From acb4bea97d2235c2c726d385b07dc0c21f31d341 Mon Sep 17 00:00:00 2001 From: florian Date: Mon, 6 Jun 2022 21:22:28 +0200 Subject: [PATCH] reflect CI/CD changes for master pushes --- .github/workflows/{new-dev.yml => dev.yml} | 41 +- .github/workflows/dev.yml.bak | 279 ------------ .github/workflows/prod.yml | 476 ++++++++++++--------- 3 files changed, 303 insertions(+), 493 deletions(-) rename .github/workflows/{new-dev.yml => dev.yml} (91%) delete mode 100644 .github/workflows/dev.yml.bak diff --git a/.github/workflows/new-dev.yml b/.github/workflows/dev.yml similarity index 91% rename from .github/workflows/new-dev.yml rename to .github/workflows/dev.yml index b8530f6..aab38b1 100644 --- a/.github/workflows/new-dev.yml +++ b/.github/workflows/dev.yml @@ -192,7 +192,6 @@ jobs: cache-from: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache,mode=min - # Run tests tests: needs: build-bw-amd64 @@ -227,6 +226,37 @@ jobs: run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest 10.20.1.1:5000/bw-tests:latest && docker push 10.20.1.1:5000/bw-tests:latest - name: Import BW autoconf image run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest 10.20.1.1:5000/bw-autoconf-tests:latest && docker push 10.20.1.1:5000/bw-autoconf-tests:latest + - name: Import BW UI image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest 10.20.1.1:5000/bw-ui-tests:latest && docker push 10.20.1.1:5000/bw-ui-tests:latest + + # CVE check on OS + - name: Check security vulnerabilities for BW + uses: aquasecurity/trivy-action@master + with: + vuln-type: os + image-ref: 10.20.1.1:5000/bw-tests:latest + format: table + exit-code: 1 + ignore-unfixed: false + severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL + - name: Check security vulnerabilities for autoconf + uses: aquasecurity/trivy-action@master + with: + vuln-type: os + image-ref: 10.20.1.1:5000/bw-autoconf-tests:latest + format: table + exit-code: 1 + ignore-unfixed: false + severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL + - name: Check security vulnerabilities for UI + uses: aquasecurity/trivy-action@master + with: + vuln-type: os + image-ref: 10.20.1.1:5000/bw-ui-tests:latest + format: table + exit-code: 1 + ignore-unfixed: false + severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL # Run tests - name: Run Docker tests @@ -270,39 +300,36 @@ jobs: uses: docker/build-push-action@v3 with: context: . - platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 + platforms: linux/amd64,linux/386,linux/arm64/v8 push: true tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb:staging,bunkerity/bunkerweb:dev cache-from: | type=registry,ref=bunkerity/cache:bw-amd64-cache type=registry,ref=bunkerity/cache:bw-386-cache - type=registry,ref=bunkerity/cache:bw-armv7-cache type=registry,ref=bunkerity/cache:bw-armv8-cache - name: Build and push BW autoconf uses: docker/build-push-action@v3 with: context: . file: autoconf/Dockerfile - platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 + platforms: linux/amd64,linux/386,linux/arm64/v8 push: true tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf:staging,bunkerity/bunkerweb-autoconf:dev cache-from: | type=registry,ref=bunkerity/cache:bw-autoconf-amd64-cache type=registry,ref=bunkerity/cache:bw-autoconf-386-cache - type=registry,ref=bunkerity/cache:bw-autoconf-armv7-cache type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache - name: Build and push BW UI uses: docker/build-push-action@v3 with: context: . file: ui/Dockerfile - platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 + platforms: linux/amd64,linux/386,linux/arm64/v8 push: true tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui:staging,bunkerity/bunkerweb-ui:dev cache-from: | type=registry,ref=bunkerity/cache:bw-ui-amd64-cache type=registry,ref=bunkerity/cache:bw-ui-386-cache - type=registry,ref=bunkerity/cache:bw-ui-armv7-cache type=registry,ref=bunkerity/cache:bw-ui-armv8-cache # Push to PackageCloud diff --git a/.github/workflows/dev.yml.bak b/.github/workflows/dev.yml.bak deleted file mode 100644 index f1e4cc6..0000000 --- a/.github/workflows/dev.yml.bak +++ /dev/null @@ -1,279 +0,0 @@ -name: Automatic test, build, push and deploy (DEV) - -on: - push: - branches: [dev] - -jobs: - - # Build images for tests - setup: - runs-on: [self-hosted, X64] - steps: - - - name: Checkout source code - uses: actions/checkout@v3 - - - name: Setup buildx - uses: docker/setup-buildx-action@v1 - with: - config-inline: | - [registry."10.20.1.1:5000"] - http = true - insecure = true - - - name: Login to Docker Hub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - - name: Build BW test image - uses: docker/build-push-action@v2 - with: - context: . - platforms: linux/amd64 - load: true - tags: 10.20.1.1:5000/bw-tests:latest,bunkerity/bunkerweb:dev,${{ secrets.PRIVATE_REGISTRY }}/bunkerweb:staging - cache-from: type=registry,ref=10.20.1.1:5000/bw-tests:buildcache - cache-to: type=registry,ref=10.20.1.1:5000/bw-tests:buildcache,mode=min - - name: Push BW test image - run: docker push 10.20.1.1:5000/bw-tests:latest - - - name: Build autoconf test image - uses: docker/build-push-action@v2 - with: - context: . - file: autoconf/Dockerfile - platforms: linux/amd64 - load: true - tags: 10.20.1.1:5000/bw-autoconf-tests:latest,${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-autoconf:staging,bunkerity/bunkerweb-autoconf:dev - cache-from: type=registry,ref=10.20.1.1:5000/bw-autoconf-tests:buildcache - cache-to: type=registry,ref=10.20.1.1:5000/bw-autoconf-tests:buildcache,mode=min - - name: Push autoconf test image - run: docker push 10.20.1.1:5000/bw-autoconf-tests:latest - - - name: Build UI test image - uses: docker/build-push-action@v2 - with: - context: . - file: ui/Dockerfile - platforms: linux/amd64 - load: true - tags: 10.20.1.1:5000/bw-ui-tests:latest,${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-ui:staging,bunkerity/bunkerweb-ui:dev - cache-from: type=registry,ref=10.20.1.1:5000/bw-ui-tests:buildcache - cache-to: type=registry,ref=10.20.1.1:5000/bw-ui-tests:buildcache,mode=min - - name: Push UI test image - run: docker push 10.20.1.1:5000/bw-ui-tests:latest - - - name: Build BW test DEB (ubuntu) - uses: docker/build-push-action@v2 - with: - context: . - file: linux/Dockerfile-ubuntu - platforms: linux/amd64 - load: true - tags: bw-ubuntu-dev:latest - cache-from: type=registry,ref=10.20.1.1:5000/bw-ubuntu-dev:buildcache - cache-to: type=registry,ref=10.20.1.1:5000/bw-ubuntu-dev:buildcache,mode=min - - - name: Build BW test DEB (debian) - uses: docker/build-push-action@v2 - with: - context: . - file: linux/Dockerfile-debian - platforms: linux/amd64 - load: true - tags: bw-debian-dev:latest - cache-from: type=registry,ref=10.20.1.1:5000/bw-debian-dev:buildcache - cache-to: type=registry,ref=10.20.1.1:5000/bw-debian-dev:buildcache,mode=min - - - name: Build BW test RPM (centos) - uses: docker/build-push-action@v2 - with: - context: . - file: linux/Dockerfile-centos - platforms: linux/amd64 - load: true - tags: bw-centos-dev:latest - cache-from: type=registry,ref=10.20.1.1:5000/bw-centos-dev:buildcache - cache-to: type=registry,ref=10.20.1.1:5000/bw-centos-dev:buildcache,mode=min - - - name: Build BW test RPM (fedora) - uses: docker/build-push-action@v2 - with: - context: . - file: linux/Dockerfile-fedora - platforms: linux/amd64 - load: true - tags: bw-fedora-dev:latest - cache-from: type=registry,ref=10.20.1.1:5000/bw-fedora-dev:buildcache - cache-to: type=registry,ref=10.20.1.1:5000/bw-fedora-dev:buildcache,mode=min - - # Run tests - tests: - needs: setup - runs-on: [self-hosted, X64] - steps: - - - name: Checkout source code - uses: actions/checkout@v3 - - - name: Set variables - run: | - VER=$(cat VERSION | tr -d '\n') - if [ "$GITHUB_REF" = "refs/heads/main" ] ; then - echo "BUILD_MODE=prod" >> $GITHUB_ENV - else - echo "BUILD_MODE=dev" >> $GITHUB_ENV - fi - - - name: Run Docker tests - run: ./tests/docker.sh ${{ env.BUILD_MODE }} - - - name: Run autoconf tests - run: ./tests/autoconf.sh ${{ env.BUILD_MODE }} - - - name: Run Swarm tests - run: ./tests/swarm.sh ${{ env.BUILD_MODE }} - - - name: Run Kubernetes tests - run: ./tests/kubernetes.sh ${{ env.BUILD_MODE }} - - - name: Run Linux tests - run: ./tests/linux.sh ${{ env.BUILD_MODE }} - - # Push to dev registries - push: - needs: tests - runs-on: [self-hosted, X64] - steps: - - - name: Checkout source code - uses: actions/checkout@v3 - - - name: Setup Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to Docker Hub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - - name: Login to private repository - uses: docker/login-action@v1 - with: - registry: ${{ secrets.PRIVATE_REGISTRY }} - username: registry - password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} - - - name: Push BW dev image - run: docker push ${{ secrets.PRIVATE_REGISTRY }}/bunkerweb:staging && docker push bunkerity/bunkerweb:dev - - - name: Push autoconf dev image - run: docker push ${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-autoconf:staging && docker push bunkerity/bunkerweb-autoconf:dev - - - name: Push UI dev image - run: docker push ${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-ui:staging && docker push bunkerity/bunkerweb-ui:dev - - - name: Build and push dev docs - uses: docker/build-push-action@v2 - with: - context: . - file: ./docs/Dockerfile - platforms: linux/amd64 - push: true - tags: ${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-docs:staging - - # Deploy to staging infrastructure - deploy: - needs: push - runs-on: [self-hosted, X64] - steps: - - - name: Checkout source code - uses: actions/checkout@v3 - - - name: k8s login (staging) - uses: azure/k8s-set-context@v2 - with: - method: kubeconfig - kubeconfig: ${{ secrets.KUBE_CONFIG_STAGING }} - - - name: k8s deploy (staging) - run: kubectl rollout restart deployment bunkerweb-controller && kubectl rollout restart daemonset bunkerweb - - # Push DEB/RPM to packagecloud - push-linux: - needs: tests - runs-on: [self-hosted, X64] - steps: - - - name: Check out repository code - uses: actions/checkout@v3 - - - name: Set variables - run: | - VER=$(cat VERSION | tr -d '\n') - echo "VERSION=$VER" >> $GITHUB_ENV - - - name: Remove Ubuntu DEB from packagecloud - run: package_cloud yank bunkerity/bunkerweb-dev/ubuntu/jammy bunkerweb_${{ env.VERSION }}_amd64.deb - continue-on-error: true - env: - PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - - - name: Push Ubuntu DEB to packagecloud - uses: danielmundi/upload-packagecloud@v1 - with: - PACKAGE-NAME: /opt/packages/dev/ubuntu/bunkerweb_${{ env.VERSION }}-1_amd64.deb - PACKAGECLOUD-USERNAME: bunkerity - PACKAGECLOUD-REPO: bunkerweb-dev - PACKAGECLOUD-DISTRIB: ubuntu/jammy - PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - - - name: Remove Debian DEB from packagecloud - run: package_cloud yank bunkerity/bunkerweb-dev/debian/bullseye bunkerweb_${{ env.VERSION }}_amd64.deb - continue-on-error: true - env: - PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - - - name: Push Debian DEB to packagecloud - uses: danielmundi/upload-packagecloud@v1 - with: - PACKAGE-NAME: /opt/packages/dev/debian/bunkerweb_${{ env.VERSION }}-1_amd64.deb - PACKAGECLOUD-USERNAME: bunkerity - PACKAGECLOUD-REPO: bunkerweb-dev - PACKAGECLOUD-DISTRIB: debian/bullseye - PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - - - name: Remove CentOS RPM from packagecloud - run: package_cloud yank bunkerity/bunkerweb-dev/el/8 bunkerweb-${{ env.VERSION }}-1.x86_64.rpm - continue-on-error: true - env: - PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - - - name: Push CentOS RPM to packagecloud - uses: danielmundi/upload-packagecloud@v1 - with: - PACKAGE-NAME: /opt/packages/dev/centos/bunkerweb-${{ env.VERSION }}-1.x86_64.rpm - PACKAGECLOUD-USERNAME: bunkerity - PACKAGECLOUD-REPO: bunkerweb-dev - PACKAGECLOUD-DISTRIB: el/8 - PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - - - name: Remove Fedora RPM from packagecloud - run: package_cloud yank bunkerity/bunkerweb-dev/fedora/36 bunkerweb-${{ env.VERSION }}-1.x86_64.rpm - continue-on-error: true - env: - PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - - - name: Push Fedora RPM to packagecloud - uses: danielmundi/upload-packagecloud@v1 - with: - PACKAGE-NAME: /opt/packages/dev/fedora/bunkerweb-${{ env.VERSION }}-1.x86_64.rpm - PACKAGECLOUD-USERNAME: bunkerity - PACKAGECLOUD-REPO: bunkerweb-dev - PACKAGECLOUD-DISTRIB: fedora/36 - PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index 392b021..8945f2c 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -6,110 +6,221 @@ on: jobs: - # Build images for tests - setup: - runs-on: [self-hosted, X64] + # Build for amd64 + build-bw-amd64: + runs-on: ubuntu-latest steps: - + # Prepare - name: Checkout source code uses: actions/checkout@v3 - - - name: Set variables - run: | - VER=$(cat VERSION | tr -d '\n') - echo "VERSION=$VER" >> $GITHUB_ENV - - - name: Setup buildx - uses: docker/setup-buildx-action@v1 - with: - config-inline: | - [registry."10.20.1.1:5000"] - http = true - insecure = true - + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 - name: Login to Docker Hub - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} - - name: Build BW test image - uses: docker/build-push-action@v2 + # Build images + - name: Build BW for amd64 + uses: docker/build-push-action@v3 with: context: . platforms: linux/amd64 - load: true - tags: 10.20.1.1:5000/bw-tests:latest,bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }},${{ secrets.PRIVATE_REGISTRY }}/bunkerweb:latest - cache-to: type=registry,ref=10.20.1.1:5000/bw-tests:buildcache,mode=max - - name: Push BW test image - run: docker push 10.20.1.1:5000/bw-tests:latest - - - name: Build autoconf test image - uses: docker/build-push-action@v2 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest + cache-to: type=registry,ref=bunkerity/cache:bw-amd64-cache,mode=min + - name: Build BW autoconf for amd64 + uses: docker/build-push-action@v3 with: context: . file: autoconf/Dockerfile platforms: linux/amd64 - load: true - tags: 10.20.1.1:5000/bw-autoconf-tests:latest,${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:latest - cache-to: type=registry,ref=10.20.1.1:5000/bw-autoconf-tests:buildcache,mode=max - - name: Push autoconf test image - run: docker push 10.20.1.1:5000/bw-autoconf-tests:latest - - - name: Build UI test image - uses: docker/build-push-action@v2 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest + cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-amd64-cache,mode=min + - name: Build BW UI for amd64 + uses: docker/build-push-action@v3 with: context: . file: ui/Dockerfile platforms: linux/amd64 - load: true - tags: 10.20.1.1:5000/bw-ui-tests:latest,${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:latest - cache-to: type=registry,ref=10.20.1.1:5000/bw-ui-tests:buildcache,mode=max - - name: Push UI test image - run: docker push 10.20.1.1:5000/bw-ui-tests:latest + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest + cache-to: type=registry,ref=bunkerity/cache:bw-ui-amd64-cache,mode=min - - name: Build BW test DEB (ubuntu) - uses: docker/build-push-action@v2 - with: - context: . - file: linux/Dockerfile-ubuntu - platforms: linux/amd64 - load: true - tags: bw-ubuntu-tests:latest + # Build bunkerweb/386 + build-bw-386: + runs-on: ubuntu-latest + steps: - - name: Build BW test DEB (debian) - uses: docker/build-push-action@v2 + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 with: - context: . - file: linux/Dockerfile-debian - platforms: linux/amd64 - load: true - tags: bw-debian-tests:latest - - - name: Build BW test RPM (centos) - uses: docker/build-push-action@v2 + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 with: - context: . - file: linux/Dockerfile-centos - platforms: linux/amd64 - load: true - tags: bw-centos-tests:latest - - - name: Build BW test RPM (fedora) - uses: docker/build-push-action@v2 - with: - context: . - file: linux/Dockerfile-fedora - platforms: linux/amd64 - load: true - tags: bw-fedora-tests:latest + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} - # Check CVE - security: - needs: setup + # Build images + - name: Build BW for 386 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/386 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-386:latest + cache-to: type=registry,ref=bunkerity/cache:bw-386-cache,mode=min + - name: Build BW autoconf for 386 + uses: docker/build-push-action@v3 + with: + context: . + file: autoconf/Dockerfile + platforms: linux/386 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-386:latest + cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-386-cache,mode=min + - name: Build BW UI for 386 + uses: docker/build-push-action@v3 + with: + context: . + file: ui/Dockerfile + platforms: linux/386 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-386:latest + cache-to: type=registry,ref=bunkerity/cache:bw-ui-386-cache,mode=min + + # Build bunkerweb/arm + build-bw-arm: + runs-on: [self-hosted, ARM64] + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + + # Build images + # - name: Build BW for armv7 + # uses: docker/build-push-action@v3 + # with: + # context: . + # platforms: linux/arm/v7 + # push: true + # tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-armv7:latest + # cache-from: type=registry,ref=bunkerity/cache:bw-armv7-cache + # cache-to: type=registry,ref=bunkerity/cache:bw-armv7-cache,mode=min + - name: Build BW for armv8 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/arm64/v8 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-armv8:latest + cache-to: type=registry,ref=bunkerity/cache:bw-armv8-cache,mode=min + # - name: Build BW autoconf for armv7 + # uses: docker/build-push-action@v3 + # with: + # context: . + # file: autoconf/Dockerfile + # platforms: linux/arm/v7 + # push: true + # tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-armv7:latest + # cache-from: type=registry,ref=bunkerity/cache:bw-autoconf-armv7-cache + # cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-armv7-cache,mode=min + - name: Build BW autoconf for armv8 + uses: docker/build-push-action@v3 + with: + context: . + file: autoconf/Dockerfile + platforms: linux/arm64/v8 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-armv8:latest + cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache,mode=min + # - name: Build BW UI for armv7 + # uses: docker/build-push-action@v3 + # with: + # context: . + # file: ui/Dockerfile + # platforms: linux/arm/v7 + # push: true + # tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-armv7:latest + # cache-from: type=registry,ref=bunkerity/cache:bw-ui-armv7-cache + # cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv7-cache,mode=min + - name: Build BW UI for armv8 + uses: docker/build-push-action@v3 + with: + context: . + file: ui/Dockerfile + platforms: linux/arm64/v8 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-armv8:latest + cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache,mode=min + + # Run tests + tests: + needs: build-bw-amd64 runs-on: [self-hosted, X64] steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + - name: Set variables + run: | + VER=$(cat VERSION | tr -d '\n') + if [ "$GITHUB_REF" = "refs/heads/main" ] ; then + echo "BUILD_MODE=prod" >> $GITHUB_ENV + else + echo "BUILD_MODE=dev" >> $GITHUB_ENV + fi + + # Import images to local registry + - name: Import BW image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest 10.20.1.1:5000/bw-tests:latest && docker push 10.20.1.1:5000/bw-tests:latest + - name: Import BW autoconf image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest 10.20.1.1:5000/bw-autoconf-tests:latest && docker push 10.20.1.1:5000/bw-autoconf-tests:latest + - name: Import BW UI image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest 10.20.1.1:5000/bw-ui-tests:latest && docker push 10.20.1.1:5000/bw-ui-tests:latest + + # CVE check on OS - name: Check security vulnerabilities for BW uses: aquasecurity/trivy-action@master with: @@ -119,7 +230,6 @@ jobs: exit-code: 1 ignore-unfixed: false severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL - - name: Check security vulnerabilities for autoconf uses: aquasecurity/trivy-action@master with: @@ -129,7 +239,6 @@ jobs: exit-code: 1 ignore-unfixed: false severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL - - name: Check security vulnerabilities for UI uses: aquasecurity/trivy-action@master with: @@ -140,174 +249,85 @@ jobs: ignore-unfixed: false severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL - # Run tests - tests: - needs: security - runs-on: [self-hosted, X64] - steps: - - - name: Checkout source code - uses: actions/checkout@v3 - - - name: Set variables - run: | - if [ "$GITHUB_REF" = "refs/heads/master" ] ; then - echo "BUILD_MODE=prod" >> $GITHUB_ENV - else - echo "BUILD_MODE=dev" >> $GITHUB_ENV - fi - + # Run tests - name: Run Docker tests run: ./tests/docker.sh ${{ env.BUILD_MODE }} - - name: Run autoconf tests run: ./tests/autoconf.sh ${{ env.BUILD_MODE }} - - name: Run Swarm tests run: ./tests/swarm.sh ${{ env.BUILD_MODE }} - - name: Run Kubernetes tests run: ./tests/kubernetes.sh ${{ env.BUILD_MODE }} - - name: Run Linux tests run: ./tests/linux.sh ${{ env.BUILD_MODE }} - - # Cross compile and push to prod registries - push: - needs: tests - runs-on: [self-hosted, X64] + + # Push to dev registries + push-docker: + needs: [tests, build-bw-386, build-bw-arm] + runs-on: ubuntu-latest steps: + # Prepare - name: Checkout source code uses: actions/checkout@v3 - - - name: Set variables - run: | - VER=$(cat VERSION | tr -d '\n') - echo "VERSION=$VER" >> $GITHUB_ENV - - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - - + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 - name: Setup Buildx - uses: docker/setup-buildx-action@v1 - + uses: docker/setup-buildx-action@v2 - name: Login to Docker Hub - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - - name: Login to private repository - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: registry: ${{ secrets.PRIVATE_REGISTRY }} username: registry password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} - - - name: Build and push BW prod image - uses: docker/build-push-action@v2 - with: - context: . - platforms: linux/amd64,linux/386 - push: true - tags: bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }} - #tags: bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }},${{ secrets.PRIVATE_REGISTRY }}/bunkerweb:latest - cache-from: type=registry,ref=10.20.1.1:5000/bw-tests:buildcache - - - name: Build and push BW autoconf image - uses: docker/build-push-action@v2 - with: - context: . - platforms: linux/amd64,linux/386 - push: true - tags: bunkerity/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:${{ env.VERSION }} - #tags: bunkerity/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:${{ env.VERSION }},${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-autoconf:latest - cache-from: type=registry,ref=10.20.1.1:5000/bw-autoconf-tests:buildcache - - - name: Build and push BW UI image - uses: docker/build-push-action@v2 - with: - context: . - platforms: linux/amd64,linux/386 - push: true - tags: bunkerity/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:${{ env.VERSION }} - #tags: bunkerity/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:${{ env.VERSION }},${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-ui:latest - cache-from: type=registry,ref=10.20.1.1:5000/bw-ui-tests:buildcache - - # Push to prod registries (ARM) - push-arm: - needs: tests - runs-on: [self-hosted, ARM64] - steps: - - - name: Checkout source code - uses: actions/checkout@v3 - - name: Set variables run: | VER=$(cat VERSION | tr -d '\n') echo "VERSION=$VER" >> $GITHUB_ENV - echo "BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - - - name: Setup Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to Docker Hub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - - name: Push BW prod image - uses: docker/build-push-action@v2 + # Build and push + - name: Build and push BW + uses: docker/build-push-action@v3 with: context: . - platforms: linux/arm/v7,linux/arm64/v8 + platforms: linux/amd64,linux/386,linux/arm64/v8 push: true - tags: bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }} - - - name: Push autoconf prod image - uses: docker/build-push-action@v2 + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb:latest,bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }} + cache-from: | + type=registry,ref=bunkerity/cache:bw-amd64-cache + type=registry,ref=bunkerity/cache:bw-386-cache + type=registry,ref=bunkerity/cache:bw-armv8-cache + - name: Build and push BW autoconf + uses: docker/build-push-action@v3 with: context: . file: autoconf/Dockerfile - platforms: linux/arm/v7,linux/arm64/v8 + platforms: linux/amd64,linux/386,linux/arm64/v8 push: true - tags: bunkerity/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:${{ env.VERSION }} - - - name: Push UI prod image - uses: docker/build-push-action@v2 + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:${{ env.VERSION }} + cache-from: | + type=registry,ref=bunkerity/cache:bw-autoconf-amd64-cache + type=registry,ref=bunkerity/cache:bw-autoconf-386-cache + type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache + - name: Build and push BW UI + uses: docker/build-push-action@v3 with: context: . file: ui/Dockerfile - platforms: linux/arm/v7,linux/arm64/v8 + platforms: linux/amd64,linux/386,linux/arm64/v8 push: true - tags: bunkerity/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:${{ env.VERSION }} + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:${{ env.VERSION }} + cache-from: | + type=registry,ref=bunkerity/cache:bw-ui-amd64-cache + type=registry,ref=bunkerity/cache:bw-ui-386-cache + type=registry,ref=bunkerity/cache:bw-ui-armv8-cache - # Deploy to prod infrastructure - # deploy: - # needs: push - # runs-on: [self-hosted, X64] - # steps: - - # - name: Checkout source code - # uses: actions/checkout@v3 - - # - name: k8s login (prod) - # uses: azure/k8s-set-context@v2 - # with: - # method: kubeconfig - # kubeconfig: ${{ secrets.KUBE_CONFIG_PROD }} - - # - name: k8s deploy (prod) - # run: kubectl rollout restart deployment bunkerweb-controller && kubectl rollout restart daemonset bunkerweb - - # Push DEB/RPM to packagecloud + # Push to PackageCloud push-linux: needs: tests runs-on: [self-hosted, X64] @@ -321,6 +341,12 @@ jobs: VER=$(cat VERSION | tr -d '\n') echo "VERSION=$VER" >> $GITHUB_ENV + - name: Remove Ubuntu DEB from packagecloud + run: package_cloud yank bunkerity/bunkerweb/ubuntu/jammy bunkerweb_${{ env.VERSION }}_amd64.deb + continue-on-error: true + env: + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Push Ubuntu DEB to packagecloud uses: danielmundi/upload-packagecloud@v1 with: @@ -330,6 +356,12 @@ jobs: PACKAGECLOUD-DISTRIB: ubuntu/jammy PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Remove Debian DEB from packagecloud + run: package_cloud yank bunkerity/bunkerweb/debian/bullseye bunkerweb_${{ env.VERSION }}_amd64.deb + continue-on-error: true + env: + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Push Debian DEB to packagecloud uses: danielmundi/upload-packagecloud@v1 with: @@ -339,6 +371,12 @@ jobs: PACKAGECLOUD-DISTRIB: debian/bullseye PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Remove CentOS RPM from packagecloud + run: package_cloud yank bunkerity/bunkerweb/el/8 bunkerweb-${{ env.VERSION }}-1.x86_64.rpm + continue-on-error: true + env: + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Push CentOS RPM to packagecloud uses: danielmundi/upload-packagecloud@v1 with: @@ -348,6 +386,12 @@ jobs: PACKAGECLOUD-DISTRIB: el/8 PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Remove Fedora RPM from packagecloud + run: package_cloud yank bunkerity/bunkerweb/fedora/36 bunkerweb-${{ env.VERSION }}-1.x86_64.rpm + continue-on-error: true + env: + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Push Fedora RPM to packagecloud uses: danielmundi/upload-packagecloud@v1 with: @@ -355,4 +399,22 @@ jobs: PACKAGECLOUD-USERNAME: bunkerity PACKAGECLOUD-REPO: bunkerweb PACKAGECLOUD-DISTRIB: fedora/36 - PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} \ No newline at end of file + PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + + # Deploy to staging infrastructure + # deploy: + # needs: push-docker + # runs-on: ubuntu-latest + # steps: + + # - name: Checkout source code + # uses: actions/checkout@v3 + + # - name: k8s login (staging) + # uses: azure/k8s-set-context@v2 + # with: + # method: kubeconfig + # kubeconfig: ${{ secrets.KUBE_CONFIG_STAGING }} + + # - name: k8s deploy (staging) + # run: kubectl rollout restart deployment bunkerweb-controller && kubectl rollout restart daemonset bunkerweb \ No newline at end of file