From 9542972b7b87f70f145b070a7e97c8757bc575a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Daniel=20Fad=C3=B3n?= Date: Thu, 25 Apr 2024 17:55:43 -0300 Subject: [PATCH 1/2] Multi-arch build --- .github/workflows/cd.yml | 95 --------------------------------- .github/workflows/ci.yml | 91 -------------------------------- .github/workflows/docker.yml | 96 ++++++++++++++++++++++++++++++++++ .github/workflows/test.yml | 51 ++++++++++++++++++ .github/workflows/unstable.yml | 26 ++++++--- 5 files changed, 167 insertions(+), 192 deletions(-) delete mode 100644 .github/workflows/cd.yml delete mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/docker.yml create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml deleted file mode 100644 index 4559e8f5..00000000 --- a/.github/workflows/cd.yml +++ /dev/null @@ -1,95 +0,0 @@ -name: cd -on: - push: - branches: - - master - -permissions: - contents: read - id-token: write - -jobs: - build-test-deploy: - name: Build, run tests and Deploy to S3 - runs-on: ubuntu-latest - services: - redis: - image: redis - ports: - - 6379:6379 - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Setup Go - uses: actions/setup-go@v4 - with: - go-version: '^1.13.1' - - - name: Get version - run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV - - - name: Run test - run: make test_coverage - - - name: Create build folder - run: mkdir -p build - - - name: Execute build - run: make release_assets - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: arn:aws:iam::825951051969:role/gha-downloads-role - aws-region: us-east-1 - - - name: Deploy to S3 - run: aws s3 sync $SOURCE_DIR s3://$BUCKET - env: - BUCKET: downloads.split.io - SOURCE_DIR: ./build - - - name: SonarQube Scan (Push) - uses: SonarSource/sonarcloud-github-action@v1.9 - env: - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - with: - projectBaseDir: . - args: > - -Dsonar.host.url=${{ secrets.SONARQUBE_HOST }} - -Dsonar.projectVersion=${{ env.VERSION }} - - push-docker-image: - name: Build and Push Docker Image - runs-on: ubuntu-latest - strategy: - matrix: - app: [synchronizer, proxy] - fips_mode: [enabled, disabled] - steps: - - name: Login to Artifactory - uses: docker/login-action@v2 - with: - registry: splitio-docker.jfrog.io - username: ${{ secrets.ARTIFACTORY_DOCKER_USER }} - password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }} - - - name: Checkout code - uses: actions/checkout@v4 - - - name: Get version - run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV - - - name: Docker Build and Push - uses: docker/build-push-action@v4 - with: - context: . - file: docker/Dockerfile.${{ matrix.app }} - push: true - tags: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }} - build-args: | - FIPS_MODE=${{ matrix.fips_mode }} - diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index cf59704f..00000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,91 +0,0 @@ -name: ci -on: - pull_request: - branches-ignore: - - none - -jobs: - build-and-test: - name: Build and run tests - runs-on: ubuntu-latest - services: - redis: - image: redis - ports: - - 6379:6379 - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Setup Go - uses: actions/setup-go@v4 - with: - go-version: '^1.13.1' - - - name: Get version - run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV - - - name: Run test - run: make test_coverage - - - name: Create build folder - run: mkdir -p build - - - name: Build assets - run: make release_assets - - - name: SonarQube Scan (Pull Request) - uses: SonarSource/sonarcloud-github-action@v1.9 - env: - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - with: - projectBaseDir: . - args: > - -Dsonar.host.url=${{ secrets.SONARQUBE_HOST }} - -Dsonar.projectVersion=${{ env.VERSION }} - -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} - -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }} - -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }} - - build-docker-image: - name: Build Docker Image - runs-on: ubuntu-latest - strategy: - matrix: - app: [synchronizer, proxy] - fips_mode: [enabled, disabled] - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Docker Build and Push - uses: docker/build-push-action@v5 - with: - context: . - file: docker/Dockerfile.${{ matrix.app }} - push: false - tags: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }}:latest - build-args: | - FIPS_MODE=${{ matrix.fips_mode }} - - - name: Scan container using Lacework - uses: lacework/lw-scanner-action@v1.4.0 - with: - LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }} - LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }} - IMAGE_NAME: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }} - IMAGE_TAG: latest - SAVE_RESULTS_IN_LACEWORK: true - SAVE_BUILD_REPORT: true - BUILD_REPORT_FILE_NAME: split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }}.html - - - name: Save vulnerability report - if: always() - uses: actions/upload-artifact@v4 - with: - name: vulnerability_report_${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }} - path: split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }}.html - retention-days: 7 - overwrite: true diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 00000000..7c772526 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,96 @@ +name: docker + +on: + push: + branches: + - master + pull_request: + branches: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.run_number || github.event.pull_request.number }} + cancel-in-progress: true + +jobs: + docker: + name: Build Docker image + runs-on: ubuntu-latest + strategy: + matrix: + app: + - synchronizer + - proxy + fips_mode: + - enabled + - disabled + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: amd64,arm64 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Artifactory + if: ${{ github.event_name == 'push' }} + uses: docker/login-action@v3 + with: + registry: splitio-docker.jfrog.io + username: ${{ secrets.ARTIFACTORY_DOCKER_USER }} + password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }} + + - name: Get version + run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV + + - name: Docker Build and Push + uses: docker/build-push-action@v5 + with: + context: . + file: docker/Dockerfile.${{ matrix.app }} + push: ${{ github.event_name == 'push' }} + tags: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }},splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }}:latest + build-args: | + FIPS_MODE=${{ matrix.fips_mode }} + + lacework: + name: Scan Docker image + if: ${{ github.event_name == 'pull_request' }} + runs-on: ubuntu-latest + strategy: + matrix: + app: + - synchronizer + - proxy + fips_mode: + - enabled + - disabled + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Get version + run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV + + - name: Docker Build and Push + uses: docker/build-push-action@v5 + with: + context: . + file: docker/Dockerfile.${{ matrix.app }} + push: false + tags: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }} + build-args: | + FIPS_MODE=${{ matrix.fips_mode }} + + - name: Scan container using Lacework + uses: lacework/lw-scanner-action@v1.4.1 + with: + LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }} + LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }} + IMAGE_NAME: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}} + IMAGE_TAG: ${{ env.VERSION }} + SAVE_RESULTS_IN_LACEWORK: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..4978563c --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,51 @@ +name: test + +on: + pull_request: + branches-ignore: + - none + +jobs: + build-and-test: + name: Build and run tests + runs-on: ubuntu-latest + services: + redis: + image: redis + ports: + - 6379:6379 + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: '^1.13.1' + + - name: Get version + run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV + + - name: Run test + run: make test_coverage + + - name: Create build folder + run: mkdir -p build + + - name: Build assets + run: make release_assets + + - name: SonarQube Scan (Pull Request) + uses: SonarSource/sonarcloud-github-action@v2 + env: + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + with: + projectBaseDir: . + args: > + -Dsonar.host.url=${{ secrets.SONARQUBE_HOST }} + -Dsonar.projectVersion=${{ env.VERSION }} + -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} + -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }} + -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }} diff --git a/.github/workflows/unstable.yml b/.github/workflows/unstable.yml index e2f943c8..95f29555 100644 --- a/.github/workflows/unstable.yml +++ b/.github/workflows/unstable.yml @@ -1,4 +1,5 @@ name: unstable + on: push: branches-ignore: @@ -10,19 +11,31 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - app: [synchronizer, proxy] - fips_mode: [enabled, disabled] + app: + - synchronizer + - proxy + fips_mode: + - enabled + - disabled steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: amd64,arm64 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Artifactory - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: splitio-docker-dev.jfrog.io username: ${{ secrets.ARTIFACTORY_DOCKER_USER }} password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }} - - name: Checkout code - uses: actions/checkout@v4 - - name: Get short hash run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV @@ -32,6 +45,7 @@ jobs: context: . file: docker/Dockerfile.${{ matrix.app }} push: true + platforms: linux/amd64,linux/arm64 tags: splitio-docker-dev.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }}:${{ env.SHORT_SHA }} build-args: | FIPS_MODE=${{ matrix.fips_mode }} From 8db45e9028286e1f142c834f1bccc6ae41f701a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Daniel=20Fad=C3=B3n?= Date: Thu, 25 Apr 2024 18:01:48 -0300 Subject: [PATCH 2/2] Multi-arch build --- .github/workflows/docker.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 7c772526..aa2edcdb 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -53,6 +53,7 @@ jobs: context: . file: docker/Dockerfile.${{ matrix.app }} push: ${{ github.event_name == 'push' }} + platforms: linux/amd64,linux/arm64 tags: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }},splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }}:latest build-args: | FIPS_MODE=${{ matrix.fips_mode }}