diff --git a/.github/workflows/latest-release.yaml b/.github/workflows/latest-release.yaml index 4d84c321..90af7c98 100644 --- a/.github/workflows/latest-release.yaml +++ b/.github/workflows/latest-release.yaml @@ -2,15 +2,10 @@ # Copyright 2023 Authors of Nimbus name: Latest release - on: push: branches: - main - - "v*" - create: - branches: - - "v*" permissions: read-all @@ -19,8 +14,29 @@ concurrency: cancel-in-progress: true jobs: + files-changed: + name: Detect what files changed + runs-on: ubuntu-latest + timeout-minutes: 3 + outputs: + nimbus: ${{ steps.filter.outputs.nimbus}} + adapters: ${{ steps.filter.outputs.adapters }} + steps: + - uses: actions/checkout@v3 + - uses: dorny/paths-filter@v3.0.2 + id: filter + with: + filters: | + nimbus: + - 'cmd/**' + - 'internal/**' + - 'pkg/processor/**' + adapters: + - 'pkg/adapter/**' + release-nimbus-image: - if: github.repository == '5GSEC/nimbus' + needs: files-changed + if: ${{ github.repository == '5GSEC/nimbus' && needs.files-changed.outputs.nimbus == 'true' }} name: Build and push nimbus image uses: ./.github/workflows/release-image.yaml with: @@ -28,7 +44,8 @@ jobs: secrets: inherit release-adapters-image: - if: github.repository == '5GSEC/nimbus' + needs: files-changed + if: ${{ github.repository == '5GSEC/nimbus' && needs.files-changed.outputs.adapters == 'true' }} strategy: matrix: adapters: [ "nimbus-kubearmor", "nimbus-netpol", "nimbus-kyverno" ] diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml index dba82763..d915f593 100644 --- a/.github/workflows/pr-checks.yaml +++ b/.github/workflows/pr-checks.yaml @@ -15,7 +15,30 @@ on: permissions: read-all jobs: + files-changed: + name: Detect what files changed + runs-on: ubuntu-latest + timeout-minutes: 3 + outputs: + nimbus: ${{ steps.filter.outputs.nimbus}} + adapters: ${{ steps.filter.outputs.adapters }} + steps: + - uses: actions/checkout@v3 + - uses: dorny/paths-filter@v3.0.2 + id: filter + with: + filters: | + nimbus: + - 'api/**' + - 'cmd/**' + - 'internal/**' + - 'pkg/processor/**' + adapters: + - 'pkg/adapter/**' + license: + needs: files-changed + if: ${{ needs.files-changed.outputs.nimbus == 'true' || needs.files-changed.outputs.adapters == 'true' }} name: License runs-on: ubuntu-20.04 steps: @@ -27,6 +50,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} static-checks: + needs: files-changed + if: ${{ needs.files-changed.outputs.nimbus == 'true' || needs.files-changed.outputs.adapters == 'true' }} name: Static checks runs-on: ubuntu-latest steps: @@ -49,6 +74,8 @@ jobs: skip-cache: true # https://github.com/golangci/golangci-lint-action/issues/244#issuecomment-1052197778 go-sec: + needs: files-changed + if: ${{ needs.files-changed.outputs.nimbus == 'true' || needs.files-changed.outputs.adapters == 'true' }} runs-on: ubuntu-latest permissions: security-events: write @@ -70,6 +97,8 @@ jobs: sarif_file: results.sarif build-nimbus-image: + needs: files-changed + if: ${{ needs.files-changed.outputs.nimbus == 'true' }} name: Build Nimbus Operator image runs-on: ubuntu-latest timeout-minutes: 20 @@ -81,6 +110,8 @@ jobs: run: make docker-build build-adapters-image: + needs: files-changed + if: ${{ needs.files-changed.outputs.adapters == 'true' }} strategy: matrix: adapters: [ "nimbus-kubearmor", "nimbus-netpol", "nimbus-kyverno" ] @@ -95,7 +126,9 @@ jobs: working-directory: ./pkg/adapter/${{ matrix.adapters }} run: make docker-build - chainsaw-integration-tests: + integration-tests: + needs: files-changed + if: ${{ needs.files-changed.outputs.nimbus == 'true' }} name: Integration-Test runs-on: ubuntu-latest steps: @@ -130,7 +163,9 @@ jobs: - name: Run Tests run: make integration-test - chainsaw-e2e-tests: + e2e-tests: + needs: files-changed + if: ${{ needs.files-changed.outputs.nimbus == 'true' || needs.files-changed.outputs.adapters == 'true' }} name: E2E-Test runs-on: ubuntu-latest steps: @@ -179,7 +214,6 @@ jobs: run: | kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/main/config/crds/kyverno/kyverno.io_clusterpolicies.yaml kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/main/config/crds/kyverno/kyverno.io_policies.yaml - - name: Install Nimbus run: | diff --git a/.github/workflows/latest-charts-release.yaml b/.github/workflows/stable-release.yaml similarity index 51% rename from .github/workflows/latest-charts-release.yaml rename to .github/workflows/stable-release.yaml index 9900e408..6cd35d35 100644 --- a/.github/workflows/latest-charts-release.yaml +++ b/.github/workflows/stable-release.yaml @@ -1,22 +1,41 @@ # SPDX-License-Identifier: Apache-2.0 # Copyright 2023 Authors of Nimbus -name: Release Charts +name: Stable release on: - push: - branches: - - main - - "v*" - paths: - - "deployments/**" create: - branches: - - "v*" + tags: + - "v:x*" + +permissions: read-all + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: - release: - if: github.repository == '5GSEC/nimbus' + release-nimbus-image: + #if: github.repository == '5GSEC/nimbus' + name: Build and push nimbus image + uses: ./.github/workflows/release-image.yaml + with: + WORKING_DIRECTORY: . + secrets: inherit + + release-adapters-image: + #if: github.repository == '5GSEC/nimbus' + strategy: + matrix: + adapters: [ "nimbus-kubearmor", "nimbus-netpol", "nimbus-kyverno" ] + name: Build and push ${{ matrix.adapters }} adapter's image + uses: ./.github/workflows/release-image.yaml + with: + WORKING_DIRECTORY: ./pkg/adapter/${{ matrix.adapters }} + secrets: inherit + + release_helm_charts: + #if: github.repository == '5GSEC/nimbus' permissions: contents: write runs-on: ubuntu-latest @@ -40,3 +59,4 @@ jobs: charts_url: https://5gsec.github.io/charts/ commit_username: "github-actions[bot]" commit_email: "github-actions[bot]@users.noreply.github.com" + diff --git a/Makefile b/Makefile index d0506d7d..ecf7ab35 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ # Copyright 2023 Authors of Nimbus # Image URL to use all building/pushing image targets -IMG ?= 5gsec/nimbus +IMG ?= anuragrajawat/nimbus # Image Tag to use all building/pushing image targets TAG ?= v0.1 @@ -107,12 +107,11 @@ run: manifests generate fmt vet ## Run a controller from your host. # More info: https://docs.docker.com/develop/develop-images/build_enhancements/ .PHONY: docker-build docker-build: ## Build docker image with the manager. - $(CONTAINER_TOOL) build -t ${IMG}:${TAG} -t ${IMG}:latest --build-arg VERSION=${TAG} . + $(CONTAINER_TOOL) build -t ${IMG}:${TAG} --build-arg VERSION=${TAG} . .PHONY: docker-push docker-push: ## Push docker image with the manager. $(CONTAINER_TOOL) push ${IMG}:${TAG} - $(CONTAINER_TOOL) push ${IMG}:latest # PLATFORMS defines the target platforms for the manager image be built to provide support to multiple # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: diff --git a/cmd/main.go b/cmd/main.go index b947f3a1..dabc2e63 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -22,6 +22,7 @@ import ( //+kubebuilder:scaffold:imports ) +// hello // Global variables for scheme registration and setup logging. var ( scheme = runtime.NewScheme() // Scheme for registering API types for client and server. diff --git a/pkg/adapter/nimbus-kubearmor/Makefile b/pkg/adapter/nimbus-kubearmor/Makefile index dcfe1adf..7063815e 100644 --- a/pkg/adapter/nimbus-kubearmor/Makefile +++ b/pkg/adapter/nimbus-kubearmor/Makefile @@ -2,7 +2,7 @@ # Copyright 2023 Authors of Nimbus # Image URL to use all building/pushing image targets -IMG ?= 5gsec/nimbus-kubearmor +IMG ?= anuragrajawat/nimbus-kubearmor # Image Tag to use all building/pushing image targets TAG ?= v0.1 @@ -17,14 +17,13 @@ run: build .PHONY: docker-build docker-build: - $(CONTAINER_TOOL) build -t ${IMG}:${TAG} -t ${IMG}:latest --build-arg VERSION=${TAG} -f ./Dockerfile ../../../ + $(CONTAINER_TOOL) build -t ${IMG}:${TAG} --build-arg VERSION=${TAG} -f ./Dockerfile ../../../ .PHONY: docker-push docker-push: $(CONTAINER_TOOL) push ${IMG}:${TAG} - $(CONTAINER_TOOL) push ${IMG}:latest -PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +PLATFORMS ?= linux/arm64,linux/amd64 .PHONY: docker-buildx docker-buildx: # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile diff --git a/pkg/adapter/nimbus-kyverno/Makefile b/pkg/adapter/nimbus-kyverno/Makefile index 021e2bcf..72a0117a 100644 --- a/pkg/adapter/nimbus-kyverno/Makefile +++ b/pkg/adapter/nimbus-kyverno/Makefile @@ -2,7 +2,7 @@ # Copyright 2023 Authors of Nimbus # Image URL to use all building/pushing image targets -IMG ?= 5gsec/nimbus-kyverno +IMG ?= anuragrajawat/nimbus-kyverno # Image Tag to use all building/pushing image targets TAG ?= v0.1 @@ -17,14 +17,13 @@ run: build .PHONY: docker-build docker-build: - $(CONTAINER_TOOL) build -t ${IMG}:${TAG} -t ${IMG}:latest --build-arg VERSION=${TAG} -f ./Dockerfile ../../../ + $(CONTAINER_TOOL) build -t ${IMG}:${TAG} --build-arg VERSION=${TAG} -f ./Dockerfile ../../../ .PHONY: docker-push docker-push: $(CONTAINER_TOOL) push ${IMG}:${TAG} - $(CONTAINER_TOOL) push ${IMG}:latest -PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +PLATFORMS ?= linux/arm64,linux/amd64 .PHONY: docker-buildx docker-buildx: # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile diff --git a/pkg/adapter/nimbus-netpol/Makefile b/pkg/adapter/nimbus-netpol/Makefile index e1a8f9ea..ec463392 100644 --- a/pkg/adapter/nimbus-netpol/Makefile +++ b/pkg/adapter/nimbus-netpol/Makefile @@ -2,7 +2,7 @@ # Copyright 2023 Authors of Nimbus # Image URL to use all building/pushing image targets -IMG ?= 5gsec/nimbus-netpol +IMG ?= anuragrajawat/nimbus-netpol # Image Tag to use all building/pushing image targets TAG ?= v0.1 @@ -17,14 +17,13 @@ run: build .PHONY: docker-build docker-build: - $(CONTAINER_TOOL) build -t ${IMG}:${TAG} -t ${IMG}:latest --build-arg VERSION=${TAG} -f ./Dockerfile ../../../ + $(CONTAINER_TOOL) build -t ${IMG}:${TAG} --build-arg VERSION=${TAG} -f ./Dockerfile ../../../ .PHONY: docker-push docker-push: $(CONTAINER_TOOL) push ${IMG}:${TAG} - $(CONTAINER_TOOL) push ${IMG}:latest -PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +PLATFORMS ?= linux/arm64,linux/amd64 .PHONY: docker-buildx docker-buildx: # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile