Refactor operator to work with hoprd providence (#149)

* Main refactoring * Fix scripts * Update script * Add contracts dir * remove spaces * add time * Update script * Fixing path * Remove unused import * Update dummy script * Download script * Filtering active jobs * remove declare * More bug fixing * Fix double sync * Adding format * Adding modification * Use correct deployer * Update more code * Update to 0.2.0 * Adding more error handling * adding debugging * Adding identity on resource creation * Update runner to self hosted * Update versions * Fixing creating node with different pattern * Basic manual testing works * Include modification of resources * Add more fixes * Remove files * moving events * Updating to alpha2 * cargo update * Fixing clusterHoprd * fixing context * Fixing helm-chart * remove dash * Increasing resources * Fix service monitor * Fixing pipelines * Update parameters README.md * Fixing pipelines * Update parameters README.md * Using github runners * adding docker to publish --------- Co-authored-by: HOPR CI robot <[email protected]>
hoprnet · Nov 14, 2023 · 2c194c5 · 2c194c5
1 parent ec6b2f7
commit 2c194c5
Show file tree

Hide file tree

Showing 72 changed files with 5,229 additions and 3,473 deletions.
diff --git a/.github/workflows/container-pr.yml → .github/workflows/build-docker.yml b/.github/workflows/container-pr.yml → .github/workflows/build-docker.yml
@@ -1,26 +1,27 @@
 ---
 
-name: 'Build Container'
-
+name: 'Build Docker Image'
 on:
   pull_request:
+    types:
+      - synchronize
+      - ready_for_review
     branches:
       - master
     paths-ignore:
       - "charts/**/*"
 concurrency:
-  group: ${{ github.head_ref }}-container
+  group: ${{ github.head_ref }}-docker
   cancel-in-progress: true
 jobs:
   bump_version:
-    runs-on: ubuntu-latest
+    name: Bump version
+    runs-on: ubuntu-2-core
     permissions:
       contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - name: Bump Cargo version
         id: bumping_version
@@ -46,14 +47,15 @@ jobs:
       # Update Cargo.lock
       - name: Build Cargo
         uses: actions-rs/cargo@v1
+        if: ${{ steps.bumping_version.outputs.bumped_version }}
         with:
           command: build
 
       - name: Commit and push
         if: ${{ steps.bumping_version.outputs.bumped_version }}
         uses: stefanzweifel/git-auto-commit-action@v5
         with:
-          commit_message: Bump cargo version
+          commit_message: "Bump to cargo version ${{ steps.bumping_version.outputs.bumped_version }}"
           repository: .
           commit_user_name: HOPR CI robot
           commit_user_email: [email protected]
@@ -63,11 +65,22 @@ jobs:
           create_branch: false
 
   build:
+    name: Build docker
     needs: bump_version
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-2-core
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: kubernetes
+
       - name: Build container image
         uses: docker/build-push-action@v5
         with:
           push: false
-          tags: gcr.io/hoprassociation/hoprd-operator:latest
+          tags: europe-west3-docker.pkg.dev/hoprassociation/docker-images/hoprd-operator:latest
+
+
diff --git a/...workflows/helm-build-and-test-cluster.yml → .github/workflows/build-helm-cluster.yml b/...workflows/helm-build-and-test-cluster.yml → .github/workflows/build-helm-cluster.yml
@@ -4,21 +4,26 @@ name: 'Package Helm chart Cluster'
 
 on:
   pull_request:
+    types:
+      - synchronize
+      - ready_for_review
+    branches:
+      - master
     paths:
       - "charts/cluster-hoprd/**"
 concurrency:
   group: ${{ github.head_ref }}-cluster
   cancel-in-progress: true
 jobs:
   bump_version:
-    runs-on: ubuntu-latest
+    name: Bump version
+    runs-on: ubuntu-2-core
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
 
       - name: Bump Chart version
+        id: bumping_version
         run: |
           helm_chart_version=$(grep '^version:' Chart.yaml | sed 's/.*: //')
           git_tag=$(git tag -l helm-cluster-hoprd-${helm_chart_version})
@@ -29,14 +34,15 @@ jobs:
             bump_version=${release_number}.$((patch_number + 1))
             echo "The helm chart version ${git_tag} already exists, bumping to version helm-cluster-hoprd-${bump_version}";
             sed -i "s/^version: ${helm_chart_version}/version: ${bump_version}/" Chart.yaml
-            echo "version_bumped=true" >> $GITHUB_ENV
+            echo "bumped_version=true" >> $GITHUB_OUTPUT
           fi
         working-directory: 'charts/cluster-hoprd/'
+
       - name: Commit and push
-        if: ${{ env.version_bumped }}
+        if: ${{ steps.bumping_version.outputs.bumped_version }}
         uses: stefanzweifel/git-auto-commit-action@v5
         with:
-          commit_message: Bump Helm chart version
+          commit_message: "Bump Helm chart version to ${{ steps.bumping_version.outputs.bumped_version }}"
           repository: .
           commit_user_name: HOPR CI robot
           commit_user_email: [email protected]
@@ -46,76 +52,105 @@ jobs:
           create_branch: false
 
   lint:
-    runs-on: ubuntu-latest
+    name: Lint
+    runs-on: ubuntu-2-core
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
         with:
-          fetch-depth: 0
+          version: latest
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Lint
-        run: |
-          helm dependency update
-          helm lint
+        run: helm lint
         working-directory: 'charts/cluster-hoprd/'
 
   package:
-    runs-on: ubuntu-latest
+    name: Package Helm Chart
+    runs-on: ubuntu-2-core
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
         with:
-          fetch-depth: 0
+          version: latest
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Get Helm chart version
+        id: get_version
         run: |
           HELM_CHART_VERSION=$(grep '^version:' Chart.yaml | sed 's/.*: //')
-          echo "HELM_CHART_VERSION=${HELM_CHART_VERSION}" >> $GITHUB_ENV
+          echo "HELM_CHART_VERSION=${HELM_CHART_VERSION}" >> $GITHUB_OUTPUT
         working-directory: 'charts/cluster-hoprd/'
 
-      - name: Set up Google Cloud Credentials
-        uses: google-github-actions/auth@v1
-        with:
-          credentials_json: ${{ secrets.GOOGLE_HOPRASSOCIATION_CREDENTIALS_REGISTRY }}
+      - name: Helm Package
+        run: helm package . --version ${{ steps.get_version.outputs.HELM_CHART_VERSION }}
+        working-directory: 'charts/cluster-hoprd/'
 
-      - name: Set up Google Cloud SDK
-        uses: google-github-actions/setup-gcloud@v1
+  trivy:
+    name: Helm Security Analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4   # 93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
         with:
-          project_id: ${{ secrets.GOOGLE_HOPRASSOCIATION_PROJECT }}
-          install_components: beta
+          version: latest
+          token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Artifact Registry authentication
-        run: gcloud auth application-default print-access-token | helm registry login -u oauth2accesstoken --password-stdin https://europe-west3-docker.pkg.dev
+      - name: Set up python
+        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # tag=v4.7.1
+        with:
+          python-version: 3.7
 
-      - name: Helm Package
-        run: |
-          helm package . --version ${{ env.HELM_CHART_VERSION }}
-        working-directory: 'charts/cluster-hoprd/'
+      - name: Run Trivy vulnerability scanner in IaC mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'config'
+          hide-progress: false
+          format: 'table'
+          scan-ref: 'charts/hoprd-operator/'
+          exit-code: '1'
+          ignore-unfixed: true
 
   generate-readme:
-    runs-on: ubuntu-latest
+    name: Generate Readme
+    runs-on: ubuntu-2-core
     permissions:
       contents: write
     steps:
-      - name: Install readme-generator-for-helm
-        run: npm install -g @bitnami/[email protected]
-
       - name: Checkout
         uses: actions/checkout@v4
+
+      - name: Setup NodeJs
+        uses: actions/setup-node@v4
         with:
-          ref: ${{github.event.pull_request.head.ref}}
-          repository: ${{github.event.pull_request.head.repo.full_name}}
-          fetch-depth: 0
+          node-version: 18
+
+      - name: Install readme-generator-for-helm
+        run: npm install -g @bitnami/[email protected]
 
       - name: Execute readme-generator-for-helm
+        id: generator
         run: |
           readme-generator --values "charts/cluster-hoprd/values.yaml" --readme "charts/cluster-hoprd/README.md" --schema "/tmp/schema.json"
           if git status -s | grep charts; then
-            echo "readme_updated=true" >>  $GITHUB_ENV
+            echo "readme_updated=true" >>  $GITHUB_OUTPUT
           fi
 
       - name: Commit and push
-        if: ${{ env.readme_updated }}
+        if: ${{ steps.generator.outputs.readme_updated }}
         uses: stefanzweifel/git-auto-commit-action@v5
         with:
           commit_message: Update parameters README.md