Build latest CSE branch with Svace every weekend

Build latest CSE branch with Svace every weekend #66

Workflow file for this run

.github/workflows/dev_build_svace.yml at 508f1e9

	# Copyright 2024 Flant JSC
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	name: Build latest CSE branch with Svace every weekend
	env:
	MODULES_REGISTRY: ${{ vars.DEV_REGISTRY }}
	CI_COMMIT_REF_NAME: ${{ github.ref_name }}
	MODULES_MODULE_NAME: ${{ vars.MODULE_NAME }}
	MODULES_MODULE_SOURCE: ${{ vars.DEV_MODULE_SOURCE }}
	MODULES_REGISTRY_LOGIN: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }}
	MODULES_REGISTRY_PASSWORD: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}
	SOURCE_REPO: "${{secrets.SOURCE_REPO}}"
	SOURCE_REPO_GIT: "${{secrets.SOURCE_REPO_GIT}}"

	on:
	workflow_dispatch:
	schedule:
	- cron: "00 04 * * *"
	defaults:
	run:
	shell: bash

	concurrency:
	group: "${{ github.workflow }}-${{ github.ref }}"
	cancel-in-progress: true

	jobs:
	set_vars:
	runs-on: ubuntu-latest
	name: Set MODULES_MODULE_TAG
	outputs:
	modules_module_tag: ${{ steps.modules_module_tag.outputs.MODULES_MODULE_TAG }}
	module_edition: ${{ steps.modules_module_tag.outputs.MODULE_EDITION }}
	runner_type: ${{ steps.modules_module_tag.outputs.RUNNER_TYPE }}
	checkout_tag: ${{ steps.modules_module_tag.outputs.CHECKOUT_TAG }}
	checkout_sha: ${{ steps.modules_module_tag.outputs.CHECKOUT_SHA }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: "${{ github.event.pull_request.head.sha \|\| github.sha }}"
	- name: Set vars
	id: modules_module_tag
	run: \|
	if [[ "${{ github.event_name }}" == 'schedule' ]]; then
	# get last semver branch with release-X.Y-cse format
	CHECKOUT_TAG=$(git branch -r \| grep -oE 'release-[0-9]+\.[0-9]+-cse$' \| sort -V \| tail -n 1)
	else
	CHECKOUT_TAG=${{ github.event.pull_request.head.sha \|\| github.sha }}
	fi
	CHECKOUT_SHA=$(git rev-parse remotes/origin/$CHECKOUT_TAG)
	echo "CHECKOUT_TAG=$CHECKOUT_TAG" >> "$GITHUB_OUTPUT"
	echo "CHECKOUT_SHA=$CHECKOUT_SHA" >> "$GITHUB_OUTPUT"
	if [[ "${{ github.ref_name }}" == 'main' ]]; then
	MODULES_MODULE_TAG="${{ github.ref_name }}-svace"
	elif [[ "${{ github.ref_name }}" =~ ^release-[0-9]+\.[0-9]+ ]]; then
	MODULES_MODULE_TAG="${{ github.ref_name }}-svace"
	elif [[ -n "${{ github.event.pull_request.number }}" ]]; then
	MODULES_MODULE_TAG="pr${{ github.event.pull_request.number }}-svace"
	else
	underscored_branch=$(echo "${{ github.ref_name }}" \| tr '/' '_')
	MODULES_MODULE_TAG="$underscored_branch-svace"
	fi

	echo "MODULES_MODULE_TAG=$MODULES_MODULE_TAG" >> "$GITHUB_OUTPUT"

	# Select runner
	if echo "${{ steps.get-labels.outputs.result }}" \| grep -q "build/github/ubuntu"; then
	echo "RUNNER_TYPE=[\"ubuntu-22.04\"]" >> "$GITHUB_OUTPUT"
	elif echo "${{ steps.get-labels.outputs.result }}" \| grep -q "build/self-hosted/regular"; then
	echo "RUNNER_TYPE=[\"self-hosted\", \"regular\"]" >> "$GITHUB_OUTPUT"
	else
	echo "RUNNER_TYPE=[\"self-hosted\", \"large\"]" >> "$GITHUB_OUTPUT"
	fi

	# EE for virtualization-audit
	echo "MODULE_EDITION=EE" >> "$GITHUB_OUTPUT"

	dev_setup_build:
	runs-on: ${{ fromJSON(needs.set_vars.outputs.runner_type)}}
	name: Build and Push images
	needs: set_vars
	env:
	MODULES_MODULE_TAG: ${{needs.set_vars.outputs.modules_module_tag}}
	MODULE_EDITION: ${{needs.set_vars.outputs.module_edition}}
	CHECKOUT_TAG: ${{needs.set_vars.outputs.checkout_tag}}
	CHECKOUT_SHA: ${{needs.set_vars.outputs.checkout_sha}}
	WERF_VIRTUAL_MERGE: 0
	steps:
	- name: Setup Docker config
	run: \|
	echo "DOCKER_CONFIG=$(mktemp -d)" >> $GITHUB_ENV

	- name: Print vars
	run: \|
	echo MODULES_REGISTRY=$MODULES_REGISTRY
	echo CI_COMMIT_REF_NAME=$CI_COMMIT_REF_NAME
	echo MODULES_MODULE_NAME=$MODULES_MODULE_NAME
	echo MODULES_MODULE_SOURCE=$MODULES_MODULE_SOURCE
	echo MODULE_EDITION=$MODULE_EDITION
	echo MODULES_MODULE_TAG=$MODULES_MODULE_TAG
	echo DOCKER_CONFIG=$DOCKER_CONFIG
	echo CHECKOUT_TAG=$CHECKOUT_TAG
	echo CHECKOUT_SHA=$CHECKOUT_SHA
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{needs.set_vars.outputs.checkout_tag}}

	- name: Remove unwanted software
	if: ${{ !contains(needs.set_vars.outputs.runner_type, 'self-hosted') }}
	uses: ./.github/actions/remove-unwanted-software

	- uses: deckhouse/modules-actions/setup@v2
	with:
	registry: ${{ vars.DEV_REGISTRY }}
	registry_login: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }}
	registry_password: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}

	- uses: deckhouse/modules-actions/build@v4
	with:
	module_source: ${{ vars.DEV_MODULE_SOURCE}}
	module_name: ${{ vars.MODULE_NAME }}
	module_tag: ${{needs.set_vars.outputs.modules_module_tag}}
	source_repo: ${{secrets.SOURCE_REPO_GIT}}
	svace_enabled: "true"
	svace_analyze_host: "${{ secrets.SVACE_ANALYZE_HOST }}"
	svace_analyze_ssh_user: "${{ secrets.SVACE_ANALYZE_SSH_USER }}"
	svace_analyze_ssh_key: "${{ secrets.SVACE_ANALYZE_SSH_PRIVATE_KEY }}"

	- name: Cleanup Docker config
	run: \|
	rm -rf $DOCKER_CONFIG

	analyze_build:
	name: Analyze build
	runs-on: ${{ fromJSON(needs.set_vars.outputs.runner_type)}}
	needs:
	- set_vars
	- dev_setup_build
	steps:
	- uses: deckhouse/modules-actions/svace_analyze@v4
	id: analyze
	with:
	project_group: ${{ github.event.repository.name }}
	ci_commit_ref_name: ${{ needs.set_vars.outputs.checkout_tag }}
	ci_commit_hash: ${{ needs.set_vars.outputs.checkout_sha }}
	svace_analyze_host: "${{ secrets.SVACE_ANALYZE_HOST }}"
	svace_analyze_ssh_user: "${{ secrets.SVACE_ANALYZE_SSH_USER }}"
	svacer_url: "${{ secrets.SVACER_URL }}"
	svacer_import_user: "${{ secrets.SVACER_IMPORT_USER }}"
	svacer_import_password: "${{ secrets.SVACER_IMPORT_PASSWORD }}"
	svace_analyze_ssh_private_key: "${{ secrets.SVACE_ANALYZE_SSH_PRIVATE_KEY }}"

	notify:
	name: Notify Loop
	runs-on: ubuntu-latest
	env:
	CHECKOUT_TAG: ${{needs.set_vars.outputs.checkout_tag}}
	needs:
	- set_vars
	- dev_setup_build
	- analyze_build
	if: always()
	steps:
	- name: Send results to Loop
	run: \|
	DATE=$(date '+%Y-%m-%d')
	if [ "${{ needs.analyze_build.result }}" == "success" ]; then
	STATUS=":white_check_mark: SUCCESS!"
	else
	STATUS=":x: FAIL!"
	fi
	MESSAGE="
	### :gear: DVP $DATE Weekly Svace Analyze Report

	Branch: \`$CHECKOUT_TAG\`
	Status: ${STATUS}

	[:link: GitHub Actions Output]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID)
	"
	curl -XPOST -H 'Content-Type: application/json' -d "{\"text\": \"${MESSAGE}\"}" $LOOP_WEBHOOK_URL
	env:
	LOOP_WEBHOOK_URL: ${{ secrets.LOOP_WEBHOOK_URL }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build latest CSE branch with Svace every weekend #66

Workflow file

Build latest CSE branch with Svace every weekend #66

Uh oh!

Workflow file for this run