Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

reflect CI/CD changes for master pushes

Browse Source
This commit is contained in:
florian 2022-06-06 21:22:28 +02:00
parent 42067e864a
commit acb4bea97d
3 changed files with 303 additions and 493 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
.github/workflows/new-dev.yml → .github/workflows/dev.yml vendored
View File

@ -192,7 +192,6 @@ jobs:
cache-from: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache cache-from: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache
cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache,mode=min cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache,mode=min
# Run tests # Run tests
tests: tests:
needs: build-bw-amd64 needs: build-bw-amd64
@ -227,6 +226,37 @@ jobs:
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest 10.20.1.1:5000/bw-tests:latest && docker push 10.20.1.1:5000/bw-tests:latest run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest 10.20.1.1:5000/bw-tests:latest && docker push 10.20.1.1:5000/bw-tests:latest
- name: Import BW autoconf image - name: Import BW autoconf image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest 10.20.1.1:5000/bw-autoconf-tests:latest && docker push 10.20.1.1:5000/bw-autoconf-tests:latest run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest 10.20.1.1:5000/bw-autoconf-tests:latest && docker push 10.20.1.1:5000/bw-autoconf-tests:latest
- name: Import BW UI image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest 10.20.1.1:5000/bw-ui-tests:latest && docker push 10.20.1.1:5000/bw-ui-tests:latest
# CVE check on OS
- name: Check security vulnerabilities for BW
uses: aquasecurity/trivy-action@master
with:
vuln-type: os
image-ref: 10.20.1.1:5000/bw-tests:latest
format: table
exit-code: 1
ignore-unfixed: false
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
- name: Check security vulnerabilities for autoconf
uses: aquasecurity/trivy-action@master
with:
vuln-type: os
image-ref: 10.20.1.1:5000/bw-autoconf-tests:latest
format: table
exit-code: 1
ignore-unfixed: false
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
- name: Check security vulnerabilities for UI
uses: aquasecurity/trivy-action@master
with:
vuln-type: os
image-ref: 10.20.1.1:5000/bw-ui-tests:latest
format: table
exit-code: 1
ignore-unfixed: false
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
# Run tests # Run tests
- name: Run Docker tests - name: Run Docker tests
@ -270,39 +300,36 @@ jobs:
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: . context: .
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm64/v8
push: true push: true
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb:staging,bunkerity/bunkerweb:dev tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb:staging,bunkerity/bunkerweb:dev
cache-from: | cache-from: |
type=registry,ref=bunkerity/cache:bw-amd64-cache type=registry,ref=bunkerity/cache:bw-amd64-cache
type=registry,ref=bunkerity/cache:bw-386-cache type=registry,ref=bunkerity/cache:bw-386-cache
type=registry,ref=bunkerity/cache:bw-armv7-cache
type=registry,ref=bunkerity/cache:bw-armv8-cache type=registry,ref=bunkerity/cache:bw-armv8-cache
- name: Build and push BW autoconf - name: Build and push BW autoconf
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: . context: .
file: autoconf/Dockerfile file: autoconf/Dockerfile
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm64/v8
push: true push: true
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf:staging,bunkerity/bunkerweb-autoconf:dev tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf:staging,bunkerity/bunkerweb-autoconf:dev
cache-from: | cache-from: |
type=registry,ref=bunkerity/cache:bw-autoconf-amd64-cache type=registry,ref=bunkerity/cache:bw-autoconf-amd64-cache
type=registry,ref=bunkerity/cache:bw-autoconf-386-cache type=registry,ref=bunkerity/cache:bw-autoconf-386-cache
type=registry,ref=bunkerity/cache:bw-autoconf-armv7-cache
type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache
- name: Build and push BW UI - name: Build and push BW UI
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: . context: .
file: ui/Dockerfile file: ui/Dockerfile
platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm64/v8
push: true push: true
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui:staging,bunkerity/bunkerweb-ui:dev tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui:staging,bunkerity/bunkerweb-ui:dev
cache-from: | cache-from: |
type=registry,ref=bunkerity/cache:bw-ui-amd64-cache type=registry,ref=bunkerity/cache:bw-ui-amd64-cache
type=registry,ref=bunkerity/cache:bw-ui-386-cache type=registry,ref=bunkerity/cache:bw-ui-386-cache
type=registry,ref=bunkerity/cache:bw-ui-armv7-cache
type=registry,ref=bunkerity/cache:bw-ui-armv8-cache type=registry,ref=bunkerity/cache:bw-ui-armv8-cache
# Push to PackageCloud # Push to PackageCloud

279
.github/workflows/dev.yml.bak vendored
View File

@ -1,279 +0,0 @@
name: Automatic test, build, push and deploy (DEV)
on:
push:
branches: [dev]
jobs:
# Build images for tests
setup:
runs-on: [self-hosted, X64]
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Setup buildx
uses: docker/setup-buildx-action@v1
with:
config-inline: |
[registry."10.20.1.1:5000"]
http = true
insecure = true
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Build BW test image
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/amd64
load: true
tags: 10.20.1.1:5000/bw-tests:latest,bunkerity/bunkerweb:dev,${{ secrets.PRIVATE_REGISTRY }}/bunkerweb:staging
cache-from: type=registry,ref=10.20.1.1:5000/bw-tests:buildcache
cache-to: type=registry,ref=10.20.1.1:5000/bw-tests:buildcache,mode=min
- name: Push BW test image
run: docker push 10.20.1.1:5000/bw-tests:latest
- name: Build autoconf test image
uses: docker/build-push-action@v2
with:
context: .
file: autoconf/Dockerfile
platforms: linux/amd64
load: true
tags: 10.20.1.1:5000/bw-autoconf-tests:latest,${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-autoconf:staging,bunkerity/bunkerweb-autoconf:dev
cache-from: type=registry,ref=10.20.1.1:5000/bw-autoconf-tests:buildcache
cache-to: type=registry,ref=10.20.1.1:5000/bw-autoconf-tests:buildcache,mode=min
- name: Push autoconf test image
run: docker push 10.20.1.1:5000/bw-autoconf-tests:latest
- name: Build UI test image
uses: docker/build-push-action@v2
with:
context: .
file: ui/Dockerfile
platforms: linux/amd64
load: true
tags: 10.20.1.1:5000/bw-ui-tests:latest,${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-ui:staging,bunkerity/bunkerweb-ui:dev
cache-from: type=registry,ref=10.20.1.1:5000/bw-ui-tests:buildcache
cache-to: type=registry,ref=10.20.1.1:5000/bw-ui-tests:buildcache,mode=min
- name: Push UI test image
run: docker push 10.20.1.1:5000/bw-ui-tests:latest
- name: Build BW test DEB (ubuntu)
uses: docker/build-push-action@v2
with:
context: .
file: linux/Dockerfile-ubuntu
platforms: linux/amd64
load: true
tags: bw-ubuntu-dev:latest
cache-from: type=registry,ref=10.20.1.1:5000/bw-ubuntu-dev:buildcache
cache-to: type=registry,ref=10.20.1.1:5000/bw-ubuntu-dev:buildcache,mode=min
- name: Build BW test DEB (debian)
uses: docker/build-push-action@v2
with:
context: .
file: linux/Dockerfile-debian
platforms: linux/amd64
load: true
tags: bw-debian-dev:latest
cache-from: type=registry,ref=10.20.1.1:5000/bw-debian-dev:buildcache
cache-to: type=registry,ref=10.20.1.1:5000/bw-debian-dev:buildcache,mode=min
- name: Build BW test RPM (centos)
uses: docker/build-push-action@v2
with:
context: .
file: linux/Dockerfile-centos
platforms: linux/amd64
load: true
tags: bw-centos-dev:latest
cache-from: type=registry,ref=10.20.1.1:5000/bw-centos-dev:buildcache
cache-to: type=registry,ref=10.20.1.1:5000/bw-centos-dev:buildcache,mode=min
- name: Build BW test RPM (fedora)
uses: docker/build-push-action@v2
with:
context: .
file: linux/Dockerfile-fedora
platforms: linux/amd64
load: true
tags: bw-fedora-dev:latest
cache-from: type=registry,ref=10.20.1.1:5000/bw-fedora-dev:buildcache
cache-to: type=registry,ref=10.20.1.1:5000/bw-fedora-dev:buildcache,mode=min
# Run tests
tests:
needs: setup
runs-on: [self-hosted, X64]
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Set variables
run: |
VER=$(cat VERSION | tr -d '\n')
if [ "$GITHUB_REF" = "refs/heads/main" ] ; then
echo "BUILD_MODE=prod" >> $GITHUB_ENV
else
echo "BUILD_MODE=dev" >> $GITHUB_ENV
fi
- name: Run Docker tests
run: ./tests/docker.sh ${{ env.BUILD_MODE }}
- name: Run autoconf tests
run: ./tests/autoconf.sh ${{ env.BUILD_MODE }}
- name: Run Swarm tests
run: ./tests/swarm.sh ${{ env.BUILD_MODE }}
- name: Run Kubernetes tests
run: ./tests/kubernetes.sh ${{ env.BUILD_MODE }}
- name: Run Linux tests
run: ./tests/linux.sh ${{ env.BUILD_MODE }}
# Push to dev registries
push:
needs: tests
runs-on: [self-hosted, X64]
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Setup Buildx
uses: docker/setup-buildx-action@v1
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to private repository
uses: docker/login-action@v1
with:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
- name: Push BW dev image
run: docker push ${{ secrets.PRIVATE_REGISTRY }}/bunkerweb:staging && docker push bunkerity/bunkerweb:dev
- name: Push autoconf dev image
run: docker push ${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-autoconf:staging && docker push bunkerity/bunkerweb-autoconf:dev
- name: Push UI dev image
run: docker push ${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-ui:staging && docker push bunkerity/bunkerweb-ui:dev
- name: Build and push dev docs
uses: docker/build-push-action@v2
with:
context: .
file: ./docs/Dockerfile
platforms: linux/amd64
push: true
tags: ${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-docs:staging
# Deploy to staging infrastructure
deploy:
needs: push
runs-on: [self-hosted, X64]
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: k8s login (staging)
uses: azure/k8s-set-context@v2
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBE_CONFIG_STAGING }}
- name: k8s deploy (staging)
run: kubectl rollout restart deployment bunkerweb-controller && kubectl rollout restart daemonset bunkerweb
# Push DEB/RPM to packagecloud
push-linux:
needs: tests
runs-on: [self-hosted, X64]
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Set variables
run: |
VER=$(cat VERSION | tr -d '\n')
echo "VERSION=$VER" >> $GITHUB_ENV
- name: Remove Ubuntu DEB from packagecloud
run: package_cloud yank bunkerity/bunkerweb-dev/ubuntu/jammy bunkerweb_${{ env.VERSION }}_amd64.deb
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push Ubuntu DEB to packagecloud
uses: danielmundi/upload-packagecloud@v1
with:
PACKAGE-NAME: /opt/packages/dev/ubuntu/bunkerweb_${{ env.VERSION }}-1_amd64.deb
PACKAGECLOUD-USERNAME: bunkerity
PACKAGECLOUD-REPO: bunkerweb-dev
PACKAGECLOUD-DISTRIB: ubuntu/jammy
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Remove Debian DEB from packagecloud
run: package_cloud yank bunkerity/bunkerweb-dev/debian/bullseye bunkerweb_${{ env.VERSION }}_amd64.deb
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push Debian DEB to packagecloud
uses: danielmundi/upload-packagecloud@v1
with:
PACKAGE-NAME: /opt/packages/dev/debian/bunkerweb_${{ env.VERSION }}-1_amd64.deb
PACKAGECLOUD-USERNAME: bunkerity
PACKAGECLOUD-REPO: bunkerweb-dev
PACKAGECLOUD-DISTRIB: debian/bullseye
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Remove CentOS RPM from packagecloud
run: package_cloud yank bunkerity/bunkerweb-dev/el/8 bunkerweb-${{ env.VERSION }}-1.x86_64.rpm
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push CentOS RPM to packagecloud
uses: danielmundi/upload-packagecloud@v1
with:
PACKAGE-NAME: /opt/packages/dev/centos/bunkerweb-${{ env.VERSION }}-1.x86_64.rpm
PACKAGECLOUD-USERNAME: bunkerity
PACKAGECLOUD-REPO: bunkerweb-dev
PACKAGECLOUD-DISTRIB: el/8
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Remove Fedora RPM from packagecloud
run: package_cloud yank bunkerity/bunkerweb-dev/fedora/36 bunkerweb-${{ env.VERSION }}-1.x86_64.rpm
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push Fedora RPM to packagecloud
uses: danielmundi/upload-packagecloud@v1
with:
PACKAGE-NAME: /opt/packages/dev/fedora/bunkerweb-${{ env.VERSION }}-1.x86_64.rpm
PACKAGECLOUD-USERNAME: bunkerity
PACKAGECLOUD-REPO: bunkerweb-dev
PACKAGECLOUD-DISTRIB: fedora/36
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}

456
.github/workflows/prod.yml vendored
View File

@ -6,110 +6,221 @@ on:
jobs: jobs:
# Build images for tests # Build for amd64
setup: build-bw-amd64:
runs-on: [self-hosted, X64] runs-on: ubuntu-latest
steps: steps:
# Prepare
- name: Checkout source code - name: Checkout source code
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Setup Buildx
- name: Set variables uses: docker/setup-buildx-action@v2
run: |
VER=$(cat VERSION | tr -d '\n')
echo "VERSION=$VER" >> $GITHUB_ENV
- name: Setup buildx
uses: docker/setup-buildx-action@v1
with:
config-inline: |
[registry."10.20.1.1:5000"]
http = true
insecure = true
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v1 uses: docker/login-action@v2
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }} password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to private repository
uses: docker/login-action@v2
with:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
- name: Build BW test image # Build images
uses: docker/build-push-action@v2 - name: Build BW for amd64
uses: docker/build-push-action@v3
with: with:
context: . context: .
platforms: linux/amd64 platforms: linux/amd64
load: true push: true
tags: 10.20.1.1:5000/bw-tests:latest,bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }},${{ secrets.PRIVATE_REGISTRY }}/bunkerweb:latest tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest
cache-to: type=registry,ref=10.20.1.1:5000/bw-tests:buildcache,mode=max cache-to: type=registry,ref=bunkerity/cache:bw-amd64-cache,mode=min
- name: Push BW test image - name: Build BW autoconf for amd64
run: docker push 10.20.1.1:5000/bw-tests:latest uses: docker/build-push-action@v3
- name: Build autoconf test image
uses: docker/build-push-action@v2
with: with:
context: . context: .
file: autoconf/Dockerfile file: autoconf/Dockerfile
platforms: linux/amd64 platforms: linux/amd64
load: true push: true
tags: 10.20.1.1:5000/bw-autoconf-tests:latest,${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:latest tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest
cache-to: type=registry,ref=10.20.1.1:5000/bw-autoconf-tests:buildcache,mode=max cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-amd64-cache,mode=min
- name: Push autoconf test image - name: Build BW UI for amd64
run: docker push 10.20.1.1:5000/bw-autoconf-tests:latest uses: docker/build-push-action@v3
- name: Build UI test image
uses: docker/build-push-action@v2
with: with:
context: . context: .
file: ui/Dockerfile file: ui/Dockerfile
platforms: linux/amd64 platforms: linux/amd64
load: true push: true
tags: 10.20.1.1:5000/bw-ui-tests:latest,${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:latest tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest
cache-to: type=registry,ref=10.20.1.1:5000/bw-ui-tests:buildcache,mode=max cache-to: type=registry,ref=bunkerity/cache:bw-ui-amd64-cache,mode=min
- name: Push UI test image
run: docker push 10.20.1.1:5000/bw-ui-tests:latest
- name: Build BW test DEB (ubuntu) # Build bunkerweb/386
uses: docker/build-push-action@v2 build-bw-386:
runs-on: ubuntu-latest
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
- name: Setup Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to private repository
uses: docker/login-action@v2
with:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
# Build images
- name: Build BW for 386
uses: docker/build-push-action@v3
with: with:
context: . context: .
file: linux/Dockerfile-ubuntu platforms: linux/386
platforms: linux/amd64 push: true
load: true tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-386:latest
tags: bw-ubuntu-tests:latest cache-to: type=registry,ref=bunkerity/cache:bw-386-cache,mode=min
- name: Build BW autoconf for 386
- name: Build BW test DEB (debian) uses: docker/build-push-action@v3
uses: docker/build-push-action@v2
with: with:
context: . context: .
file: linux/Dockerfile-debian file: autoconf/Dockerfile
platforms: linux/amd64 platforms: linux/386
load: true push: true
tags: bw-debian-tests:latest tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-386:latest
cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-386-cache,mode=min
- name: Build BW test RPM (centos) - name: Build BW UI for 386
uses: docker/build-push-action@v2 uses: docker/build-push-action@v3
with: with:
context: . context: .
file: linux/Dockerfile-centos file: ui/Dockerfile
platforms: linux/amd64 platforms: linux/386
load: true push: true
tags: bw-centos-tests:latest tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-386:latest
cache-to: type=registry,ref=bunkerity/cache:bw-ui-386-cache,mode=min
- name: Build BW test RPM (fedora) # Build bunkerweb/arm
uses: docker/build-push-action@v2 build-bw-arm:
runs-on: [self-hosted, ARM64]
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
- name: Setup Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to private repository
uses: docker/login-action@v2
with:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
# Build images
# - name: Build BW for armv7
# uses: docker/build-push-action@v3
# with:
# context: .
# platforms: linux/arm/v7
# push: true
# tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-armv7:latest
# cache-from: type=registry,ref=bunkerity/cache:bw-armv7-cache
# cache-to: type=registry,ref=bunkerity/cache:bw-armv7-cache,mode=min
- name: Build BW for armv8
uses: docker/build-push-action@v3
with: with:
context: . context: .
file: linux/Dockerfile-fedora platforms: linux/arm64/v8
platforms: linux/amd64 push: true
load: true tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-armv8:latest
tags: bw-fedora-tests:latest cache-to: type=registry,ref=bunkerity/cache:bw-armv8-cache,mode=min
# - name: Build BW autoconf for armv7
# uses: docker/build-push-action@v3
# with:
# context: .
# file: autoconf/Dockerfile
# platforms: linux/arm/v7
# push: true
# tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-armv7:latest
# cache-from: type=registry,ref=bunkerity/cache:bw-autoconf-armv7-cache
# cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-armv7-cache,mode=min
- name: Build BW autoconf for armv8
uses: docker/build-push-action@v3
with:
context: .
file: autoconf/Dockerfile
platforms: linux/arm64/v8
push: true
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-armv8:latest
cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache,mode=min
# - name: Build BW UI for armv7
# uses: docker/build-push-action@v3
# with:
# context: .
# file: ui/Dockerfile
# platforms: linux/arm/v7
# push: true
# tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-armv7:latest
# cache-from: type=registry,ref=bunkerity/cache:bw-ui-armv7-cache
# cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv7-cache,mode=min
- name: Build BW UI for armv8
uses: docker/build-push-action@v3
with:
context: .
file: ui/Dockerfile
platforms: linux/arm64/v8
push: true
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-armv8:latest
cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache,mode=min
# Check CVE # Run tests
security: tests:
needs: setup needs: build-bw-amd64
runs-on: [self-hosted, X64] runs-on: [self-hosted, X64]
steps: steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v3
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to private repository
uses: docker/login-action@v2
with:
registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
- name: Set variables
run: |
VER=$(cat VERSION | tr -d '\n')
if [ "$GITHUB_REF" = "refs/heads/main" ] ; then
echo "BUILD_MODE=prod" >> $GITHUB_ENV
else
echo "BUILD_MODE=dev" >> $GITHUB_ENV
fi
# Import images to local registry
- name: Import BW image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:latest 10.20.1.1:5000/bw-tests:latest && docker push 10.20.1.1:5000/bw-tests:latest
- name: Import BW autoconf image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:latest 10.20.1.1:5000/bw-autoconf-tests:latest && docker push 10.20.1.1:5000/bw-autoconf-tests:latest
- name: Import BW UI image
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:latest 10.20.1.1:5000/bw-ui-tests:latest && docker push 10.20.1.1:5000/bw-ui-tests:latest
# CVE check on OS
- name: Check security vulnerabilities for BW - name: Check security vulnerabilities for BW
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@master
with: with:
@ -119,7 +230,6 @@ jobs:
exit-code: 1 exit-code: 1
ignore-unfixed: false ignore-unfixed: false
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
- name: Check security vulnerabilities for autoconf - name: Check security vulnerabilities for autoconf
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@master
with: with:
@ -129,7 +239,6 @@ jobs:
exit-code: 1 exit-code: 1
ignore-unfixed: false ignore-unfixed: false
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
- name: Check security vulnerabilities for UI - name: Check security vulnerabilities for UI
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@master
with: with:
@ -141,173 +250,84 @@ jobs:
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
# Run tests # Run tests
tests:
needs: security
runs-on: [self-hosted, X64]
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Set variables
run: |
if [ "$GITHUB_REF" = "refs/heads/master" ] ; then
echo "BUILD_MODE=prod" >> $GITHUB_ENV
else
echo "BUILD_MODE=dev" >> $GITHUB_ENV
fi
- name: Run Docker tests - name: Run Docker tests
run: ./tests/docker.sh ${{ env.BUILD_MODE }} run: ./tests/docker.sh ${{ env.BUILD_MODE }}
- name: Run autoconf tests - name: Run autoconf tests
run: ./tests/autoconf.sh ${{ env.BUILD_MODE }} run: ./tests/autoconf.sh ${{ env.BUILD_MODE }}
- name: Run Swarm tests - name: Run Swarm tests
run: ./tests/swarm.sh ${{ env.BUILD_MODE }} run: ./tests/swarm.sh ${{ env.BUILD_MODE }}
- name: Run Kubernetes tests - name: Run Kubernetes tests
run: ./tests/kubernetes.sh ${{ env.BUILD_MODE }} run: ./tests/kubernetes.sh ${{ env.BUILD_MODE }}
- name: Run Linux tests - name: Run Linux tests
run: ./tests/linux.sh ${{ env.BUILD_MODE }} run: ./tests/linux.sh ${{ env.BUILD_MODE }}
# Cross compile and push to prod registries # Push to dev registries
push: push-docker:
needs: tests needs: [tests, build-bw-386, build-bw-arm]
runs-on: [self-hosted, X64] runs-on: ubuntu-latest
steps: steps:
# Prepare
- name: Checkout source code - name: Checkout source code
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Set variables
run: |
VER=$(cat VERSION | tr -d '\n')
echo "VERSION=$VER" >> $GITHUB_ENV
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v1 uses: docker/setup-qemu-action@v2
- name: Setup Buildx - name: Setup Buildx
uses: docker/setup-buildx-action@v1 uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v1 uses: docker/login-action@v2
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }} password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to private repository - name: Login to private repository
uses: docker/login-action@v1 uses: docker/login-action@v2
with: with:
registry: ${{ secrets.PRIVATE_REGISTRY }} registry: ${{ secrets.PRIVATE_REGISTRY }}
username: registry username: registry
password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
- name: Build and push BW prod image
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/amd64,linux/386
push: true
tags: bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }}
#tags: bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }},${{ secrets.PRIVATE_REGISTRY }}/bunkerweb:latest
cache-from: type=registry,ref=10.20.1.1:5000/bw-tests:buildcache
- name: Build and push BW autoconf image
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/amd64,linux/386
push: true
tags: bunkerity/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:${{ env.VERSION }}
#tags: bunkerity/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:${{ env.VERSION }},${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-autoconf:latest
cache-from: type=registry,ref=10.20.1.1:5000/bw-autoconf-tests:buildcache
- name: Build and push BW UI image
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/amd64,linux/386
push: true
tags: bunkerity/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:${{ env.VERSION }}
#tags: bunkerity/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:${{ env.VERSION }},${{ secrets.PRIVATE_REGISTRY }}/bunkerweb-ui:latest
cache-from: type=registry,ref=10.20.1.1:5000/bw-ui-tests:buildcache
# Push to prod registries (ARM)
push-arm:
needs: tests
runs-on: [self-hosted, ARM64]
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Set variables - name: Set variables
run: | run: |
VER=$(cat VERSION | tr -d '\n') VER=$(cat VERSION | tr -d '\n')
echo "VERSION=$VER" >> $GITHUB_ENV echo "VERSION=$VER" >> $GITHUB_ENV
echo "BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
- name: Setup QEMU # Build and push
uses: docker/setup-qemu-action@v1 - name: Build and push BW
uses: docker/build-push-action@v3
- name: Setup Buildx
uses: docker/setup-buildx-action@v1
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Push BW prod image
uses: docker/build-push-action@v2
with: with:
context: . context: .
platforms: linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm64/v8
push: true push: true
tags: bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }} tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb:latest,bunkerity/bunkerweb:latest,bunkerity/bunkerweb:${{ env.VERSION }}
cache-from: |
- name: Push autoconf prod image type=registry,ref=bunkerity/cache:bw-amd64-cache
uses: docker/build-push-action@v2 type=registry,ref=bunkerity/cache:bw-386-cache
type=registry,ref=bunkerity/cache:bw-armv8-cache
- name: Build and push BW autoconf
uses: docker/build-push-action@v3
with: with:
context: . context: .
file: autoconf/Dockerfile file: autoconf/Dockerfile
platforms: linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm64/v8
push: true push: true
tags: bunkerity/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:${{ env.VERSION }} tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:latest,bunkerity/bunkerweb-autoconf:${{ env.VERSION }}
cache-from: |
- name: Push UI prod image type=registry,ref=bunkerity/cache:bw-autoconf-amd64-cache
uses: docker/build-push-action@v2 type=registry,ref=bunkerity/cache:bw-autoconf-386-cache
type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache
- name: Build and push BW UI
uses: docker/build-push-action@v3
with: with:
context: . context: .
file: ui/Dockerfile file: ui/Dockerfile
platforms: linux/arm/v7,linux/arm64/v8 platforms: linux/amd64,linux/386,linux/arm64/v8
push: true push: true
tags: bunkerity/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:${{ env.VERSION }} tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:latest,bunkerity/bunkerweb-ui:${{ env.VERSION }}
cache-from: |
type=registry,ref=bunkerity/cache:bw-ui-amd64-cache
type=registry,ref=bunkerity/cache:bw-ui-386-cache
type=registry,ref=bunkerity/cache:bw-ui-armv8-cache
# Deploy to prod infrastructure # Push to PackageCloud
# deploy:
# needs: push
# runs-on: [self-hosted, X64]
# steps:
# - name: Checkout source code
# uses: actions/checkout@v3
# - name: k8s login (prod)
# uses: azure/k8s-set-context@v2
# with:
# method: kubeconfig
# kubeconfig: ${{ secrets.KUBE_CONFIG_PROD }}
# - name: k8s deploy (prod)
# run: kubectl rollout restart deployment bunkerweb-controller && kubectl rollout restart daemonset bunkerweb
# Push DEB/RPM to packagecloud
push-linux: push-linux:
needs: tests needs: tests
runs-on: [self-hosted, X64] runs-on: [self-hosted, X64]
@ -321,6 +341,12 @@ jobs:
VER=$(cat VERSION | tr -d '\n') VER=$(cat VERSION | tr -d '\n')
echo "VERSION=$VER" >> $GITHUB_ENV echo "VERSION=$VER" >> $GITHUB_ENV
- name: Remove Ubuntu DEB from packagecloud
run: package_cloud yank bunkerity/bunkerweb/ubuntu/jammy bunkerweb_${{ env.VERSION }}_amd64.deb
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push Ubuntu DEB to packagecloud - name: Push Ubuntu DEB to packagecloud
uses: danielmundi/upload-packagecloud@v1 uses: danielmundi/upload-packagecloud@v1
with: with:
@ -330,6 +356,12 @@ jobs:
PACKAGECLOUD-DISTRIB: ubuntu/jammy PACKAGECLOUD-DISTRIB: ubuntu/jammy
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Remove Debian DEB from packagecloud
run: package_cloud yank bunkerity/bunkerweb/debian/bullseye bunkerweb_${{ env.VERSION }}_amd64.deb
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push Debian DEB to packagecloud - name: Push Debian DEB to packagecloud
uses: danielmundi/upload-packagecloud@v1 uses: danielmundi/upload-packagecloud@v1
with: with:
@ -339,6 +371,12 @@ jobs:
PACKAGECLOUD-DISTRIB: debian/bullseye PACKAGECLOUD-DISTRIB: debian/bullseye
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Remove CentOS RPM from packagecloud
run: package_cloud yank bunkerity/bunkerweb/el/8 bunkerweb-${{ env.VERSION }}-1.x86_64.rpm
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push CentOS RPM to packagecloud - name: Push CentOS RPM to packagecloud
uses: danielmundi/upload-packagecloud@v1 uses: danielmundi/upload-packagecloud@v1
with: with:
@ -348,6 +386,12 @@ jobs:
PACKAGECLOUD-DISTRIB: el/8 PACKAGECLOUD-DISTRIB: el/8
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Remove Fedora RPM from packagecloud
run: package_cloud yank bunkerity/bunkerweb/fedora/36 bunkerweb-${{ env.VERSION }}-1.x86_64.rpm
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push Fedora RPM to packagecloud - name: Push Fedora RPM to packagecloud
uses: danielmundi/upload-packagecloud@v1 uses: danielmundi/upload-packagecloud@v1
with: with:
@ -356,3 +400,21 @@ jobs:
PACKAGECLOUD-REPO: bunkerweb PACKAGECLOUD-REPO: bunkerweb
PACKAGECLOUD-DISTRIB: fedora/36 PACKAGECLOUD-DISTRIB: fedora/36
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
# Deploy to staging infrastructure
# deploy:
# needs: push-docker
# runs-on: ubuntu-latest
# steps:
# - name: Checkout source code
# uses: actions/checkout@v3
# - name: k8s login (staging)
# uses: azure/k8s-set-context@v2
# with:
# method: kubeconfig
# kubeconfig: ${{ secrets.KUBE_CONFIG_STAGING }}
# - name: k8s deploy (staging)
# run: kubectl rollout restart deployment bunkerweb-controller && kubectl rollout restart daemonset bunkerweb