CI #323
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: [ 'stable/**' ] | |
| types: [ 'opened', 'reopened', 'synchronize' ] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ${{ matrix.RUNNER }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - PLATFORM: amd64 | |
| ARCH: x86_64 | |
| RUNNER: self-hosted-amd64-1cpu | |
| - PLATFORM: arm64 | |
| ARCH: aarch64 | |
| RUNNER: self-hosted-arm64-1cpu | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2 | |
| - name: Build image | |
| run: make ARCHS=${{ matrix.ARCH }} PLATFORMS=${{ matrix.PLATFORM }} BUILDX_ARGS=--load build | |
| - name: Save image | |
| run: docker save -o node-${{ matrix.ARCH }}.tar docker.io/wallarm/node:test | |
| - name: Cache image | |
| uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b | |
| with: | |
| retention-days: 1 | |
| name: node-${{ matrix.ARCH }}.tar | |
| path: node-${{ matrix.ARCH }}.tar | |
| test: | |
| name: Test | |
| runs-on: ${{ matrix.RUNNER }} | |
| env: | |
| ## US preset | |
| env_code: ingress-us1 | |
| CLIENT_ID: 7119 | |
| ## EU preset | |
| # env_code: ingress | |
| # CLIENT_ID: 5 | |
| needs: | |
| - build | |
| strategy: | |
| matrix: | |
| case: [ single, split ] | |
| ARCH: [ x86_64, aarch64 ] | |
| include: | |
| - ARCH: x86_64 | |
| RUNNER: self-hosted-amd64-2cpu | |
| - ARCH: aarch64 | |
| RUNNER: self-hosted-arm64-2cpu | |
| fail-fast: false | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2 | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| path: kubernetes-ci | |
| secrets: | | |
| kv-gitlab-ci/data/github/${{ env.env_code }} api_token ; | |
| kv-gitlab-ci/data/github/${{ env.env_code }} api_host ; | |
| kv-gitlab-ci/data/github/${{ env.env_code }} api_preset ; | |
| kv-gitlab-ci/data/github/${{ env.env_code }} user_token ; | |
| kv-gitlab-ci/data/github/${{ env.env_code }} webhook_uuid ; | |
| kv-gitlab-ci/data/github/${{ env.env_code }} webhook_api_key ; | |
| kv-gitlab-ci/data/github/${{ env.env_code }} allure_server_token ; | |
| kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_name ; | |
| kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_secret ; | |
| kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds registry_name ; | |
| - name: Login | |
| uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 | |
| with: | |
| registry: ${{ steps.secrets.outputs.registry_name }} | |
| username: ${{ steps.secrets.outputs.token_name }} | |
| password: ${{ steps.secrets.outputs.token_secret }} | |
| - name: Load cache | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
| with: | |
| name: node-${{ matrix.ARCH }}.tar | |
| - name: Load images | |
| run: docker load -i node-${{ matrix.ARCH }}.tar | |
| - name: Run test | |
| env: | |
| USER_TOKEN: ${{ steps.secrets.outputs.user_token }} | |
| WALLARM_API_TOKEN: ${{ steps.secrets.outputs.api_token }} | |
| WALLARM_API_HOST: ${{ steps.secrets.outputs.api_host }} | |
| WALLARM_API_PRESET: ${{ steps.secrets.outputs.api_preset }} | |
| ALLURE_TOKEN: ${{ steps.secrets.outputs.ALLURE_SERVER_TOKEN }} | |
| ALLURE_ENVIRONMENT_ARCH: ${{ matrix.ARCH }} | |
| ALLURE_UPLOAD_REPORT: true | |
| WEBHOOK_API_KEY: ${{ steps.secrets.outputs.webhook_api_key }} | |
| WEBHOOK_UUID: ${{ steps.secrets.outputs.webhook_uuid }} | |
| ARCH: ${{ matrix.ARCH }} | |
| run: make ${{ matrix.case }} | |
| - name: Upload logs | |
| if: always() | |
| uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 | |
| with: | |
| retention-days: 5 | |
| name: node-logs-${{ matrix.ARCH }}-${{ matrix.case }}.tar.gz | |
| path: node-logs-${{ matrix.ARCH }}-${{ matrix.case }}.tar.gz | |
| scan: | |
| name: Vulnerability scanner | |
| runs-on: self-hosted-amd64-1cpu | |
| permissions: | |
| pull-requests: write | |
| needs: | |
| - build | |
| env: | |
| ARCH: x86_64 | |
| steps: | |
| - name: Load cache | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
| with: | |
| name: node-${{ env.ARCH }}.tar | |
| - name: Import secrets | |
| uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
| id: secrets | |
| with: | |
| exportEnv: false | |
| url: ${{ secrets.VAULT_URL }} | |
| role: ${{ secrets.VAULT_ROLE }} | |
| method: kubernetes | |
| path: kubernetes-ci | |
| secrets: | | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds user | DOCKERHUB_USER ; | |
| kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; | |
| - name: Docker Scout | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: compare,cves | |
| image: archive://node-${{ env.ARCH }}.tar | |
| to: docker.io/wallarm/node:latest | |
| ignore-unchanged: false | |
| only-severities: critical,high | |
| write-comment: true | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| dockerhub-user: ${{ steps.secrets.outputs.DOCKERHUB_USER }} | |
| dockerhub-password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} |