From 46bfb2095a4155169d1a256f13228329a62ce227 Mon Sep 17 00:00:00 2001
From: Mateusz Nowakowski <mateusz.nowakowski@gmail.com>
Date: Tue, 5 Nov 2024 16:55:52 +0100
Subject: [PATCH] fix: allow to run CD also as workflow_dispatch, increase
 image push retry as quay.io throttles calls

---
 .github/workflows/cd.yaml                 |  3 +--
 .github/workflows/ci.yaml                 |  8 ++++----
 .github/workflows/gcp.yaml                |  2 +-
 .github/workflows/images-wo-checkout.yaml |  6 +++---
 k8s/images/gh-images/cd/Dockerfile        | 10 ++++++----
 5 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
index acf4395..f4e970b 100644
--- a/.github/workflows/cd.yaml
+++ b/.github/workflows/cd.yaml
@@ -50,8 +50,7 @@ env:
 jobs:
   sources:
     name: Checkout
-
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }}
     runs-on: ${{ inputs.runner || 'ubuntu-24.04' }}
     timeout-minutes: 5
     container:
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index d45cbf4..c40648f 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -138,7 +138,7 @@ jobs:
       run: |
         mkdir -p /kaniko/.docker
         echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"username\":\"${{ env.REGISTRY_USER }}\",\"password\":\"${{ env.REGISTRY_PASSWORD }}\"}}}" > /kaniko/.docker/config.json
-        /kaniko/executor -f ./Dockerfile -c "$(pwd)" --insecure --ignore-path=/var/mail --ignore-path=/var/spool/mail --push-retry 2 --skip-tls-verify --cache=false \
+        /kaniko/executor -f ./Dockerfile -c "$(pwd)" --insecure --ignore-path=/var/mail --ignore-path=/var/spool/mail --push-retry 5 --skip-tls-verify --cache=false \
           --use-new-run --snapshot-mode=redo \
           --build-arg JAR_FILE=target/*.jar \
           --destination="${{ env.REGISTRY }}/matihost/mq/basic-client:${{ env.IMAGE_TAG }}"
@@ -167,7 +167,7 @@ jobs:
         mkdir -p /kaniko/.docker
         echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"username\":\"${{ env.REGISTRY_USER }}\",\"password\":\"${{ env.REGISTRY_PASSWORD }}\"}}}" > /kaniko/.docker/config.json
         echo "Building Java commandline image"
-        /kaniko/executor -f ./Dockerfile -c "$(pwd)" --insecure --ignore-path=/var/mail --ignore-path=/var/spool/mail --push-retry 2 --skip-tls-verify --cache=false \
+        /kaniko/executor -f ./Dockerfile -c "$(pwd)" --insecure --ignore-path=/var/mail --ignore-path=/var/spool/mail --push-retry 5 --skip-tls-verify --cache=false \
           --use-new-run --snapshot-mode=redo \
           --build-arg JAR_FILE=target/*.jar \
           --destination="${{ env.REGISTRY }}/matihost/commandline:${{ env.IMAGE_TAG }}"
@@ -356,7 +356,7 @@ jobs:
       run: |
         mkdir -p /kaniko/.docker
         echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"username\":\"${{ env.REGISTRY_USER }}\",\"password\":\"${{ env.REGISTRY_PASSWORD }}\"}}}" > /kaniko/.docker/config.json
-        /kaniko/executor -f ./Dockerfile -c "$(pwd)" --insecure  --push-retry 2 - --skip-tls-verify --cache=true --ignore-path=/var/mail --ignore-path=/var/spool/mail \
+        /kaniko/executor -f ./Dockerfile -c "$(pwd)" --insecure  --push-retry 5 - --skip-tls-verify --cache=true --ignore-path=/var/mail --ignore-path=/var/spool/mail \
           --destination="${{ env.REGISTRY }}/matihost/ansible:${{ env.IMAGE_TAG }}"
   image-build-ghcr:
     needs: sources
@@ -385,4 +385,4 @@ jobs:
           -f ./Dockerfile \
           --destination="ghcr.io/${{ github.repository }}/ansible:${{ env.IMAGE_TAG }}" \
           --insecure --skip-tls-verify --cache=true --ignore-path=/var/mail --ignore-path=/var/spool/mail \
-          --push-retry 2
+          --push-retry 5
diff --git a/.github/workflows/gcp.yaml b/.github/workflows/gcp.yaml
index 5729bbe..bf2a8e2 100644
--- a/.github/workflows/gcp.yaml
+++ b/.github/workflows/gcp.yaml
@@ -93,7 +93,7 @@ jobs:
     - name: Build
       working-directory: k8s/images/ansible
       run: |-
-        /kaniko/executor -f ./Dockerfile -c "$(pwd)" --insecure  --push-retry 2 - --skip-tls-verify --cache=true --ignore-path=/var/mail --ignore-path=/var/spool/mail \
+        /kaniko/executor -f ./Dockerfile -c "$(pwd)" --insecure  --push-retry 5 - --skip-tls-verify --cache=true --ignore-path=/var/mail --ignore-path=/var/spool/mail \
           --destination="${GAR_LOCATION}-docker.pkg.dev/${GCP_PROJECT}/${GAR_REPOSITORY}/ansible:${{ env.IMAGE_TAG }}"
     - name: Set up GKE credentials
       uses: google-github-actions/get-gke-credentials@v2
diff --git a/.github/workflows/images-wo-checkout.yaml b/.github/workflows/images-wo-checkout.yaml
index 6e8ed9c..dc51ced 100644
--- a/.github/workflows/images-wo-checkout.yaml
+++ b/.github/workflows/images-wo-checkout.yaml
@@ -52,7 +52,7 @@ jobs:
           -f ./k8s/images/ansible/Dockerfile \
           --destination="gcr.io/${{ env.GCP_PROJECT }}/ansible:${{ env.IMAGE_TAG }}" \
           --insecure --skip-tls-verify --cache=true --ignore-path=/var/mail --ignore-path=/var/spool/mail \
-          --push-retry 2 --image-name-with-digest-file /workspace/image-digest.txt
+          --push-retry 5 --image-name-with-digest-file /workspace/image-digest.txt
 
   image-build-generic-registry:
     runs-on: ${{ inputs.runner || 'ubuntu-24.04' }}
@@ -76,7 +76,7 @@ jobs:
           -f ./k8s/images/ansible/Dockerfile \
           --destination="${{ env.REGISTRY }}/matihost/ansible:${{ env.IMAGE_TAG }}" \
           --insecure --skip-tls-verify --cache=true --ignore-path=/var/mail --ignore-path=/var/spool/mail \
-          --push-retry 2 --image-name-with-digest-file /workspace/image-digest.txt
+          --push-retry 5 --image-name-with-digest-file /workspace/image-digest.txt
 
   # kaniko does not allow to build second image - hence it has to run as separated job
   # https://github.com/GoogleContainerTools/kaniko/issues/1118
@@ -101,4 +101,4 @@ jobs:
           -f ./k8s/images/ansible/Dockerfile \
           --destination="ghcr.io/${{ github.repository }}/ansible:${{ env.IMAGE_TAG }}" \
           --insecure --skip-tls-verify --cache=true --ignore-path=/var/mail --ignore-path=/var/spool/mail \
-          --push-retry 2 --image-name-with-digest-file /workspace/image-digest.txt
+          --push-retry 5 --image-name-with-digest-file /workspace/image-digest.txt
diff --git a/k8s/images/gh-images/cd/Dockerfile b/k8s/images/gh-images/cd/Dockerfile
index 14b910a..8c135c0 100644
--- a/k8s/images/gh-images/cd/Dockerfile
+++ b/k8s/images/gh-images/cd/Dockerfile
@@ -1,11 +1,13 @@
 # syntax=docker/dockerfile:1
 FROM ubuntu:24.04
-RUN apt -y update && apt -y install make binutils curl wget lsb-release gnupg apt-transport-https ca-certificates jq \
+RUN apt -y update && apt -y install make binutils curl wget lsb-release gnupg apt-transport-https ca-certificates jq unzip \
   && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - \
   && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list \
-  && apt -y update && apt -y install google-cloud-cli kubectl google-cloud-cli-kubectl-oidc google-cloud-cli-gke-gcloud-auth-plugin
-RUN curl -sL https://api.github.com/repos/opentofu/opentofu/releases/latest | jq -r ".assets[] | select(.name | test(\"amd64.deb\")) | .browser_download_url" | xargs curl -s -L -o "/tmp/tofu.deb" \
+  && apt -y update && apt -y install google-cloud-cli kubectl google-cloud-cli-kubectl-oidc google-cloud-cli-gke-gcloud-auth-plugin \
+  && curl -sL https://api.github.com/repos/opentofu/opentofu/releases/latest | jq -r ".assets[] | select(.name | test(\"amd64.deb\")) | .browser_download_url" | xargs curl -s -L -o "/tmp/tofu.deb" \
   && apt -y install /tmp/tofu.deb && rm -rf /tmp/tofu.deb  \
   && curl -sL https://api.github.com/repos/gruntwork-io/terragrunt/releases/latest | jq -r ".assets[] | select(.name | test(\"linux_amd64\")) | .browser_download_url" | xargs curl -s -L -o "/usr/local/bin/terragrunt" \
   && chmod a+x /usr/local/bin/terragrunt \
-  && rm -rf /var/lib/apt/lists/*
+  && rm -rf /var/lib/apt/lists/* \
+  && cd $(mktemp -d) && curl -sSLO "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" && unzip awscli-exe-linux-x86_64.zip && aws/install --update \
+  && cd .. && rm -rf /tmp/tmp.*