From d4099a75be7ad7ae906b4c8a6820ffb204f0de77 Mon Sep 17 00:00:00 2001 From: Max Golionko <8kirk8@gmail.com> Date: Fri, 30 Jun 2023 19:45:45 +0800 Subject: [PATCH] CI: disable docker scan, enable auto release to sandbox (#4476) * disable docker scan * disable nightly, enable auto release to sandbox * remove whitespace --- .github/workflows/nightly-build.yml | 48 ----------------- .github/workflows/update-sandbox.yml | 77 ++++++++++++++++++++++++++++ Makefile | 2 +- deployment/docker/Makefile | 3 -- 4 files changed, 78 insertions(+), 52 deletions(-) delete mode 100644 .github/workflows/nightly-build.yml create mode 100644 .github/workflows/update-sandbox.yml diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml deleted file mode 100644 index 0bd20b62c914b..0000000000000 --- a/.github/workflows/nightly-build.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: nightly-build -on: - schedule: - # Daily at 2:48am - - cron: '48 2 * * *' - -permissions: - contents: read - -jobs: - build: - name: Build - runs-on: ubuntu-latest - steps: - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Setup Go - uses: actions/setup-go@main - with: - go-version: 1.20.5 - id: go - - - name: Setup docker scan - run: | - mkdir -p ~/.docker/cli-plugins && \ - curl https://github.com/docker/scan-cli-plugin/releases/latest/download/docker-scan_linux_amd64 -L -s -S -o ~/.docker/cli-plugins/docker-scan &&\ - chmod +x ~/.docker/cli-plugins/docker-scan - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Code checkout - uses: actions/checkout@master - - - uses: actions/cache@v3 - with: - path: gocache-for-docker - key: gocache-docker-${{ runner.os }}-${{ steps.go.outputs.go-version }}-${{ hashFiles('go.mod') }} - - - name: build & publish - run: | - docker scan --severity=medium --login --token "$SNYK_TOKEN" --accept-license - LATEST_TAG=nightly PKG_TAG=nightly make publish - env: - SNYK_TOKEN: ${{ secrets.SNYK_AUTH_TOKEN }} diff --git a/.github/workflows/update-sandbox.yml b/.github/workflows/update-sandbox.yml new file mode 100644 index 0000000000000..87f28ff49d3d8 --- /dev/null +++ b/.github/workflows/update-sandbox.yml @@ -0,0 +1,77 @@ +name: sandbox-release +on: + release: + types: [published] +permissions: + contents: write +jobs: + deploy-sandbox: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v3 + with: + repository: VictoriaMetrics/ops + ref: master + token: ${{ secrets.VM_BOT_GH_TOKEN }} + + - name: Import GPG key + id: import-gpg + uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.VM_BOT_GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.VM_BOT_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: update image tag + uses: fjogeleit/yaml-update-action@main + with: + valueFile: 'gcp-test/sandbox/manifests/benchmark-vm/vmcluster.yaml' + commitChange: false + createPR: false + changes: | + { + "gcp-test/sandbox/manifests/benchmark-vm/vmcluster.yaml": { + "spec.vminsert.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster", + "spec.vmselect.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster", + "spec.vmstorage.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster" + }, + "gcp-test/sandbox/manifests/benchmark-vm/vmsingle.yaml": { + "spec.image.tag": "${{ github.event.release.tag_name }}-enterprise" + }, + "gcp-test/sandbox/manifests/monitoring/monitoring-vmagent.yaml": { + "spec.image.tag": "${{ github.event.release.tag_name }}" + }, + "gcp-test/sandbox/manifests/monitoring/monitoring-vmcluster.yaml": { + "spec.vminsert.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster", + "spec.vmselect.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster", + "spec.vmstorage.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster" + }, + "gcp-test/sandbox/manifests/monitoring/vmalert.yaml": { + "spec.image.tag": "${{ github.event.release.tag_name }}-enterprise" + } + } + + - name: commit changes + run: | + git config --global user.name "${{ steps.import-gpg.outputs.email }}" + git config --global user.email "${{ steps.import-gpg.outputs.email }}" + git add . + git commit -S -m "Deploy image tag ${RELEASE_TAG} to sandbox" + env: + RELEASE_TAG: ${{ github.event.release.tag_name }} + + - name: Create Pull Request + uses: peter-evans/create-pull-request@v5 + with: + author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> + branch: release-automation + token: ${{ secrets.VM_BOT_GH_TOKEN }} + delete-branch: true + title: "release ${{ github.event.release.tag_name }}" + body: | + Release [${{ github.event.release.tag_name }}](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/${{ github.event.release.tag_name }}) to sandbox + + > Auto-generated by `Github Actions Bot` + \ No newline at end of file diff --git a/Makefile b/Makefile index a97c9f389c19e..0d50b29b89a52 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,7 @@ all: \ clean: rm -rf bin/* -publish: docker-scan \ +publish: package-base \ publish-victoria-metrics \ publish-victoria-logs \ publish-vmagent \ diff --git a/deployment/docker/Makefile b/deployment/docker/Makefile index 830986ac293bd..b1392cbcf12bc 100644 --- a/deployment/docker/Makefile +++ b/deployment/docker/Makefile @@ -22,9 +22,6 @@ package-base: --tag $(BASE_IMAGE) \ deployment/docker/base -docker-scan: package-base - docker scan --severity=medium --accept-license $(BASE_IMAGE) || (echo "❌ The build has been terminated because critical vulnerabilities were found in $(BASE_IMAGE)"; exit 1) - package-builder: (docker image ls --format '{{.Repository}}:{{.Tag}}' | grep -q '$(BUILDER_IMAGE)$$') \ || docker build \