Skip to content
Go

Bump docker/build-push-action from 5 to 6 #211

Sign in to view logs

Bump docker/build-push-action from 5 to 6

Bump docker/build-push-action from 5 to 6 #211

Workflow file for this run

.github/workflows/build.yaml at 016dd9c
name: Go
on: [push, pull_request]
permissions:
contents: read
pull-requests: read
checks: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run ShellCheck on GHA config
uses: saleor/shellcheck-gha@v0
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Verify
run: go mod verify
- name: Build
run: go build ./...
- name: Test
run: go test ./...
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
with:
version: latest
install-mode: binary
- name: Prepare manifests for linting
run: |
go build -C deploy .
mkdir manifests
./deploy/deploy --k8s-flavor vanilla my-images > manifests/vanilla.yaml
./deploy/deploy --k8s-flavor ocp my-images > manifests/ocp.yaml
./deploy/deploy --k8s-flavor vanilla --secret my-secret my-images > manifests/vanilla-with-secret.yaml
./deploy/deploy --k8s-flavor ocp --secret my-secret my-images > manifests/ocp-with-secret.yaml
./deploy/deploy --k8s-flavor vanilla --collect-metrics my-images > manifests/vanilla-metrics.yaml
./deploy/deploy --k8s-flavor ocp --collect-metrics my-images > manifests/ocp-metrics.yaml
./deploy/deploy --k8s-flavor vanilla --secret my-secret --collect-metrics my-images > manifests/vanilla-with-secret-metrics.yaml
./deploy/deploy --k8s-flavor ocp --secret my-secret --collect-metrics my-images > manifests/ocp-with-secret-metrics.yaml
- name: kubeconform
run: |
make -C deploy kubeconform MANIFESTS="$(pwd)/manifests"
- name: kube-linter
uses: stackrox/[email protected]
with:
directory: manifests
- name: Build binary
run: make -j2 binary-all
- name: Login to Quay
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
- name: Prepare manifest OCI metadata for amd64
id: meta-amd64
uses: docker/metadata-action@v5
with:
images: "quay.io/stackrox-io/image-prefetcher"
# generate Docker tags based on the following events/attributes
# See https://github.com/docker/metadata-action
tags: |
type=ref,event=branch,prefix=branch-,suffix=-amd64
type=semver,pattern=v{{major}}.{{minor}}.{{patch}},suffix=-amd64
type=semver,pattern=v{{major}}.{{minor}},suffix=-amd64
type=semver,pattern=v{{major}},suffix=-amd64
type=sha,suffix=-amd64
- name: Build and push OCI amd64 image
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v6
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta-amd64.outputs.tags }}
labels: ${{ steps.meta-amd64.outputs.labels }}
platforms: linux/amd64
build-args: |
ARCH=amd64
- name: Prepare manifest OCI metadata for arm64
id: meta-arm64
uses: docker/metadata-action@v5
with:
images: "quay.io/stackrox-io/image-prefetcher"
# generate Docker tags based on the following events/attributes
# See https://github.com/docker/metadata-action
tags: |
type=ref,event=branch,prefix=branch-,suffix=-arm64
type=semver,pattern=v{{major}}.{{minor}}.{{patch}},suffix=-arm64
type=semver,pattern=v{{major}}.{{minor}},suffix=-arm64
type=semver,pattern=v{{major}},suffix=-arm64
type=sha,suffix=-arm64
- name: Build and push OCI arm64 image
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v6
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta-arm64.outputs.tags }}
labels: ${{ steps.meta-arm64.outputs.labels }}
platforms: linux/arm64
build-args: |
ARCH=arm64
- name: Prepare manifest OCI metadata for ppc64le
id: meta-ppc64le
uses: docker/metadata-action@v5
with:
images: "quay.io/stackrox-io/image-prefetcher"
# generate Docker tags based on the following events/attributes
# See https://github.com/docker/metadata-action
tags: |
type=ref,event=branch,prefix=branch-,suffix=-ppc64le
type=semver,pattern=v{{major}}.{{minor}}.{{patch}},suffix=-ppc64le
type=semver,pattern=v{{major}}.{{minor}},suffix=-ppc64le
type=semver,pattern=v{{major}},suffix=-ppc64le
type=sha,suffix=-ppc64le
- name: Build and push OCI ppc64le image
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v6
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta-ppc64le.outputs.tags }}
labels: ${{ steps.meta-ppc64le.outputs.labels }}
platforms: linux/ppc64le
build-args: |
ARCH=ppc64le
- name: Prepare manifest OCI metadata for s390x
id: meta-s390x
uses: docker/metadata-action@v5
with:
images: "quay.io/stackrox-io/image-prefetcher"
# generate Docker tags based on the following events/attributes
# See https://github.com/docker/metadata-action
tags: |
type=ref,event=branch,prefix=branch-,suffix=-s390x
type=semver,pattern=v{{major}}.{{minor}}.{{patch}},suffix=-s390x
type=semver,pattern=v{{major}}.{{minor}},suffix=-s390x
type=semver,pattern=v{{major}},suffix=-s390x
type=sha,suffix=-s390x
- name: Build and push OCI s390x image
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v6
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta-s390x.outputs.tags }}
labels: ${{ steps.meta-s390x.outputs.labels }}
platforms: linux/s390x
build-args: |
ARCH=s390x
- name: Prepare manifest OCI metadata
id: meta
uses: docker/metadata-action@v5
with:
images: "quay.io/stackrox-io/image-prefetcher"
# generate Docker tags based on the following events/attributes
# See https://github.com/docker/metadata-action
tags: |
type=ref,event=branch,prefix=branch-
type=semver,pattern=v{{major}}.{{minor}}.{{patch}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}
type=sha
- name: Create and push multi-arch manifest
if: github.event_name != 'pull_request'
env:
IMAGE_TAGS: ${{ steps.meta.outputs.tags }}
run: |
for tag in ${IMAGE_TAGS};
do
docker manifest create "${tag}" \
--amend "${tag}-amd64" \
--amend "${tag}-arm64" \
--amend "${tag}-ppc64le" \
--amend "${tag}-s390x"
docker manifest push "${tag}"
done
e2e:
if: github.event_name != 'pull_request'
needs: build
runs-on: ubuntu-latest
env:
CLUSTER_NAME: img-prefetch-${{ github.run_id }}
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
NS: prefetch
NAME: basic
steps:
- uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Authenticate against GCP
uses: "google-github-actions/auth@v2"
with:
credentials_json: "${{ secrets.GCP_IMAGE_PREFETCHER_CI_SA }}"
- name: Install GKE auth plugin
uses: "google-github-actions/setup-gcloud@v2"
with:
install_components: "gke-gcloud-auth-plugin"
- name: Install infractl
uses: stackrox/actions/infra/install-infractl@main
- name: Create GKE cluster
uses: stackrox/actions/infra/[email protected]
with:
token: ${{ secrets.INFRA_TOKEN }}
flavor: gke-default
name: img-prefetch-${{ github.run_id }}
lifespan: 1h
args: nodes=2
wait: "true"
no-slack: "true"
- name: Setup environment from cluster artifacts
env:
ARTIFACTS_DIR: ${{ runner.temp }}/gke-artifacts
run: |
# Fetch the artifacts for the GKE cluster.
infractl artifacts --download-dir="${ARTIFACTS_DIR}" "${CLUSTER_NAME}" >/dev/null
# Set both URL and admin password.
KUBECONFIG="${ARTIFACTS_DIR}/kubeconfig"
echo "KUBECONFIG=$KUBECONFIG" >> "$GITHUB_ENV"
- name: Build the deploy tool
run: go build -C deploy .
- name: Deploy prefetcher
run: |
set -e
echo busybox:latest >> images.txt
echo debian:sid >> images.txt
kubectl create --dry-run=client -o yaml --namespace="$NS" configmap "${NAME}" --from-file="images.txt=images.txt" > manifest.yaml
echo --- >> manifest.yaml
./deploy/deploy \
--version="sha-$(git rev-parse --short HEAD)" \
--k8s-flavor=vanilla \
--collect-metrics \
"${NAME}" >> manifest.yaml
kubectl create namespace "$NS"
kubectl apply -n "$NS" -f manifest.yaml
- name: Wait for prefetcher to finish
run: |
set -e
info() { echo "$@"; }
die() { info "$@"; exit 1; }
attempt=0
service="service/${NAME}-metrics"
while [[ -z $(kubectl -n "${NS}" get "${service}" -o jsonpath="{.status.loadBalancer.ingress}" 2>/dev/null) ]]; do
if [ "$attempt" -lt "10" ]; then
info "Waiting for ${service} to obtain endpoint ..."
attempt=$((attempt+1))
sleep 10
else
die "ERROR: Timeout waiting for ${service} to obtain endpoint!"
fi
done
endpoint="$(kubectl -n "${NS}" get "${service}" -o json | jq -r '.status.loadBalancer.ingress[] | .ip')"
curl --silent --show-error --fail --retry 3 --retry-connrefused "http://${endpoint}:8080/metrics" > metrics.json
- name: Dump metrics
run: jq . metrics.json
- name: Dump debug info
if: always()
run: |
kubectl -n "$NS" get -o yaml daemonsets,deployments,pods,replicasets,services,roles,rolebindings
kubectl -n "$NS" get events
kubectl -n "$NS" logs -l app=basic-metrics --all-containers=true --ignore-errors=true --tail=-1
kubectl -n "$NS" logs -l app=basic-metrics --all-containers=true --ignore-errors=true --tail=-1 --previous=true
kubectl -n "$NS" logs -l app=basic --all-containers=true --ignore-errors=true --tail=-1
kubectl -n "$NS" logs -l app=basic --all-containers=true --ignore-errors=true --tail=-1 --previous=true
- name: Teardown cluster
if: always()
env:
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
run: |
infractl delete "${CLUSTER_NAME}" || echo "Failed to remove the infra cluster"