Skip to content

SecurityMode: traffic segregation #8396

SecurityMode: traffic segregation

SecurityMode: traffic segregation #8396

Workflow file for this run

name: Integration Pipeline
on:
push:
tags:
- 'v*'
branches:
- master
repository_dispatch:
types:
- test-command
- build-command
jobs:
configure:
name: Preliminary configuration
runs-on: ubuntu-latest
outputs:
commit-ref: ${{ steps.configure.outputs.commit-ref }}
repo-suffix: ${{ steps.configure.outputs.repo-suffix }}
master: ${{ steps.configure.outputs.master }}
repo-name: ${{ steps.configure.outputs.repo-name }}
architectures: ${{ steps.configure.outputs.architectures }}
pr-number: ${{ steps.configure.outputs.pr-number }}
steps:
- name: Get the version
id: get_version
run: echo "VERSION=$(echo $GITHUB_REF | cut -d / -f 3)" >> $GITHUB_OUTPUT
if: startsWith(github.ref, 'refs/tags/v')
- name: Configure
id: configure
run: |
# The ref of the commit to checkout (do not use the merge commit if repository dispatch)
if [ "${{ github.event_name }}" == "repository_dispatch" ]; then
echo "master=false" >> $GITHUB_OUTPUT
echo "architectures=linux/amd64" >> $GITHUB_OUTPUT
echo "commit-ref=${{ github.event.client_payload.pull_request.head.sha }}" >> $GITHUB_OUTPUT
echo "pr-number=${{ github.event.client_payload.github.payload.issue.number }}" >> $GITHUB_OUTPUT
elif [ "${{ steps.get_version.outputs.VERSION }}" != "" ]; then
echo "master=false" >> $GITHUB_OUTPUT
echo "architectures=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT
echo "commit-ref=${{ steps.get_version.outputs.VERSION }}" >> $GITHUB_OUTPUT
else
echo "master=true" >> $GITHUB_OUTPUT
echo "architectures=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT
echo "commit-ref=${{ github.sha }}" >> $GITHUB_OUTPUT
fi
# The suffix to append to the repository name if not triggered by a push for a release
([[ "${{ steps.get_version.outputs.VERSION }}" == "" ]] && \
echo "repo-suffix=-ci" ||
echo "repo-suffix=") >> $GITHUB_OUTPUT
if [ "${{ github.event_name }}" != "repository_dispatch" ]; then
echo "repo-name=${{ github.repository }}" >> $GITHUB_OUTPUT
else
echo "repo-name=${{ github.event.client_payload.github.payload.repository.full_name }}" >> $GITHUB_OUTPUT
fi
# Since we are using a repository-dispatch event, we have to explicitly set a run check. We initialize it to a "pending" state.
- uses: octokit/[email protected]
name: "Initialize run check to 'pending (For PR-only)"
with:
route: POST /repos/${{ github.repository }}/statuses/${{ steps.configure.outputs.commit-ref }}
state: "pending"
description: "Component build status"
context: "Components building"
target_url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
env:
GITHUB_TOKEN: ${{ secrets.CI_TOKEN }}
if: ${{ github.event_name == 'repository_dispatch' }}
build:
runs-on: ubuntu-latest
needs: configure
strategy:
fail-fast: false
matrix:
component:
- auth-service
- cert-creator
- crd-replicator
- liqo-controller-manager
- discovery
- liqonet
- uninstaller
- virtual-kubelet
- metric-agent
- telemetry
- proxy
steps:
- name: Set up QEMU
uses: docker/[email protected]
with:
platforms: all
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Check out code
uses: actions/checkout@v4
with:
ref: "${{ needs.configure.outputs.commit-ref }}"
repository: "${{ needs.configure.outputs.repo-name }}"
persist-credentials: false
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-${{ matrix.component }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ matrix.component }}-buildx-
- name: Login to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Configure the build-push-action dockerfile path
id: dockerfile
run: |
([[ -d "build/${{ matrix.component }}" ]] && \
echo "path=build/${{ matrix.component }}/Dockerfile" || \
echo "path=build/common/Dockerfile") >> $GITHUB_OUTPUT
- name: Build (and Publish) ${{ matrix.component }} image
uses: docker/build-push-action@v5
with:
context: .
platforms: ${{ needs.configure.outputs.architectures }}
tags: |
ghcr.io/${{ github.repository_owner }}/${{ matrix.component }}${{ needs.configure.outputs.repo-suffix }}:latest
ghcr.io/${{ github.repository_owner }}/${{ matrix.component }}${{ needs.configure.outputs.repo-suffix }}:${{ needs.configure.outputs.commit-ref }}
push: true
file: ${{ steps.dockerfile.outputs.path }}
build-args: |
COMPONENT=${{ matrix.component }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
# This ugly bit is necessary if you don't want your cache to grow forever
# till it hits GitHub's limit of 5GB.
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
post-build:
runs-on: ubuntu-latest
needs: [build, configure, liqoctl]
steps:
# Since we are using a repository-dispatch event, we have to explicitly set a run check. We update it to the actual status.
- uses: octokit/[email protected]
name: "Set the PR check status (For PR-only)"
with:
route: POST /repos/${{ github.repository }}/statuses/${{ needs.configure.outputs.commit-ref }}
state: "${{ needs.build.result }}"
description: "Component build status"
context: "Components building"
target_url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
env:
GITHUB_TOKEN: ${{ secrets.CI_TOKEN }}
if: ${{ !cancelled() && github.event_name == 'repository_dispatch' }}
e2e-test-trigger:
runs-on: ubuntu-latest
needs: [build, configure, liqoctl]
if: github.event.client_payload.slash_command.command == 'test'
steps:
- name: Notify Event to E2E Tests
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.CI_TOKEN }}
repository: liqotech/liqops
event-type: "dev-event"
client-payload: |
{
"master": "${{ needs.configure.outputs.master }}",
"commit": "${{ needs.configure.outputs.commit-ref }}",
"repo-name": "${{ needs.configure.outputs.repo-name }}",
"base-repo": "${{ github.repository }}",
"run-id": "${{ github.run_id }}",
"pr-number" : "${{ needs.configure.outputs.pr-number }}"
}
liqoctl:
runs-on: ubuntu-latest
needs: [ configure ]
strategy:
matrix:
goos: [ linux, windows, darwin ]
goarch: [ arm64, amd64 ]
exclude:
- goarch: arm64
goos: windows
steps:
- uses: actions/checkout@v4
with:
ref: "${{ needs.configure.outputs.commit-ref }}"
repository: "${{ needs.configure.outputs.repo-name }}"
persist-credentials: false
- name: Build Liqoctl
run: |
./build/liqoctl/build.sh
env:
CGO_ENABLED: 0
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
LIQOCTLVERSION: ${{ needs.configure.outputs.commit-ref }}
- name: Create Archives
run: |
cp liqoctl-${{ matrix.goos }}-${{ matrix.goarch }} liqoctl
tar -czvf liqoctl-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz liqoctl LICENSE
- name: Upload Liqoctl
uses: actions/upload-artifact@v3
with:
name: liqoctl-${{ matrix.goos }}-${{ matrix.goarch }}
path: ./liqoctl-${{ matrix.goos }}-${{ matrix.goarch }}
retention-days: 1
- name: Upload Liqoctl Archive
uses: actions/upload-artifact@v3
with:
name: liqoctl-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
path: ./liqoctl-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
retention-days: 1
release:
runs-on: ubuntu-latest
needs: [build, configure, liqoctl]
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# The changelog generation requires the entire history
fetch-depth: 0
ref: "${{ needs.configure.outputs.commit-ref }}"
repository: "${{ needs.configure.outputs.repo-name }}"
persist-credentials: false
- name: Get the latest Liqo release
uses: pozetroninc/[email protected]
id: last-release
with:
repository: ${{ github.repository }}
excludes: prerelease, draft
- name: Configure Git
run: |
git config user.name "adamjensenbot"
git config user.email "[email protected]"
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: v3.8.1
- name: Parse semver string
id: semver_parser
uses: booxmedialtd/ws-action-parse-semver@v1
with:
input_string: '${{ needs.configure.outputs.commit-ref }}'
version_extractor_regex: 'v(.*)$'
# we cannot use the official chart-releaser-action since it does not support releases on tags
# https://github.com/helm/chart-releaser-action/issues/60, and it is not possible to add the
# release artifact to the main liqo release.
- name: Download chart releaser
run: |
curl -sSL "https://github.com/helm/chart-releaser/releases/download/v1.4.0/chart-releaser_1.4.0_linux_amd64.tar.gz" | tar -xz
- name: Package helm chart
run: |
# the output should be in the .cr-release-packages since cr index expects to find it there to create the helm index
helm package deployments/liqo --version "${{ needs.configure.outputs.commit-ref }}" --app-version "${{ needs.configure.outputs.commit-ref }}" --destination .cr-release-packages
- uses: actions/download-artifact@v3
with:
path: ./liqoctl/
# we need to upload only helm artifacts first, to make the index updater to work
- uses: ncipollo/release-action@v1
with:
artifacts: ".cr-release-packages/*"
generateReleaseNotes: true
token: ${{ secrets.CI_TOKEN }}
allowUpdates: true
tag: ${{ needs.configure.outputs.commit-ref }}
name: ${{ needs.configure.outputs.commit-ref }}
prerelease: ${{ steps.semver_parser.outputs.prerelease != '' }}
- name: Update Helm index
run: |
repo=$(cut -d '/' -f 2 <<< "$GITHUB_REPOSITORY")
owner=$(cut -d '/' -f 1 <<< "$GITHUB_REPOSITORY")
# Update index and push to github pages
./cr index \
--owner "$owner" \
--git-repo "$repo" \
--release-name-template "${{ needs.configure.outputs.commit-ref }}" \
--token "${{ secrets.GITHUB_TOKEN }}" \
--index-path index.yaml \
--pages-index-path index.yaml \
--push
- uses: ncipollo/release-action@v1
with:
artifacts: "./liqoctl/**/*"
token: ${{ secrets.CI_TOKEN }}
allowUpdates: true
tag: ${{ needs.configure.outputs.commit-ref }}
name: ${{ needs.configure.outputs.commit-ref }}
prerelease: ${{ steps.semver_parser.outputs.prerelease != '' }}
- name: Update new version in krew-index
uses: rajatjindal/[email protected]