fix(CI): Update image tag in helm charts

Signed-off-by: Anurag Rajawat <[email protected]>
anurag-rajawat · Sep 26, 2024 · dda9c03 · dda9c03
1 parent 13df8f9
commit dda9c03
Show file tree

Hide file tree

Showing 8 changed files with 62 additions and 12 deletions.
diff --git a/.github/workflows/release-image.yaml b/.github/workflows/release-image.yaml
@@ -52,7 +52,7 @@ jobs:
       - name: Scan image
         uses: anchore/scan-action@v4
         with:
-          image: '5gsec/${{ inputs.NAME }}:${{ steps.tag.outputs.tag }}'
+          image: 'ttl.sh/${{ inputs.NAME }}:${{ steps.tag.outputs.tag }}'
           severity-cutoff: critical
           output-format: sarif
 

diff --git a/.github/workflows/stable-release.yaml b/.github/workflows/stable-release.yaml
@@ -3,8 +3,11 @@
 
 name: Stable release
 
-on: workflow_dispatch
-
+#on: workflow_dispatch
+on:
+  create:
+    tags:
+      - "v*"
 permissions: read-all
 
 concurrency:
@@ -13,7 +16,7 @@ concurrency:
 
 jobs:
   release-nimbus-image:
-    if: github.repository == '5GSEC/nimbus'
+    #    if: github.repository == '5GSEC/nimbus'
     name: Build and push nimbus image
     uses: ./.github/workflows/release-image.yaml
     with:
@@ -22,7 +25,7 @@ jobs:
     secrets: inherit
 
   release-adapters-image:
-    if: github.repository == '5GSEC/nimbus'
+    #    if: github.repository == '5GSEC/nimbus'
     strategy:
       matrix:
         adapters: [ "nimbus-kubearmor", "nimbus-netpol", "nimbus-kyverno" ]
@@ -33,8 +36,37 @@ jobs:
       NAME: ${{ matrix.adapters }}
     secrets: inherit
 
+  update-image-tags-in-helm-charts:
+    #if: github.repository == '5GSEC/nimbus'
+    needs: [ release-nimbus-image, release-adapters-image ]
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Get tag
+        id: tag
+        run: |
+          if [ ${{ github.ref }} == "refs/heads/main" ]; then
+            echo "tag=latest" >> $GITHUB_OUTPUT
+          else
+            echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Update images tag
+        run: |
+          ./scripts/update-image-tag.sh ${{ steps.tag.outputs.tag }} 
+
+      - name: Commit changes
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          branch: fixes
+
   release_helm_charts:
-    if: github.repository == '5GSEC/nimbus'
+    #    if: github.repository == '5GSEC/nimbus'
+    needs: [ update-image-tags-in-helm-charts ]
     permissions:
       contents: write
     runs-on: ubuntu-latest

diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@
 # Copyright 2023 Authors of Nimbus
 
 # Image URL to use all building/pushing image targets
-IMG ?= 5gsec/nimbus
+IMG ?= ttl.sh/nimbus
 # Image Tag to use all building/pushing image targets
 TAG ?= latest
 
@@ -100,7 +100,7 @@ lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes
 ##@ Build
 
 .PHONY: build
-build: manifests generate fmt vet ## Build manager binary.
+build: fmt vet ## Build manager binary.
 	@go build -ldflags="-s" -o bin/"${BINARY_NAME}" ./cmd
 
 .PHONY: run

diff --git a/pkg/adapter/nimbus-k8tls/Makefile b/pkg/adapter/nimbus-k8tls/Makefile
@@ -2,7 +2,7 @@
 # Copyright 2023 Authors of Nimbus
 
 # Image URL to use all building/pushing image targets
-IMG ?= 5gsec/nimbus-k8tls
+IMG ?= ttl.sh/nimbus-k8tls
 # Image Tag to use all building/pushing image targets
 TAG ?= latest
 

diff --git a/pkg/adapter/nimbus-kubearmor/Makefile b/pkg/adapter/nimbus-kubearmor/Makefile
@@ -2,7 +2,7 @@
 # Copyright 2023 Authors of Nimbus
 
 # Image URL to use all building/pushing image targets
-IMG ?= 5gsec/nimbus-kubearmor
+IMG ?= ttl.sh/nimbus-kubearmor
 # Image Tag to use all building/pushing image targets
 TAG ?= latest
 

diff --git a/pkg/adapter/nimbus-kyverno/Makefile b/pkg/adapter/nimbus-kyverno/Makefile
@@ -2,7 +2,7 @@
 # Copyright 2023 Authors of Nimbus
 
 # Image URL to use all building/pushing image targets
-IMG ?= 5gsec/nimbus-kyverno
+IMG ?= ttl.sh/nimbus-kyverno
 # Image Tag to use all building/pushing image targets
 TAG ?= latest
 

diff --git a/pkg/adapter/nimbus-netpol/Makefile b/pkg/adapter/nimbus-netpol/Makefile
@@ -2,7 +2,7 @@
 # Copyright 2023 Authors of Nimbus
 
 # Image URL to use all building/pushing image targets
-IMG ?= 5gsec/nimbus-netpol
+IMG ?= ttl.sh/nimbus-netpol
 # Image Tag to use all building/pushing image targets
 TAG ?= latest
 

diff --git a/scripts/update-image-tag.sh b/scripts/update-image-tag.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: Apache-2.0
+# Copyright 2023 Authors of Nimbus
+
+if ! command -v yq >/dev/null; then
+  echo "Installing yq..."
+  go install github.com/mikefarah/yq/v4@latest
+fi
+
+TAG=$1
+DEPLOYMENT_ROOT_DIR="deployments"
+DIRECTORIES=("${DEPLOYMENT_ROOT_DIR}/nimbus" "${DEPLOYMENT_ROOT_DIR}/nimbus-k8tls" \
+  "${DEPLOYMENT_ROOT_DIR}/nimbus-kubearmor" "${DEPLOYMENT_ROOT_DIR}/nimbus-kyverno" "${DEPLOYMENT_ROOT_DIR}/nimbus-netpol")
+
+echo "Updating tag to $TAG"
+for directory in "${DIRECTORIES[@]}"; do
+   yq -i ".image.tag = \"$TAG\"" "${directory}/values.yaml"
+done