From c6d3505c5a8e16b611b01490901503bb0cabcc15 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 14:02:36 +0100 Subject: [PATCH 01/47] pull before build to setup cache --- .github/workflows/docker_job.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index eb3987801b..0de3d6fa44 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -57,6 +57,10 @@ jobs: version: v0.15.1 platforms: linux/amd64,linux/arm64 + - name: Pull latest for cache + run: docker pull ${{ matrix.ecr_repository }}:latest + + - name: Build ${{ matrix.ecr_repository }} Image uses: docker/build-push-action@v6.3.0 with: From a579bbb61c1c404175c95650158a05c64df99be7 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 14:13:00 +0100 Subject: [PATCH 02/47] build trigger --- cmd/mlpa/build_trigger | 1 + 1 file changed, 1 insertion(+) create mode 100644 cmd/mlpa/build_trigger diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger new file mode 100644 index 0000000000..306db431d5 --- /dev/null +++ b/cmd/mlpa/build_trigger @@ -0,0 +1 @@ +this is a uild trigger From bd6d1af7d49057401d7bf0bf05fd77dee2a024ef Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 14:18:42 +0100 Subject: [PATCH 03/47] use pull role to auth ECR --- .github/workflows/docker_job.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 0de3d6fa44..c235f88be2 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -57,10 +57,29 @@ jobs: version: v0.15.1 platforms: linux/amd64,linux/arm64 + + + - uses: unfor19/install-aws-cli-action@v1 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + aws-region: eu-west-1 + role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ecr-pull + role-duration-seconds: 900 + role-session-name: GithubActionsECRPullMLPAB + - name: ECR Login + id: login_ecr + uses: aws-actions/amazon-ecr-login@v2.0.1 + with: + mask-password: true + registries: 311462405659 + - name: Pull latest for cache run: docker pull ${{ matrix.ecr_repository }}:latest + + - name: Build ${{ matrix.ecr_repository }} Image uses: docker/build-push-action@v6.3.0 with: From 178fe4e6dbbd252732058e145388cc5ea070dc39 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 14:23:19 +0100 Subject: [PATCH 04/47] fix action id --- .github/workflows/docker_job.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index c235f88be2..088390c943 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -68,7 +68,7 @@ jobs: role-duration-seconds: 900 role-session-name: GithubActionsECRPullMLPAB - name: ECR Login - id: login_ecr + id: login_ecr_for_pull uses: aws-actions/amazon-ecr-login@v2.0.1 with: mask-password: true From ed5c0f6e4ef748ab6d6a0193ac7511a5460e7956 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 14:25:05 +0100 Subject: [PATCH 05/47] build trigger --- cmd/mlpa/build_trigger | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 306db431d5..bac953c8b5 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -1 +1 @@ -this is a uild trigger +this is a build trigger From 30993e42840f78a083df900361f2894800c5b87d Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 14:30:23 +0100 Subject: [PATCH 06/47] use compose to pull latest --- .github/workflows/docker_job.yml | 5 ++++- cmd/mlpa/build_trigger | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 088390c943..b2584160de 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -75,7 +75,10 @@ jobs: registries: 311462405659 - name: Pull latest for cache - run: docker pull ${{ matrix.ecr_repository }}:latest + env: + ECR_REGISTRY: ${{ steps.login_ecr_for_pull.outputs.registry }} + TAG: latest + run: docker compose -f docker/docker-compose.yml -f docker/docker-compose.ci.yml pull diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index bac953c8b5..291ed7ab75 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -1 +1,2 @@ this is a build trigger +another trigger From 70094eeb38502b3a3f1ba40cb00151fd298049e7 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 14:40:13 +0100 Subject: [PATCH 07/47] another build trigger --- cmd/mlpa/build_trigger | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 291ed7ab75..e2a001f633 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -1,2 +1,3 @@ this is a build trigger another trigger +another build trigger From a46c47913d0d95de202a7849c148aae961f8ab6c Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 14:50:07 +0100 Subject: [PATCH 08/47] use actual caches --- .github/workflows/docker_job.yml | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index b2584160de..fbdd4cb603 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -25,6 +25,8 @@ permissions: jobs: docker_build_scan_push: + env: + BUILD_CACHE: /home/runner/.docker/buildkit strategy: fail-fast: false matrix: @@ -57,28 +59,12 @@ jobs: version: v0.15.1 platforms: linux/amd64,linux/arm64 - - - - uses: unfor19/install-aws-cli-action@v1 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 + - uses: actions/cache@v4.0.2 with: - aws-region: eu-west-1 - role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ecr-pull - role-duration-seconds: 900 - role-session-name: GithubActionsECRPullMLPAB - - name: ECR Login - id: login_ecr_for_pull - uses: aws-actions/amazon-ecr-login@v2.0.1 - with: - mask-password: true - registries: 311462405659 + path: ${{ env.BUILD_CACHE }} + key: ${{ hashFiles('Dockerfile') }} + - - name: Pull latest for cache - env: - ECR_REGISTRY: ${{ steps.login_ecr_for_pull.outputs.registry }} - TAG: latest - run: docker compose -f docker/docker-compose.yml -f docker/docker-compose.ci.yml pull @@ -91,6 +77,8 @@ jobs: platforms: linux/amd64 push: false load: true + cache-to: type=local,src=${{ env.BUILD_CACHE }} + cache-from: type=local,src=${{ env.BUILD_CACHE }} tags: | ${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | From b8b578f9e0347d03303e7114277e82a37d760c86 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 14:59:17 +0100 Subject: [PATCH 09/47] fix hash --- .github/workflows/docker_job.yml | 8 +++----- cmd/mlpa/build_trigger | 1 + 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index fbdd4cb603..55a08fa35e 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -59,14 +59,12 @@ jobs: version: v0.15.1 platforms: linux/amd64,linux/arm64 + + - uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: ${{ hashFiles('Dockerfile') }} - - - - + key: ${{ hashFiles(${{ matrix.path }}) }} - name: Build ${{ matrix.ecr_repository }} Image diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index e2a001f633..c874c88b60 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -1,3 +1,4 @@ this is a build trigger another trigger another build trigger +another build trigger From 09f5a35a439471821fc925972371cd5918ed9ded Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 15:00:55 +0100 Subject: [PATCH 10/47] comment --- .github/workflows/docker_job.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 55a08fa35e..e3cdb0a12f 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -64,7 +64,7 @@ jobs: - uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: ${{ hashFiles(${{ matrix.path }}) }} + key: ${{ hashFiles(${{ matrix.path }}) }} ## I think I need a better hash here - name: Build ${{ matrix.ecr_repository }} Image From 08da9dd02e156c317136176d65a242f4f33199f8 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 15:09:18 +0100 Subject: [PATCH 11/47] fix unexpected --- .github/workflows/docker_job.yml | 2 +- cmd/mlpa/build_trigger | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index e3cdb0a12f..5f2429224d 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -64,7 +64,7 @@ jobs: - uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: ${{ hashFiles(${{ matrix.path }}) }} ## I think I need a better hash here + key: ${{ hashFiles('${{ matrix.path }}') }} ## I think I need a better hash here - name: Build ${{ matrix.ecr_repository }} Image diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index c874c88b60..16fd0f2192 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -2,3 +2,4 @@ this is a build trigger another trigger another build trigger another build trigger +another build trigger From 1541835d85d43ee4965a59f5f79e17c40899b444 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 15:15:37 +0100 Subject: [PATCH 12/47] put string in front of hast --- .github/workflows/docker_job.yml | 2 +- cmd/mlpa/build_trigger | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 5f2429224d..a2aa3ad81a 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -64,7 +64,7 @@ jobs: - uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: ${{ hashFiles('${{ matrix.path }}') }} ## I think I need a better hash here + key: test-${{ hashFiles('${{ matrix.path }}') }} ## I think I need a better hash here - name: Build ${{ matrix.ecr_repository }} Image diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 16fd0f2192..23b25ee8ee 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -3,3 +3,4 @@ another trigger another build trigger another build trigger another build trigger +another build trigger From 80ae26b2f33b24e4bda3611cad88de86a9cc298e Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 15:20:04 +0100 Subject: [PATCH 13/47] put dest for build cache --- .github/workflows/docker_job.yml | 2 +- cmd/mlpa/build_trigger | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index a2aa3ad81a..63046869ac 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -75,7 +75,7 @@ jobs: platforms: linux/amd64 push: false load: true - cache-to: type=local,src=${{ env.BUILD_CACHE }} + cache-to: type=local,to=${{ env.BUILD_CACHE }} cache-from: type=local,src=${{ env.BUILD_CACHE }} tags: | ${{ matrix.ecr_repository }}:${{ inputs.tag }} diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 23b25ee8ee..7ff3bea7d2 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -4,3 +4,4 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger From a458b86f24845491847beb2926ab27ff892dce46 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 15:27:49 +0100 Subject: [PATCH 14/47] dest not to --- .github/workflows/docker_job.yml | 5 +++-- cmd/mlpa/build_trigger | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 63046869ac..09f26900fb 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -64,7 +64,8 @@ jobs: - uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: test-${{ hashFiles('${{ matrix.path }}') }} ## I think I need a better hash here + key: test-${{ hashFiles('matrix.path') }} + # ${{ hashFiles('${{ matrix.path }}') }} ## I think I need a better hash here - name: Build ${{ matrix.ecr_repository }} Image @@ -75,7 +76,7 @@ jobs: platforms: linux/amd64 push: false load: true - cache-to: type=local,to=${{ env.BUILD_CACHE }} + cache-to: type=local,dest=${{ env.BUILD_CACHE }} cache-from: type=local,src=${{ env.BUILD_CACHE }} tags: | ${{ matrix.ecr_repository }}:${{ inputs.tag }} diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 7ff3bea7d2..2983b3df1d 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -5,3 +5,4 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger From d436595a45ebf9706fed29dc9985d6442d4be3c6 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 15:33:57 +0100 Subject: [PATCH 15/47] fix hash creation --- .github/workflows/docker_job.yml | 2 +- cmd/mlpa/build_trigger | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 09f26900fb..6e827bbb96 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -64,7 +64,7 @@ jobs: - uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: test-${{ hashFiles('matrix.path') }} + key: test-${{ hashFiles('${{ matrix.path }}') }} # ${{ hashFiles('${{ matrix.path }}') }} ## I think I need a better hash here diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 2983b3df1d..db093ca911 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -6,3 +6,4 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger From 81d7bdf27242af3135779037d8a64f708006fa3c Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 15:40:51 +0100 Subject: [PATCH 16/47] remove preceeding ./ from path --- .github/workflows/docker_job.yml | 2 +- cmd/mlpa/build_trigger | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 6e827bbb96..37f22511f5 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -35,7 +35,7 @@ jobs: path: ./docker/mlpa/Dockerfile platforms: linux/amd64 - ecr_repository: modernising-lpa/create-s3-batch-replication-job - path: ./lambda/create_s3_replication_job/Dockerfile + path: lambda/create_s3_replication_job/Dockerfile platforms: linux/amd64 - ecr_repository: modernising-lpa/event-received path: ./docker/event-received/Dockerfile diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index db093ca911..2983b3df1d 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -6,4 +6,3 @@ another build trigger another build trigger another build trigger another build trigger -another build trigger From e5b5971f5a0db9a0c1b240ec55d3a0b6543ae1d9 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 16:07:57 +0100 Subject: [PATCH 17/47] use something else for hashing --- .github/workflows/docker_job.yml | 5 ++--- cmd/mlpa/build_trigger | 2 ++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 37f22511f5..007fc4ca35 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -35,7 +35,7 @@ jobs: path: ./docker/mlpa/Dockerfile platforms: linux/amd64 - ecr_repository: modernising-lpa/create-s3-batch-replication-job - path: lambda/create_s3_replication_job/Dockerfile + path: ./lambda/create_s3_replication_job/Dockerfile platforms: linux/amd64 - ecr_repository: modernising-lpa/event-received path: ./docker/event-received/Dockerfile @@ -64,8 +64,7 @@ jobs: - uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: test-${{ hashFiles('${{ matrix.path }}') }} - # ${{ hashFiles('${{ matrix.path }}') }} ## I think I need a better hash here + key: ${{ matrix.ecr_respository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json' }}') }} - name: Build ${{ matrix.ecr_repository }} Image diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 2983b3df1d..1f67cf6a0b 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -6,3 +6,5 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger From 7eff5f35da25aba5f6287b02d6ad0199b1df0d45 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 16:09:46 +0100 Subject: [PATCH 18/47] fix key --- .github/workflows/docker_job.yml | 2 +- cmd/mlpa/build_trigger | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 007fc4ca35..c355880224 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -64,7 +64,7 @@ jobs: - uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: ${{ matrix.ecr_respository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json' }}') }} + key: ${{ matrix.ecr_respository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} - name: Build ${{ matrix.ecr_repository }} Image diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 1f67cf6a0b..2983b3df1d 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -6,5 +6,3 @@ another build trigger another build trigger another build trigger another build trigger -another build trigger -another build trigger From e04d92ac5186708c1649848e612f9c2dee712a62 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 16:14:35 +0100 Subject: [PATCH 19/47] fix pulling ecr into key --- .github/workflows/docker_job.yml | 2 +- cmd/mlpa/build_trigger | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index c355880224..4f8c1e2c13 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -64,7 +64,7 @@ jobs: - uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: ${{ matrix.ecr_respository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} + key: ${{ matrix.ecr_repository }}}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} - name: Build ${{ matrix.ecr_repository }} Image diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 2983b3df1d..a38bdc627e 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -6,3 +6,6 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger From 19589dbcbb7d2f4c965cd23f2a3018e7d89d7062 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 17:02:36 +0100 Subject: [PATCH 20/47] fix typo --- .github/workflows/docker_job.yml | 2 +- cmd/mlpa/build_trigger | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 4f8c1e2c13..833d5a4fda 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -64,7 +64,7 @@ jobs: - uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: ${{ matrix.ecr_repository }}}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} + key: ${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} - name: Build ${{ matrix.ecr_repository }} Image diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index a38bdc627e..98027445b0 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -9,3 +9,4 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger From aba206be8e2a3950405e50275cf6ae2b9adfff32 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Thu, 18 Jul 2024 19:34:58 +0100 Subject: [PATCH 21/47] name the action --- .github/workflows/docker_job.yml | 5 +++-- cmd/mlpa/build_trigger | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 833d5a4fda..8addddd288 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -60,8 +60,9 @@ jobs: platforms: linux/amd64,linux/arm64 - - - uses: actions/cache@v4.0.2 + - name: setup cache for ${{ matrix.ecr_repository }} + id: setup_cache + uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} key: ${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 98027445b0..9c75e957f5 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -10,3 +10,5 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger From 8f9a4230dfefe39e61632c98b75a9e6ac4f55426 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 09:11:34 +0100 Subject: [PATCH 22/47] make caches unique to branch or pr --- .github/workflows/docker_job.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 8addddd288..fa2f80acd7 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -59,13 +59,12 @@ jobs: version: v0.15.1 platforms: linux/amd64,linux/arm64 - - name: setup cache for ${{ matrix.ecr_repository }} id: setup_cache uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: ${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} + key: ${{ input.checkout-tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} - name: Build ${{ matrix.ecr_repository }} Image From 5ac036feee786a8c5ea7d8bd5295a023912badb1 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 09:13:48 +0100 Subject: [PATCH 23/47] fix inputs --- .github/workflows/docker_job.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index fa2f80acd7..e712c09b94 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -64,7 +64,7 @@ jobs: uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: ${{ input.checkout-tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} + key: ${{ inputs.checkout-tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} - name: Build ${{ matrix.ecr_repository }} Image From 0e30cc8c872c5beaeec6b848df6715c6bbc9daf1 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 09:21:05 +0100 Subject: [PATCH 24/47] fix inputs --- .github/workflows/docker_job.yml | 2 +- cmd/mlpa/build_trigger | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index e712c09b94..004ccabfd2 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -64,7 +64,7 @@ jobs: uses: actions/cache@v4.0.2 with: path: ${{ env.BUILD_CACHE }} - key: ${{ inputs.checkout-tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} + key: ${{ inputs.checkout_tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} - name: Build ${{ matrix.ecr_repository }} Image diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 9c75e957f5..28f1566a4b 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -12,3 +12,7 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger +another build trigger From 1e3bf0dbc03c0e386f8f1b0ce713f9f35b80baff Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 10:27:13 +0100 Subject: [PATCH 25/47] add branch name to use in registry cache --- .github/workflows/docker_job.yml | 34 +++++++++++++++++++++++-------- .github/workflows/workflow_pr.yml | 1 + 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 004ccabfd2..b504aac5e4 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -12,6 +12,10 @@ on: default: ${{ github.ref }} required: false type: string + branch_name: + description: 'Branch name' + required: true + type: string defaults: run: @@ -59,13 +63,27 @@ jobs: version: v0.15.1 platforms: linux/amd64,linux/arm64 - - name: setup cache for ${{ matrix.ecr_repository }} - id: setup_cache - uses: actions/cache@v4.0.2 - with: - path: ${{ env.BUILD_CACHE }} - key: ${{ inputs.checkout_tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} + # - name: setup cache for ${{ matrix.ecr_repository }} + # id: setup_cache + # uses: actions/cache@v4.0.2 + # with: + # path: ${{ env.BUILD_CACHE }} + # key: ${{ inputs.checkout_tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} + - uses: unfor19/install-aws-cli-action@v1 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + aws-region: eu-west-1 + role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ecr-push + role-duration-seconds: 900 + role-session-name: GithubActionsECRPushMLPAB + - name: ECR Login + id: login_ecr + uses: aws-actions/amazon-ecr-login@v2.0.1 + with: + mask-password: true + registries: 311462405659 - name: Build ${{ matrix.ecr_repository }} Image uses: docker/build-push-action@v6.3.0 @@ -75,8 +93,8 @@ jobs: platforms: linux/amd64 push: false load: true - cache-to: type=local,dest=${{ env.BUILD_CACHE }} - cache-from: type=local,src=${{ env.BUILD_CACHE }} + cache-from: type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:buildcache-${{ inputs.branch_name }} + cache-to: type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:buildcache-${{ inputs.branch_name }},mode=max tags: | ${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | diff --git a/.github/workflows/workflow_pr.yml b/.github/workflows/workflow_pr.yml index d34f7446f2..fd27f3930c 100644 --- a/.github/workflows/workflow_pr.yml +++ b/.github/workflows/workflow_pr.yml @@ -58,6 +58,7 @@ jobs: ] with: tag: ${{ needs.create_tags.outputs.version_tag }} + branch_name: ${{ github.head_ref }} terraform_account_workflow_development: name: TF Plan Dev Account From 0bf55a50eac60dd2ade0dd2a41efbedc1d9bf17f Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 10:45:17 +0100 Subject: [PATCH 26/47] only use one login --- .github/workflows/docker_job.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index b504aac5e4..4e4a8ba935 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -115,20 +115,20 @@ jobs: with: sarif_file: 'trivy-results.sarif' - - uses: unfor19/install-aws-cli-action@v1 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 - with: - aws-region: eu-west-1 - role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ecr-push - role-duration-seconds: 900 - role-session-name: GithubActionsECRPushMLPAB - - name: ECR Login - id: login_ecr - uses: aws-actions/amazon-ecr-login@v2.0.1 - with: - mask-password: true - registries: 311462405659 + # - uses: unfor19/install-aws-cli-action@v1 + # - name: Configure AWS Credentials + # uses: aws-actions/configure-aws-credentials@v4.0.2 + # with: + # aws-region: eu-west-1 + # role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ecr-push + # role-duration-seconds: 900 + # role-session-name: GithubActionsECRPushMLPAB + # - name: ECR Login + # id: login_ecr_for_buildcache + # uses: aws-actions/amazon-ecr-login@v2.0.1 + # with: + # mask-password: true + # registries: 311462405659 - name: Push ${{ matrix.ecr_repository }} Image to ECR for PR if: ${{ github.workflow != 'Path To Live' }} uses: docker/build-push-action@v6.3.0 From 567553376f563f5a5f52389714ab064256409f3e Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 10:47:18 +0100 Subject: [PATCH 27/47] build trigger --- cmd/mlpa/build_trigger | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 28f1566a4b..3bceb603ee 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -16,3 +16,11 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger From 47dadbf68842c7005430762aad902b75783cff23 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 11:46:22 +0100 Subject: [PATCH 28/47] use combination of local and remote cache --- .github/workflows/docker_job.yml | 71 +++++++++++++------------------- cmd/mlpa/build_trigger | 10 +++++ 2 files changed, 39 insertions(+), 42 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 4e4a8ba935..87d844caaa 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -12,10 +12,6 @@ on: default: ${{ github.ref }} required: false type: string - branch_name: - description: 'Branch name' - required: true - type: string defaults: run: @@ -29,8 +25,6 @@ permissions: jobs: docker_build_scan_push: - env: - BUILD_CACHE: /home/runner/.docker/buildkit strategy: fail-fast: false matrix: @@ -63,27 +57,12 @@ jobs: version: v0.15.1 platforms: linux/amd64,linux/arm64 - # - name: setup cache for ${{ matrix.ecr_repository }} - # id: setup_cache - # uses: actions/cache@v4.0.2 - # with: - # path: ${{ env.BUILD_CACHE }} - # key: ${{ inputs.checkout_tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} - - - uses: unfor19/install-aws-cli-action@v1 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 - with: - aws-region: eu-west-1 - role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ecr-push - role-duration-seconds: 900 - role-session-name: GithubActionsECRPushMLPAB - - name: ECR Login - id: login_ecr - uses: aws-actions/amazon-ecr-login@v2.0.1 + - name: setup cache for ${{ matrix.ecr_repository }} + id: setup_cache + uses: actions/cache@v4.0.2 with: - mask-password: true - registries: 311462405659 + path: /tmp/.buildx-cache + key: ${{ inputs.checkout_tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} - name: Build ${{ matrix.ecr_repository }} Image uses: docker/build-push-action@v6.3.0 @@ -93,13 +72,21 @@ jobs: platforms: linux/amd64 push: false load: true - cache-from: type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:buildcache-${{ inputs.branch_name }} - cache-to: type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:buildcache-${{ inputs.branch_name }},mode=max + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max tags: | ${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | TAG=${{inputs.tag}} + - # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + - name: Trivy Image Vulnerability Scanner for ${{ matrix.ecr_repository }} id: trivy_scan uses: aquasecurity/trivy-action@0.24.0 @@ -115,20 +102,20 @@ jobs: with: sarif_file: 'trivy-results.sarif' - # - uses: unfor19/install-aws-cli-action@v1 - # - name: Configure AWS Credentials - # uses: aws-actions/configure-aws-credentials@v4.0.2 - # with: - # aws-region: eu-west-1 - # role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ecr-push - # role-duration-seconds: 900 - # role-session-name: GithubActionsECRPushMLPAB - # - name: ECR Login - # id: login_ecr_for_buildcache - # uses: aws-actions/amazon-ecr-login@v2.0.1 - # with: - # mask-password: true - # registries: 311462405659 + - uses: unfor19/install-aws-cli-action@v1 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + aws-region: eu-west-1 + role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ecr-push + role-duration-seconds: 900 + role-session-name: GithubActionsECRPushMLPAB + - name: ECR Login + id: login_ecr + uses: aws-actions/amazon-ecr-login@v2.0.1 + with: + mask-password: true + registries: 311462405659 - name: Push ${{ matrix.ecr_repository }} Image to ECR for PR if: ${{ github.workflow != 'Path To Live' }} uses: docker/build-push-action@v6.3.0 diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 3bceb603ee..e1672cc4e3 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -24,3 +24,13 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger From f073b694e8c953f6a13237de635338aa7627ca89 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 13:05:56 +0100 Subject: [PATCH 29/47] use registry --- .github/workflows/docker_job.yml | 55 +++++++++++++++----------------- cmd/mlpa/build_trigger | 1 + 2 files changed, 27 insertions(+), 29 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 87d844caaa..da744c7d4e 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -12,6 +12,10 @@ on: default: ${{ github.ref }} required: false type: string + branch_name: + description: 'Branch name' + required: true + type: string defaults: run: @@ -57,12 +61,27 @@ jobs: version: v0.15.1 platforms: linux/amd64,linux/arm64 - - name: setup cache for ${{ matrix.ecr_repository }} - id: setup_cache - uses: actions/cache@v4.0.2 + # - name: setup cache for ${{ matrix.ecr_repository }} + # id: setup_cache + # uses: actions/cache@v4.0.2 + # with: + # path: /tmp/.buildx-cache + # key: ${{ inputs.checkout_tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} + + - uses: unfor19/install-aws-cli-action@v1 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + aws-region: eu-west-1 + role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ecr-push + role-duration-seconds: 900 + role-session-name: GithubActionsECRPushMLPAB + - name: ECR Login + id: login_ecr + uses: aws-actions/amazon-ecr-login@v2.0.1 with: - path: /tmp/.buildx-cache - key: ${{ inputs.checkout_tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} + mask-password: true + registries: 311462405659 - name: Build ${{ matrix.ecr_repository }} Image uses: docker/build-push-action@v6.3.0 @@ -72,21 +91,13 @@ jobs: platforms: linux/amd64 push: false load: true - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + # cache-from: type=registry,src=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} + cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | TAG=${{inputs.tag}} - - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - name: Trivy Image Vulnerability Scanner for ${{ matrix.ecr_repository }} id: trivy_scan uses: aquasecurity/trivy-action@0.24.0 @@ -102,20 +113,6 @@ jobs: with: sarif_file: 'trivy-results.sarif' - - uses: unfor19/install-aws-cli-action@v1 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 - with: - aws-region: eu-west-1 - role-to-assume: arn:aws:iam::311462405659:role/modernising-lpa-github-actions-ecr-push - role-duration-seconds: 900 - role-session-name: GithubActionsECRPushMLPAB - - name: ECR Login - id: login_ecr - uses: aws-actions/amazon-ecr-login@v2.0.1 - with: - mask-password: true - registries: 311462405659 - name: Push ${{ matrix.ecr_repository }} Image to ECR for PR if: ${{ github.workflow != 'Path To Live' }} uses: docker/build-push-action@v6.3.0 diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index e1672cc4e3..140fa1d36f 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -34,3 +34,4 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger From 3524e63bba3a1b103c95c90182d572c9a9952f2b Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 13:12:38 +0100 Subject: [PATCH 30/47] pull from registry --- .github/workflows/docker_job.yml | 2 +- cmd/mlpa/build_trigger | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index da744c7d4e..52f18212fe 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -91,7 +91,7 @@ jobs: platforms: linux/amd64 push: false load: true - # cache-from: type=registry,src=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} + cache-from: type=registry,src=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ matrix.ecr_repository }}:${{ inputs.tag }} diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 140fa1d36f..2c8986e943 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -35,3 +35,6 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger From 954c0ce528610234e0e1427c54b6a12086507bb7 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 13:17:10 +0100 Subject: [PATCH 31/47] from requires ref when registry --- .github/workflows/docker_job.yml | 2 +- cmd/mlpa/build_trigger | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 52f18212fe..951d651bd5 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -91,7 +91,7 @@ jobs: platforms: linux/amd64 push: false load: true - cache-from: type=registry,src=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} + cache-from: type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ matrix.ecr_repository }}:${{ inputs.tag }} diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 2c8986e943..b3e5cbef09 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -38,3 +38,9 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger From 7683c81a0e4d1fc9f733e943a59de4bdda5ddd44 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 13:52:45 +0100 Subject: [PATCH 32/47] build trigger --- cmd/mlpa/build_trigger | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index b3e5cbef09..0deb57e468 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -44,3 +44,7 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger +another build trigger From a649003651e68a97d03e62ba3ebe82148209947a Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 15:59:20 +0100 Subject: [PATCH 33/47] build trigger --- cmd/mlpa/build_trigger | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 0deb57e468..4285347de4 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -48,3 +48,5 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger From 1d68e3d5f43e1e1cbde1e81656c89ce8a5b2262c Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 16:11:45 +0100 Subject: [PATCH 34/47] push sbom and attestation --- .github/workflows/docker_job.yml | 8 ++++---- cmd/mlpa/build_trigger | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 951d651bd5..fe301369f1 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -126,8 +126,8 @@ jobs: ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | TAG=${{inputs.tag}} - sbom: false - provenance: false + sbom: true + provenance: mode=max - name: Push ${{ matrix.ecr_repository }} Image to ECR for Path to Live if: ${{ github.workflow == 'Path To Live' }} @@ -144,5 +144,5 @@ jobs: ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:latest build-args: | TAG=${{inputs.tag}} - sbom: false - provenance: false + sbom: true + provenance: mode=max diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 4285347de4..aa69bc8f99 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -50,3 +50,5 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger From 5ea87dcf0820fc7f2298716f614815c9463efdc4 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 16:29:29 +0100 Subject: [PATCH 35/47] from cache on push --- .github/workflows/docker_job.yml | 2 ++ cmd/mlpa/build_trigger | 3 +++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index fe301369f1..40f724d056 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -122,6 +122,7 @@ jobs: builder: ${{ steps.buildx_setup.outputs.name }} push: true platforms: ${{ matrix.platforms }} + cache-from: type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | @@ -138,6 +139,7 @@ jobs: builder: ${{ steps.buildx_setup.outputs.name }} push: true platforms: ${{ matrix.platforms }} + cache-from: type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }} ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:main-${{ inputs.tag }} diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index aa69bc8f99..b6ad8db239 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -52,3 +52,6 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger From bf19706b9c9330cd4f95ad2aef92971694381e20 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 16:37:26 +0100 Subject: [PATCH 36/47] push to cache with the rest of the push --- .github/workflows/docker_job.yml | 6 +++--- cmd/mlpa/build_trigger | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 40f724d056..51c59fb5e2 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -92,7 +92,7 @@ jobs: push: false load: true cache-from: type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} - cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} + # cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | @@ -122,7 +122,7 @@ jobs: builder: ${{ steps.buildx_setup.outputs.name }} push: true platforms: ${{ matrix.platforms }} - cache-from: type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} + cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | @@ -139,7 +139,7 @@ jobs: builder: ${{ steps.buildx_setup.outputs.name }} push: true platforms: ${{ matrix.platforms }} - cache-from: type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} + cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }} ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:main-${{ inputs.tag }} diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index b6ad8db239..8e00bce6a7 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -55,3 +55,9 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger From a1c911a61115ba58f853081d8eca7997fc659e48 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 16:55:39 +0100 Subject: [PATCH 37/47] push min cache --- .github/workflows/docker_job.yml | 4 ++-- cmd/mlpa/build_trigger | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 51c59fb5e2..35038eaa20 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -122,7 +122,7 @@ jobs: builder: ${{ steps.buildx_setup.outputs.name }} push: true platforms: ${{ matrix.platforms }} - cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} + cache-to: type=registry,mode=min,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | @@ -139,7 +139,7 @@ jobs: builder: ${{ steps.buildx_setup.outputs.name }} push: true platforms: ${{ matrix.platforms }} - cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} + cache-to: type=registry,mode=min,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }} ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:main-${{ inputs.tag }} diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 8e00bce6a7..a06bd95a6c 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -61,3 +61,9 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger From 7e5a4c03f6c82fbf18de1b0d2fa682f3f43a032e Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 17:13:58 +0100 Subject: [PATCH 38/47] toggle provedence pushing for lamda functions --- .github/workflows/docker_job.yml | 8 ++++++-- cmd/mlpa/build_trigger | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 35038eaa20..1839dd4a94 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -36,15 +36,19 @@ jobs: - ecr_repository: modernising-lpa/app path: ./docker/mlpa/Dockerfile platforms: linux/amd64 + push_provenance: mode=max # options are false, mode=min, mode=max, false is required for lambda functions at this time - ecr_repository: modernising-lpa/create-s3-batch-replication-job path: ./lambda/create_s3_replication_job/Dockerfile platforms: linux/amd64 + push_provenance: false - ecr_repository: modernising-lpa/event-received path: ./docker/event-received/Dockerfile platforms: linux/amd64 + push_provenance: false - ecr_repository: modernising-lpa/mock-pay path: ./docker/mock-pay/Dockerfile platforms: linux/amd64 + push_provenance: mode=max runs-on: ubuntu-latest name: ${{ matrix.ecr_repository }} steps: @@ -128,7 +132,7 @@ jobs: build-args: | TAG=${{inputs.tag}} sbom: true - provenance: mode=max + provenance: ${{ matrix.push_provenance }} - name: Push ${{ matrix.ecr_repository }} Image to ECR for Path to Live if: ${{ github.workflow == 'Path To Live' }} @@ -147,4 +151,4 @@ jobs: build-args: | TAG=${{inputs.tag}} sbom: true - provenance: mode=max + provenance: ${{ matrix.push_provenance }} diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index a06bd95a6c..b10c44565c 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -67,3 +67,4 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger From 407ed3f159f671972b39f8d1a2c9f1fc788880e5 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 18:17:41 +0100 Subject: [PATCH 39/47] set source date to 0 for reproducable builds --- .github/workflows/docker_job.yml | 14 ++++++-------- cmd/mlpa/build_trigger | 2 ++ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 1839dd4a94..d99b1e7a4e 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -65,13 +65,6 @@ jobs: version: v0.15.1 platforms: linux/amd64,linux/arm64 - # - name: setup cache for ${{ matrix.ecr_repository }} - # id: setup_cache - # uses: actions/cache@v4.0.2 - # with: - # path: /tmp/.buildx-cache - # key: ${{ inputs.checkout_tag }}-${{ matrix.ecr_repository }}-${{ hashFiles('go.mod', 'go.sum', 'package.json') }} - - uses: unfor19/install-aws-cli-action@v1 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4.0.2 @@ -96,11 +89,12 @@ jobs: push: false load: true cache-from: type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} - # cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | TAG=${{inputs.tag}} + env: + SOURCE_DATE_EPOCH: 0 - name: Trivy Image Vulnerability Scanner for ${{ matrix.ecr_repository }} id: trivy_scan @@ -133,6 +127,8 @@ jobs: TAG=${{inputs.tag}} sbom: true provenance: ${{ matrix.push_provenance }} + env: + SOURCE_DATE_EPOCH: 0 - name: Push ${{ matrix.ecr_repository }} Image to ECR for Path to Live if: ${{ github.workflow == 'Path To Live' }} @@ -152,3 +148,5 @@ jobs: TAG=${{inputs.tag}} sbom: true provenance: ${{ matrix.push_provenance }} + env: + SOURCE_DATE_EPOCH: 0 diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index b10c44565c..80c4d8ffd8 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -68,3 +68,5 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger From 180bb79d1c743dd7371f28edfc35174b334170c7 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 18:50:55 +0100 Subject: [PATCH 40/47] torn off sbom for all to check lambda --- .github/workflows/docker_job.yml | 4 ++-- cmd/mlpa/build_trigger | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index d99b1e7a4e..443b9a0b74 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -125,7 +125,7 @@ jobs: ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | TAG=${{inputs.tag}} - sbom: true + sbom: false provenance: ${{ matrix.push_provenance }} env: SOURCE_DATE_EPOCH: 0 @@ -146,7 +146,7 @@ jobs: ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:latest build-args: | TAG=${{inputs.tag}} - sbom: true + sbom: false provenance: ${{ matrix.push_provenance }} env: SOURCE_DATE_EPOCH: 0 diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 80c4d8ffd8..3c69e0a3c2 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -70,3 +70,9 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger +another build trigger From 0c851fbfd0a1e1a70a1ccc35238b0c6df6f2452e Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 19:26:32 +0100 Subject: [PATCH 41/47] try max cache again --- .github/workflows/docker_job.yml | 4 ++-- cmd/mlpa/build_trigger | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 443b9a0b74..6b9177f15a 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -120,7 +120,7 @@ jobs: builder: ${{ steps.buildx_setup.outputs.name }} push: true platforms: ${{ matrix.platforms }} - cache-to: type=registry,mode=min,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} + cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | @@ -139,7 +139,7 @@ jobs: builder: ${{ steps.buildx_setup.outputs.name }} push: true platforms: ${{ matrix.platforms }} - cache-to: type=registry,mode=min,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} + cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:cache-${{ inputs.branch_name }} tags: | ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }} ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:main-${{ inputs.tag }} diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 3c69e0a3c2..2720172d25 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -76,3 +76,6 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger +another build trigger From 3fcbdd2d8ca82bc100950a37236e2e648c5929e2 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 19:41:23 +0100 Subject: [PATCH 42/47] push attestation for lambda images --- .github/workflows/docker_job.yml | 4 ++-- cmd/mlpa/build_trigger | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 6b9177f15a..896f4e0513 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -40,11 +40,11 @@ jobs: - ecr_repository: modernising-lpa/create-s3-batch-replication-job path: ./lambda/create_s3_replication_job/Dockerfile platforms: linux/amd64 - push_provenance: false + push_provenance: mode=max - ecr_repository: modernising-lpa/event-received path: ./docker/event-received/Dockerfile platforms: linux/amd64 - push_provenance: false + push_provenance: mode=max - ecr_repository: modernising-lpa/mock-pay path: ./docker/mock-pay/Dockerfile platforms: linux/amd64 diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 2720172d25..ebd5452d0b 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -79,3 +79,5 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger +another build trigger From e2563b5379cf32be522a1bb50cdddbc72ac01f3a Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Mon, 22 Jul 2024 21:20:41 +0100 Subject: [PATCH 43/47] don't push sbom or provenance for lambda images --- .github/workflows/docker_job.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 896f4e0513..b086eaf9d5 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -37,18 +37,22 @@ jobs: path: ./docker/mlpa/Dockerfile platforms: linux/amd64 push_provenance: mode=max # options are false, mode=min, mode=max, false is required for lambda functions at this time + push_sbom: true # options are false, true, false is required for lambda functions at this time - ecr_repository: modernising-lpa/create-s3-batch-replication-job path: ./lambda/create_s3_replication_job/Dockerfile platforms: linux/amd64 push_provenance: mode=max + push_sbom: false - ecr_repository: modernising-lpa/event-received path: ./docker/event-received/Dockerfile platforms: linux/amd64 push_provenance: mode=max + push_sbom: false - ecr_repository: modernising-lpa/mock-pay path: ./docker/mock-pay/Dockerfile platforms: linux/amd64 push_provenance: mode=max + push_sbom: true runs-on: ubuntu-latest name: ${{ matrix.ecr_repository }} steps: From 94d9f79749439b43b69c370b37a9a73159b50cfe Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Tue, 23 Jul 2024 10:18:38 +0100 Subject: [PATCH 44/47] conditionally push sboms --- .github/workflows/docker_job.yml | 4 +- cmd/mlpa/build_trigger | 70 -------------------------------- 2 files changed, 2 insertions(+), 72 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index b086eaf9d5..9c8f941bb0 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -129,7 +129,7 @@ jobs: ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }} build-args: | TAG=${{inputs.tag}} - sbom: false + sbom: ${{ matrix.push_sbom }} provenance: ${{ matrix.push_provenance }} env: SOURCE_DATE_EPOCH: 0 @@ -150,7 +150,7 @@ jobs: ${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:latest build-args: | TAG=${{inputs.tag}} - sbom: false + sbom: ${{ matrix.push_sbom }} provenance: ${{ matrix.push_provenance }} env: SOURCE_DATE_EPOCH: 0 diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index ebd5452d0b..feb135291c 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -11,73 +11,3 @@ another build trigger another build trigger another build trigger another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger From 45bfe7c048be3a5df5a49f9022c0a787228e1bf1 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Tue, 23 Jul 2024 11:11:41 +0100 Subject: [PATCH 45/47] fix manifest for lambda --- .github/workflows/docker_job.yml | 4 ++-- cmd/mlpa/build_trigger | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 9c8f941bb0..74e8cd474b 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -41,12 +41,12 @@ jobs: - ecr_repository: modernising-lpa/create-s3-batch-replication-job path: ./lambda/create_s3_replication_job/Dockerfile platforms: linux/amd64 - push_provenance: mode=max + push_provenance: false push_sbom: false - ecr_repository: modernising-lpa/event-received path: ./docker/event-received/Dockerfile platforms: linux/amd64 - push_provenance: mode=max + push_provenance: false push_sbom: false - ecr_repository: modernising-lpa/mock-pay path: ./docker/mock-pay/Dockerfile diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index feb135291c..9c75e957f5 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -11,3 +11,4 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger From 34db0cde0cf740a3d3e146840bc0a61e2700a039 Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Tue, 23 Jul 2024 11:39:24 +0100 Subject: [PATCH 46/47] rerun build --- .github/workflows/docker_job.yml | 1 + cmd/mlpa/build_trigger | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/docker_job.yml b/.github/workflows/docker_job.yml index 74e8cd474b..c429a17972 100644 --- a/.github/workflows/docker_job.yml +++ b/.github/workflows/docker_job.yml @@ -53,6 +53,7 @@ jobs: platforms: linux/amd64 push_provenance: mode=max push_sbom: true + runs-on: ubuntu-latest name: ${{ matrix.ecr_repository }} steps: diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger index 9c75e957f5..278e056b71 100644 --- a/cmd/mlpa/build_trigger +++ b/cmd/mlpa/build_trigger @@ -12,3 +12,4 @@ another build trigger another build trigger another build trigger another build trigger +another build trigger From d516dfd4bef44e5fba763e34004e8d49fe3f797c Mon Sep 17 00:00:00 2001 From: Andrew Pearce Date: Tue, 23 Jul 2024 12:19:34 +0100 Subject: [PATCH 47/47] set main for branch name on ptl --- .github/workflows/workflow_path_to_live.yml | 1 + cmd/mlpa/build_trigger | 15 --------------- 2 files changed, 1 insertion(+), 15 deletions(-) delete mode 100644 cmd/mlpa/build_trigger diff --git a/.github/workflows/workflow_path_to_live.yml b/.github/workflows/workflow_path_to_live.yml index aa90dc20cd..d3fb4dfef8 100644 --- a/.github/workflows/workflow_path_to_live.yml +++ b/.github/workflows/workflow_path_to_live.yml @@ -47,6 +47,7 @@ jobs: needs: [go_unit_tests,create_tags] with: tag: ${{ needs.create_tags.outputs.version_tag }} + branch_name: main terraform_account_workflow_development: name: TF Apply Dev Account diff --git a/cmd/mlpa/build_trigger b/cmd/mlpa/build_trigger deleted file mode 100644 index 278e056b71..0000000000 --- a/cmd/mlpa/build_trigger +++ /dev/null @@ -1,15 +0,0 @@ -this is a build trigger -another trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger -another build trigger