Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test Chainguard 3rd party images #4179

Closed
wants to merge 48 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
3348812
build kots with apko+melange in presubmit
imjasonh Jun 26, 2023
c2ccd2a
add language about non-production-readiness
imjasonh Jun 28, 2023
c3c93bc
include all currently supported kubectl versions
imjasonh Jun 29, 2023
e26ba4e
initial try
sgalsaleh Aug 25, 2023
6d35b86
second try
sgalsaleh Aug 25, 2023
a8e05bb
3rd try
sgalsaleh Aug 25, 2023
9a56cb8
fix syntax error
sgalsaleh Aug 25, 2023
446fe15
updates
sgalsaleh Aug 25, 2023
de9c359
/usr/local/bin
sgalsaleh Aug 25, 2023
f8f6f3c
fix symlinks
sgalsaleh Aug 25, 2023
4508852
propagate git tag to melange and apko + always cleanup c11y clusters
sgalsaleh Aug 26, 2023
9c0338c
fix templating
sgalsaleh Aug 28, 2023
357967d
more fixes
sgalsaleh Aug 28, 2023
e6e2b88
fix melange target dir env var
sgalsaleh Aug 28, 2023
dd095d6
one more try
sgalsaleh Aug 28, 2023
34f2f3a
no-op, trigger tests again
sgalsaleh Oct 6, 2023
3fbdee1
fix lint isses
sgalsaleh Oct 6, 2023
81d8063
use melange caching
sgalsaleh Nov 21, 2023
48a72e9
generate signing key
sgalsaleh Nov 21, 2023
33df7c1
fix flag name
sgalsaleh Nov 21, 2023
2112fa4
test without cache again
sgalsaleh Nov 21, 2023
9deff02
test caching support
sgalsaleh Nov 21, 2023
d3775c4
fix action
sgalsaleh Nov 21, 2023
33f3b75
support go mod cache
sgalsaleh Nov 21, 2023
434e537
one more test
sgalsaleh Nov 21, 2023
aa8acd2
one more test
sgalsaleh Nov 21, 2023
c855c45
one more test
sgalsaleh Nov 21, 2023
7e0c5d4
one more test
sgalsaleh Nov 21, 2023
e54b50d
test again without cache
sgalsaleh Nov 21, 2023
8c7346c
use melange+apko to build kotsadm image on merge/release
sgalsaleh Nov 21, 2023
c9362c4
refactor
sgalsaleh Nov 21, 2023
657a418
add kubectl-1.28
sgalsaleh Nov 22, 2023
d0b37f3
fix symlinks
sgalsaleh Nov 22, 2023
1a9186a
fix envsubset
sgalsaleh Nov 25, 2023
b24a7f0
test regression tests
sgalsaleh Nov 27, 2023
222dc63
docker login before
sgalsaleh Nov 27, 2023
124a5fd
username and password for apko
sgalsaleh Nov 27, 2023
ec504db
hack to build kotsadm image and trigger tests
sgalsaleh Nov 27, 2023
7f61576
one more try
sgalsaleh Nov 27, 2023
d005ce7
one more try
sgalsaleh Nov 27, 2023
8c3a76b
use creds to push to dockerhub
sgalsaleh Nov 27, 2023
17c2d82
copy from docker
sgalsaleh Nov 27, 2023
134dcc0
include older kubectl versions
sgalsaleh Nov 28, 2023
ef344c4
updates
sgalsaleh Nov 28, 2023
bf55a46
pass secrets as inputs
sgalsaleh Nov 28, 2023
57d6fb7
fix syntax issue
sgalsaleh Nov 28, 2023
f698ef1
shell: bash
sgalsaleh Nov 28, 2023
4f65b7f
test
sgalsaleh Nov 28, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 90 additions & 0 deletions .github/actions/build-push-kotsadm-image/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
name: 'Build and push kotsadm image'
description: 'Composite action for building and pushing kotsadm image'
inputs:
chainguard-gcp-wif-pool:
description: 'GCP workload identity pool for Chainguard'
required: true

chainguard-gcp-sa:
description: 'GCP service account for Chainguard'
required: true

chainguard-gcp-project-id:
description: 'GCP project ID for Chainguard'
required: true

image-name:
description: 'Full destination kotsadm image name'
required: true

git-tag:
description: 'Git tag'
required: true

registry-username:
description: 'Username to login to registry'
default: ''
required: false

registry-password:
description: 'Password to login to registry'
default: ''
required: false

runs:
using: "composite"
steps:
# - uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
# with:
# workload_identity_provider: ${{ inputs.chainguard-gcp-wif-pool }}
# service_account: ${{ inputs.chainguard-gcp-sa }}

# - uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1
# with:
# project_id: ${{ inputs.chainguard-gcp-project-id }}

# - name: setup packages gcsfuse
# env:
# BUCKET: replicated-apk-registry
# shell: bash
# run: |
# # Set up a gcsfuse RO mount to the bucket containing private packages. This is a cheap and
# # cheerful way to get access to objects we need, without having to fetch all of them.
# mkdir -p /gcsfuse/apk-repo
# gcsfuse -o ro --implicit-dirs --only-dir os ${BUCKET} /gcsfuse/apk-repo

# # Symlink the gcsfuse mount to ./packages/$arch/*.apk
# mkdir -p ./packages/x86_64
# ln -s /gcsfuse/apk-repo/x86_64/*.apk ./packages/x86_64/

# # Make a copy of the APKINDEX.* since we'll need to write to it on package builds
# cp /gcsfuse/apk-repo/x86_64/APKINDEX.* ./packages/x86_64/

# ls -lR ./packages/

- name: template melange and apko configs
shell: bash
run: |
export GIT_TAG=${{ inputs.git-tag }}
envsubst '${GIT_TAG}' < deploy/melange.yaml.tmpl > deploy/melange.yaml
envsubst '${GIT_TAG}' < deploy/apko.yaml.tmpl > deploy/apko.yaml

- id: cache-dir
shell: bash
run: echo "cache_dir=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"

- uses: chainguard-dev/actions/melange-build@main
with:
config: deploy/melange.yaml
archs: x86_64
sign-with-temporary-key: true
cache-dir: ${{ steps.cache-dir.outputs.cache_dir }}

- uses: chainguard-images/actions/apko-publish@main
with:
config: deploy/apko.yaml
archs: x86_64
tag: ${{ inputs.image-name }}
vcs-url: true
generic-user: ${{ inputs.registry-username }}
generic-pass: ${{ inputs.registry-password }}
4 changes: 2 additions & 2 deletions .github/workflows/alpha.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ jobs:
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: "rqlite/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }}"
image-ref: "cgr.dev/chainguard/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'rqlite-scan-output.sarif'
Expand All @@ -237,7 +237,7 @@ jobs:
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/minio/minio:${{ steps.dotenv.outputs.minio_tag }}"
image-ref: "cgr.dev/chainguard/minio:${{ steps.dotenv.outputs.minio_tag }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'minio-scan-output.sarif'
Expand Down
Loading
Loading