diff --git a/.github/workflows/build-fork.yaml b/.github/workflows/build-fork.yaml new file mode 100644 index 00000000..2521f1aa --- /dev/null +++ b/.github/workflows/build-fork.yaml @@ -0,0 +1,81 @@ +name: Build +concurrency: + group: "${{ github.repository }}${{ github.ref }}buildfork" + cancel-in-progress: true +on: + pull_request: + types: + - opened + - synchronize + push: + branches: + - main + - develop + +env: + REGISTRY: "ghcr.io" + +jobs: + + build: + name: Build + if: github.repository != 'otterize/network-mapper' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != 'otterize/network-mapper') + runs-on: ubuntu-latest + outputs: + registry: ${{ steps.registry.outputs.registry }} # workaround since env is not available outside of steps, i.e. in calling external workflows like we later do in e2e-test + strategy: + matrix: + service: + - mapper + - sniffer + - kafka-watcher + - istio-watcher + + steps: + - id: registry + run: echo "registry=${{ env.REGISTRY }}" >> "$GITHUB_OUTPUT" + - name: Checkout + uses: actions/checkout@v2 + with: + submodules: recursive + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@master + with: + driver-opts: network=host + + - name: Log in to the Container registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Test & Build production image + uses: docker/build-push-action@v2 + with: + context: src/ + file: build/${{ matrix.service }}.Dockerfile + tags: ${{ env.REGISTRY }}/${{ github.repository }}:${{ matrix.service }}-${{ github.sha }} + push: true + network: host + platforms: linux/amd64,linux/arm64 + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + "VERSION=${{ github.run_id }}" + + e2e-test: + uses: ./.github/workflows/e2e-test.yaml + name: Trigger e2e tests + # Must pass the secrets as the called workflow does not have access to the same context + with: + registry: ${{ needs.build.outputs.registry }} + mapper-tag: mapper-${{ github.sha }} + sniffer-tag: sniffer-${{ github.sha }} + mapper-image: ${{ github.repository }} + sniffer-image: ${{ github.repository }} + + needs: + - build \ No newline at end of file diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5517703e..28edf2b8 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -18,8 +18,11 @@ env: jobs: build: + if: (github.event_name == 'push' && github.repository == 'otterize/network-mapper') || github.event.pull_request.head.repo.full_name == 'otterize/network-mapper' name: Build runs-on: ubuntu-latest + outputs: + registry: ${{ steps.registry.outputs.registry }} # workaround since env is not available outside of steps, i.e. in calling external workflows like we later do in e2e-test strategy: matrix: service: @@ -29,11 +32,13 @@ jobs: - istio-watcher steps: + - id: registry + run: echo "registry=${{ env.REGISTRY }}" >> "$GITHUB_OUTPUT" + - name: Checkout uses: actions/checkout@v2 with: submodules: recursive - token: ${{ secrets.OTTERIZEBOT_GITHUB_TOKEN }} # required for checking out submodules - name: Set up Docker Buildx id: buildx @@ -73,11 +78,13 @@ jobs: name: Trigger e2e tests # Must pass the secrets as the called workflow does not have access to the same context secrets: - OTTERIZEBOT_GITHUB_TOKEN: ${{ secrets.OTTERIZEBOT_GITHUB_TOKEN }} B64_GCLOUD_SERVICE_ACCOUNT_JSON: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }} with: + registry: ${{ needs.build.outputs.registry }} mapper-tag: ${{ github.sha }} sniffer-tag: ${{ github.sha }} + mapper-image: mapper + sniffer-image: sniffer needs: - build diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index 76912a3b..f68ea925 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -4,10 +4,8 @@ on: # When triggering a workflow from another workflow the triggered workflow does not have access to any secrets, # and they must be passed from the caller secrets: - OTTERIZEBOT_GITHUB_TOKEN: - required: true B64_GCLOUD_SERVICE_ACCOUNT_JSON: - required: true + required: false inputs: mapper-tag: @@ -16,10 +14,21 @@ on: sniffer-tag: required: true type: string + mapper-image: + required: true + type: string + sniffer-image: + required: true + type: string + registry: + required: true + type: string + default: us-central1-docker.pkg.dev/main-383408/otterize + env: - REGISTRY: us-central1-docker.pkg.dev/main-383408/otterize + REGISTRY: ${{ inputs.registry }} jobs: e2e-test: @@ -33,14 +42,23 @@ jobs: uses: actions/checkout@v2 with: submodules: recursive - token: ${{ secrets.OTTERIZEBOT_GITHUB_TOKEN }} # required for checking out submodules + + - name: Log in to the Container registry + if: github.repository != 'otterize/network-mapper' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != 'otterize/network-mapper') + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Login to GCR + if: (github.event_name == 'push' && github.repository == 'otterize/network-mapper') || github.event.pull_request.head.repo.full_name == 'otterize/network-mapper' uses: docker/login-action@v2 with: registry: ${{ env.REGISTRY }} username: _json_key_base64 - password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON}} + password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }} + - name: Set up Helm uses: azure/setup-helm@v3 @@ -58,21 +76,21 @@ jobs: - name: Deploy Network Mapper run: |- - docker pull ${{ env.REGISTRY }}/mapper:${{ inputs.mapper-tag }} - minikube image load ${{ env.REGISTRY }}/mapper:${{ inputs.mapper-tag }} - docker pull ${{ env.REGISTRY }}/sniffer:${{ inputs.sniffer-tag }} - minikube image load ${{ env.REGISTRY }}/sniffer:${{ inputs.sniffer-tag }} + docker pull ${{ env.REGISTRY }}/${{ inputs.mapper-image }}:${{ inputs.mapper-tag }} + minikube image load ${{ env.REGISTRY }}/${{ inputs.mapper-image }}:${{ inputs.mapper-tag }} + docker pull ${{ env.REGISTRY }}/${{ inputs.sniffer-image }}:${{ inputs.sniffer-tag }} + minikube image load ${{ env.REGISTRY }}/${{ inputs.sniffer-image }}:${{ inputs.sniffer-tag }} - MAPPER_FLAGS="--set-string networkMapper.mapper.repository=${{ env.REGISTRY }} --set-string networkMapper.mapper.image=mapper --set-string networkMapper.mapper.tag=${{ inputs.mapper-tag }} --set-string networkMapper.mapper.pullPolicy=Never" - SNIFFER_FLAGS="--set-string networkMapper.sniffer.repository=${{ env.REGISTRY }} --set-string networkMapper.sniffer.image=sniffer --set-string networkMapper.sniffer.tag=${{ inputs.sniffer-tag }} --set-string networkMapper.sniffer.pullPolicy=Never" + MAPPER_FLAGS="--set-string networkMapper.mapper.repository=${{ env.REGISTRY }} --set-string networkMapper.mapper.image=${{ inputs.mapper-image }} --set-string networkMapper.mapper.tag=${{ inputs.mapper-tag }} --set-string networkMapper.mapper.pullPolicy=Never" + SNIFFER_FLAGS="--set-string networkMapper.sniffer.repository=${{ env.REGISTRY }} --set-string networkMapper.sniffer.image=${{ inputs.sniffer-image }} --set-string networkMapper.sniffer.tag=${{ inputs.sniffer-tag }} --set-string networkMapper.sniffer.pullPolicy=Never" TELEMETRY_FLAG="--set global.telemetry.enabled=false" helm dep up ./helm-charts/otterize-kubernetes helm install otterize ./helm-charts/otterize-kubernetes -n otterize-system --create-namespace --set networkMapper.debug=true $MAPPER_FLAGS $SNIFFER_FLAGS $TELEMETRY_FLAG - name: Install CLI run: |- - wget --header="X-Otterize-Test: true" https://get.otterize.com/otterize-cli/v0.1.26/otterize_Linux_x86_64.tar.gz - tar xf otterize_Linux_x86_64.tar.gz + wget --header="X-Otterize-Test: true" https://get.otterize.com/otterize-cli/v0.1.30/otterize_linux_x86_64.tar.gz + tar xf otterize_linux_x86_64.tar.gz sudo cp otterize /usr/local/bin - name: Deploy Tutorial services