ROX-25992: Add multiarch builds to CI - Manual manifest build #171
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Go | |
on: [push] | |
permissions: | |
contents: read | |
pull-requests: read | |
checks: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run ShellCheck on GHA config | |
uses: saleor/shellcheck-gha@v0 | |
- name: Prepare OCI metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: "quay.io/stackrox-io/image-prefetcher" | |
# generate Docker tags based on the following events/attributes | |
# See https://github.com/docker/metadata-action | |
tags: | | |
type=ref,event=branch,prefix=branch- | |
type=semver,pattern=v{{major}}.{{minor}}.{{patch}} | |
type=semver,pattern=v{{major}}.{{minor}} | |
type=semver,pattern=v{{major}} | |
type=sha | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- name: Verify | |
run: go mod verify | |
- name: Build | |
run: go build ./... | |
- name: Test | |
run: go test ./... | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v6 | |
with: | |
version: latest | |
install-mode: binary | |
- name: Prepare manifests for linting | |
run: | | |
go build -C deploy . | |
mkdir manifests | |
./deploy/deploy --k8s-flavor vanilla my-images > manifests/vanilla.yaml | |
./deploy/deploy --k8s-flavor ocp my-images > manifests/ocp.yaml | |
./deploy/deploy --k8s-flavor vanilla --secret my-secret my-images > manifests/vanilla-with-secret.yaml | |
./deploy/deploy --k8s-flavor ocp --secret my-secret my-images > manifests/ocp-with-secret.yaml | |
./deploy/deploy --k8s-flavor vanilla --collect-metrics my-images > manifests/vanilla-metrics.yaml | |
./deploy/deploy --k8s-flavor ocp --collect-metrics my-images > manifests/ocp-metrics.yaml | |
./deploy/deploy --k8s-flavor vanilla --secret my-secret --collect-metrics my-images > manifests/vanilla-with-secret-metrics.yaml | |
./deploy/deploy --k8s-flavor ocp --secret my-secret --collect-metrics my-images > manifests/ocp-with-secret-metrics.yaml | |
- name: kubeconform | |
run: | | |
make -C deploy kubeconform MANIFESTS="$(pwd)/manifests" | |
- name: kube-linter | |
uses: stackrox/[email protected] | |
with: | |
directory: manifests | |
- name: Build binary | |
run: make -j2 binary-all | |
- name: Login to Quay | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} | |
password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} | |
- name: Build and push OCI amd64 image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }}-amd64 | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: linux/amd64 | |
build-args: | | |
ARCH=amd64 | |
- name: Build and push OCI arm64 image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }}-arm64 | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: linux/arm64 | |
build-args: | | |
ARCH=arm64 | |
- name: Build and push OCI ppc64le image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }}-ppc64le | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: linux/ppc64le | |
build-args: | | |
ARCH=ppc64le | |
- name: Build and push OCI 390x image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }}-s390x | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: linux/s390x | |
build-args: | | |
ARCH=s390x | |
- name: Create and push multi-arch manifest | |
if: github.event_name != 'pull_request' | |
env: | |
IMAGE_TAG: ${{ steps.meta.outputs.tags }} | |
run: make push-multi-arch-manifest | |
e2e: | |
if: github.event_name != 'pull_request' | |
needs: build | |
runs-on: ubuntu-latest | |
env: | |
CLUSTER_NAME: img-prefetch-${{ github.run_id }} | |
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }} | |
NS: prefetch | |
NAME: basic | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- name: Authenticate against GCP | |
uses: "google-github-actions/auth@v2" | |
with: | |
credentials_json: "${{ secrets.GCP_IMAGE_PREFETCHER_CI_SA }}" | |
- name: Install GKE auth plugin | |
uses: "google-github-actions/setup-gcloud@v2" | |
with: | |
install_components: "gke-gcloud-auth-plugin" | |
- name: Install infractl | |
uses: stackrox/actions/infra/install-infractl@main | |
- name: Create GKE cluster | |
uses: stackrox/actions/infra/[email protected] | |
with: | |
token: ${{ secrets.INFRA_TOKEN }} | |
flavor: gke-default | |
name: img-prefetch-${{ github.run_id }} | |
lifespan: 1h | |
args: nodes=2 | |
wait: "true" | |
no-slack: "true" | |
- name: Setup environment from cluster artifacts | |
env: | |
ARTIFACTS_DIR: ${{ runner.temp }}/gke-artifacts | |
run: | | |
# Fetch the artifacts for the GKE cluster. | |
infractl artifacts --download-dir="${ARTIFACTS_DIR}" "${CLUSTER_NAME}" >/dev/null | |
# Set both URL and admin password. | |
KUBECONFIG="${ARTIFACTS_DIR}/kubeconfig" | |
echo "KUBECONFIG=$KUBECONFIG" >> "$GITHUB_ENV" | |
- name: Build the deploy tool | |
run: go build -C deploy . | |
- name: Deploy prefetcher | |
run: | | |
set -e | |
echo busybox:latest >> images.txt | |
echo debian:sid >> images.txt | |
kubectl create --dry-run=client -o yaml --namespace="$NS" configmap "${NAME}" --from-file="images.txt=images.txt" > manifest.yaml | |
echo --- >> manifest.yaml | |
./deploy/deploy \ | |
--version="sha-$(git rev-parse --short HEAD)" \ | |
--k8s-flavor=vanilla \ | |
--collect-metrics \ | |
"${NAME}" >> manifest.yaml | |
kubectl create namespace "$NS" | |
kubectl apply -n "$NS" -f manifest.yaml | |
- name: Wait for prefetcher to finish | |
run: | | |
set -e | |
info() { echo "$@"; } | |
die() { info "$@"; exit 1; } | |
attempt=0 | |
service="service/${NAME}-metrics" | |
while [[ -z $(kubectl -n "${NS}" get "${service}" -o jsonpath="{.status.loadBalancer.ingress}" 2>/dev/null) ]]; do | |
if [ "$attempt" -lt "10" ]; then | |
info "Waiting for ${service} to obtain endpoint ..." | |
attempt=$((attempt+1)) | |
sleep 10 | |
else | |
die "ERROR: Timeout waiting for ${service} to obtain endpoint!" | |
fi | |
done | |
endpoint="$(kubectl -n "${NS}" get "${service}" -o json | jq -r '.status.loadBalancer.ingress[] | .ip')" | |
curl --silent --show-error --fail --retry 3 --retry-connrefused "http://${endpoint}:8080/metrics" > metrics.json | |
- name: Dump metrics | |
run: jq . metrics.json | |
- name: Dump debug info | |
if: always() | |
run: | | |
kubectl -n "$NS" get -o yaml daemonsets,deployments,pods,replicasets,services,roles,rolebindings | |
kubectl -n "$NS" get events | |
kubectl -n "$NS" logs -l app=basic-metrics --all-containers=true --ignore-errors=true --tail=-1 | |
kubectl -n "$NS" logs -l app=basic-metrics --all-containers=true --ignore-errors=true --tail=-1 --previous=true | |
kubectl -n "$NS" logs -l app=basic --all-containers=true --ignore-errors=true --tail=-1 | |
kubectl -n "$NS" logs -l app=basic --all-containers=true --ignore-errors=true --tail=-1 --previous=true | |
- name: Teardown cluster | |
if: always() | |
env: | |
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }} | |
run: | | |
infractl delete "${CLUSTER_NAME}" || echo "Failed to remove the infra cluster" |