zarf-dev · Racer159 · Jul 12, 2023 · Jul 12, 2023 · Jul 12, 2023 · Jul 12, 2023
@@ -0,0 +1,16 @@
+name: cleanup-files
+description: "Cleans up files on the local system to reduce disk pressure"
+
+runs:
+  using: composite
+  steps:
+    - run: |
+        lsblk -f
+
+        sudo rm -rf zarf-sbom /tmp/zarf-* src/ui/node_modules
+        sudo env "PATH=$PATH" CI=true make delete-packages
+        sudo build/zarf tools clear-cache
+        sudo docker system prune --all --force
+
+        lsblk -f
+      shell: bash
@@ -6,6 +6,8 @@ runs:
   steps:
     - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
 
+    - uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
+
     - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
       shell: bash
 

@@ -1,9 +1,28 @@
 name: packages
-description: "Create agent image, init package and example packages"
+description: "Build CLI, agent image, init package and example packages"
+
+inputs:
+  init-package:
+    description: 'Build the init package'
+    required: false
+    default: 'true'
+  build-examples:
+    description: 'Build the example packages'
+    required: false
+    default: 'true'
+
 
 runs:
   using: composite
   steps:
     - run: |
-        make build-cli-linux-amd init-package build-examples ARCH=amd64
+        make build-cli-linux-amd ARCH=amd64
+      shell: bash
+    - run: |
+        make init-package ARCH=amd64
+      shell: bash
+      if: ${{ inputs.init-package == 'true' }}
+    - run: |
+        make build-examples ARCH=amd64
       shell: bash
+      if: ${{ inputs.build-examples == 'true' }}
@@ -9,12 +9,12 @@ on:
       - "v*"
 
 jobs:
-  push-resources:
+  build:
     runs-on: ubuntu-latest
     permissions:
-      contents: write
       packages: write
     steps:
+      # Checkout the repo and setup the tooling for this job
       - name: Checkout
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
@@ -61,19 +61,36 @@ jobs:
           make release-init-package ARCH=amd64 AGENT_IMAGE_TAG=$GITHUB_REF_NAME
           make release-init-package ARCH=arm64 AGENT_IMAGE_TAG=$GITHUB_REF_NAME
 
-      # Before we run the tests we need to aggressively cleanup files to reduce disk pressure
-      - name: Cleanup files
-        run: |
-          lsblk -f
+      # Create a CVE report based on this build
+      - name: Create release time CVE report
+        run: "make cve-report"
 
-          sudo rm -rf zarf-sbom /tmp/zarf-* src/ui/node_modules
-          sudo build/zarf tools clear-cache
-          sudo docker system prune --all --force
-          go clean -cache
+      # Upload the contents of the build directory for later stages to use
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        with:
+          name: build-artifacts
+          path: build/
+          retention-days: 1
+
+  validate:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      # Checkout the repo and setup the tooling for this job
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          fetch-depth: 0
 
-          lsblk -f
+      - name: Download build artifacts
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: build-artifacts
+          path: build/
 
-      - name: Run Tests
+      # Build the example packages and run the tests
+      - name: Build examples and run tests
         run: |
           sudo env "PATH=$PATH" CI=true APPLIANCE_MODE=true make test-e2e ARCH=amd64
           sudo chown $USER /tmp/zarf-*.log
@@ -82,22 +99,32 @@ jobs:
         if: always()
         uses: ./.github/actions/save-logs
 
-      # Builds init packages since GoReleaser won't handle this for us
-      - name: Create release time CVE report
-        run: "make cve-report"
+  push:
+    runs-on: ubuntu-latest
+    needs: test
+    permissions:
+      contents: write
+    steps:
+      # Checkout the repo and setup the tooling for this job
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          fetch-depth: 0
 
-      # Before we run GoReleaser we need to (again) aggressively cleanup files to reduce disk pressure
-      - name: Cleanup files
-        run: |
-          lsblk -f
+      - name: Setup golang
+        uses: ./.github/actions/golang
+
+      - name: Setup NodeJS
+        uses: ./.github/actions/node
 
-          sudo rm -rf zarf-sbom /tmp/zarf-*
-          sudo env "PATH=$PATH" CI=true make delete-packages
-          sudo build/zarf tools clear-cache
-          sudo docker system prune --all --force
-          go clean -cache
+      - name: Install tools
+        uses: ./.github/actions/install-tools
 
-          lsblk -f
+      - name: Download build artifacts
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: build-artifacts
+          path: build/
 
       # Set up AWS credentials for GoReleaser to upload backups of artifacts to S3
       - name: Set AWS Credentials

@@ -34,13 +34,15 @@ jobs:
       - name: Setup NodeJS
         uses: ./.github/actions/node
 
-      - name: Build binary and zarf packages
+      - name: Build Zarf binary
         uses: ./.github/actions/packages
+        with:
+          build-examples: 'false'
 
       - name: Setup K3d
         uses: ./.github/actions/k3d
 
-      - name: "Login to Iron Bank"
+      - name: Login to Iron Bank
         uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
         if: ${{ env.IRONBANK_USERNAME != '' }}
         env:

@@ -41,9 +41,10 @@ jobs:
         # NOTE: "PATH=$PATH" preserves the default user $PATH. This is needed to maintain the version of go installed
         #       in a previous step. This test run will use Zarf to create a K3s cluster, and a brand new cluster will be
         #       used for each test
-        # chown the logs since they were orignally created as root
+        # chown the logs since they were originally created as root
         run: |
           sudo env "PATH=$PATH" CI=true APPLIANCE_MODE=true make test-e2e ARCH=amd64
+          sudo chown $USER /tmp/zarf-*.log
 
       - name: Save logs
         if: always()

@@ -22,10 +22,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  validate:
-    env:
-      # Reduce the kubelet eviction minimums reduce the chance for disk pressure causing evictions during the tests
-      ZARF_PACKAGE_DEPLOY_SET_K3S_ARGS: --disable traefik --kubelet-arg "eviction-hard=imagefs.available<1%,nodefs.available<1%" --kubelet-arg "eviction-minimum-reclaim=imagefs.available=1%,nodefs.available=1%"
+  build:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -42,6 +39,35 @@ jobs:
         with:
           download-init-package: true
 
+      - name: Build PR binary and zarf init package
+        uses: ./.github/actions/packages
+        with:
+          build-examples: 'false'
+
+      # Upload the contents of the build directory for later stages to use
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        with:
+          name: build-artifacts
+          path: build/
+          retention-days: 1
+
+  validate:
+    runs-on: ubuntu-latest
+    needs: build
+    env:
+      # Reduce the kubelet eviction minimums reduce the chance for disk pressure causing evictions during the tests
+      ZARF_PACKAGE_DEPLOY_SET_K3S_ARGS: --disable traefik --kubelet-arg "eviction-hard=imagefs.available<1%,nodefs.available<1%" --kubelet-arg "eviction-minimum-reclaim=imagefs.available=1%,nodefs.available=1%"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: build-artifacts
+          path: build/
+
       - name: Initialize the cluster with the release version
         # NOTE: "PATH=$PATH" preserves the default user $PATH. This is needed to maintain the version of zarf installed
         #       in a previous step. This test run will the current release to create a K3s cluster.
@@ -61,9 +87,6 @@ jobs:
           sudo env "PATH=$PATH" CI=true zarf tools kubectl describe pods -n=podinfo-upgrade
           sudo chown $USER /tmp/zarf-*.log
 
-      - name: Build PR binary and zarf packages
-        uses: ./.github/actions/packages
-
       - name: "Run the PR's tests"
         # NOTE: "PATH=$PATH" preserves the default user $PATH. This is needed to maintain the version of go installed
         #       in a previous step. This test run will use this PR's Zarf to create a K3s cluster.
@@ -72,27 +95,24 @@ jobs:
           sudo env "PATH=$PATH" CI=true APPLIANCE_MODE=true APPLIANCE_MODE_KEEP=true make test-e2e ARCH=amd64
           sudo chown $USER /tmp/zarf-*.log
 
-      - name: "Cleanup after running tests"
-        # NOTE: This reduces disk pressure before the upgrade-specific tests begin
+      - name: "Describe nodes, pods and deployments"
+        # NOTE: We describe nodes, pods and deployments here to help understand failures
         run: |
-          lsblk -f
           sudo env "PATH=$PATH" CI=true zarf tools kubectl describe nodes
           sudo env "PATH=$PATH" CI=true zarf tools kubectl describe deployments -n=podinfo-upgrade
           sudo env "PATH=$PATH" CI=true zarf tools kubectl describe pods -n=podinfo-upgrade
 
-          sudo rm -rf zarf-sbom /tmp/zarf-*/ src/ui/node_modules
-          sudo env "PATH=$PATH" CI=true make delete-packages
-          sudo build/zarf tools clear-cache
-          sudo docker system prune --all --force
-
-          lsblk -f
-          sudo env "PATH=$PATH" CI=true zarf tools kubectl describe nodes
+      # Before we run the upgrade tests we need to aggressively cleanup files to reduce disk pressure
+      - name: Cleanup files
+        uses: ./.github/actions/cleanup-files
 
       - name: Run the upgrade tests
         # NOTE: "PATH=$PATH" preserves the default user $PATH. This is needed to maintain the version of zarf installed
         #       in a previous step. This test run will the current release to create a K3s cluster.
         # chown the logs since they were originally created as root
         run: |
+          sudo env "PATH=$PATH" CI=true zarf tools kubectl describe nodes
+
           zarf package create src/test/upgrade --set PODINFO_VERSION=6.3.4 --confirm
 
           sudo env "PATH=$PATH" CI=true make test-upgrade ARCH=amd64