Skip to content

Commit

Permalink
revert to before introducing buildx builds
Browse files Browse the repository at this point in the history
  • Loading branch information
Michiel Stigter committed Sep 7, 2023
1 parent 33621f5 commit 1d00725
Show file tree
Hide file tree
Showing 22 changed files with 476 additions and 805 deletions.
6 changes: 2 additions & 4 deletions e2e/actions/docker-push/workflowExpected.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,16 +293,14 @@ jobs:
RUNNING_IN_CI=true
VAULT_ROLE_ID=${{ secrets.VAULT_ROLE_ID }}
VAULT_SECRET_ID=${{ secrets.VAULT_SECRET_ID }}
cache-from: type=registry,ref=eu.gcr.io/halfpipe-io/cache/someImage:buildcache
cache-from: type=registry,ref=eu.gcr.io/halfpipe-io/cache/someImage
cache-to: type=inline
context: e2e/actions/docker-push
file: e2e/actions/docker-push/Dockerfile
platforms: linux/amd64,linux/arm64
provenance: false
push: true
tags: |-
eu.gcr.io/halfpipe-io/cache/someImage:${{ env.GIT_REVISION }}
eu.gcr.io/halfpipe-io/cache/someImage:buildcache
tags: eu.gcr.io/halfpipe-io/cache/someImage:${{ env.GIT_REVISION }}
- name: Run Trivy vulnerability scanner
uses: docker://aquasec/trivy
with:
Expand Down
5 changes: 4 additions & 1 deletion e2e/actions/feature-update-pipeline-and-tag/workflowExpected.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,10 @@ jobs:
submodules: recursive
- name: Sync workflow with halfpipe manifest
id: sync
run: halfpipe-update-workflow
uses: docker://eu.gcr.io/halfpipe-io/halfpipe-auto-update
with:
args: -c "cd e2e/actions/feature-update-pipeline-and-tag; update-actions-workflow"
entrypoint: /bin/bash
env:
HALFPIPE_FILE_PATH: .halfpipe.io.yml
- name: Commit and push changes to workflow
Expand Down
5 changes: 4 additions & 1 deletion e2e/actions/feature-update-pipeline/workflowExpected.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,10 @@ jobs:
submodules: recursive
- name: Sync workflow with halfpipe manifest
id: sync
run: halfpipe-update-workflow
uses: docker://eu.gcr.io/halfpipe-io/halfpipe-auto-update
with:
args: -c "cd e2e/actions/feature-update-pipeline; update-actions-workflow"
entrypoint: /bin/bash
env:
HALFPIPE_FILE_PATH: .halfpipe.io
- name: Commit and push changes to workflow
Expand Down
73 changes: 21 additions & 52 deletions e2e/concourse/artifacts/pipelineExpected.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -436,43 +436,31 @@ jobs:
image_resource:
name: ""
source:
password: ((halfpipe-gcr.private_key))
repository: eu.gcr.io/halfpipe-io/halfpipe-buildx
tag: latest
username: _json_key
repository: concourse/oci-build-task
type: registry-image
inputs:
- name: git
- name: tagList
- name: docker_build
outputs:
- name: image
params:
BUILD_ARG_A: a
BUILD_ARG_ARTIFACTORY_PASSWORD: ((artifactory.password))
BUILD_ARG_ARTIFACTORY_URL: ((artifactory.url))
BUILD_ARG_ARTIFACTORY_USERNAME: ((artifactory.username))
BUILD_ARG_B: b
BUILD_ARG_RUNNING_IN_CI: "true"
CONTEXT: docker_build/e2e/concourse/artifacts
DOCKER_CONFIG_JSON: ((halfpipe-gcr.docker_config))
DOCKERFILE: docker_build/e2e/concourse/artifacts/Dockerfile
platform: linux
run:
args:
- -c
- |-
mkdir ~/.docker
echo $DOCKER_CONFIG_JSON > ~/.docker/config.json
echo $ docker buildx build \
-f docker_build/e2e/concourse/artifacts/Dockerfile \
--push \
--provenance false \
--platform linux/amd64 \
--tag eu.gcr.io/halfpipe-io/cache/springerplatformengineering/halfpipe-fly:$(cat git/.git/ref) \
docker_build/e2e/concourse/artifacts
docker buildx build \
-f docker_build/e2e/concourse/artifacts/Dockerfile \
--push \
--provenance false \
--platform linux/amd64 \
--tag eu.gcr.io/halfpipe-io/cache/springerplatformengineering/halfpipe-fly:$(cat git/.git/ref) \
docker_build/e2e/concourse/artifacts
build
path: /bin/sh
privileged: true
task: build
Expand All @@ -485,51 +473,25 @@ jobs:
type: docker-image
inputs:
- name: git
- name: image
- name: docker_build
params:
DOCKER_CONFIG_JSON: ((halfpipe-gcr.docker_config))
platform: linux
run:
args:
- -c
- |-
[ -f .trivyignore ] && echo "Ignoring the following CVE's due to .trivyignore" || true
[ -f .trivyignore ] && cat .trivyignore; echo || true
trivy image --timeout 15m --ignore-unfixed --severity CRITICAL --scanners vuln --exit-code 0 eu.gcr.io/halfpipe-io/cache/springerplatformengineering/halfpipe-fly:$(cat ../../../.git/ref) || true
trivy image --timeout 15m --ignore-unfixed --severity CRITICAL --scanners vuln --exit-code 0 --input ../../../../image/image.tar || true
dir: docker_build/e2e/concourse/artifacts
path: /bin/sh
task: trivy
timeout: 1h
- config:
image_resource:
name: ""
source:
password: ((halfpipe-gcr.private_key))
repository: eu.gcr.io/halfpipe-io/halfpipe-buildx
tag: latest
username: _json_key
type: registry-image
inputs:
- name: git
- name: tagList
params:
BUILD_ARG_A: a
BUILD_ARG_ARTIFACTORY_PASSWORD: ((artifactory.password))
BUILD_ARG_ARTIFACTORY_URL: ((artifactory.url))
BUILD_ARG_ARTIFACTORY_USERNAME: ((artifactory.username))
BUILD_ARG_B: b
BUILD_ARG_RUNNING_IN_CI: "true"
DOCKER_CONFIG_JSON: ((halfpipe-gcr.docker_config))
platform: linux
run:
args:
- -c
- |-
echo $DOCKER_CONFIG_JSON > ~/.docker/config.json
for tag in $(cat tagList/tagList) ; do docker buildx imagetools create eu.gcr.io/halfpipe-io/cache/springerplatformengineering/halfpipe-fly:$(cat git/.git/ref) --tag springerplatformengineering/halfpipe-fly:$tag; done
path: /bin/sh
privileged: true
task: publish-final-image
- no_get: true
params:
additional_tags: tagList/tagList
image: image/image.tar
put: halfpipe-fly
timeout: 1h
serial: true
- build_log_retention:
Expand Down Expand Up @@ -785,6 +747,13 @@ resources:
folder: halfpipe-team/halfpipe-e2e-artifacts
json_key: ((halfpipe-artifacts.private_key))
type: gcp-resource
- check_every: 24h0m0s
name: halfpipe-fly
source:
password: verysecret
repository: springerplatformengineering/halfpipe-fly
username: rob
type: registry-image
- check_every: 24h0m0s
name: cf-snpaas-pe-staging
source:
Expand Down
71 changes: 21 additions & 50 deletions e2e/concourse/deploy-katee/pipelineExpected.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,40 +87,28 @@ jobs:
image_resource:
name: ""
source:
password: ((halfpipe-gcr.private_key))
repository: eu.gcr.io/halfpipe-io/halfpipe-buildx
tag: latest
username: _json_key
repository: concourse/oci-build-task
type: registry-image
inputs:
- name: git
- name: tagList
outputs:
- name: image
params:
BUILD_ARG_ARTIFACTORY_PASSWORD: ((artifactory.password))
BUILD_ARG_ARTIFACTORY_URL: ((artifactory.url))
BUILD_ARG_ARTIFACTORY_USERNAME: ((artifactory.username))
BUILD_ARG_RUNNING_IN_CI: "true"
CONTEXT: git/e2e/concourse/deploy-katee
DOCKER_CONFIG_JSON: ((halfpipe-gcr.docker_config))
DOCKERFILE: git/e2e/concourse/deploy-katee/Dockerfile
platform: linux
run:
args:
- -c
- |-
mkdir ~/.docker
echo $DOCKER_CONFIG_JSON > ~/.docker/config.json
echo $ docker buildx build \
-f git/e2e/concourse/deploy-katee/Dockerfile \
--push \
--provenance false \
--platform linux/amd64 \
--tag eu.gcr.io/halfpipe-io/cache/halfpipe-team/someImage:$(cat git/.git/ref) \
git/e2e/concourse/deploy-katee
docker buildx build \
-f git/e2e/concourse/deploy-katee/Dockerfile \
--push \
--provenance false \
--platform linux/amd64 \
--tag eu.gcr.io/halfpipe-io/cache/halfpipe-team/someImage:$(cat git/.git/ref) \
git/e2e/concourse/deploy-katee
build
path: /bin/sh
privileged: true
task: build
Expand All @@ -133,48 +121,24 @@ jobs:
type: docker-image
inputs:
- name: git
params:
DOCKER_CONFIG_JSON: ((halfpipe-gcr.docker_config))
- name: image
platform: linux
run:
args:
- -c
- |-
[ -f .trivyignore ] && echo "Ignoring the following CVE's due to .trivyignore" || true
[ -f .trivyignore ] && cat .trivyignore; echo || true
trivy image --timeout 15m --ignore-unfixed --severity CRITICAL --scanners vuln --exit-code 0 eu.gcr.io/halfpipe-io/cache/halfpipe-team/someImage:$(cat ../../../.git/ref) || true
trivy image --timeout 15m --ignore-unfixed --severity CRITICAL --scanners vuln --exit-code 0 --input ../../../../image/image.tar || true
dir: git/e2e/concourse/deploy-katee
path: /bin/sh
task: trivy
timeout: 1h
- config:
image_resource:
name: ""
source:
password: ((halfpipe-gcr.private_key))
repository: eu.gcr.io/halfpipe-io/halfpipe-buildx
tag: latest
username: _json_key
type: registry-image
inputs:
- name: git
- name: tagList
params:
BUILD_ARG_ARTIFACTORY_PASSWORD: ((artifactory.password))
BUILD_ARG_ARTIFACTORY_URL: ((artifactory.url))
BUILD_ARG_ARTIFACTORY_USERNAME: ((artifactory.username))
BUILD_ARG_RUNNING_IN_CI: "true"
DOCKER_CONFIG_JSON: ((halfpipe-gcr.docker_config))
platform: linux
run:
args:
- -c
- |-
echo $DOCKER_CONFIG_JSON > ~/.docker/config.json
for tag in $(cat tagList/tagList) ; do docker buildx imagetools create eu.gcr.io/halfpipe-io/cache/halfpipe-team/someImage:$(cat git/.git/ref) --tag eu.gcr.io/halfpipe-io/halfpipe-team/someImage:$tag; done
path: /bin/sh
privileged: true
task: publish-final-image
- no_get: true
params:
additional_tags: tagList/tagList
image: image/image.tar
put: someimage
timeout: 1h
serial: true
- build_log_retention:
Expand Down Expand Up @@ -415,3 +379,10 @@ resources:
json_key: ((halfpipe-semver.private_key))
key: halfpipe-team-pipeline-name
type: semver
- check_every: 24h0m0s
name: someimage
source:
password: ((halfpipe-gcr.private_key))
repository: eu.gcr.io/halfpipe-io/halfpipe-team/someImage
username: _json_key
type: registry-image
Loading

0 comments on commit 1d00725

Please sign in to comment.