diff --git a/.github/workflows/reusable-golangci-lint.yml b/.github/workflows/reusable-golangci-lint.yml index 52ec47a..d07bb51 100644 --- a/.github/workflows/reusable-golangci-lint.yml +++ b/.github/workflows/reusable-golangci-lint.yml @@ -39,5 +39,5 @@ jobs: - name: golangci-lint uses: GeoNet/golangci-lint-action@f76d5e859fe0815b3ba71fc6c45066932309e9da # master with: - version: v1.54.2 + version: v1.55.1 args: --timeout 30m -E gosec diff --git a/.github/workflows/test-reusable-docker-build.yml b/.github/workflows/test-reusable-docker-build.yml deleted file mode 100644 index 4ef4356..0000000 --- a/.github/workflows/test-reusable-docker-build.yml +++ /dev/null @@ -1,224 +0,0 @@ -name: test reusable-docker-build -env: - VERSION_CRANE: v0.16.1 -on: - pull_request: {} - workflow_dispatch: {} - -# LIMITATIONS -# - this workflow cannot run in parallel between PRs; retries are required (for now). -# this is due to non-unique image names. having unique image names tends to cause needing to retry more times due to some sort of internal container artifact "registration" behaviour - -# TESTCASES -# - t0: basic -# - t1: use-test -# - t2: artifact-pull -# - t3: multi-arch -# - t4: push-to-ecr # TODO need test ECR -# - t5: pull-from-s3 # TODO need test bucket -# - t6: auth-with-geonetci -# - t7: use-setup -# - t8: use-tags -# - t9: no-push - -permissions: - packages: write - contents: read - id-token: write -jobs: - t0-basic: - uses: ./.github/workflows/reusable-docker-build.yml - with: - context: ./testdata/t0-basic - dockerfile: ./testdata/t0-basic/Dockerfile - imageName: testimage-t0-basic - platforms: linux/amd64 - push: ${{ github.ref != 'refs/heads/main' }} - t0-basic-check: - needs: t0-basic - runs-on: ubuntu-latest - steps: - - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main - with: - version: ${{ env.VERSION_CRANE }} - - name: check for image - env: - IMAGE: ${{ needs.t0-basic.outputs.image }} - GH_TOKEN: ${{ github.token }} - SHA: ${{ github.sha }} - run: | - crane manifest $IMAGE - REPO="$(echo "$IMAGE" | cut -d'@' -f1)" - crane ls "$REPO" | grep -vE '\.(sbom|sig|att)$' | xargs | grep -E "^git-$SHA latest$" - crane manifest $IMAGE | jq -r '.manifests[] | select(.annotations."vnd.docker.reference.type" != "attestation-manifest") | .platform.architecture' | xargs | grep -E '^amd64$' - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-t0-basic || true - t1-use-test: - uses: ./.github/workflows/reusable-docker-build.yml - with: - context: ./testdata/t1-use-test - dockerfile: ./testdata/t1-use-test/Dockerfile - imageName: testimage-t1-use-test - platforms: linux/amd64 - push: ${{ github.ref != 'refs/heads/main' }} - test: | - date - crane append ghcr.io/geonet/actions/t1-use-test-${{ github.sha }}-success --new_tag --new_layer <(tar cvf $(mktemp)) - t1-use-test-check: - needs: t1-use-test - runs-on: ubuntu-latest - steps: - - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main - with: - version: ${{ env.VERSION_CRANE }} - - name: check for image - env: - IMAGE: ${{ needs.t1-use-test.outputs.image }} - GH_TOKEN: ${{ github.token }} - run: | - crane manifest $IMAGE - crane manifest $IMAGE | jq -r '.manifests[] | select(.annotations."vnd.docker.reference.type" != "attestation-manifest") | .platform.architecture' | xargs | grep -E '^amd64' - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-t1-use-test || true - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-t1-use-test-${{ github.sha }}-success || true - t2-artifact-pull-prepare: - runs-on: ubuntu-latest - steps: - - name: make file - run: | - mkdir -p ./testdata/t2-artifact-pull/something/ - date > ./testdata/t2-artifact-pull/something/something.txt - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: t2-artifact-pull-something - path: ./testdata/t2-artifact-pull/something - retention-days: 1 - t2-artifact-pull: - needs: t2-artifact-pull-prepare - uses: ./.github/workflows/reusable-docker-build.yml - with: - context: ./testdata/t2-artifact-pull - dockerfile: ./testdata/t2-artifact-pull/Dockerfile - imageName: testimage-t2-artifact-pull - platforms: linux/amd64 - push: false - artifact-name: t2-artifact-pull-something - artifact-path: ./testdata/t2-artifact-pull/something/ - test: | - find ./testdata/t2-artifact-pull/something/ | grep -qE 'something.txt$' - t2-artifact-pull-cleanup: - needs: t2-artifact-pull - runs-on: ubuntu-latest - steps: - - name: check for image - env: - GH_TOKEN: ${{ github.token }} - run: | - gh api /repos/GeoNet/Actions/actions/artifacts --jq '.artifacts[] | select(.name=="t2-artifact-pull-something") | .id' | xargs -I{} -n 1 gh api -X DELETE /repos/GeoNet/ac-tools/actions/artifacts/{} || true - t3-multi-arch: - uses: ./.github/workflows/reusable-docker-build.yml - with: - context: ./testdata/t3-multi-arch - dockerfile: ./testdata/t3-multi-arch/Dockerfile - imageName: testimage-t3-multi-arch - platforms: 'linux/amd64,linux/arm64' - push: ${{ github.ref != 'refs/heads/main' }} - t3-multi-arch-check: - needs: t3-multi-arch - runs-on: ubuntu-latest - steps: - - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main - with: - version: ${{ env.VERSION_CRANE }} - - name: check for image - env: - IMAGE: ${{ needs.t3-multi-arch.outputs.image }} - GH_TOKEN: ${{ github.token }} - run: | - crane manifest $IMAGE - crane manifest $IMAGE | jq -r '.manifests[] | select(.annotations."vnd.docker.reference.type" != "attestation-manifest") | .platform.architecture' | xargs | grep -E '^amd64 arm64$' - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-t3-multi-arch - t6-auth-with-geonetci: - uses: ./.github/workflows/reusable-docker-build.yml - secrets: inherit - with: - context: ./testdata/t6-auth-with-geonetci - dockerfile: ./testdata/t6-auth-with-geonetci/Dockerfile - imageName: testimage-t6-auth-with-geonetci - platforms: linux/amd64 - push: ${{ github.ref != 'refs/heads/main' }} - registryGhcrUsernameOverride: geonetci - t6-auth-with-geonetci-check: - needs: t6-auth-with-geonetci - runs-on: ubuntu-latest - steps: - - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main - with: - version: ${{ env.VERSION_CRANE }} - - name: check for image - env: - IMAGE: ${{ needs.t6-auth-with-geonetci.outputs.image }} - GH_TOKEN: ${{ github.token }} - run: | - crane manifest $IMAGE - crane manifest $IMAGE | jq -r '.manifests[] | select(.annotations."vnd.docker.reference.type" != "attestation-manifest") | .platform.architecture' | xargs | grep -E '^amd64$' - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-t6-auth-with-geonetci || true - t7-use-setup: - uses: ./.github/workflows/reusable-docker-build.yml - with: - push: false - context: ./testdata/t7-use-setup - dockerfile: ./testdata/t7-use-setup/Dockerfile - imageName: testimage-t7-use-setup - platforms: linux/amd64 - setup: | - echo 'test-complete' > ./test-file.txt - test: | - < ./test-file.txt grep -qE '^test-complete$' - t8-use-tags: - uses: ./.github/workflows/reusable-docker-build.yml - with: - context: ./testdata/t8-use-tags - dockerfile: ./testdata/t8-use-tags/Dockerfile - imageName: testimage-t8-use-tags - platforms: linux/amd64 - push: ${{ github.ref != 'refs/heads/main' }} - tags: a,b - t8-use-tags-check: - needs: t8-use-tags - runs-on: ubuntu-latest - steps: - - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main - with: - version: ${{ env.VERSION_CRANE }} - - name: check for image - env: - IMAGE: ${{ needs.t8-use-tags.outputs.image }} - GH_TOKEN: ${{ github.token }} - run: | - crane manifest $IMAGE - crane ls ghcr.io/geonet/actions/testimage-t8-use-tags | grep -vE '^sha256-' | sort | xargs | grep -E '^a b$' - crane manifest $IMAGE | jq -r '.manifests[] | select(.annotations."vnd.docker.reference.type" != "attestation-manifest") | .platform.architecture' | xargs | grep -E '^amd64$' - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-t8-use-tags || true - t9-no-push: - uses: ./.github/workflows/reusable-docker-build.yml - with: - context: ./testdata/t9-no-push - dockerfile: ./testdata/t9-no-push/Dockerfile - imageName: testimage-t9-no-push - platforms: linux/amd64 - push: false - t9-no-push-check: - needs: t9-no-push - runs-on: ubuntu-latest - steps: - - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main - with: - version: ${{ env.VERSION_CRANE }} - - name: check for image - env: - IMAGE: ${{ needs.t9-no-push.outputs.image }} - GH_TOKEN: ${{ github.token }} - run: | - ! crane manifest $IMAGE || \ - ( - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-t9-no-push || true - ) diff --git a/.github/workflows/test-reusable-ko-build.yml b/.github/workflows/test-reusable-ko-build.yml deleted file mode 100644 index 7975758..0000000 --- a/.github/workflows/test-reusable-ko-build.yml +++ /dev/null @@ -1,210 +0,0 @@ -name: test reusable-ko-build -on: - pull_request: {} - workflow_dispatch: {} -env: - VERSION_CRANE: v0.16.1 - -# LIMITATIONS -# - this workflow cannot run in parallel between PRs; retries are required (for now). -# this is due to non-unique image names. having unique image names tends to cause needing to retry more times due to some sort of internal container artifact "registration" behaviour - -# TESTCASES -# - t0: basic -# - t1: auth-with-geonetci -# - t2: with-paths-and-packages -# - t3: no-push -# - t4: custom-config - -permissions: - packages: write - contents: read - id-token: write -jobs: - t0-basic: - uses: ./.github/workflows/reusable-ko-build.yml - with: - push: true - setup: | - mkdir -p testdata-ko-build/cmd/testimage-ko-build-t0-basic-1 - cat << EOF > testdata-ko-build/cmd/testimage-ko-build-t0-basic-1/main.go - package main - import "fmt" - func main() { - fmt.Println("Hello World!") - } - EOF - t0-basic-check: - needs: t0-basic - runs-on: ubuntu-latest - steps: - - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main - with: - version: ${{ env.VERSION_CRANE }} - - name: check for images - env: - IMAGES: ${{ needs.t0-basic.outputs.images }} - run: | - echo "$IMAGES" | tr ',' '\n' | xargs -n 1 -I{} crane manifest {} - for IMAGE in $IMAGES; do - crane manifest "$IMAGE" | jq -r '.annotations["org.opencontainers.image.base.name"]' | grep -qE 'ghcr.io/geonet/base-images/static(:latest)?' - done - - name: cleanup - if: always() - env: - GH_TOKEN: ${{ github.token }} - run: | - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-ko-build-t0-basic-1 || true - t1-auth-with-geonetci: - uses: ./.github/workflows/reusable-ko-build.yml - secrets: inherit - with: - push: true - registryGhcrUsernameOverride: geonetci - setup: | - mkdir -p testdata-ko-build/cmd/testimage-ko-build-t1-auth-with-geonetci-1 - cat << EOF > testdata-ko-build/cmd/testimage-ko-build-t1-auth-with-geonetci-1/main.go - package main - import "fmt" - func main() { - fmt.Println("Hello World!") - } - EOF - t1-auth-with-geonetci-check: - needs: t1-auth-with-geonetci - runs-on: ubuntu-latest - steps: - - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main - with: - version: ${{ env.VERSION_CRANE }} - - name: check for images - env: - IMAGES: ${{ needs.t1-auth-with-geonetci.outputs.images }} - run: | - echo "$IMAGES" | tr ',' '\n' | xargs -n 1 -I{} crane manifest {} - - name: cleanup - if: always() - env: - GH_TOKEN: ${{ github.token }} - run: | - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-ko-build-t1-auth-with-geonetci-1 || true - t2-with-paths-and-packages: - uses: ./.github/workflows/reusable-ko-build.yml - with: - push: true - paths: | - ./testdata-ko-build/cmd/testimage-ko-build-t2-with-paths-and-packages-1 - github.com/GeoNet/Actions/testdata-ko-build/cmd/testimage-ko-build-t2-with-paths-and-packages-2 - setup: | - mkdir -p testdata-ko-build/cmd/testimage-ko-build-t2-with-paths-and-packages-1 - cat << EOF > testdata-ko-build/cmd/testimage-ko-build-t2-with-paths-and-packages-1/main.go - package main - import "fmt" - func main() { - fmt.Println("Hello World!") - } - EOF - mkdir -p testdata-ko-build/cmd/testimage-ko-build-t2-with-paths-and-packages-2 - cat << EOF > testdata-ko-build/cmd/testimage-ko-build-t2-with-paths-and-packages-2/main.go - package main - import "fmt" - func main() { - fmt.Println("Hello World!") - } - EOF - t2-with-paths-and-packages-check: - needs: t2-with-paths-and-packages - runs-on: ubuntu-latest - steps: - - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main - with: - version: ${{ env.VERSION_CRANE }} - - name: check for images - env: - IMAGES: ${{ needs.t2-with-paths-and-packages.outputs.images }} - run: | - echo "$IMAGES" | tr ',' '\n' | sort | cut -d'@' -f1 | xargs | grep -qE '^ghcr.io/geonet/actions/testimage-ko-build-t2-with-paths-and-packages-1 ghcr.io/geonet/actions/testimage-ko-build-t2-with-paths-and-packages-2$' - echo "$IMAGES" | tr ',' '\n' | xargs -n 1 -I{} crane manifest {} - - name: cleanup - if: always() - env: - GH_TOKEN: ${{ github.token }} - run: | - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-ko-build-t2-with-paths-and-packages-1 || true - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-ko-build-t2-with-paths-and-packages-2 || true - t3-no-push: - uses: ./.github/workflows/reusable-ko-build.yml - with: - push: false - setup: | - mkdir -p testdata-ko-build/cmd/testimage-ko-build-t3-no-push-1 - cat << EOF > testdata-ko-build/cmd/testimage-ko-build-t3-no-push-1/main.go - package main - import "fmt" - func main() { - fmt.Println("Hello World!") - } - EOF - t3-no-push-check: - needs: t3-no-push - runs-on: ubuntu-latest - steps: - - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main - with: - version: ${{ env.VERSION_CRANE }} - - name: check for images - env: - IMAGE: ${{ needs.t3-no-push.outputs.images }} - GH_TOKEN: ${{ github.token }} - run: | - ! crane manifest $IMAGE || \ - ( - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-ko-build-t3-no-push-1 || true - ) - t4-custom-config: - uses: ./.github/workflows/reusable-ko-build.yml - with: - push: true - configPath: .cool.ko.yaml - setup: | - mkdir -p testdata-ko-build/cmd/testimage-ko-build-t4-custom-config-{1,2} - cat << EOF > testdata-ko-build/cmd/testimage-ko-build-t4-custom-config-1/main.go - package main - import "fmt" - func main() { - fmt.Println("Hello World!") - } - EOF - cat << EOF > testdata-ko-build/cmd/testimage-ko-build-t4-custom-config-2/main.go - package main - import "fmt" - func main() { - fmt.Println("Hello World!") - } - EOF - cat << EOF > .cool.ko.yaml - defaultBaseImage: ghcr.io/geonet/base-images/nginx:latest - baseImageOverrides: - github.com/GeoNet/Actions/testdata-ko-build/cmd/testimage-ko-build-t4-custom-config-2: ghcr.io/geonet/base-images/alpine:3.18 - EOF - t4-custom-config-check: - needs: t4-custom-config - runs-on: ubuntu-latest - steps: - - uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main - with: - version: ${{ env.VERSION_CRANE }} - - name: check for images - env: - IMAGES: ${{ needs.t4-custom-config.outputs.images }} - run: | - echo "$IMAGES" | tr ',' '\n' | xargs -n 1 -I{} crane manifest {} - crane manifest "$(echo "$IMAGES" | tr ',' '\n' | grep 'custom-config-1')" | jq -r '.annotations["org.opencontainers.image.base.name"]' | grep -qE 'ghcr.io/geonet/base-images/nginx:latest' - crane manifest "$(echo "$IMAGES" | tr ',' '\n' | grep 'custom-config-2')" | jq -r '.annotations["org.opencontainers.image.base.name"]' | grep -qE 'ghcr.io/geonet/base-images/alpine:3.18' - - name: cleanup - if: always() - env: - GH_TOKEN: ${{ github.token }} - run: | - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-ko-build-t4-custom-config-1 || true - gh api -X DELETE /orgs/GeoNet/packages/container/actions%2Ftestimage-ko-build-t4-custom-config-2 || true