diff --git a/Makefile b/Makefile index 99183bd56c..8b83308d33 100644 --- a/Makefile +++ b/Makefile @@ -45,9 +45,9 @@ RELEASE_NOTES_BIN := bin/release-notes RELEASE_NOTES := $(TOOLS_DIR)/$(RELEASE_NOTES_BIN) # Define Docker related variables. Releases should modify and double check these vars. -REGISTRY ?= gcr.io/$(shell gcloud config get-value project) -STAGING_REGISTRY := gcr.io/k8s-staging-cluster-api-aws -PROD_REGISTRY := us.gcr.io/k8s-artifacts-prod/cluster-api-aws +REGISTRY ?= gcr.io/spectro-images/test-infra/staging/cluster-api-aws +STAGING_REGISTRY := gcr.io/spectro-images/test-infra/staging/cluster-api-aws +PROD_REGISTRY ?= gcr.io/spectro-images/test-infra/prod/cluster-api-aws IMAGE_NAME ?= cluster-api-aws-controller CONTROLLER_IMG ?= $(REGISTRY)/$(IMAGE_NAME) TAG ?= dev @@ -195,6 +195,9 @@ docker-build: ## Build the docker image for controller-manager docker-push: ## Push the docker image docker push $(CONTROLLER_IMG)-$(ARCH):$(TAG) +docker-rmi: ## Remove the local docker image + docker rmi ${CONTROLLER_IMG}-$(ARCH):$(TAG) + ## -------------------------------------- ## Docker — All ARCH ## -------------------------------------- diff --git a/prow/OWNERS b/prow/OWNERS new file mode 100644 index 0000000000..ce7ae9eb57 --- /dev/null +++ b/prow/OWNERS @@ -0,0 +1,8 @@ +options: + no_parent_owners: true +approvers: + - zulfilee +reviewers: + - zulfilee +labels: +- prow diff --git a/prow/functions.sh b/prow/functions.sh new file mode 100644 index 0000000000..8aff088f34 --- /dev/null +++ b/prow/functions.sh @@ -0,0 +1,100 @@ +# Common set of functions +# Error check is done with set -e command . Build will fail if any of the commands fail + +# Variables expected from CI - PULL_NUMBER , JOB_TYPE , ARTIFACTS , SONAR_SCAN_TOKEN, SONARQUBE_URL, DOCKER_REGISTRY + +print_step() { + text_val=$1 + set +x + echo " " + echo "################################################### +# ${text_val} +###################################################" + echo " " + set -x +} + +set_image_tag() { + IMG_TAG="latest" + if [[ ${JOB_TYPE} == 'presubmit' ]]; then + IMG_TAG=${PULL_NUMBER} + IMG_LOC='pr' + fi + if [[ ${JOB_TYPE} == 'periodic' ]]; then + IMG_TAG=$(date +%Y%m%d.%H%M) + IMG_LOC='daily' + fi + if [[ ${SPECTRO_RELEASE} == "yes" ]]; then + IMG_TAG=${VERSION} + IMG_LOC='release' + fi + export IMG_TAG +} + +build_code() { + print_step "Building Code" + make all +} + +create_images() { + print_step "Create and Push the images" + make binaries + make release +} + +delete_images() { + print_step "Delete local images" + echo make docker-rmi +} + + +create_manifest() { + project_name=$1 + print_step "Create manifest files and copy to artifacts folder" + # Manifest output has all secrets printed. Mask the output + make manifest > /dev/null 2>&1 + + mkdir -p ${ARTIFACTS}/${project_name}/build + cp -r build/kustomize ${ARTIFACTS}/${project_name}/build/kustomize + + if [[ -d _build/manifests ]]; then + cp -r _build/manifests ${ARTIFACTS}/manifests + fi +} + +run_lint() { + print_step "Running Lint check" + golangci-lint run ./... --timeout 10m --tests=false +} + + + +#----------------------------------------------/ +# Scan containers with Anchore and Trivy / +# Variables required are set in CI / +#----------------------------------------------/ +run_container_scan() { + set +e + print_step 'Run container scan' + COMPL_DIR=${ARTIFACTS}/compliance + CONTAINER_SCAN_DIR=${COMPL_DIR}/container_scan + TRIVY_LIST=${CONTAINER_SCAN_DIR}/trivy_vulnerability.txt + TRIVY_JSON=${CONTAINER_SCAN_DIR}/trivy_vulnerability.json + mkdir -p ${CONTAINER_SCAN_DIR} + + for EACH_IMAGE in ${IMAGES_LIST} + do + trivy --download-db-only + echo "Image Name: ${EACH_IMAGE} " >> ${TRIVY_LIST} + trivy ${EACH_IMAGE} >> ${TRIVY_LIST} + trivy -f json ${EACH_IMAGE} >> ${TRIVY_JSON} + done + set -e +} + + +export REPO_NAME=cluster-api-provider-aws +export VERSION_SUFFIX="" +set_image_tag +export CONTROLLER_IMG=${DOCKER_REGISTRY}/${IMG_LOC}/cluster-api-aws-controller-${IMG_TAG} +IMAGES_LIST="${CONTROLLER_IMG}" diff --git a/prow/presubmit.sh b/prow/presubmit.sh new file mode 100644 index 0000000000..4d0927e9d6 --- /dev/null +++ b/prow/presubmit.sh @@ -0,0 +1,35 @@ +#!/bin/bash +######################################## +# Presubmit script triggered by Prow. # +######################################## +action=$1 +if [[ ! ${action} ]]; then + action='default' +fi + +WD=$(dirname $0) +WD=$(cd $WD; pwd) +ROOT=$(dirname $WD) +source prow/functions.sh + +# Exit immediately for non zero status +set -e +# Check unset variables +set -u +# Print command trace +set -x + + +if [[ ${action} == "build_artifacts" ]]; then + create_images + delete_images +fi + + +if [[ ${action} == "compliance_scan" ]]; then + create_images + run_container_scan + delete_images +fi + +exit 0