From 5834a54b4573d864ac5151081804ea61e8431587 Mon Sep 17 00:00:00 2001 From: Yajith Dayarathna Date: Thu, 19 Sep 2024 09:05:21 +1200 Subject: [PATCH] ci update (#21) * updates to kubectl-shell Dockerfile * cleanup * cleanup task names * docker scout action * updating workflow --- .github/workflows/base.yaml | 12 ++- .github/workflows/dev.workflow.yaml | 50 ----------- .github/workflows/kubectl-shell.yaml | 86 +++++++++++++++++++ .github/workflows/prod.workflow.yaml | 34 -------- {kube-shell => kubectl-shell}/Dockerfile | 11 ++- .../build-and-push.sh | 0 6 files changed, 99 insertions(+), 94 deletions(-) delete mode 100644 .github/workflows/dev.workflow.yaml create mode 100644 .github/workflows/kubectl-shell.yaml delete mode 100644 .github/workflows/prod.workflow.yaml rename {kube-shell => kubectl-shell}/Dockerfile (84%) rename {kube-shell => kubectl-shell}/build-and-push.sh (100%) diff --git a/.github/workflows/base.yaml b/.github/workflows/base.yaml index 8192598..6252639 100644 --- a/.github/workflows/base.yaml +++ b/.github/workflows/base.yaml @@ -1,12 +1,16 @@ name: "base" on: + workflow_dispatch: schedule: - cron: "0 0 * * *" # 00:00 UTC Everyday - workflow_dispatch: + +env: + DOCKER_HUB_REPO: portainer/base + IMAGE_TAG: latest jobs: - base-ci: + build_images: runs-on: ubuntu-latest steps: - name: "[preparation] checkout" @@ -31,11 +35,11 @@ jobs: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} - - name: Build and push + - name: "build and push images" uses: docker/build-push-action@v6.7.0 with: context: base/ - tags: portainer/base:latest + tags: ${{ env.DOCKER_HUB_REPO }}:${{ env.IMAGE_TAG }} platforms: | linux/amd64 linux/arm64 diff --git a/.github/workflows/dev.workflow.yaml b/.github/workflows/dev.workflow.yaml deleted file mode 100644 index 27ae633..0000000 --- a/.github/workflows/dev.workflow.yaml +++ /dev/null @@ -1,50 +0,0 @@ -name: Build kubectl docker image to Portainer CI - -on: - push: - branches: - - develop - paths: - - 'kube-shell/**' - pull_request: - branches: - - develop - paths: - - 'kube-shell/**' - -env: - GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }} -jobs: - build: - runs-on: ubuntu-latest - environment: - name: staging - steps: - - name: checkout code - uses: actions/checkout@v2 - # https://github.com/docker/setup-qemu-action - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - # https://github.com/docker/setup-buildx-action - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: login to docker hub - run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin - - - name: build the image to portainer ci with PR number - if: ${{ github.event.pull_request.number != '' }} - run: | - # make the script executeable - chmod +x "${GITHUB_WORKSPACE}/kube-shell/build-and-push.sh" - - # run the script - "${GITHUB_WORKSPACE}/kube-shell/build-and-push.sh" portainerci pr$GITHUB_PR_NUMBER - - - name: build the image to portainer ci ( Develop Latest ) - if: ${{ github.ref == 'refs/heads/develop' }} - run: | - # make the script executeable - chmod +x "${GITHUB_WORKSPACE}/kube-shell/build-and-push.sh" - - # run the script - "${GITHUB_WORKSPACE}/kube-shell/build-and-push.sh" portainerci latest diff --git a/.github/workflows/kubectl-shell.yaml b/.github/workflows/kubectl-shell.yaml new file mode 100644 index 0000000..d491c64 --- /dev/null +++ b/.github/workflows/kubectl-shell.yaml @@ -0,0 +1,86 @@ +name: "kubectl-shell" + +on: + workflow_dispatch: + push: + branches: + - develop + paths: + - 'kube-shell/**' + pull_request: + branches: + - develop + paths: + - 'kube-shell/**' + +env: + DOCKER_HUB_REPO: portainerci/kubectl-shell + GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }} + +jobs: + build_images: + runs-on: ubuntu-latest + steps: + - name: "[preparation] checkout" + uses: actions/checkout@v4.1.1 + + - name: "[preparation] set up qemu" + uses: docker/setup-qemu-action@v3.2.0 + + - name: "[preparation] set up docker context for buildx" + run: docker context create builders + + - name: "[preparation] set up docker buildx" + uses: docker/setup-buildx-action@v3.6.1 + with: + endpoint: builders + driver-opts: image=moby/buildkit:v0.16.0 + platforms: linux/amd64,linux/arm64,linux/arm,linux/ppc64le + + - name: "[preparation] docker login" + uses: docker/login-action@v3.3.0 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} + + - name: "set image tag for pull request" + run: | + echo "IMAGE_TAG=pr${{ github.event.pull_request.number }}" >> $GITHUB_ENV + if: ${{ github.event_name == 'pull_request' }} + + - name: "set image tag for develop" + run: | + echo "IMAGE_TAG=latest" >> $GITHUB_ENV + if: ${{ github.event_name == 'push' }} + + - name: "build and push images" + uses: docker/build-push-action@v6.7.0 + with: + context: kubectl-shell/ + tags: ${{ env.DOCKER_HUB_REPO }}:${{ env.IMAGE_TAG }} + build-args: | + KUBERNETES_RELEASE=v1.31.0 + ALPINE=alpine:latest + HELM_VERSION=v3.15.4 + platforms: | + linux/amd64 + linux/arm64 + linux/arm + linux/ppc64le + attests: | + type=sbom,generator=docker/scout-sbom-indexer:latest + type=provenance,mode=max + push: true + + - name: "docker scout scan" + id: docker-scout + if: ${{ github.event_name == 'pull_request' }} + uses: docker/scout-action@v1 + with: + command: cves + image: ${{ env.DOCKER_HUB_REPO }}:${{ env.IMAGE_TAG }} + to: portainer/base:latest + ignore-unchanged: true + only-severities: critical,high + write-comment: true + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/prod.workflow.yaml b/.github/workflows/prod.workflow.yaml deleted file mode 100644 index f4d09c1..0000000 --- a/.github/workflows/prod.workflow.yaml +++ /dev/null @@ -1,34 +0,0 @@ -name: Build kubectl docker image to Portainer - -on: - workflow_dispatch: - # push: - # branches: - # - master - # paths: - # - 'kube-shell/**' - -jobs: - release: - runs-on: ubuntu-latest - environment: - name: production - steps: - - name: checkout code - uses: actions/checkout@v2 - # https://github.com/docker/setup-qemu-action - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - # https://github.com/docker/setup-buildx-action - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: login to docker hub - run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin - - - name: build the image to portainer release ( Master Latest ) - run: | - # make the script executeable - chmod +x "${GITHUB_WORKSPACE}/kube-shell/build-and-push.sh" - - # run the script - "${GITHUB_WORKSPACE}/kube-shell/build-and-push.sh" portainer latest diff --git a/kube-shell/Dockerfile b/kubectl-shell/Dockerfile similarity index 84% rename from kube-shell/Dockerfile rename to kubectl-shell/Dockerfile index 004c057..0e6bb0c 100644 --- a/kube-shell/Dockerfile +++ b/kubectl-shell/Dockerfile @@ -1,21 +1,20 @@ ARG ALPINE=alpine:latest -FROM ${ALPINE} as alpine -ARG ARCH - +FROM ${ALPINE} AS alpine +ARG TARGETARCH ARG KUBECTL_VERSION=v1.31.0 ARG HELM_VERSION=v3.15.4 RUN apk add -U --no-cache bash bash-completion curl jq # Kubectl CLI -RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl && \ +RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl && \ chmod +x ./kubectl && \ mv ./kubectl /usr/local/bin/kubectl && \ echo -e 'source /usr/share/bash-completion/bash_completion\nsource <(kubectl completion bash)' >>~/.bashrc # Helm -RUN curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz | tar xvzf - && \ - mv ./linux-${ARCH}/helm . && \ +RUN curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz | tar xvzf - && \ + mv ./linux-${TARGETARCH}/helm . && \ chmod +x ./helm && \ mv ./helm /usr/local/bin/helm diff --git a/kube-shell/build-and-push.sh b/kubectl-shell/build-and-push.sh similarity index 100% rename from kube-shell/build-and-push.sh rename to kubectl-shell/build-and-push.sh