Skip to content

Commit

Permalink
Update github actions
Browse files Browse the repository at this point in the history 
Add CodeQL and static checks

Add hadolint as makefile target and update Dockerfile
Update deploy.sh to comply with shellcheck and add shellcheck as makefile target

Signed-off-by: amaslennikov <[email protected]>
  • Loading branch information
@almaslennikov
almaslennikov committed Aug 8, 2023
1 parent 3914c00 commit be56ff6
Show file tree
Hide file tree
Showing 9 changed files with 342 additions and 41 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,14 @@ jobs:
run: make lint
test:
name: test
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
permissions:
contents: read
steps:
- name: Set up Go 1.x
uses: actions/setup-go@v3
with:
go-version: '1.18.x'
go-version: '1.20.x'
- name: checkout
uses: actions/checkout@v3
- name: install hwdata -yq
Expand All @@ -34,14 +34,14 @@ jobs:
run: make test-coverage
build:
name: build
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
permissions:
contents: read
steps:
- name: Set up Go 1.x
uses: actions/setup-go@v3
with:
go-version: '1.18.x'
go-version: '1.20.x'
- name: checkout
uses: actions/checkout@v3
- name: build
Expand Down
41 changes: 41 additions & 0 deletions .github/workflows/codeql.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: "CodeQL"

on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
schedule:
- cron: "14 4 * * 4"

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ go ]

steps:
- name: Checkout
uses: actions/checkout@v3

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: +security-and-quality

- name: Autobuild
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{ matrix.language }}"
111 changes: 111 additions & 0 deletions .github/workflows/image-push-master.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
name: "push an image on merge to master"

env:
IMAGE_NAME: ghcr.io/${{ github.repository }}

on:
push:
branches:
- master
jobs:
build-and-push-amd64-k8s-rdma-shared-dev-plugin:
name: image push amd64
runs-on: ubuntu-22.04
steps:
- name: check out the repo
uses: actions/checkout@v3

- name: set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: login to Docker
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: build and push k8s-rdma-shared-dev-plugin
uses: docker/build-push-action@v4
with:
context: .
push: true
platforms: linux/amd64
tags: |
${{ env.IMAGE_NAME }}:latest-amd64
file: ./Dockerfile

build-and-push-arm64-k8s-rdma-shared-dev-plugin:
name: image push arm64
runs-on: ubuntu-22.04
steps:
- name: check out the repo
uses: actions/checkout@v3

- name: set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: login to Docker
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: build and push k8s-rdma-shared-dev-plugin
uses: docker/build-push-action@v4
with:
context: .
push: true
platforms: linux/arm64
tags: |
${{ env.IMAGE_NAME }}:latest-arm64
file: ./Dockerfile

build-and-push-ppc64le-k8s-rdma-shared-dev-plugin:
name: image push ppc64le
runs-on: ubuntu-22.04
steps:
- name: check out the repo
uses: actions/checkout@v3

- name: set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: login to Docker
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: build and push k8s-rdma-shared-dev-plugin
uses: docker/build-push-action@v4
with:
context: .
push: true
platforms: linux/ppc64le
tags: |
${{ env.IMAGE_NAME }}:latest-ppc64le
file: ./Dockerfile

push-manifest:
runs-on: ubuntu-22.04
needs: [build-and-push-amd64-k8s-rdma-shared-dev-plugin,build-and-push-arm64-k8s-rdma-shared-dev-plugin,build-and-push-ppc64le-k8s-rdma-shared-dev-plugin]
steps:
- name: set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Create manifest for multi-arch images
run: |
docker buildx imagetools create -t ${{ env.IMAGE_NAME }}:latest -t ${{ env.IMAGE_NAME }}:sha-${{ github.sha }} \
${{ env.IMAGE_NAME }}:latest-amd64 \
${{ env.IMAGE_NAME }}:latest-arm64 \
${{ env.IMAGE_NAME }}:latest-ppc64le
142 changes: 130 additions & 12 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,35 +5,153 @@

name: Publish Docker image

env:
IMAGE_NAME: ghcr.io/${{ github.repository }}

on:
release:
types: [published]
push:
tags:
- v*

jobs:
push_to_registry:
name: Push Docker image to Docker Hub
build-and-push-amd64:
name: Push amd64 image to ghcr.io
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v3

- name: Log in to Docker Hub
- name: set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Log in to ghcr.io
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
- name: docker meta
id: docker_meta
uses: docker/metadata-action@v4
with:
images: mellanox/k8s-rdma-shared-dev-plugin
images: ${{ env.IMAGE_NAME }}
flavor: |
latest=false
tags: |
type=semver,pattern={{version}},enable=${{ contains(github.ref, 'refs/tags/v') }}
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: .
platform: linux/amd64
push: true
file: Dockerfile.ubi
tags: ${{ steps.meta.outputs.tags }}
file: Dockerfile
tags: ${{ steps.meta.outputs.tags }}-amd64
labels: ${{ steps.meta.outputs.labels }}

build-and-push-arm64:
name: Push arm64 image to ghcr.io
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v3

- name: set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Log in to ghcr.io
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: docker meta
id: docker_meta
uses: docker/metadata-action@v4
with:
images: ${{ env.IMAGE_NAME }}
flavor: |
latest=false
tags: |
type=semver,pattern={{version}},enable=${{ contains(github.ref, 'refs/tags/v') }}
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: .
platform: linux/arm64
push: true
file: Dockerfile
tags: ${{ steps.meta.outputs.tags }}-arm64
labels: ${{ steps.meta.outputs.labels }}

build-and-push-ppc64le:
name: Push ppc64le image to ghcr.io
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v3

- name: set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Log in to ghcr.io
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: docker meta
id: docker_meta
uses: docker/metadata-action@v4
with:
images: ${{ env.IMAGE_NAME }}
flavor: |
latest=false
tags: |
type=semver,pattern={{version}},enable=${{ contains(github.ref, 'refs/tags/v') }}
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: .
platform: linux/ppc64le
push: true
file: Dockerfile
tags: ${{ steps.meta.outputs.tags }}-ppc64le
labels: ${{ steps.meta.outputs.labels }}

push-manifest:
runs-on: ubuntu-22.04
needs: [build-and-push-amd64,build-and-push-arm64,build-and-push-ppc64le]
steps:
- name: set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: docker meta
id: docker_meta
uses: docker/metadata-action@v4
with:
images: ${{ env.IMAGE_NAME }}
flavor: |
latest=false
tags: |
type=semver,pattern={{version}},enable=${{ contains(github.ref, 'refs/tags/v') }}
- name: Log in to ghcr.io
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: create manifest for multi-arch images
run: |
docker buildx imagetools create -t ${{ steps.docker_meta.outputs.tags }} \
${{ steps.docker_meta.outputs.tags }}-amd64 \
${{ steps.docker_meta.outputs.tags }}-arm64 \
${{ steps.docker_meta.outputs.tags }}-ppc64le
26 changes: 26 additions & 0 deletions .github/workflows/static-scan.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: go-static-analysis
on: [push, pull_request]
jobs:
golangci:
name: Lint
runs-on: ubuntu-22.04
steps:
- name: set up Go
uses: actions/setup-go@v3
with:
go-version: 1.20.x
- name: checkout PR
uses: actions/checkout@v2
- name: run make lint
run: make lint
hadolint:
runs-on: ubuntu-22.04
steps:
- name: set up Go
uses: actions/setup-go@v3
with:
go-version: 1.20.x
- name: checkout PR
uses: actions/checkout@v2
- name: run make hadolint
run: make hadolint
Loading

0 comments on commit be56ff6

Please sign in to comment.