Skip to content

Commit

Permalink
Merge branch 'main' into dependabot/go_modules/go-48a4391e6d
Browse files Browse the repository at this point in the history
  • Loading branch information
Jim Ryan authored May 7, 2024
2 parents 43055a4 + 79b3e09 commit 35db36f
Show file tree
Hide file tree
Showing 17 changed files with 18,797 additions and 300 deletions.
57 changes: 57 additions & 0 deletions .github/actions/certify-openshift-image/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Certify Openshift Image
description: This action will attempt to certify an image for use in Openshift

inputs:
image:
description: The image manifest to certify in the format <registry>/<repository>:<tag>
required: true
project_id:
description: The certification project id
required: true
pyxis_token:
description: The Pyxis API Token
required: true
preflight_version:
description: The version of the preflight utility to install
required: false
default: 1.9.1
platforms:
description: A comma separated list of architectures in the image manifest to certify
required: false
default: ""

outputs:
result:
description: Did the certification succeed?
value: ${{ steps.result.outputs.result == 0 && true || false }}

runs:
using: composite
steps:
- name: Install openshift-preflight
run: |
curl -fsSL https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/${{ inputs.preflight_version }}/preflight-linux-amd64 --output preflight
chmod +x preflight
shell: bash

- name: Certify Images
id: result
run: |
result=0
if [ -z "${{ inputs.platforms }}" ]; then
# list of platforms passed
IFS=',' read -ra arch_list <<< "${{ inputs.platforms }}"
for arch in "${arch_list[@]}"; do
architecture=("${arch#*/}")
./preflight check container ${{ inputs.image }} --pyxis-api-token ${{ inputs.pyxis_token }} --certification-project-id ${{ inputs.project_id }} --platform $architecture --submit
if [ $? -ne 0 ]; then
result=1
fi
done
else
# no platforms passed, this is either a manifest or a single platform image
./preflight check container ${{ inputs.image }} --pyxis-api-token ${{ inputs.pyxis_token }} --certification-project-id ${{ inputs.project_id }} --submit
result=$?
fi
echo "result=$result" >> $GITHUB_OUTPUT
shell: bash
5 changes: 2 additions & 3 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ jobs:
source .github/data/version.txt
echo "ic_version=${IC_VERSION}" >> $GITHUB_OUTPUT
echo "chart_version=${HELM_CHART_VERSION}" >> $GITHUB_OUTPUT
echo "forked_workflow=${{ (github.event.pull_request.head.repo.full_name != github.github.event.pull_request.base.repo.full_name) || github.repository != 'nginxinc/kubernetes-ingress' }}" >> $GITHUB_OUTPUT
echo "forked_workflow=${{ (github.event.pull_request && github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) || github.repository != 'nginxinc/kubernetes-ingress' }}" >> $GITHUB_OUTPUT
publish=false
if ${{ github.event_name == 'workflow_dispatch' && inputs.publish-image }}; then
publish=true
Expand Down Expand Up @@ -371,14 +371,13 @@ jobs:
run: >
helm install
${{ matrix.type }}
.
${{ github.workspace }}/charts/nginx-ingress
--set controller.image.repository=${{ matrix.image }}
--set controller.image.tag=${{ matrix.tag }}
--set controller.service.type=NodePort
--set controller.nginxplus=${{ contains(matrix.type, 'plus') && 'true' || 'false' }}
--set controller.telemetryReporting.enable=false
--wait
working-directory: ${{ github.workspace }}/charts/nginx-ingress
- name: Expose Test Ingresses
run: |
Expand Down
84 changes: 84 additions & 0 deletions .github/workflows/patch-image.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: Patch Docker Image

on:
workflow_call:
inputs:
image:
description: The image name to patch
required: true
type: string
target_image:
description: The target name of the patched image
required: true
type: string
tag:
description: The image tag to patch
required: true
type: string
target_tag:
description: The target tag of the patched image
required: true
type: string
ic_version:
description: The IC version to label
required: true
type: string
platforms:
description: The platforms to patch
required: true
type: string

defaults:
run:
shell: bash

permissions:
contents: read

jobs:
patch-image:
name: Patch image
runs-on: ubuntu-22.04
permissions:
contents: read
id-token: write
steps:
- name: Checkout Repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2

- name: Docker Buildx
uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0

- name: Setup QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with:
platforms: arm,arm64,ppc64le,s390x

- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
with:
token_format: access_token
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }}

- name: Login to GCR
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: gcr.io
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: Apply OS patches to Container
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
file: build/Dockerfile
context: "."
target: patched
tags: "${{ inputs.target_image }}:${{ inputs.target_tag }}"
platforms: ${{ inputs.platforms }}
pull: true
push: true
build-args: |
IMAGE_NAME=${{ inputs.image }}:${{ inputs.tag }}
IC_VERSION=${{ inputs.ic_version }}
Loading

0 comments on commit 35db36f

Please sign in to comment.