Skip to content

Commit 0e2fcfb

Browse files
puehringerpuehringer
committed
Merge branch 'main' into skip_to_playwright
2 parents 8f28afe + 2662c69 commit 0e2fcfb

14 files changed

+716
-8
lines changed

.github/CODEOWNERS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
* @dvviktordelev

.github/actions/build-node-python/action.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,7 @@ runs:
136136
git config --global --replace-all url."https://[email protected]/".insteadOf ssh://[email protected]/
137137
git config --add --global url."https://$GITHUB_TOKEN@github".insteadOf https://github
138138
git config --add --global url."https://[email protected]/".insteadOf [email protected]:
139+
cat ~/.gitconfig
139140
env:
140141
GITHUB_TOKEN: ${{ inputs.github_ro_token }}
141142
shell: bash
@@ -173,7 +174,7 @@ runs:
173174
174175
parallel_jobs=()
175176
if [ "$RUN_NODE_LINT" = "true" ]; then
176-
parallel_jobs+=("yarn run lint")
177+
parallel_jobs+=("yarn run lint --quiet")
177178
fi
178179
if [ "$RUN_NODE_TEST" = "true" ]; then
179180
parallel_jobs+=("yarn run test")
@@ -263,7 +264,7 @@ runs:
263264
# Chromatic
264265
- name: Run Chromatic
265266
if: inputs.enable_node == 'true' && inputs.chromatic_enable == 'true'
266-
uses: chromaui/action@v11.20.0
267+
uses: chromaui/action@v11.25.2
267268
with:
268269
exitZeroOnChanges: true
269270
exitOnceUploaded: true

.github/actions/build-push-image/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ runs:
3434
using: "composite"
3535
steps:
3636
- name: Configure AWS Credentials
37-
uses: aws-actions/[email protected].2
37+
uses: aws-actions/[email protected].3
3838
with:
3939
role-to-assume: ${{ inputs.aws_role }}
4040
aws-region: ${{ inputs.aws_region }}

.github/actions/get-ecr-scan-result/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ runs:
4343
using: "composite"
4444
steps:
4545
- name: Configure AWS Credentials
46-
uses: aws-actions/[email protected].2
46+
uses: aws-actions/[email protected].3
4747
with:
4848
role-to-assume: ${{ inputs.aws_role }}
4949
aws-region: ${{ inputs.aws_region }}

.github/actions/retag-image/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ runs:
2323
using: "composite"
2424
steps:
2525
- name: Configure AWS Credentials
26-
uses: aws-actions/[email protected].2
26+
uses: aws-actions/[email protected].3
2727
with:
2828
role-to-assume: ${{ inputs.aws_role }}
2929
aws-region: ${{ inputs.aws_region }}

.github/workflows/build-docker-artifacts-config.schema.json

Lines changed: 119 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,119 @@
1+
{
2+
"$schema": "http://json-schema.org/draft-07/schema#",
3+
"type": "object",
4+
"additionalProperties": false,
5+
"properties": {
6+
"build": {
7+
"type": "object",
8+
"additionalProperties": true,
9+
"properties": {
10+
"patternProperties": {
11+
"^[a-zA-Z0-9_-]+$": {
12+
"type": "object",
13+
"additionalProperties": false,
14+
"properties": {
15+
"directory": {
16+
"type": "string",
17+
"description": "Directory of the build containing the components"
18+
},
19+
"skip": {
20+
"type": "boolean",
21+
"default": false,
22+
"description": "Skip building the build"
23+
},
24+
"components": {
25+
"type": "array",
26+
"items": {
27+
"type": "object",
28+
"additionalProperties": false,
29+
"properties": {
30+
"directory": {
31+
"type": "string",
32+
"description": "Directory of the component to build, relative to the build directory"
33+
},
34+
"ecr_repository": {
35+
"type": "string",
36+
"description": "ECR repository to push the image to"
37+
},
38+
"skip_image_scan": {
39+
"type": "boolean",
40+
"default": false,
41+
"description": "Skip scanning the image for vulnerabilities"
42+
}
43+
},
44+
"required": ["directory", "ecr_repository"]
45+
}
46+
}
47+
},
48+
"required": ["directory", "components"]
49+
}
50+
}
51+
}
52+
},
53+
"push": {
54+
"type": "object",
55+
"additionalProperties": true,
56+
"properties": {
57+
"patternProperties": {
58+
"^[a-zA-Z0-9_-]+$": {
59+
"type": "object",
60+
"additionalProperties": false,
61+
"properties": {
62+
"type": {
63+
"type": "string",
64+
"enum": ["aws"],
65+
"description": "Type of customer configuration"
66+
},
67+
"secret_key": {
68+
"type": "string",
69+
"description": "Secret key for AWS secrets"
70+
},
71+
"registry": {
72+
"type": "string",
73+
"description": "Registry URL at customer"
74+
},
75+
"skip": {
76+
"type": "boolean",
77+
"default": false,
78+
"description": "Skip pushing the images"
79+
},
80+
"repositories": {
81+
"type": "array",
82+
"items": {
83+
"type": "object",
84+
"additionalProperties": false,
85+
"properties": {
86+
"source_repository": {
87+
"type": "string",
88+
"description": "Internal ECR repository name"
89+
},
90+
"source_image_tag": {
91+
"type": "string",
92+
"description": "Tag of the source image. If omitted, uses the tag of the current build."
93+
},
94+
"target_repository": {
95+
"type": "string",
96+
"description": "Repository name at customer"
97+
},
98+
"target_image_tag": {
99+
"type": "string",
100+
"description": "Tag of the target image. If omitted, uses the tag of the current build."
101+
},
102+
"skip": {
103+
"type": "boolean",
104+
"default": false,
105+
"description": "Skip pushing this image"
106+
}
107+
},
108+
"required": ["source_repository", "target_repository"]
109+
}
110+
}
111+
},
112+
"required": ["type", "secret_key", "registry", "repositories"]
113+
}
114+
}
115+
}
116+
}
117+
},
118+
"required": ["build"]
119+
}

.github/workflows/build-docker-artifacts-push.yml

Lines changed: 113 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,113 @@
1+
name: Push docker artifacts to customer (must be run in infrastructure-k8s)
2+
run-name: Push ${{ inputs.repository }}:${{ inputs.image_tag }} docker artifacts to ${{ inputs.customer }}
3+
4+
on:
5+
workflow_call:
6+
inputs:
7+
repository:
8+
type: string
9+
required: true
10+
customer:
11+
type: string
12+
required: true
13+
customer_json:
14+
type: string
15+
required: true
16+
image_tag:
17+
type: string
18+
required: true
19+
runs_on:
20+
type: string
21+
required: false
22+
default: "ubuntu-22.04"
23+
secrets:
24+
DATAVISYN_BOT_REPO_TOKEN:
25+
required: false
26+
CHECKOUT_TOKEN:
27+
required: false
28+
DV_AWS_ECR_SECRETS:
29+
required: false
30+
31+
concurrency:
32+
group: "${{ github.workflow }}-${{ github.ref || github.head_ref }}-${{ inputs.repository }}-${{ inputs.customer }}-${{ inputs.image_tag }}"
33+
cancel-in-progress: true
34+
35+
env:
36+
WORKFLOW_BRANCH: "main"
37+
38+
permissions:
39+
contents: read
40+
id-token: write
41+
42+
jobs:
43+
post-build:
44+
name: Push ${{ inputs.repository }}:${{ inputs.image_tag }} docker artifacts to ${{ inputs.customer }}
45+
runs-on: ${{ inputs.runs_on || 'ubuntu-22.04' }}
46+
47+
steps:
48+
- name: Checkout repository (must be run in infrastructure-k8s)
49+
uses: actions/checkout@v4
50+
with:
51+
token: ${{ secrets.CHECKOUT_TOKEN || github.event.repository.private == true && secrets.DATAVISYN_BOT_REPO_TOKEN || github.token }}
52+
53+
- name: Checkout github-workflows repository
54+
uses: actions/checkout@v4
55+
with:
56+
repository: datavisyn/github-workflows
57+
ref: ${{ env.WORKFLOW_BRANCH }}
58+
path: ./tmp/github-workflows
59+
60+
- name: Extract customer from payload
61+
uses: actions/github-script@v7
62+
id: get-customer
63+
with:
64+
script: |
65+
const customer = JSON.parse(process.env.CUSTOMER_JSON);
66+
67+
const filteredRepositories = customer.repositories.filter(repo => !repo.skip);
68+
69+
// Comma separated list of source images, incl. registry, repository and tag
70+
const sourceImages = filteredRepositories.map(repo => `${process.env.SOURCE_ECR_REGISTRY}/${repo.source_repository}:${repo.source_image_tag || process.env.IMAGE_TAG}`).join(',');
71+
const destinationImages = filteredRepositories.map(repo => `${customer.registry}/${repo.target_repository}:${repo.target_image_tag || process.env.IMAGE_TAG}`).join(',');
72+
73+
const result = {
74+
customer,
75+
skip: !!customer.skip,
76+
source_images: sourceImages,
77+
destination_images: destinationImages
78+
};
79+
console.log(result);
80+
return result;
81+
env:
82+
SOURCE_ECR_REGISTRY: ${{ vars.DV_AWS_ECR_REGISTRY }}
83+
CUSTOMER_JSON: ${{ inputs.customer_json }}
84+
CUSTOMER: ${{ inputs.customer }}
85+
IMAGE_TAG: ${{ inputs.image_tag }}
86+
87+
- name: Get dv image aws config
88+
if: ${{ fromJson(steps.get-customer.outputs.result).skip != true }}
89+
id: get-dv-aws-image-config
90+
uses: ./.github/actions/get-aws-config
91+
with:
92+
aws_config: ${{ secrets.DV_AWS_ECR_SECRETS }}
93+
94+
- name: Get image aws config
95+
if: ${{ fromJson(steps.get-customer.outputs.result).skip != true }}
96+
id: get-aws-image-config
97+
uses: ./.github/actions/get-aws-config
98+
with:
99+
aws_config: ${{ secrets[fromJson(steps.get-customer.outputs.result).customer.secret_key] }}
100+
101+
- name: Push images
102+
if: ${{ fromJson(steps.get-customer.outputs.result).skip != true }}
103+
id: pull-push-image
104+
uses: ./.github/actions/pull-push-image
105+
with:
106+
source_aws_role: ${{ steps.get-dv-aws-image-config.outputs.aws_role }}
107+
source_aws_region: ${{ steps.get-dv-aws-image-config.outputs.aws_region }}
108+
source_images: ${{ fromJson(steps.get-customer.outputs.result).source_images }}
109+
destination_aws_role: ${{ steps.get-aws-image-config.outputs.aws_role }}
110+
destination_aws_region: ${{ steps.get-aws-image-config.outputs.aws_region }}
111+
destination_aws_access_key_id: ${{ steps.get-aws-image-config.outputs.aws_access_key_id }}
112+
destination_aws_secret_access_key: ${{ steps.get-aws-image-config.outputs.aws_secret_access_key }}
113+
destination_images: ${{ fromJson(steps.get-customer.outputs.result).destination_images }}

0 commit comments

Comments
 (0)