diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml index af60c13..a6623d7 100644 --- a/.github/workflows/docker-image.yaml +++ b/.github/workflows/docker-image.yaml @@ -1,62 +1,56 @@ -name: Build Docker image +name: docker-image-push + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. on: push: - tags: - - '*' - branches: - - "master" - paths-ignore: - - 'charts/**' + tags: [ '*' ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: adobe/kminion jobs: build: runs-on: ubuntu-latest - + permissions: + contents: read + packages: write steps: - - uses: actions/checkout@v3 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + - name: Checkout repository + uses: actions/checkout@v3 + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 with: - driver-opts: image=moby/buildkit:v0.10.3,network=host - + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Set Release Date run: | echo "BUILT_AT=$(date --rfc-3339=date)" >> ${GITHUB_ENV} - - - name: Docker meta - id: docker_meta + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta uses: docker/metadata-action@v4 with: - # list of Docker images to use as base name for tags - images: | - vectorized/kminion - redpandadata/kminion - # generate Docker tags based on the following events/attributes - # Semver type is only active on 'push tag' events, hence no enable condition required - tags: | - type=sha,prefix={{branch}}-,format=short,enable={{is_default_branch}} - type=semver,pattern={{raw}} - - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - - - name: Build and push + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Build and push Docker image uses: docker/build-push-action@v3 with: - push: true - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.docker_meta.outputs.tags }} + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} build-args: | - VERSION=${{ fromJSON(steps.docker_meta.outputs.json).labels['org.opencontainers.image.version'] }} + VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} BUILT_AT=${{ env.BUILT_AT }} COMMIT=${{ github.sha }} - cache-from: type=gha - cache-to: type=gha,mode=max diff --git a/.github/workflows/go-releaser.yaml b/.github/workflows/go-releaser.yaml deleted file mode 100644 index da9e1e0..0000000 --- a/.github/workflows/go-releaser.yaml +++ /dev/null @@ -1,32 +0,0 @@ -name: GoReleaser - -on: - push: - tags: - - '*' - -jobs: - goreleaser: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: '^1.18' - check-latest: true - cache: true - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2 - if: startsWith(github.ref, 'refs/tags/') - with: - version: latest - args: release --rm-dist - workdir: . - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/kics-iac.yml b/.github/workflows/kics-iac.yml deleted file mode 100644 index 994227c..0000000 --- a/.github/workflows/kics-iac.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: kics scanning -on: - push: - branches: master -jobs: - kics: - runs-on: ubuntu-latest - env: - AWS_ACCESS_KEY_ID: ${{ secrets.VULN_REPORTS_AWS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.VULN_REPORTS_AWS_SECRET_ACCESS_KEY }} - VULN_REPORTS_AWS_BUCKET: ${{ secrets.VULN_REPORTS_AWS_BUCKET }} - AWS_EC2_METADATA_DISABLED: true - steps: - - uses: actions/checkout@v2 - - name: run kics Scan - uses: checkmarx/kics-github-action@v1.6.3 - with: - path: . - ignore_on_exit: results - output_path: res/ - - name: display kics results - run: | - cat res/results.json - - name: upload scan results - run: | - set -eu - KEY="`date +%Y`/`date +%m`/`date +%d`/${GITHUB_REPOSITORY#*/}_${GITHUB_REF#refs/heads/}_kics_`date +%s`.json" - echo "[i] writing to s3 object '$KEY'" - aws s3 cp res/results.json s3://$VULN_REPORTS_AWS_BUCKET/$KEY diff --git a/.github/workflows/package-helm-chart-on-push.yaml b/.github/workflows/package-helm-chart-on-push.yaml deleted file mode 100644 index 6c1038c..0000000 --- a/.github/workflows/package-helm-chart-on-push.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Package helm chart on push - -on: - push: - branches: - - master - paths: - - 'charts/kminion/Chart.yaml' - - '!charts/**.md' - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Helm Package - run: | - helm package ./charts/kminion -d ./charts/archives - - name: Helm Index - run: | - helm repo index ./charts/archives --merge .charts/archives/index.yaml - - name: Commit and push - run: | - git config user.name "GitHub Action ($GITHUB_ACTOR)" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - git add --all - git commit -m '[Auto Commit] Package helm chart' - git push diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 3130e8f..508e5aa 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -22,5 +22,5 @@ jobs: env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} run: | - snyk monitor --project-name=kminion --remote-repo=redpanda-data/kminion --target-reference=${GITHUB_REF#refs/heads/} . - shell: bash \ No newline at end of file + snyk monitor --project-name=kminion --remote-repo=adobe/kminion --target-reference=${GITHUB_REF#refs/heads/} . + shell: bash diff --git a/.goreleaser.yml b/.goreleaser.yml deleted file mode 100644 index 270718b..0000000 --- a/.goreleaser.yml +++ /dev/null @@ -1,38 +0,0 @@ -release: - name_template: '{{.Version}} / {{time "2006-01-02"}}' - prerelease: auto - mode: append - footer: | - ## Docker Image - Use the following command to pull this release's Docker image: - ```sh - docker pull vectorized/kminion:{{ .Tag }} - ``` -changelog: - skip: false - use: github - filters: - # Commit messages matching the regexp listed here will be removed from the changelog - exclude: - - '^docs:' - - '^test:' - - '^npm:' - - '^go.mod:' - - '^.github:' - - 'Merge branch' - -builds: - - id: kminion - binary: kminion - goos: - - darwin - - linux - - windows - goarch: - - amd64 - - arm64 - ldflags: - - -s -w -X main.version={{.Version}} -X main.builtAt={{.Date}} -X main.commit={{.Commit}} - -checksum: - name_template: 'checksums.txt'