fix(CI): Run CI based on conditional changes

Signed-off-by: Anurag Rajawat <[email protected]>
anurag-rajawat · May 22, 2024 · 7e452aa · 7e452aa
1 parent b6dd9b6
commit 7e452aa
Show file tree

Hide file tree

Showing 8 changed files with 103 additions and 35 deletions.
diff --git a/.github/workflows/latest-release.yaml b/.github/workflows/latest-release.yaml
@@ -2,15 +2,10 @@
 # Copyright 2023 Authors of Nimbus
 
 name: Latest release
-
 on:
   push:
     branches:
       - main
-      - "v*"
-  create:
-    branches:
-      - "v*"
 
 permissions: read-all
 
@@ -19,16 +14,38 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  files-changed:
+    name: Detect what files changed
+    runs-on: ubuntu-latest
+    timeout-minutes: 3
+    outputs:
+      nimbus: ${{ steps.filter.outputs.nimbus}}
+      adapters: ${{ steps.filter.outputs.adapters }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: dorny/[email protected]
+        id: filter
+        with:
+          filters: |
+            nimbus:
+              - 'cmd/**'
+              - 'internal/**'
+              - 'pkg/processor/**'
+            adapters:
+              - 'pkg/adapter/**'
+
   release-nimbus-image:
-    if: github.repository == '5GSEC/nimbus'
+    needs: files-changed
+    if: ${{ github.repository == '5GSEC/nimbus' && needs.files-changed.outputs.nimbus == 'true' }}
     name: Build and push nimbus image
     uses: ./.github/workflows/release-image.yaml
     with:
       WORKING_DIRECTORY: .
     secrets: inherit
 
   release-adapters-image:
-    if: github.repository == '5GSEC/nimbus'
+    needs: files-changed
+    if: ${{ github.repository == '5GSEC/nimbus' && needs.files-changed.outputs.adapters == 'true' }}
     strategy:
       matrix:
         adapters: [ "nimbus-kubearmor", "nimbus-netpol", "nimbus-kyverno" ]

diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml
@@ -15,7 +15,30 @@ on:
 permissions: read-all
 
 jobs:
+  files-changed:
+    name: Detect what files changed
+    runs-on: ubuntu-latest
+    timeout-minutes: 3
+    outputs:
+      nimbus: ${{ steps.filter.outputs.nimbus}}
+      adapters: ${{ steps.filter.outputs.adapters }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: dorny/[email protected]
+        id: filter
+        with:
+          filters: |
+            nimbus:
+              - 'api/**'
+              - 'cmd/**'
+              - 'internal/**'
+              - 'pkg/processor/**'
+            adapters:
+              - 'pkg/adapter/**'
+
   license:
+    needs: files-changed
+    if: ${{ needs.files-changed.outputs.nimbus == 'true' ||  needs.files-changed.outputs.adapters == 'true' }}
     name: License
     runs-on: ubuntu-20.04
     steps:
@@ -27,6 +50,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   static-checks:
+    needs: files-changed
+    if: ${{ needs.files-changed.outputs.nimbus == 'true' ||  needs.files-changed.outputs.adapters == 'true' }}
     name: Static checks
     runs-on: ubuntu-latest
     steps:
@@ -49,6 +74,8 @@ jobs:
           skip-cache: true # https://github.com/golangci/golangci-lint-action/issues/244#issuecomment-1052197778
 
   go-sec:
+    needs: files-changed
+    if: ${{ needs.files-changed.outputs.nimbus == 'true' ||  needs.files-changed.outputs.adapters == 'true' }}
     runs-on: ubuntu-latest
     permissions:
       security-events: write
@@ -70,6 +97,8 @@ jobs:
           sarif_file: results.sarif
 
   build-nimbus-image:
+    needs: files-changed
+    if: ${{ needs.files-changed.outputs.nimbus == 'true' }}
     name: Build Nimbus Operator image
     runs-on: ubuntu-latest
     timeout-minutes: 20
@@ -81,6 +110,8 @@ jobs:
         run: make docker-build
 
   build-adapters-image:
+    needs: files-changed
+    if: ${{ needs.files-changed.outputs.adapters == 'true' }}
     strategy:
       matrix:
         adapters: [ "nimbus-kubearmor", "nimbus-netpol", "nimbus-kyverno" ]
@@ -95,7 +126,9 @@ jobs:
         working-directory: ./pkg/adapter/${{ matrix.adapters }}
         run: make docker-build
 
-  chainsaw-integration-tests:
+  integration-tests:
+    needs: files-changed
+    if: ${{ needs.files-changed.outputs.nimbus == 'true' }}
     name: Integration-Test
     runs-on: ubuntu-latest
     steps:
@@ -130,7 +163,9 @@ jobs:
         - name: Run Tests
           run: make integration-test
 
-  chainsaw-e2e-tests:
+  e2e-tests:
+    needs: files-changed
+    if: ${{ needs.files-changed.outputs.nimbus == 'true' || needs.files-changed.outputs.adapters == 'true' }}
     name: E2E-Test
     runs-on: ubuntu-latest
     steps:
@@ -179,7 +214,6 @@ jobs:
           run: |
             kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/main/config/crds/kyverno/kyverno.io_clusterpolicies.yaml 
             kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/main/config/crds/kyverno/kyverno.io_policies.yaml
-        
 
         - name: Install Nimbus
           run: |

diff --git a/.github/workflows/latest-charts-release.yaml → .github/workflows/stable-release.yaml b/.github/workflows/latest-charts-release.yaml → .github/workflows/stable-release.yaml
@@ -1,22 +1,41 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright 2023 Authors of Nimbus
 
-name: Release Charts
+name: Stable release
 
 on:
-  push:
-    branches:
-      - main
-      - "v*"
-    paths:
-      - "deployments/**"
   create:
-    branches:
+    tags:
       - "v*"
 
+permissions: read-all
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
-  release:
-    if: github.repository == '5GSEC/nimbus'
+  release-nimbus-image:
+    #if: github.repository == '5GSEC/nimbus'
+    name: Build and push nimbus image
+    uses: ./.github/workflows/release-image.yaml
+    with:
+      WORKING_DIRECTORY: .
+    secrets: inherit
+
+  release-adapters-image:
+    #if: github.repository == '5GSEC/nimbus'
+    strategy:
+      matrix:
+        adapters: [ "nimbus-kubearmor", "nimbus-netpol", "nimbus-kyverno" ]
+    name: Build and push ${{ matrix.adapters }} adapter's image
+    uses: ./.github/workflows/release-image.yaml
+    with:
+      WORKING_DIRECTORY: ./pkg/adapter/${{ matrix.adapters }}
+    secrets: inherit
+
+  release_helm_charts:
+    #if: github.repository == '5GSEC/nimbus'
     permissions:
       contents: write
     runs-on: ubuntu-latest
@@ -40,3 +59,4 @@ jobs:
           charts_url: https://5gsec.github.io/charts/
           commit_username: "github-actions[bot]"
           commit_email: "github-actions[bot]@users.noreply.github.com"
+
diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@
 # Copyright 2023 Authors of Nimbus
 
 # Image URL to use all building/pushing image targets
-IMG ?= 5gsec/nimbus
+IMG ?= anuragrajawat/nimbus
 # Image Tag to use all building/pushing image targets
 TAG ?= v0.1
 
@@ -107,12 +107,11 @@ run: manifests generate fmt vet ## Run a controller from your host.
 # More info: https://docs.docker.com/develop/develop-images/build_enhancements/
 .PHONY: docker-build
 docker-build: ## Build docker image with the manager.
-	$(CONTAINER_TOOL) build -t ${IMG}:${TAG} -t ${IMG}:latest --build-arg VERSION=${TAG} .
+	$(CONTAINER_TOOL) build -t ${IMG}:${TAG} --build-arg VERSION=${TAG} .
 
 .PHONY: docker-push
 docker-push: ## Push docker image with the manager.
 	$(CONTAINER_TOOL) push ${IMG}:${TAG}
-	$(CONTAINER_TOOL) push ${IMG}:latest
 
 # PLATFORMS defines the target platforms for the manager image be built to provide support to multiple
 # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:

diff --git a/cmd/main.go b/cmd/main.go
@@ -22,6 +22,7 @@ import (
 	//+kubebuilder:scaffold:imports
 )
 
+// hello
 // Global variables for scheme registration and setup logging.
 var (
 	scheme   = runtime.NewScheme()        // Scheme for registering API types for client and server.

diff --git a/pkg/adapter/nimbus-kubearmor/Makefile b/pkg/adapter/nimbus-kubearmor/Makefile
@@ -2,7 +2,7 @@
 # Copyright 2023 Authors of Nimbus
 
 # Image URL to use all building/pushing image targets
-IMG ?= 5gsec/nimbus-kubearmor
+IMG ?= anuragrajawat/nimbus-kubearmor
 # Image Tag to use all building/pushing image targets
 TAG ?= v0.1
 
@@ -17,14 +17,13 @@ run: build
 
 .PHONY: docker-build
 docker-build:
-	$(CONTAINER_TOOL) build -t ${IMG}:${TAG} -t ${IMG}:latest --build-arg VERSION=${TAG} -f ./Dockerfile ../../../
+	$(CONTAINER_TOOL) build -t ${IMG}:${TAG} --build-arg VERSION=${TAG} -f ./Dockerfile ../../../
 
 .PHONY: docker-push
 docker-push:
 	$(CONTAINER_TOOL) push ${IMG}:${TAG}
-	$(CONTAINER_TOOL) push ${IMG}:latest
 
-PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
+PLATFORMS ?= linux/arm64,linux/amd64
 .PHONY: docker-buildx
 docker-buildx:
 	# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile

diff --git a/pkg/adapter/nimbus-kyverno/Makefile b/pkg/adapter/nimbus-kyverno/Makefile
@@ -2,7 +2,7 @@
 # Copyright 2023 Authors of Nimbus
 
 # Image URL to use all building/pushing image targets
-IMG ?= 5gsec/nimbus-kyverno
+IMG ?= anuragrajawat/nimbus-kyverno
 # Image Tag to use all building/pushing image targets
 TAG ?= v0.1
 
@@ -17,14 +17,13 @@ run: build
 
 .PHONY: docker-build
 docker-build:
-	$(CONTAINER_TOOL) build -t ${IMG}:${TAG} -t ${IMG}:latest --build-arg VERSION=${TAG} -f ./Dockerfile ../../../
+	$(CONTAINER_TOOL) build -t ${IMG}:${TAG} --build-arg VERSION=${TAG} -f ./Dockerfile ../../../
 
 .PHONY: docker-push
 docker-push:
 	$(CONTAINER_TOOL) push ${IMG}:${TAG}
-	$(CONTAINER_TOOL) push ${IMG}:latest
 
-PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
+PLATFORMS ?= linux/arm64,linux/amd64
 .PHONY: docker-buildx
 docker-buildx:
 	# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile

diff --git a/pkg/adapter/nimbus-netpol/Makefile b/pkg/adapter/nimbus-netpol/Makefile
@@ -2,7 +2,7 @@
 # Copyright 2023 Authors of Nimbus
 
 # Image URL to use all building/pushing image targets
-IMG ?= 5gsec/nimbus-netpol
+IMG ?= anuragrajawat/nimbus-netpol
 # Image Tag to use all building/pushing image targets
 TAG ?= v0.1
 
@@ -17,14 +17,13 @@ run: build
 
 .PHONY: docker-build
 docker-build:
-	$(CONTAINER_TOOL) build -t ${IMG}:${TAG} -t ${IMG}:latest --build-arg VERSION=${TAG} -f ./Dockerfile ../../../
+	$(CONTAINER_TOOL) build -t ${IMG}:${TAG} --build-arg VERSION=${TAG} -f ./Dockerfile ../../../
 
 .PHONY: docker-push
 docker-push:
 	$(CONTAINER_TOOL) push ${IMG}:${TAG}
-	$(CONTAINER_TOOL) push ${IMG}:latest
 
-PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
+PLATFORMS ?= linux/arm64,linux/amd64
 .PHONY: docker-buildx
 docker-buildx:
 	# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile