ROX-21124: Move non-e2e testing OSCI jobs to GitHub Actions #14
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
jobs: | |
pre-build-updater: | |
runs-on: ubuntu-latest | |
container: | |
image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: ./.github/actions/job-preamble | |
- name: Cache Go dependencies | |
uses: ./.github/actions/cache-go-dependencies | |
- name: Build updater | |
run: make build-updater | |
- name: Bundle the build to preserve permissions | |
run: tar -cvzf updater-build.tgz | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: updater-build | |
path: updater-build.tgz | |
pre-build-scanner: | |
runs-on: ubuntu-latest | |
container: | |
image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: ./.github/actions/job-preamble | |
- name: Cache Go dependencies | |
uses: ./.github/actions/cache-go-dependencies | |
- name: Build Scanner | |
run: make scanner-build-nodeps | |
- name: Bundle the build to preserve permissions | |
run: tar -cvzf scanner-build.tgz | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: scanner-build | |
path: scanner-build.tgz | |
generate-genesis-dump: | |
runs-on: ubuntu-latest | |
needs: | |
- pre-build-updater | |
container: | |
image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: ./.github/actions/job-preamble | |
- uses: actions/download-artifact@v3 | |
with: | |
name: updater-build | |
- name: Unpack updater build | |
run: | | |
tar xvzf updater-build.tgz | |
- name: genesis-dump | |
run: | | |
source ./scripts/ci/lib.sh | |
generate_genesis_dump | |
generate-db-dump: | |
runs-on: ubuntu-latest | |
needs: | |
- pre-build-updater # do we really need this? | |
- generate-genesis-dump | |
container: | |
image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: ./.github/actions/job-preamble | |
- uses: actions/download-artifact@v3 | |
with: | |
name: updater-build | |
- name: Unpack updater build | |
run: | | |
tar xvzf updater-build.tgz | |
- name: db-dump | |
run: | | |
source ./scripts/ci/lib.sh | |
generate_db_dump | |
generate-scanner-bundle: | |
runs-on: ubuntu-latest | |
needs: | |
- generate-genesis-dump | |
- pre-build-scanner | |
container: | |
image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: ./.github/actions/job-preamble | |
- name: Make bundle | |
run: make image/scanner/rhel/bundle.tar.gz | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: scanner-bundle | |
path: image/scanner/rhel/bundle.tar.gz | |
generate-scanner-db-bundle: | |
runs-on: ubuntu-latest | |
needs: | |
- generate-db-dump | |
container: | |
image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: ./.github/actions/job-preamble | |
- name: Make db bundle | |
run: make image/db/rhel/bundle.tar.gz | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: scanner-db-bundle | |
path: image/db/rhel/bundle.tar.gz | |
# build-and-push-main: | |
build-images: | |
runs-on: ubuntu-latest | |
needs: | |
- generate-scanner-bundle | |
- generate-scanner-db-bundle | |
container: | |
image: quay.io/stackrox-io/apollo-ci:scanner-test-0.3.61 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: ./.github/actions/job-preamble | |
- uses: actions/download-artifact@v3 | |
with: | |
name: scanner-bundle | |
- uses: actions/download-artifact@v3 | |
with: | |
name: scanner-db-bundle | |
- name: Build scanner image | |
run: | | |
docker build -t scanner:"$(make --quiet tag)" -f image/scanner/rhel/Dockerfile image/scanner/rhel | |
- name: Build scanner-slim image | |
run: | | |
docker build -t scanner-slim:"$(make --quiet tag)" -f image/scanner/rhel/Dockerfile.slim image/scanner/rhel | |
- name: Build scanner-db image | |
run: | | |
docker build -t scanner-db:"$(make --quiet tag)" -f image/db/rhel/Dockerfile image/db/rhel | |
- name: Build scanner-db-slim image | |
run: | | |
docker build -t scanner-db-slim:"$(make --quiet tag)" -f image/db/rhel/Dockerfile.slim image/db/rhel | |
# # needed for docs ensure_image.sh initial pull with RHACS_BRANDING | |
# - name: Docker login | |
# # Skip for external contributions. | |
# if: | | |
# github.event_name == 'push' || !github.event.pull_request.head.repo.fork | |
# run: | | |
# docker login -u "${QUAY_RHACS_ENG_RO_USERNAME}" --password-stdin quay.io <<<"${QUAY_RHACS_ENG_RO_PASSWORD}" | |
# | |
# - name: Push images | |
# # Skip for external contributions. | |
# if: | | |
# github.event_name == 'push' || !github.event.pull_request.head.repo.fork | |
# run: | | |
# source ./scripts/ci/lib.sh | |
# echo "Will determine context from: ${{ github.event_name }} & ${{ github.ref_name }}" | |
# push_context="" | |
# if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_name }}" == "master" ]]; then | |
# push_context="merge-to-master" | |
# fi | |
# push_main_image_set "$push_context" "${{ env.ROX_PRODUCT_BRANDING }}" "${{ matrix.arch }}" | |
# | |
# - name: Push matching collector and scanner images | |
# # Skip for external contributions. | |
# if: | | |
# github.event_name == 'push' || !github.event.pull_request.head.repo.fork | |
# run: | | |
# # Need to free up some space before push_matching_collector_scanner_images() does its pull. | |
# docker system prune --all --force | |
# source ./scripts/ci/lib.sh | |
# push_matching_collector_scanner_images "${{ env.ROX_PRODUCT_BRANDING }}" "${{ matrix.arch }}" | |
# | |
# - name: diff-dumps | |
# run: | | |
# ./scripts/ci/jobs/diff-dumps.sh | |
# | |
# - name: diff-dumps | |
# run: | | |
# ./scripts/ci/jobs/diff-dumps.sh | |
# | |
# - name: store-db-dump | |
# run: | | |
# ./scripts/ci/jobs/store-db-dump.sh |