mirror of
https://github.com/VictoriaMetrics/VictoriaMetrics.git
synced 2024-11-23 12:31:07 +01:00
CI: disable docker scan, enable auto release to sandbox (#4476)
* disable docker scan * disable nightly, enable auto release to sandbox * remove whitespace
This commit is contained in:
parent
5b7bfc41ad
commit
d4099a75be
48
.github/workflows/nightly-build.yml
vendored
48
.github/workflows/nightly-build.yml
vendored
@ -1,48 +0,0 @@
|
|||||||
name: nightly-build
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
# Daily at 2:48am
|
|
||||||
- cron: '48 2 * * *'
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
name: Build
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Login to Docker Hub
|
|
||||||
uses: docker/login-action@v2
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
- name: Setup Go
|
|
||||||
uses: actions/setup-go@main
|
|
||||||
with:
|
|
||||||
go-version: 1.20.5
|
|
||||||
id: go
|
|
||||||
|
|
||||||
- name: Setup docker scan
|
|
||||||
run: |
|
|
||||||
mkdir -p ~/.docker/cli-plugins && \
|
|
||||||
curl https://github.com/docker/scan-cli-plugin/releases/latest/download/docker-scan_linux_amd64 -L -s -S -o ~/.docker/cli-plugins/docker-scan &&\
|
|
||||||
chmod +x ~/.docker/cli-plugins/docker-scan
|
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v2
|
|
||||||
|
|
||||||
- name: Code checkout
|
|
||||||
uses: actions/checkout@master
|
|
||||||
|
|
||||||
- uses: actions/cache@v3
|
|
||||||
with:
|
|
||||||
path: gocache-for-docker
|
|
||||||
key: gocache-docker-${{ runner.os }}-${{ steps.go.outputs.go-version }}-${{ hashFiles('go.mod') }}
|
|
||||||
|
|
||||||
- name: build & publish
|
|
||||||
run: |
|
|
||||||
docker scan --severity=medium --login --token "$SNYK_TOKEN" --accept-license
|
|
||||||
LATEST_TAG=nightly PKG_TAG=nightly make publish
|
|
||||||
env:
|
|
||||||
SNYK_TOKEN: ${{ secrets.SNYK_AUTH_TOKEN }}
|
|
77
.github/workflows/update-sandbox.yml
vendored
Normal file
77
.github/workflows/update-sandbox.yml
vendored
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
name: sandbox-release
|
||||||
|
on:
|
||||||
|
release:
|
||||||
|
types: [published]
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
jobs:
|
||||||
|
deploy-sandbox:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Check out code
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
with:
|
||||||
|
repository: VictoriaMetrics/ops
|
||||||
|
ref: master
|
||||||
|
token: ${{ secrets.VM_BOT_GH_TOKEN }}
|
||||||
|
|
||||||
|
- name: Import GPG key
|
||||||
|
id: import-gpg
|
||||||
|
uses: crazy-max/ghaction-import-gpg@v5
|
||||||
|
with:
|
||||||
|
gpg_private_key: ${{ secrets.VM_BOT_GPG_PRIVATE_KEY }}
|
||||||
|
passphrase: ${{ secrets.VM_BOT_PASSPHRASE }}
|
||||||
|
git_user_signingkey: true
|
||||||
|
git_commit_gpgsign: true
|
||||||
|
|
||||||
|
- name: update image tag
|
||||||
|
uses: fjogeleit/yaml-update-action@main
|
||||||
|
with:
|
||||||
|
valueFile: 'gcp-test/sandbox/manifests/benchmark-vm/vmcluster.yaml'
|
||||||
|
commitChange: false
|
||||||
|
createPR: false
|
||||||
|
changes: |
|
||||||
|
{
|
||||||
|
"gcp-test/sandbox/manifests/benchmark-vm/vmcluster.yaml": {
|
||||||
|
"spec.vminsert.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster",
|
||||||
|
"spec.vmselect.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster",
|
||||||
|
"spec.vmstorage.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster"
|
||||||
|
},
|
||||||
|
"gcp-test/sandbox/manifests/benchmark-vm/vmsingle.yaml": {
|
||||||
|
"spec.image.tag": "${{ github.event.release.tag_name }}-enterprise"
|
||||||
|
},
|
||||||
|
"gcp-test/sandbox/manifests/monitoring/monitoring-vmagent.yaml": {
|
||||||
|
"spec.image.tag": "${{ github.event.release.tag_name }}"
|
||||||
|
},
|
||||||
|
"gcp-test/sandbox/manifests/monitoring/monitoring-vmcluster.yaml": {
|
||||||
|
"spec.vminsert.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster",
|
||||||
|
"spec.vmselect.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster",
|
||||||
|
"spec.vmstorage.image.tag": "${{ github.event.release.tag_name }}-enterprise-cluster"
|
||||||
|
},
|
||||||
|
"gcp-test/sandbox/manifests/monitoring/vmalert.yaml": {
|
||||||
|
"spec.image.tag": "${{ github.event.release.tag_name }}-enterprise"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- name: commit changes
|
||||||
|
run: |
|
||||||
|
git config --global user.name "${{ steps.import-gpg.outputs.email }}"
|
||||||
|
git config --global user.email "${{ steps.import-gpg.outputs.email }}"
|
||||||
|
git add .
|
||||||
|
git commit -S -m "Deploy image tag ${RELEASE_TAG} to sandbox"
|
||||||
|
env:
|
||||||
|
RELEASE_TAG: ${{ github.event.release.tag_name }}
|
||||||
|
|
||||||
|
- name: Create Pull Request
|
||||||
|
uses: peter-evans/create-pull-request@v5
|
||||||
|
with:
|
||||||
|
author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
|
||||||
|
branch: release-automation
|
||||||
|
token: ${{ secrets.VM_BOT_GH_TOKEN }}
|
||||||
|
delete-branch: true
|
||||||
|
title: "release ${{ github.event.release.tag_name }}"
|
||||||
|
body: |
|
||||||
|
Release [${{ github.event.release.tag_name }}](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/${{ github.event.release.tag_name }}) to sandbox
|
||||||
|
|
||||||
|
> Auto-generated by `Github Actions Bot`
|
||||||
|
|
2
Makefile
2
Makefile
@ -32,7 +32,7 @@ all: \
|
|||||||
clean:
|
clean:
|
||||||
rm -rf bin/*
|
rm -rf bin/*
|
||||||
|
|
||||||
publish: docker-scan \
|
publish: package-base \
|
||||||
publish-victoria-metrics \
|
publish-victoria-metrics \
|
||||||
publish-victoria-logs \
|
publish-victoria-logs \
|
||||||
publish-vmagent \
|
publish-vmagent \
|
||||||
|
@ -22,9 +22,6 @@ package-base:
|
|||||||
--tag $(BASE_IMAGE) \
|
--tag $(BASE_IMAGE) \
|
||||||
deployment/docker/base
|
deployment/docker/base
|
||||||
|
|
||||||
docker-scan: package-base
|
|
||||||
docker scan --severity=medium --accept-license $(BASE_IMAGE) || (echo "❌ The build has been terminated because critical vulnerabilities were found in $(BASE_IMAGE)"; exit 1)
|
|
||||||
|
|
||||||
package-builder:
|
package-builder:
|
||||||
(docker image ls --format '{{.Repository}}:{{.Tag}}' | grep -q '$(BUILDER_IMAGE)$$') \
|
(docker image ls --format '{{.Repository}}:{{.Tag}}' | grep -q '$(BUILDER_IMAGE)$$') \
|
||||||
|| docker build \
|
|| docker build \
|
||||||
|
Loading…
Reference in New Issue
Block a user