kyma-project · akiioto · Oct 11, 2024 · Oct 7, 2024 · Oct 7, 2024 · Oct 7, 2024
@@ -0,0 +1,63 @@
+name: autobump-docs-index-md.yml
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '**/*.md'
+  workflow_dispatch: {}
+
+env:
+  AUTOBUMP_CONFIG_PATH: configs/autobump-config/test-infra-markdown-index-autobump-config.yaml
+
+jobs:
+  autobump:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    concurrency:
+      group: post-test-infra-markdown-index-autobump
+      cancel-in-progress: false
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup git config
+        run: |
+          GIT_USERNAME=$(grep "gitName" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2)
+          GIT_EMAIL=$(grep "gitEmail" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2)
+          git config user.name "$GIT_USERNAME"
+          git config user.email "$GIT_EMAIL"
+
+          git config --unset-all http.https://github.com/.extraheader
+
+      - name: Authenticate in GCP
+        id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          project_id: ${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}
+          workload_identity_provider: ${{ vars.GH_COM_KYMA_PROJECT_GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER }}
+
+      - name: Get kyma bot token from Secret Manager
+        id: 'secrets'
+        uses: 'google-github-actions/get-secretmanager-secrets@v2'
+        with:
+          secrets: |-
+            kyma-autobump-token:${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}/${{ vars.KYMA_AUTOBUMP_BOT_GITHUB_SECRET_NAME }}
+
+      - name: Store Github Token for autobumper
+        run: |
+          echo "${{ steps.secrets.outputs.kyma-autobump-token }}" > ~/token
+
+      - name: Run markdown index autobump
+        run: |
+          docker run --rm \
+            -v ~/token:/etc/github/token:ro \
+            -v ${{ github.workspace }}:/github/test-infra \
+            --workdir /github/test-infra \
+            --user $UID \
+            europe-docker.pkg.dev/kyma-project/prod/markdown-index:v20241007-aa6bbc21 \
+            --config=${{ env.AUTOBUMP_CONFIG_PATH }} \
+            --labels-override=kind/chore,area/documentation
@@ -0,0 +1,10 @@
+name: autobump-images
+
+on:
+  schedule:
+    - cron: 45 * * * 1-5
+  workflow_dispatch:
+
+jobs:
+  autobump:
+    uses: kyma-project/test-infra/.github/workflows/reusable-image-autobumper.yml@main
@@ -4,13 +4,13 @@ on:
   pull_request_target:
     types: [opened, synchronize, reopened, ready_for_review]
     paths:
-      - "images/**"
+      - "cmd/images/**"
       - ".github/workflows/image-builder.yml"
   push:
     branches:
       - main
     paths:
-      - "images/**"
+      - "cmd/images/**"
       - ".github/workflows/image-builder.yml"
   workflow_dispatch: {}
 
@@ -20,7 +20,7 @@ jobs:
     uses: ./.github/workflows/image-builder.yml
     with:
       name: alpine
-      dockerfile: images/alpine/Dockerfile
+      dockerfile: cmd/images/alpine/Dockerfile
       context: .
 
   unpack-alpine:
@@ -42,7 +42,7 @@ jobs:
     uses: ./.github/workflows/image-builder.yml
     with:
       name: alpine-git
-      dockerfile: images/alpine/git/Dockerfile
+      dockerfile: cmd/images/alpine/git/Dockerfile
       context: .
       build-args: BASE_ALPINE_IMAGE=${{ needs.unpack-alpine.outputs.clean_image }}
 
@@ -52,7 +52,7 @@ jobs:
     uses: ./.github/workflows/image-builder.yml
     with:
       name: alpine-git-gke-aws-auth
-      dockerfile: images/alpine/git/gke-aws-auth/Dockerfile
+      dockerfile: cmd/images/alpine/git/gke-aws-auth/Dockerfile
       context: .
       build-args: BASE_ALPINE_IMAGE=${{ needs.unpack-alpine.outputs.clean_image }}
 
@@ -61,7 +61,7 @@ jobs:
     uses: ./.github/workflows/image-builder.yml
     with:
       name: buildpack
-      dockerfile: images/buildpack/Dockerfile
+      dockerfile: cmd/images/buildpack/Dockerfile
       context: .
 
   unpack-buildpack:
@@ -83,7 +83,7 @@ jobs:
     uses: ./.github/workflows/image-builder.yml
     with:
       name: buildpack-go
-      dockerfile: images/buildpack/go/Dockerfile
+      dockerfile: cmd/images/buildpack/go/Dockerfile
       context: .
       build-args: BASE_BUILDPACK_IMAGE=${{ needs.unpack-buildpack.outputs.clean_image }}
 
@@ -92,7 +92,7 @@ jobs:
     uses: ./.github/workflows/image-builder.yml
     with:
       name: unified-agent
-      dockerfile: images/unified-agent/Dockerfile
+      dockerfile: cmd/images/unified-agent/Dockerfile
       context: .
 
   unpack-unified-agent:
@@ -114,7 +114,7 @@ jobs:
     uses: ./.github/workflows/image-builder.yml
     with:
       name: unified-agent-go
-      dockerfile: images/unified-agent/go/Dockerfile
+      dockerfile: cmd/images/unified-agent/go/Dockerfile
       context: .
       build-args: BASE_UNIFIED_AGENT_IMAGE=${{ needs.unpack-unified-agent.outputs.clean_image }}
 
@@ -124,7 +124,7 @@ jobs:
     uses: ./.github/workflows/image-builder.yml
     with:
       name: unified-agent-nodejs
-      dockerfile: images/unified-agent/nodejs/Dockerfile
+      dockerfile: cmd/images/unified-agent/nodejs/Dockerfile
       context: .
       build-args: BASE_UNIFIED_AGENT_IMAGE=${{ needs.unpack-unified-agent.outputs.clean_image }}
 
@@ -134,7 +134,7 @@ jobs:
     uses: ./.github/workflows/image-builder.yml
     with:
       name: unified-agent-python
-      dockerfile: images/unified-agent/python/Dockerfile
+      dockerfile: cmd/images/unified-agent/python/Dockerfile
       context: .
       build-args: BASE_UNIFIED_AGENT_IMAGE=${{ needs.unpack-unified-agent.outputs.clean_image }}
 
@@ -143,5 +143,5 @@ jobs:
     uses: ./.github/workflows/image-builder.yml
     with:
       name: e2e-gcloud
-      dockerfile: images/e2e-gcloud/Dockerfile
+      dockerfile: cmd/images/e2e-gcloud/Dockerfile
       context: .
@@ -0,0 +1,52 @@
+name: hello-world
+on: workflow_dispatch
+
+env:
+  AUTOBUMP_CONFIG_PATH: configs/autobump-config/test-infra-markdown-index-autobump-config.yaml
+
+jobs:
+  autobump:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    concurrency:
+      group: post-test-infra-markdown-index-autobump
+      cancel-in-progress: false
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup git config
+        run: |
+          GIT_USERNAME=$(grep "gitName" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2)
+          GIT_EMAIL=$(grep "gitEmail" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2)
+          git config user.name "$GIT_USERNAME"
+          git config user.email "$GIT_EMAIL"
+          git config --unset-all http.https://github.com/.extraheader
+      - name: Authenticate in GCP
+        id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          project_id: ${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}
+          workload_identity_provider: ${{ vars.GH_COM_KYMA_PROJECT_GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER }}
+
+      - name: Get kyma bot token from Secret Manager
+        id: 'secrets'
+        uses: 'google-github-actions/get-secretmanager-secrets@v2'
+        with:
+          secrets: |-
+            kyma-autobump-token:${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}/${{ vars.KYMA_AUTOBUMP_BOT_GITHUB_SECRET_NAME }}
+      - name: Store Github Token for autobumper
+        run: |
+          echo "${{ steps.secrets.outputs.kyma-autobump-token }}" > ~/token
+      - name: Run markdown index autobump
+        run: |
+          docker run --rm \
+            -v ~/token:/etc/github/token:ro \
+            -v ${{ github.workspace }}:/github/workspace \
+            --workdir /github/workspace \
+            --user $UID \
+            europe-docker.pkg.dev/kyma-project/prod/markdown-index:v20241007-aa6bbc21 \
+            --config=${{ env.AUTOBUMP_CONFIG_PATH }} \
+            --labels-override=kind/chore,area/documentation
@@ -14,7 +14,7 @@ on:
         description: Path to the dockerfile used to build docker image
         required: false
         type: string
-        default: "prow/images/ginkgo/Dockerfile"
+        default: "cmd/images/ginkgo/Dockerfile"
       context:
         description: Build context to build container from
         required: false

@@ -31,7 +31,7 @@ jobs:
     uses: ./.github/workflows/image-builder.yml
     with:
       name: test-infra/ginkgo
-      dockerfile: prow/images/ginkgo/Dockerfile
+      dockerfile: cmd/images/ginkgo/Dockerfile
       context: .
       env-file: "envs"
       tags: ${{ needs.compute-tag.outputs.tag }}

@@ -53,4 +53,4 @@ jobs:
       - uses: docker://europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240621-63f4f2b1
         id: build
         with:
-          args: --name=test-infra/ginkgo --context=. --dockerfile=prow/images/ginkgo/Dockerfile --azure-access-token=${{ steps.secrets.outputs.ado-pat }} --oidc-token=${{ steps.get_oidc.outputs.jwt }} --env-file='envs' --build-in-ado=true --test-kaniko-build-config=true --config="./configs/image-builder-client-config.yaml"
+          args: --name=test-infra/ginkgo --context=. --dockerfile=cmd/images/ginkgo/Dockerfile --azure-access-token=${{ steps.secrets.outputs.ado-pat }} --oidc-token=${{ steps.get_oidc.outputs.jwt }} --env-file='envs' --build-in-ado=true --test-kaniko-build-config=true --config="./configs/image-builder-client-config.yaml"
@@ -70,7 +70,7 @@ jobs:
             --workdir /github/workspace \
             --rm \
             --user $UID \
-            europe-docker.pkg.dev/kyma-project/prod/image-detector:v20241007-36d14dd7 \
+            europe-docker.pkg.dev/kyma-project/prod/image-detector:v20241010-d3f08490 \
             --terraform-dir=${{ env.TERRAFORM_CONFIGS_DIR }} \
             --sec-scanner-config=${{ env.SEC_SCANNERS_CONFIG_PATH }} \
             --autobump-config=${{ env.AUTOBUMP_CONFIG_PATH }}
@@ -0,0 +1,66 @@
+name: reusable-image-autobumper
+on:
+  workflow_call:
+    inputs:
+      docker-image:
+        description: 'Docker image with tag to be used'
+        default: 'europe-docker.pkg.dev/kyma-project/prod/image-autobumper:v20240927-bc42bcd3'
+        type: string
+
+env:
+  AUTOBUMP_CONFIG_PATH: configs/image-autobumper-config/image-autobumper-config.yaml
+
+jobs:
+  autobump:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Configure Workload Identity Federation
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          project_id: ${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}
+          workload_identity_provider: ${{ vars.GH_COM_KYMA_PROJECT_GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER }}
+
+      - name: Access Google Cloud Secret
+        id: access-secret
+        uses: google-github-actions/get-secretmanager-secrets@v2
+        with:
+          secrets: |
+            kyma-autobump-token:${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}/${{ vars.KYMA_AUTOBUMP_BOT_GITHUB_SECRET_NAME }}
+
+      - name: Store Github Token for autobumper
+        run: |
+          echo ${{ steps.secrets.outputs.kyma-autobump-token }} > ~/token
+          chmod 644 ~/token
+
+      - name: Checkout repository
+        with:
+          token: ${{ steps.secrets.outputs.kyma-autobump-token }}
+        uses: actions/checkout@v4
+
+        # Setup git config with commiter data from config
+        # Prevent silent passing github token
+        # see https://stackoverflow.com/a/69979203/23148781
+      - name: Setup git config
+        run: |
+          GIT_USERNAME=$(grep "gitName" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2)
+          GIT_EMAIL=$(grep "gitEmail" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2)
+          git config user.name $GIT_USERNAME
+          git config user.email $GIT_EMAIL
+
+          git config --unset-all http.https://github.com/.extraheader
+
+      - name: Run Docker container
+        run: |
+          docker run \
+            --rm \
+            --cap-drop=ALL \
+            --privileged \
+            -v "${{ github.workspace }}:/workspace" \
+            -v "~/token:/tmp/github_token:ro" \
+            -w /workspace \
+            ${{ inputs.docker-image }} \
+            --autobump-config=${{ env.AUTOBUMP_CONFIG_PATH }}
@@ -1,4 +1,4 @@
-FROM python:3.12.7-alpine3.20
+FROM python:3.13.0-alpine3.20
 
 # Allow statements and log messages to immediately appear in the Knative logs
 ENV PYTHONUNBUFFERED True

@@ -54,7 +54,7 @@ jobs:
       uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main
       with:
          name: test-infra/ginkgo
-         dockerfile: prow/images/ginkgo/Dockerfile
+         dockerfile: cmd/images/ginkgo/Dockerfile
          context: .
          env-file: "envs"
          tags: ${{ needs.compute-tag.outputs.tag }}
@@ -95,6 +95,7 @@ The Image Builder reusable workflow supports the following GitHub events to trig
 * `push` - to build images on push to the specified branch.
 * `pull_request_target` - to build images on pull requests.
 * `workflow_dispatch` - to manually trigger the workflow.
+* `schedule` - to build images on a regular basis.
 
 ## Reusable Workflow Reference
 
@@ -146,7 +147,7 @@ By default, Image Builder signs images with the production signify service.
 Image signing allows verification that the image comes from a trusted repository and has not been altered in the meantime.
 
 > [!NOTE]
-> Image Builder signs images built on the push and workflow_dispatch events only. Images built on the pull_request_target event are not signed.
+> Image Builder only signs images built on the `push`, `schedule`, and `workflow_dispatch` events. Images built on the `pull_request_target` event are not signed.
 
 ## Image Signing with Signify
 

@@ -10,22 +10,3 @@ To add additional applications into the images, open a pull request (PR) with ch
 * Always build from a source to ensure compiler vulnerabilities do not affect the resulting binary.
 * Link the binary to a specific version so that it's easier to update when necessary. 
 * Build binaries in a separate stage, then copy the resulting binary into the final image to ensure images are small and contain the least number of layers.
-
-## Write Image Tests
-
-To write simple smoke tests with your image, add an executable file called `test.sh`.
-The scripts should contain all steps that perform basic or advanced test operations against the image.
-The test script must exit with a non-zero number if any steps have failed.
-
-By default, current context of a test script is always Docker build context. Image name is passed as a variable `IMG`.
-
-### Example
-
-The example below showcases the example definition of the `test.sh` script.
-```shell
-#!/usr/bin/env bash
-set -e
-echo "$IMG"
-docker run --rm $IMG -- some-command
-test $? -eq 0 || exit 1
-```
@@ -1,4 +1,4 @@
-FROM google/cloud-sdk:495.0.0 AS base
+FROM google/cloud-sdk:496.0.0 AS base
 
 ARG AWS_IAM_AUTHENTICATOR_VERSION="0.6.11"
 RUN curl -fsSL \