-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #48 from equinor/set-arm64-platform
set-arm64-platform
- Loading branch information
Showing
22 changed files
with
404 additions
and
284 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,50 +1,159 @@ | ||
name: radix-cluster-cleanup-build | ||
name: Build & push | ||
on: | ||
push: | ||
branches: | ||
- master | ||
- release | ||
- master | ||
- release | ||
workflow_dispatch: | ||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
jobs: | ||
get-target-configs: | ||
name: Get target configs for branch | ||
outputs: | ||
target_configs: ${{ steps.get-target-configs.outputs.target_configs }} | ||
runs-on: ubuntu-20.04 | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Get target configs | ||
id: get-target-configs | ||
run: | | ||
configs=$(ls $GITHUB_WORKSPACE/.github/workflows/config/${GITHUB_REF_NAME} | jq -Rsc '. / "\n" - [""]') | ||
echo ::set-output name=target_configs::${configs} | ||
build-push-acr: | ||
name: Build & push | ||
build-deploy: | ||
runs-on: ubuntu-20.04 | ||
needs: | ||
- get-target-configs | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
config: ${{ fromJson(needs.get-target-configs.outputs.target_configs) }} | ||
matrix: | ||
target: | ||
- name: "dev" | ||
ref: "refs/heads/master" | ||
acr-name: "radixdev" | ||
client-id: "bc7934db-95bc-40b0-b9b8-c0944b0f6937" | ||
subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" | ||
|
||
- name: "playground" | ||
ref: "refs/heads/release" | ||
acr-name: "radixdev" | ||
client-id: "bc7934db-95bc-40b0-b9b8-c0944b0f6937" | ||
subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" | ||
|
||
- name: "platform" | ||
ref: "refs/heads/release" | ||
acr-name: "radixprod" | ||
client-id: "4ac3be6d-c4df-46be-ba6c-55d490a024f5" | ||
subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" | ||
|
||
- name: "c2" | ||
ref: "refs/heads/release" | ||
acr-name: "radixc2prod" | ||
client-id: "4ac3be6d-c4df-46be-ba6c-55d490a024f5" | ||
subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Persist environment from ${{ matrix.config }} across steps | ||
if: matrix.target.ref == github.ref | ||
|
||
- uses: azure/login@v2 | ||
if: matrix.target.ref == github.ref | ||
with: | ||
client-id: ${{matrix.target.client-id}} | ||
tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" | ||
subscription-id: ${{matrix.target.subscription-id}} | ||
|
||
- name: Get GitHub Public IP | ||
if: matrix.target.ref == github.ref | ||
id: github_public_ip | ||
run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT | ||
|
||
- name: Add GitHub IP to ACR | ||
if: matrix.target.ref == github.ref | ||
id: update_firewall | ||
run: az acr network-rule add | ||
--name ${{matrix.target.acr-name}} | ||
--subscription ${{matrix.target.subscription-id}} | ||
--ip-address ${{ steps.github_public_ip.outputs.ipv4 }} | ||
|
||
- name: Wait for 2 minutes while the network rule to take effect | ||
if: matrix.target.ref == github.ref | ||
run: | | ||
sleep 120 | ||
- name: Wait for Specific IP in ACR Network Rules | ||
if: matrix.target.ref == github.ref | ||
run: | | ||
env_vars_from_cfg=`env -i GITHUB_WORKSPACE=$GITHUB_WORKSPACE /bin/bash -c "set -a && source $GITHUB_WORKSPACE/.github/workflows/config/${GITHUB_REF_NAME}/${{ matrix.config }} && printenv"` | ||
for env_var in $env_vars_from_cfg | ||
do | ||
echo $env_var >> $GITHUB_ENV | ||
MAX_ATTEMPTS=10 | ||
ATTEMPT=0 | ||
TARGET_IP="${{ steps.github_public_ip.outputs.ipv4 }}" | ||
echo "Waiting for IP $TARGET_IP to be allowed in ACR network rules..." | ||
while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do | ||
NETWORK_RULES=$(az acr network-rule list --name ${{matrix.target.acr-name}} --subscription ${{ matrix.target.subscription-id }} --query "ipRules[]|[?contains(ipAddressOrRange, '$TARGET_IP')]" --output tsv) | ||
if [ -n "$NETWORK_RULES" ]; then | ||
echo "IP $TARGET_IP is allowed." | ||
break | ||
fi | ||
echo "Attempt $((ATTEMPT+1)) of $MAX_ATTEMPTS. Retrying in 10 seconds..." | ||
ATTEMPT=$((ATTEMPT+1)) | ||
sleep 10 | ||
done | ||
if [ $ATTEMPT -eq $MAX_ATTEMPTS ]; then | ||
echo "IP $TARGET_IP was not allowed after $MAX_ATTEMPTS attempts. Exiting." | ||
exit 1 | ||
fi | ||
- uses: azure/login@v1 | ||
- name: Get ACR Login Server | ||
if: matrix.target.ref == github.ref | ||
id: get-acr-login-server | ||
run: | | ||
echo "login_server=$(az acr show --name ${{ matrix.target.acr-name }} --query loginServer --output tsv)" >> $GITHUB_OUTPUT | ||
- name: Get ACR Access Token | ||
if: matrix.target.ref == github.ref | ||
id: get-acr-token | ||
run: | | ||
echo "Getting ACR access token" | ||
access_token=$(az acr login --name ${{ matrix.target.acr-name }} --expose-token --output tsv --query accessToken) | ||
echo "::add-mask::$access_token" | ||
echo "access_token=$access_token" >> $GITHUB_OUTPUT | ||
- name: Log in to ACR | ||
if: matrix.target.ref == github.ref | ||
uses: docker/login-action@v3 | ||
with: | ||
client-id: ${{ env.AZURE_CLIENT_ID }} | ||
tenant-id: ${{ env.AZURE_TENANT_ID }} | ||
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} | ||
|
||
- name: Build image | ||
registry: ${{ steps.get-acr-login-server.outputs.login_server }} | ||
username: "00000000-0000-0000-0000-000000000000" | ||
password: ${{ steps.get-acr-token.outputs.access_token }} | ||
|
||
- name: Set up Docker Buildx | ||
if: matrix.target.ref == github.ref | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Build an image name | ||
if: matrix.target.ref == github.ref | ||
id: build-image-name | ||
run: | | ||
$GITHUB_WORKSPACE/.github/workflows/scripts/build-push.sh | ||
echo "image-name=${{ matrix.target.acr-name }}.azurecr.io/radix-cluster-cleanup" >> $GITHUB_OUTPUT | ||
- name: Build an image tag | ||
if: matrix.target.ref == github.ref | ||
id: build-tag | ||
run: | | ||
sha=${GITHUB_SHA::8} | ||
ts=$(date +%s) | ||
echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT | ||
- name: Extract labels from metadata for Docker | ||
if: matrix.target.ref == github.ref | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: ${{ steps.build-image-name.outputs.image-name }} | ||
|
||
- name: Build and push Docker image | ||
if: matrix.target.ref == github.ref | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: true | ||
platforms: | | ||
linux/amd64 | ||
linux/arm64 | ||
tags: "${{ steps.build-image-name.outputs.image-name }}:${{ steps.build-tag.outputs.tag }}" | ||
labels: ${{ steps.meta.outputs.labels }} | ||
|
||
- name: Revoke GitHub IP on ACR | ||
if: ${{ matrix.target.ref == github.ref && steps.update_firewall.outcome == 'success' && !cancelled()}} # Always run this step even if previous step failed | ||
run: az acr network-rule remove | ||
--name ${{matrix.target.acr-name}} | ||
--subscription ${{matrix.target.subscription-id}} | ||
--ip-address ${{ steps.github_public_ip.outputs.ipv4 }} |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
name: radix-cluster-cleanup-pr | ||
on: | ||
pull_request: | ||
branches: | ||
- master | ||
jobs: | ||
build: | ||
name: pull-request-check | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Build and push Docker image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: false | ||
platforms: | | ||
linux/amd64 | ||
linux/arm64 | ||
test: | ||
name: Unit Test | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-go@v5 | ||
with: | ||
go-version-file: './radix-cluster-cleanup/go.mod' | ||
- name: Install dependencies | ||
run: | | ||
cd ./radix-cluster-cleanup | ||
go mod download | ||
- name: Run Tests | ||
run: | | ||
cd ./radix-cluster-cleanup | ||
go test -cover `go list ./...` | ||
lint: | ||
name: Lint | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 2 | ||
- uses: actions/setup-go@v5 | ||
with: | ||
go-version-file: './radix-cluster-cleanup/go.mod' | ||
- name: golangci-lint | ||
uses: golangci/golangci-lint-action@v6 | ||
with: | ||
version: v1.58.2 | ||
working-directory: './radix-cluster-cleanup' |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,24 @@ | ||
FROM golang:1.21-alpine3.19 as builder | ||
FROM docker.io/golang:1.22.5-alpine3.20 AS builder | ||
|
||
ENV GO111MODULE=on | ||
ENV CGO_ENABLED=0 \ | ||
GOOS=linux | ||
|
||
RUN apk update && \ | ||
apk add ca-certificates && \ | ||
apk add --no-cache gcc musl-dev | ||
|
||
WORKDIR /go/src/github.com/equinor/radix-cluster-cleanup | ||
WORKDIR /src | ||
|
||
# Install project dependencies | ||
COPY radix-cluster-cleanup/go.mod radix-cluster-cleanup/go.sum ./ | ||
COPY ./radix-cluster-cleanup/go.mod ./radix-cluster-cleanup/go.sum ./ | ||
RUN go mod download | ||
|
||
# Copy and build project code | ||
COPY ./radix-cluster-cleanup . | ||
RUN go build -ldflags="-s -w" -o /build/radix-cluster-cleanup | ||
|
||
# build | ||
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags "-s -w" -a -installsuffix cgo -o /usr/local/bin/radix-cluster-cleanup | ||
|
||
RUN addgroup -S -g 1000 radix-cluster-cleanup | ||
RUN adduser -S -u 1000 -G radix-cluster-cleanup radix-cluster-cleanup | ||
COPY ./run_cluster_cleanup.sh . | ||
|
||
# Run operator | ||
FROM alpine:3 | ||
COPY run_cluster_cleanup.sh /run_cluster_cleanup.sh | ||
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ | ||
COPY --from=builder /etc/passwd /etc/passwd | ||
COPY --from=builder /usr/local/bin/radix-cluster-cleanup /radix-cluster-cleanup | ||
USER radix-cluster-cleanup | ||
ENTRYPOINT ["/run_cluster_cleanup.sh"] | ||
# Final stage, ref https://github.com/GoogleContainerTools/distroless/blob/main/base/README.md for distroless | ||
FROM gcr.io/distroless/static | ||
WORKDIR /app | ||
COPY --from=builder /build/radix-cluster-cleanup . | ||
COPY --from=builder /src/run_cluster_cleanup.sh . | ||
USER 1000 | ||
ENTRYPOINT ["/app/run_cluster_cleanup.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
apiVersion: v1 | ||
appVersion: 1.0.11 | ||
appVersion: 1.0.12 | ||
description: A Helm chart for Kubernetes | ||
name: radix-cluster-cleanup | ||
version: 1.0.12 | ||
version: 1.0.13 |
Oops, something went wrong.