Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix the rockcraft workflow in PR from forked repositories #108

Merged
merged 10 commits into from
Mar 21, 2023
Merged

Fix the rockcraft workflow in PR from forked repositories #108

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
65eb47a
Fix the rockcraft workflow in PR from forked repo
weiiwang01 Mar 19, 2023
c7f6ef0
Update the Trivy input in rockcraft workflow
weiiwang01 Mar 19, 2023
a860e98
Update build_rocks.yaml
weiiwang01 Mar 19, 2023
555df60
Update build_rocks.yaml
weiiwang01 Mar 19, 2023
9334373
Update integration_test_run.yaml
weiiwang01 Mar 19, 2023
2677694
Update tox.ini
weiiwang01 Mar 19, 2023
668b488
Update workflow_test.yaml
weiiwang01 Mar 19, 2023
1ef9a28
Update build_rocks.yaml
weiiwang01 Mar 20, 2023
f67e1db
Update workflow_test.yaml
weiiwang01 Mar 21, 2023
e531aa5
Update workflow_test.yaml
weiiwang01 Mar 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 9 additions & 12 deletions .github/workflows/build_rocks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,32 +61,29 @@ jobs:
uses: canonical/craft-actions/rockcraft-pack@main
with:
path: ${{ matrix.path }}
- name: Upload rock to ghcr.io
if: ${{ !github.event.pull_request.head.repo.fork }}
- name: Extract rock information
run: |
IMAGE_NAME=$(yq '.name' ${{ matrix.path }}/rockcraft.yaml)
IMAGE_REF=${{ inputs.registry }}/${{ inputs.owner }}/$IMAGE_NAME:${{ github.run_id }}
skopeo --insecure-policy copy oci-archive:$(ls ${{ matrix.path }}/${{ matrix.image }}*.rock) docker://$IMAGE_REF --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}"
echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
echo "IMAGE_REF=$IMAGE_REF" >> $GITHUB_ENV
- name: Upload rock to ghcr.io
if: ${{ !github.event.pull_request.head.repo.fork }}
run: |
skopeo --insecure-policy copy oci-archive:$(ls ${{ matrix.path }}/*.rock) docker://$IMAGE_REF --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}"
# GitHub doesn't currently support pushing images in the Docker registry when opening a PR from a fork
# so an artifact is published instead
- name: Build rock as tarball
if: ${{ github.event.pull_request.head.repo.fork }}
run: |
skopeo copy oci-archive:$(ls ${{ matrix.path }}/${{ matrix.image }}*.rock) docker-archive:/tmp/$IMAGE_NAME.tar:$IMAGE_NAME:${{ github.run_id }}
skopeo copy oci-archive:$(ls ${{ matrix.path }}/*.rock) docker-archive:./$IMAGE_NAME.tar:$IMAGE_NAME:${{ github.run_id }}
echo "IMAGE_TAR=/github/workspace/$IMAGE_NAME.tar" >> $GITHUB_ENV
- name: Upload image artifact
uses: actions/upload-artifact@v3
if: ${{ github.event.pull_request.head.repo.fork }}
with:
name: ${{ matrix.image }}
path: /tmp/${{ matrix.image }}.tar
# Trivy requires an OCI type tar to run the scan
- name: Build rock as tarball
if: ${{ github.event.pull_request.head.repo.fork }}
run: |
skopeo copy oci-archive:$(ls ${{ matrix.path }}/${{ matrix.image }}*.rock) dir:/tmp/$IMAGE_NAME.tar
echo "IMAGE_TAR=${{ matrix.image }}.tar" >> $GITHUB_ENV
name: ${{ env.IMAGE_NAME }}
path: ${{ env.IMAGE_NAME }}.tar
- name: Run Github Trivy Image Action
uses: aquasecurity/trivy-action@master
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/integration_test_run.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ jobs:
if: ${{ inputs.provider == 'microk8s' && github.event.pull_request.head.repo.fork }}
run: |
for image_name in $(echo '${{ inputs.images }}' | jq -cr '.[]'); do
docker load --input ${image_name}/${image_name}.tar
docker import ${image_name}/${image_name}.tar localhost:32000/${image_name}:latest
docker push localhost:32000/${image_name}:latest
done
- name: Configure GHCR in microk8s
Expand Down
3 changes: 1 addition & 2 deletions .github/workflows/workflow_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ jobs:
working-directory: 'tests/workflows/integration/test-rock/'
trivy-image-config: 'tests/workflows/integration/test-rock/trivy.yaml'
publish:
if: ${{ !github.event.pull_request.head.repo.fork }}
uses: ./.github/workflows/test_and_publish_charm.yaml
secrets: inherit
needs:
Expand All @@ -62,7 +63,6 @@ jobs:
- dockerfile
- integration
- integration-rock
- publish
steps:
- run: |
[ '${{ needs.simple.outputs.metadata-lint-outcome }}' = 'skipped' ] || (echo metadata-lint not skipped && false)
Expand All @@ -75,4 +75,3 @@ jobs:
[ '${{ needs.dockerfile.outputs.docker-lint-outcome }}' = 'success' ] || (echo docker-lint failed && false)
[ '${{ needs.integration.result }}' = 'success' ] || (echo integration failed && false)
[ '${{ needs.integration-rock.result }}' = 'success' ] || (echo integration-rock failed && false)
[ '${{ needs.publish.result }}' = 'success' ] || (echo publish failed && false)
3 changes: 1 addition & 2 deletions tests/workflows/integration/test-upload-charm/tox.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,7 @@ commands =
[testenv:static]
description = Run static analysis tests
deps =
bandit
toml
bandit[toml]
-r{toxinidir}/requirements.txt
commands =
bandit -c {toxinidir}/pyproject.toml -r {[vars]src_path} {[vars]tst_path}
Expand Down