Skip to content

Update dependencies 09.2024 #559

Update dependencies 09.2024

Update dependencies 09.2024 #559

Workflow file for this run

name: CI
on:
release:
types: [published, prereleased, edited]
push:
branches:
- master
pull_request:
jobs:
build-docker:
name: Build Dockerfile-controller
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build image
uses: docker/build-push-action@v3
with:
context: .
file: ./Dockerfile-controller
tags: equinor/gordo-controller:latest
load: true
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: equinor/gordo-controller:latest
format: 'table'
exit-code: '10'
ignore-unfixed: true
hide-progress: true
severity: 'CRITICAL,HIGH'
timeout: '5m'
-
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
test:
name: Test ${{ matrix.rust }} on ${{ matrix.os }}
needs: build-docker
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
rust: [stable]
env:
KUBERNETES_VERSION: v1.23.15
MINIKUBE_VERSION: v1.27.1
MINIKUBE_SHA256: "159bc79f3914dadb7c9f56b6e9d5b73a1c54acb26dca8f1ea84b99ff5da42620"
MINIKUBE_HOME: /home/runner
KUBECONFIG: /home/runner/.kube/config
CHANGE_MINIKUBE_NONE_USER: "true"
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Setup Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
toolchain: ${{ matrix.rust }}
- name: Cargo cache
uses: actions/cache@v3
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-${{ runner.rust }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build image
uses: docker/build-push-action@v3
with:
context: .
file: ./Dockerfile-controller
tags: ${{ steps.prep.outputs.base_image }}
load: true
cache-from: type=local,src=/tmp/.buildx-cache
- name: Install kubectl
run: |
sudo curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl
sudo chmod +x /usr/bin/kubectl
- name: Install kustomize
run: |
sudo curl -L -o /usr/bin/kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
sudo chmod +x /usr/bin/kustomize
- name: Build all kustomize overlays
run: |
sudo kustomize build k8s/production
sudo kustomize build k8s/minikube
- name: Install minikube
run: |
set -e
sudo apt-get update
sudo apt-get install -y conntrack
sudo curl -L -o /usr/bin/minikube https://storage.googleapis.com/minikube/releases/${MINIKUBE_VERSION}/minikube-linux-amd64
echo "${MINIKUBE_SHA256} /usr/bin/minikube" | sha256sum -c --status
sudo chmod +x /usr/bin/minikube
- name: Start minikube
run: |
sudo -E /usr/bin/minikube start --kubernetes-version=${KUBERNETES_VERSION} --vm-driver=none --container-runtime=docker || journalctl -xeu kubelet
sudo chown -R $USER $HOME/.minikube $HOME/.kube
- name: Build image
uses: docker/build-push-action@v3
with:
context: .
file: ./Dockerfile-controller
tags: equinor/gordo-controller:latest
load: true
cache-from: type=local,src=/tmp/.buildx-cache-new
- name: Run gordo-controller on minikube
run: |
kubectl apply -k k8s/minikube -n default || echo "Skipping on Istio error"
bash scripts/wait_gordo_controller.sh
- name: Test CRDs
run: |
kubectl get gordos > /dev/null
kubectl get models > /dev/null
- name: Unit tests
env:
KUBERNETES_SERVICE_HOST: localhost
KUBERNETES_SERVICE_PORT: 8443
RUST_BACKTRACE: 1
run:
cargo test --tests -- --test-threads=1
- name: Integration Tests
env:
DEPLOY_IMAGE: "gordo-infrastructure/gordo-deploy"
DOCKER_REGISTRY: "docker.io"
run: |
bash scripts/integration_tests.sh
push-image:
name: Push docker images
needs: build-docker
runs-on: ubuntu-latest
env:
IMAGE_LICENSE: AGPL-3.0
IMAGE_HOME_URL: https://github.com/equinor/gordo-controller
DOCKER_REGISTRY: ghcr.io
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Prepare variables
id: prep
run: |
python3 scripts/github_docker.py -r equinor -i gordo-controller
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to production CR
uses: docker/login-action@v2
if: ${{ steps.prep.outputs.login_prod_cr }}
with:
registry: ${{ env.DOCKER_PROD_REGISTRY }}
username: ${{ secrets.DOCKER_PROD_USERNAME }}
password: ${{ secrets.DOCKER_PROD_TOKEN }}
- name: Login to CR
uses: docker/login-action@v2
if: ${{ steps.prep.outputs.login_cr }}
with:
registry: ${{ env.DOCKER_REGISTRY }}
username: ${{ secrets.DOCKER_GITHUB_USER }}
password: ${{ secrets.DOCKER_GITHUB_PASSWORD }}
- name: Build and push
uses: docker/build-push-action@v3
if: ${{ steps.prep.outputs.push_image }}
with:
push: true
context: .
file: ./Dockerfile-controller
tags: ${{ steps.prep.outputs.tags_gordo_base }}
cache-from: type=local,src=/tmp/.buildx-cache
labels: |
org.opencontainers.image.title=gordo-controller
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
org.opencontainers.image.source=${{ env.IMAGE_HOME_URL }}
org.opencontainers.image.version=${{ steps.prep.outputs.version }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.licenses=${{ env.IMAGE_LICENSE }}