diff --git a/.github/workflows/cactus-whitepaper-publish.yaml b/.github/workflows/cactus-whitepaper-publish.yaml deleted file mode 100644 index c4e7701098..0000000000 --- a/.github/workflows/cactus-whitepaper-publish.yaml +++ /dev/null @@ -1,60 +0,0 @@ -name: whitepaper-publish - -on: - push: - # Publish `main` as Docker `latest` image. - branches: - - main - - # Publish `v1.2.3` tags as releases. - tags: - - v* - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -env: - IMAGE_NAME: cactus-whitepaper - -jobs: - # Push image to GitHub Packages. - # See also https://docs.docker.com/docker-hub/builds/ - build-tag-push-container: - runs-on: ubuntu-20.04 - env: - DOCKER_BUILDKIT: 1 - DOCKERFILE_PATH: ./whitepaper/Dockerfile - DOCKER_BUILD_DIR: ./whitepaper/ - permissions: - packages: write - contents: read - - steps: - - uses: actions/checkout@v3.5.2 - - - name: Build image - run: docker build $DOCKER_BUILD_DIR --file $DOCKERFILE_PATH --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}" - - - name: Log in to registry - # This is where you will update the PAT to GITHUB_TOKEN - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - - name: Push image - run: | - SHORTHASH=$(git rev-parse --short "$GITHUB_SHA") - TODAYS_DATE="$(date +%F)" - DOCKER_TAG="$TODAYS_DATE-$SHORTHASH" - IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME - # Change all uppercase to lowercase - IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - # Do not use the `latest` tag at all, tag with date + git short hash if there is no git tag - [ "$VERSION" == "main" ] && VERSION=$DOCKER_TAG - echo IMAGE_ID=$IMAGE_ID - echo VERSION=$VERSION - docker tag $IMAGE_NAME $IMAGE_ID:$VERSION - docker push $IMAGE_ID:$VERSION diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5315eed85d..8867db4e1c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -2358,36 +2358,6 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - ghcr-test-npm-registry: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v3.5.2 - - name: ghcr.io/hyperledger/cactus-test-npm-registry - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/test-npm-registry/ -f ./tools/docker/test-npm-registry/Dockerfile -t cactus-test-npm-registry - - name: Run Trivy vulnerability scan for cactus-test-npm-registry - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-test-npm-registry' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - ghcr-whitepaper: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v3.5.2 - - name: ghcr.io/hyperledger/cactus-whitepaper - run: DOCKER_BUILDKIT=1 docker build ./whitepaper/ -f ./whitepaper/Dockerfile -t cactus-whitepaper - - name: Run Trivy vulnerability scan for cactus-whitepaper - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-whitepaper' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' name: Cactus_CI 'on': pull_request: diff --git a/.github/workflows/test-npm-registry-publish.yaml b/.github/workflows/test-npm-registry-publish.yaml deleted file mode 100644 index 9a02b60999..0000000000 --- a/.github/workflows/test-npm-registry-publish.yaml +++ /dev/null @@ -1,60 +0,0 @@ -name: test-npm-registry-publish - -on: - push: - # Publish `main` as Docker `latest` image. - branches: - - main - - # Publish `v1.2.3` tags as releases. - tags: - - v* - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -env: - IMAGE_NAME: cactus-test-npm-registry - -jobs: - # Push image to GitHub Packages. - # See also https://docs.docker.com/docker-hub/builds/ - build-tag-push-container: - runs-on: ubuntu-20.04 - env: - DOCKER_BUILDKIT: 1 - DOCKERFILE_PATH: ./tools/docker/test-npm-registry/Dockerfile - DOCKER_BUILD_DIR: ./tools/docker/test-npm-registry/ - permissions: - packages: write - contents: read - - steps: - - uses: actions/checkout@v3.5.2 - - - name: Build image - run: docker build $DOCKER_BUILD_DIR --file $DOCKERFILE_PATH --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}" - - - name: Log in to registry - # This is where you will update the PAT to GITHUB_TOKEN - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - - name: Push image - run: | - SHORTHASH=$(git rev-parse --short "$GITHUB_SHA") - TODAYS_DATE="$(date +%F)" - DOCKER_TAG="$TODAYS_DATE-$SHORTHASH" - IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME - # Change all uppercase to lowercase - IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - # Do not use the `latest` tag at all, tag with date + git short hash if there is no git tag - [ "$VERSION" == "main" ] && VERSION=$DOCKER_TAG - echo IMAGE_ID=$IMAGE_ID - echo VERSION=$VERSION - docker tag $IMAGE_NAME $IMAGE_ID:$VERSION - docker push $IMAGE_ID:$VERSION diff --git a/tools/docker/test-npm-registry/Dockerfile b/tools/docker/test-npm-registry/Dockerfile deleted file mode 100644 index 54df3fd89c..0000000000 --- a/tools/docker/test-npm-registry/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM verdaccio/verdaccio:5.16 - -COPY ./config.yaml /verdaccio/conf/config.yaml diff --git a/tools/docker/test-npm-registry/README.md b/tools/docker/test-npm-registry/README.md deleted file mode 100644 index 4491c840b8..0000000000 --- a/tools/docker/test-npm-registry/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# test-npm-registry container image - -Used for locally verifying publishing commands before using them on npm publicly. -The image is configured by default to not require any authentication at all and -therefore it is a great fit for testing, but most never be used for production -deployments of any kind. - -The reason why this image had to be created was because some of our packages -that have front-end code embedded in them can take up more than 10MB in size -and verdaccio by default does not allow bigger request payloads than that so -we had to increase it to a higher limit via the configuration file `config.yaml`. - -## Usage - -1. Start the container and publish it's port `4873` to the host machine: - ```sh - docker run -it --rm --publish 4873:4873 ghcr.io/hyperledger/cactus-test-npm-registry:2021-12-20-81fd36c7 - ``` -2. Verify a canary publish with this container instead of using npmjs.com -by specifying the registry URL as http://localhost:4873 such as - ```sh - npx lerna publish \ - --canary \ - --force-publish \ - --dist-tag $(git branch --show-current) \ - --preid $(git branch --show-current).$(git rev-parse --short HEAD) \ - --registry http://localhost:4873 - ``` - -## Build image locally: - -```sh -DOCKER_BUILDKIT=1 docker build ./tools/docker/test-npm-registry/ -t ctnr -``` - -## Run image locally - -```sh -docker run -it --rm --publish 4873:4873 ctnr -``` diff --git a/tools/docker/test-npm-registry/config.yaml b/tools/docker/test-npm-registry/config.yaml deleted file mode 100644 index 300106142d..0000000000 --- a/tools/docker/test-npm-registry/config.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# -# This is the config file used for the docker images. -# It allows all users to do anything, so don't use it on production systems. -# -# Do not configure host and port under `listen` in this file -# as it will be ignored when using docker. -# see https://github.com/verdaccio/verdaccio/blob/verdaccio%406.0.0-6-next.24/website/docs/docker.md -# - -# The only reason why we need a custom built docker image is because there is -# no way to configure the existing container images to have a max body size -# higher than the default 10 MB without mounting a volume with a config file -max_body_size: 1000mb - -# path to a directory with all packages -storage: /verdaccio/storage - -# a list of other known repositories we can talk to -uplinks: - npmjs: - url: https://registry.npmjs.org/ - -packages: - '@scope/*': - # scoped packages - access: $all - publish: $all - proxy: npmjs - '@*/*': - # scoped packages - access: $all - publish: $all - proxy: npmjs - '**': - # allow all users (including non-authenticated users) to read and - # publish all packages - # - # you can specify usernames/groupnames (depending on your auth plugin) - # and three keywords: "$all", "$anonymous", "$authenticated" - access: $all - - # allow anyone to publish packages so there is no need to register a user - publish: $all - - # if package is not available locally, proxy requests to 'npmjs' registry - proxy: npmjs - -# log settings -logs: - - { type: stdout, format: pretty, level: trace } - #- {type: file, path: verdaccio.log, level: info} - -listen: - - 0.0.0.0:4873 \ No newline at end of file