From c0c16e3435a1a6e1db58d7701d51fae5dc73c82d Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Thu, 2 Mar 2023 11:11:40 -0600 Subject: [PATCH 01/12] renaming new workflow so its obvious its me testing it --- .../docker-build-push-patrickTest.yaml | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/docker-build-push-patrickTest.yaml diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml new file mode 100644 index 00000000..32d7d176 --- /dev/null +++ b/.github/workflows/docker-build-push-patrickTest.yaml @@ -0,0 +1,34 @@ +name: Docker Build Push +on: + push: + branches: + - main + pull_request: + workflow_dispatch: +jobs: + Build-Celo-Oracle-Dev: + uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.1 + if: github.ref != 'refs/heads/main' + with: + workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle/providers/github-by-repos + service-account: 'celo-oracle-images-dev@devopsre.iam.gserviceaccount.com' + artifact-registry: ${{ vars.DEV_IMAGE_REPO }}/celo-oracle + tag: testing + context: . + trivy: true + trivy-timeout: 20m + + Build-Celo-Oracle: + uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.1 + if: github.ref == 'refs/heads/main' + with: + workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle-main/providers/github-by-repos + + service-account: 'celo-oracle-images@devopsre.iam.gserviceaccount.com' + artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-oracle/celo-oracle + tag: ${GITHUB_REF##*/} + context: . + trivy: true + trivy-timeout: 20m + + From 821a9ae49a492cf61ff3eb75fadd597332e17f0b Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Tue, 11 Apr 2023 11:03:57 -0500 Subject: [PATCH 02/12] increasing trivy timeout --- .github/workflows/docker-build-push-patrickTest.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml index 32d7d176..db54351c 100644 --- a/.github/workflows/docker-build-push-patrickTest.yaml +++ b/.github/workflows/docker-build-push-patrickTest.yaml @@ -16,7 +16,7 @@ jobs: tag: testing context: . trivy: true - trivy-timeout: 20m + trivy-timeout: 40m Build-Celo-Oracle: uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.1 @@ -29,6 +29,6 @@ jobs: tag: ${GITHUB_REF##*/} context: . trivy: true - trivy-timeout: 20m + trivy-timeout: 40m From 2e648e429c614fd71923c0d426ccd22a0285a7cf Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Wed, 12 Apr 2023 06:37:55 -0500 Subject: [PATCH 03/12] update to latest version of reusable workflow which fixes some issues related to caching --- .github/workflows/docker-build-push-patrickTest.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml index db54351c..0a901d18 100644 --- a/.github/workflows/docker-build-push-patrickTest.yaml +++ b/.github/workflows/docker-build-push-patrickTest.yaml @@ -7,7 +7,7 @@ on: workflow_dispatch: jobs: Build-Celo-Oracle-Dev: - uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.1 + uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.6 if: github.ref != 'refs/heads/main' with: workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle/providers/github-by-repos @@ -19,7 +19,7 @@ jobs: trivy-timeout: 40m Build-Celo-Oracle: - uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.1 + uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.6 if: github.ref == 'refs/heads/main' with: workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle-main/providers/github-by-repos From 03c7d40d36f3edbbded459f8cf19ff0f46ebf191 Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Tue, 18 Apr 2023 08:30:22 -0500 Subject: [PATCH 04/12] removing different service account usage per branch to have all of them use the same workload identity provider --- .../docker-build-push-patrickTest.yaml | 30 ++++++++----------- 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml index 0a901d18..bfc0a130 100644 --- a/.github/workflows/docker-build-push-patrickTest.yaml +++ b/.github/workflows/docker-build-push-patrickTest.yaml @@ -6,29 +6,23 @@ on: pull_request: workflow_dispatch: jobs: - Build-Celo-Oracle-Dev: - uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.6 - if: github.ref != 'refs/heads/main' - with: - workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle/providers/github-by-repos - service-account: 'celo-oracle-images-dev@devopsre.iam.gserviceaccount.com' - artifact-registry: ${{ vars.DEV_IMAGE_REPO }}/celo-oracle - tag: testing - context: . - trivy: true - trivy-timeout: 40m + set-docker-vars: + runs-on: ubuntu-latest + outputs: + tag: ${{ steps.set-docker-vars.outputs.tag }} + - name: Print inputs passed to the reusable workflow + id: set-docker-vars + run: | + echo "tag=${{ github.ref != 'ref/heads/main' && 'testing' || 'latest' }}" >> $GITHUB_OUTPUT Build-Celo-Oracle: - uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.6 - if: github.ref == 'refs/heads/main' + uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.8 + needs: [set-docker-vars] with: - workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle-main/providers/github-by-repos - + workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle/providers/github-by-repos service-account: 'celo-oracle-images@devopsre.iam.gserviceaccount.com' artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-oracle/celo-oracle - tag: ${GITHUB_REF##*/} + tag: ${{ needs.set-docker-vars.outputs.tag }} context: . trivy: true trivy-timeout: 40m - - From e507ca95e5a3ccd472b0f37315e41044549a959e Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Tue, 18 Apr 2023 08:32:43 -0500 Subject: [PATCH 05/12] fixing syntax error --- .github/workflows/docker-build-push-patrickTest.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml index bfc0a130..690d99c7 100644 --- a/.github/workflows/docker-build-push-patrickTest.yaml +++ b/.github/workflows/docker-build-push-patrickTest.yaml @@ -6,10 +6,12 @@ on: pull_request: workflow_dispatch: jobs: + set-docker-vars: runs-on: ubuntu-latest outputs: tag: ${{ steps.set-docker-vars.outputs.tag }} + steps: - name: Print inputs passed to the reusable workflow id: set-docker-vars run: | From 45f13b1833fb1eaa05e3c1d87112fbf9b04fd32f Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Mon, 24 Apr 2023 11:54:01 -0500 Subject: [PATCH 06/12] testing an env variable that is set equal to the environment --- .../docker-build-push-patrickTest.yaml | 40 +++++++++++++------ 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml index 690d99c7..842462f2 100644 --- a/.github/workflows/docker-build-push-patrickTest.yaml +++ b/.github/workflows/docker-build-push-patrickTest.yaml @@ -1,30 +1,44 @@ name: Docker Build Push on: - push: - branches: - - main - pull_request: workflow_dispatch: jobs: - set-docker-vars: - runs-on: ubuntu-latest - outputs: - tag: ${{ steps.set-docker-vars.outputs.tag }} - steps: - - name: Print inputs passed to the reusable workflow - id: set-docker-vars - run: | - echo "tag=${{ github.ref != 'ref/heads/main' && 'testing' || 'latest' }}" >> $GITHUB_OUTPUT + + set-docker-vars: + runs-on: ubuntu-latest + outputs: + tag: ${{ steps.set-docker-vars.outputs.tag }} + steps: + - name: Print inputs passed to the reusable workflow + id: set-docker-vars + run: | + echo "tag=${{ github.environment }}" + + Build-Celo-Oracle: uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.8 needs: [set-docker-vars] +# environment: production with: workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle/providers/github-by-repos service-account: 'celo-oracle-images@devopsre.iam.gserviceaccount.com' artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-oracle/celo-oracle +# tag: production tag: ${{ needs.set-docker-vars.outputs.tag }} context: . trivy: true trivy-timeout: 40m + +# Build-Celo-Oracle: +# uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.8 +# needs: [set-docker-vars] +# environment: staging +# with: +# workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle/providers/github-by-repos +# service-account: 'celo-oracle-images@devopsre.iam.gserviceaccount.com' +# artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-oracle/celo-oracle +# tag: staging +# context: . +# trivy: true +# trivy-timeout: 40m From f64b29e23939cfd68adb646915dd30afdc81ecc5 Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Mon, 24 Apr 2023 11:55:09 -0500 Subject: [PATCH 07/12] correcting indentation --- .github/workflows/docker-build-push-patrickTest.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml index 842462f2..6741ddd5 100644 --- a/.github/workflows/docker-build-push-patrickTest.yaml +++ b/.github/workflows/docker-build-push-patrickTest.yaml @@ -2,9 +2,7 @@ name: Docker Build Push on: workflow_dispatch: jobs: - - - set-docker-vars: + set-docker-vars: runs-on: ubuntu-latest outputs: tag: ${{ steps.set-docker-vars.outputs.tag }} @@ -15,7 +13,6 @@ jobs: echo "tag=${{ github.environment }}" - Build-Celo-Oracle: uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.8 needs: [set-docker-vars] From aac8d2f660344d0afb2af1d19d2f7dc7efb2954a Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Mon, 24 Apr 2023 11:59:06 -0500 Subject: [PATCH 08/12] adding an input to test for build environment --- .../docker-build-push-patrickTest.yaml | 27 ++++++++++++------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml index 6741ddd5..ad0f0b7b 100644 --- a/.github/workflows/docker-build-push-patrickTest.yaml +++ b/.github/workflows/docker-build-push-patrickTest.yaml @@ -1,16 +1,22 @@ name: Docker Build Push on: workflow_dispatch: + inputs: + build_env: + description: 'Build environment (staging|production)' + required: true + default: 'staging' + type: string jobs: - set-docker-vars: - runs-on: ubuntu-latest - outputs: - tag: ${{ steps.set-docker-vars.outputs.tag }} - steps: - - name: Print inputs passed to the reusable workflow - id: set-docker-vars - run: | - echo "tag=${{ github.environment }}" +# set-docker-vars: +# runs-on: ubuntu-latest +# outputs: +# tag: ${{ steps.set-docker-vars.outputs.tag }} +# steps: +# - name: Print inputs passed to the reusable workflow +# id: set-docker-vars +# run: | +# echo "tag=${{ github.environment }}" Build-Celo-Oracle: @@ -22,7 +28,8 @@ jobs: service-account: 'celo-oracle-images@devopsre.iam.gserviceaccount.com' artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-oracle/celo-oracle # tag: production - tag: ${{ needs.set-docker-vars.outputs.tag }} +# tag: ${{ needs.set-docker-vars.outputs.tag }} + tag: ${{ inputs.build_env }} context: . trivy: true trivy-timeout: 40m From 0d5dd214c0164f3ce07a5428cfc0f0511b5884ed Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Mon, 24 Apr 2023 12:00:30 -0500 Subject: [PATCH 09/12] commenting out docker vars needs --- .github/workflows/docker-build-push-patrickTest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml index ad0f0b7b..307e927e 100644 --- a/.github/workflows/docker-build-push-patrickTest.yaml +++ b/.github/workflows/docker-build-push-patrickTest.yaml @@ -21,7 +21,7 @@ jobs: Build-Celo-Oracle: uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.8 - needs: [set-docker-vars] +# needs: [set-docker-vars] # environment: production with: workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle/providers/github-by-repos From ebb1dba58566edd3966a20013bc2029a8f22a7b2 Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Mon, 24 Apr 2023 12:02:26 -0500 Subject: [PATCH 10/12] test --- .github/workflows/docker-build-push-patrickTest.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml index 307e927e..b5ea5695 100644 --- a/.github/workflows/docker-build-push-patrickTest.yaml +++ b/.github/workflows/docker-build-push-patrickTest.yaml @@ -1,4 +1,5 @@ name: Docker Build Push + on: workflow_dispatch: inputs: @@ -7,6 +8,7 @@ on: required: true default: 'staging' type: string + jobs: # set-docker-vars: # runs-on: ubuntu-latest From aa79b58868f499b82c9997fbe30b68876e0eb923 Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Mon, 24 Apr 2023 12:03:09 -0500 Subject: [PATCH 11/12] adding a 2 --- .github/workflows/docker-build-push-patrickTest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml index b5ea5695..ddf352c2 100644 --- a/.github/workflows/docker-build-push-patrickTest.yaml +++ b/.github/workflows/docker-build-push-patrickTest.yaml @@ -1,4 +1,4 @@ -name: Docker Build Push +name: Docker Build Push2 on: workflow_dispatch: From 18b89ef8e31bc48b33c523d87dd56f0f08148f9f Mon Sep 17 00:00:00 2001 From: Nelson Taveras Date: Mon, 24 Apr 2023 13:18:47 -0400 Subject: [PATCH 12/12] chore: rename file and delete comments --- .../docker-build-push-patrickTest.yaml | 50 ------------------- .github/workflows/docker_push_oidc.yaml | 22 ++++++++ 2 files changed, 22 insertions(+), 50 deletions(-) delete mode 100644 .github/workflows/docker-build-push-patrickTest.yaml create mode 100644 .github/workflows/docker_push_oidc.yaml diff --git a/.github/workflows/docker-build-push-patrickTest.yaml b/.github/workflows/docker-build-push-patrickTest.yaml deleted file mode 100644 index ddf352c2..00000000 --- a/.github/workflows/docker-build-push-patrickTest.yaml +++ /dev/null @@ -1,50 +0,0 @@ -name: Docker Build Push2 - -on: - workflow_dispatch: - inputs: - build_env: - description: 'Build environment (staging|production)' - required: true - default: 'staging' - type: string - -jobs: -# set-docker-vars: -# runs-on: ubuntu-latest -# outputs: -# tag: ${{ steps.set-docker-vars.outputs.tag }} -# steps: -# - name: Print inputs passed to the reusable workflow -# id: set-docker-vars -# run: | -# echo "tag=${{ github.environment }}" - - - Build-Celo-Oracle: - uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.8 -# needs: [set-docker-vars] -# environment: production - with: - workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle/providers/github-by-repos - service-account: 'celo-oracle-images@devopsre.iam.gserviceaccount.com' - artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-oracle/celo-oracle -# tag: production -# tag: ${{ needs.set-docker-vars.outputs.tag }} - tag: ${{ inputs.build_env }} - context: . - trivy: true - trivy-timeout: 40m - -# Build-Celo-Oracle: -# uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.8 -# needs: [set-docker-vars] -# environment: staging -# with: -# workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle/providers/github-by-repos -# service-account: 'celo-oracle-images@devopsre.iam.gserviceaccount.com' -# artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-oracle/celo-oracle -# tag: staging -# context: . -# trivy: true -# trivy-timeout: 40m diff --git a/.github/workflows/docker_push_oidc.yaml b/.github/workflows/docker_push_oidc.yaml new file mode 100644 index 00000000..2d99df57 --- /dev/null +++ b/.github/workflows/docker_push_oidc.yaml @@ -0,0 +1,22 @@ +name: Docker Push OIDC + +on: + workflow_dispatch: + inputs: + build_env: + description: 'Build environment (staging|production)' + required: true + default: 'staging' + type: string + +jobs: + Build-Celo-Oracle: + uses: celo-org/reusable-workflows/.github/workflows/container-cicd.yaml@v1.8 + with: + workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-celo-oracle/providers/github-by-repos + service-account: 'celo-oracle-images@devopsre.iam.gserviceaccount.com' + artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-oracle/celo-oracle + tag: ${{ inputs.build_env }} + context: . + trivy: true + trivy-timeout: 40m