RUN_OPTIONS: ${{ inputs.CONTAINER_TEST_RUN_OPTIONS }} CONTAINER_TEST_COMMAND: ${{ inputs.CONTAINER_TEST_COMMAND }} OUTPUT_TAG_INDEX: ${{ inputs.OUTPUT_TAG_INDEX }} CACHE_FROM: ${{ inputs.CACHE_FROM }} diff --git a/.github/workflows/ci-docker-build.yml b/.github/workflows/ci-docker-build.yml index 2b09bb92..fed91110 100644 --- a/.github/workflows/ci-docker-build.yml +++ b/.github/workflows/ci-docker-build.yml @@ -82,7 +82,6 @@ jobs: --build-arg REPO_DOMAIN="${{ inputs.REPO_DOMAIN }}" \ --build-arg REPO_USERNAME="${{ secrets.REPO_USERNAME }}" \ --file "${{ inputs.DOCKERFILE }}" \ - --no-cache \ --platform linux/${{ inputs.PLATFORM }} \ --progress=plain \ --secret id=REPO_PASSWORD,env=REPO_PASSWORD \ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d74a6f81..87c64678 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -91,6 +91,14 @@ on: type: boolean default: true description: 'Whenever the container should be tested on pr.' + CONTAINER_TEST_RUN_OPTIONS: + type: string + default: '' + description: 'Custom options for the docker run command that executes the test' + CONTAINER_TEST_COMMAND: + type: string + default: '' + description: 'A custom command to test the docker container.' RUNNER: type: string default: 'ubuntu-latest' @@ -237,7 +245,7 @@ jobs: BUILD: name: BUILD needs: CHECK - uses: signalwire/actions-template/.github/workflows/ci-build.yml@ryanwi/debug-container-test + uses: signalwire/actions-template/.github/workflows/ci-build.yml@ryanwi/container-test-run-options with: ENVIRONMENT: ${{ inputs.ENVIRONMENT }} PROJECT_NAME: ${{ inputs.PROJECT_NAME }} @@ -251,6 +259,8 @@ jobs: PLATFORMS: ${{ inputs.PLATFORMS }} CONTAINER_SCAN: ${{ inputs.CONTAINER_SCAN }} CONTAINER_TEST: ${{ inputs.CONTAINER_TEST }} + CONTAINER_TEST_RUN_OPTIONS: ${{ inputs.CONTAINER_TEST_RUN_OPTIONS }} + CONTAINER_TEST_COMMAND: ${{ inputs.CONTAINER_TEST_COMMAND }} RUNNER: ${{ inputs.RUNNER }} TAG: ${{ inputs.TAG }} BUILD_ARGS: ${{ inputs.BUILD_ARGS }} diff --git a/.github/workflows/cicd-docker-build-and-distribute.yml b/.github/workflows/cicd-docker-build-and-distribute.yml index e60fa829..49fc0c32 100644 --- a/.github/workflows/cicd-docker-build-and-distribute.yml +++ b/.github/workflows/cicd-docker-build-and-distribute.yml @@ -87,9 +87,11 @@ on: required: true USERNAME: required: true + REPO_USERNAME: + required: false REPO_PASSWORD: required: false - REPO_USERNAME: + DEPLOYMENT_TOKEN: required: false GH_BOT_DEPLOY_TOKEN: required: true @@ -135,6 +137,7 @@ jobs: env: REPO_USERNAME: ${{ secrets.REPO_USERNAME }} REPO_PASSWORD: ${{ secrets.REPO_PASSWORD }} + DEPLOYMENT_TOKEN: ${{ secrets.DEPLOYMENT_TOKEN }} - name: Upload build logs uses: actions/upload-artifact@v4 diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index f4d40069..f03539db 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -12,7 +12,7 @@ on: TG_VERSION: required: false type: string - default: '0.57.5' + default: '0.58.2' TF_VERSION: required: false type: string @@ -57,6 +57,11 @@ on: required: true type: string default: ubuntu-latest + AZURE_ENV: + required: false + description: If Azure is required + type: boolean + default: false secrets: AWS_ACCESS_KEY_ID: required: true @@ -99,6 +104,19 @@ on: PRIVATE_SSH_KEY_TFMODULES: required: false description: A private SSH key to clone the repository + AZURE_CLIENT_ID: + required: false + description: "Azure Client ID" + AZURE_TENANT_ID: + required: false + description: "Azure Tenant ID" + AZURE_SUBSCRIPTION_ID: + required: false + description: "Azure Subscription ID" +env: + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} jobs: terragrunt: @@ -110,6 +128,14 @@ jobs: permissions: write-all steps: + - name: Install dependencies + run: | + sudo apt update + sudo apt install unzip git -yq + + - name: cleanup old checkout + run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*; + - name: 'Checkout' uses: actions/checkout@v4 @@ -119,7 +145,7 @@ jobs: repository: signalwire/actions-template ref: main path: actions - + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4.0.2 with: @@ -129,18 +155,16 @@ jobs: - id: 'auth' name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v2.1.2' + uses: 'google-github-actions/auth@v2.1.3' if: inputs.GCP_ENV == true with: workload_identity_provider: ${{ inputs.GCP_WIP }} project_id: ${{ inputs.PROJECT_ID }} service_account: ${{ inputs.GCP_SA }} - - name: Install dependencies - run: sudo apt update ; sudo apt install unzip -yq - - name: Sops Binary Installer uses: mdgreenwald/mozilla-sops-action@v1.6.0 + if: inputs.TELEPORT_APP != '' with: version: 3.7.3 @@ -170,15 +194,13 @@ jobs: - uses: opentofu/setup-opentofu@main - - run: sudo apt update ; sudo apt install git -yq ; git config --global --add safe.directory '*' - - name: Init id: init - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} - tg_dir: ${{ inputs.WORKING_DIR }} + tg_dir: ./${{ inputs.WORKING_DIR }} tg_command: 'run-all init' env: # configure git to use custom token to clone repository. @@ -189,7 +211,7 @@ jobs: git config --global --list - name: Validate - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 id: validate with: tf_version: ${{ inputs.TF_VERSION }} @@ -200,8 +222,9 @@ jobs: OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - name: Plan - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 id: plan + continue-on-error: true with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} @@ -223,13 +246,9 @@ jobs: OVH_APPLICATION_SECRET: ${{ secrets.OVH_APPLICATION_SECRET }} OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ github.token }} # TF_LOG: trace - - name: Terraform Plan Status - if: steps.plan.outcome == 'failure' - run: exit 1 - - name: Generate token id: generate_token uses: tibdex/github-app-token@v2 @@ -250,7 +269,7 @@ jobs: - name: Apply if: github.ref == 'refs/heads/main' && github.event_name == 'push' - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 id: apply with: tf_version: ${{ inputs.TF_VERSION }} @@ -272,3 +291,6 @@ jobs: OVH_APPLICATION_SECRET: ${{ secrets.OVH_APPLICATION_SECRET }} OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} + + - run: sudo chmod -R 777 /home/runner/_work/${{ github.event.repository.name }} + continue-on-error: true \ No newline at end of file diff --git a/.gitignore b/.gitignore index 5ae19268..e5e8094f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -./sonarscanner \ No newline at end of file +./sonarscanner +.DS_Store