Update intents-operator dependency to fix security advisory #647
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
concurrency: | |
group: "${{ github.repository }}${{ github.ref }}" | |
cancel-in-progress: true | |
on: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
push: | |
branches: | |
- main | |
- develop | |
env: | |
REGISTRY: us-central1-docker.pkg.dev/main-383408/otterize | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
service: | |
- mapper | |
- sniffer | |
- kafka-watcher | |
- istio-watcher | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
submodules: recursive | |
token: ${{ secrets.OTTERIZEBOT_GITHUB_TOKEN }} # required for checking out submodules | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@master | |
with: | |
driver-opts: network=host | |
- name: Login to GCR | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: _json_key_base64 | |
password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }} | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: otterize | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Test & Build production image | |
uses: docker/build-push-action@v2 | |
with: | |
context: src/ | |
file: build/${{ matrix.service }}.Dockerfile | |
tags: ${{ env.REGISTRY }}/${{ matrix.service }}:${{ github.sha }} | |
push: true | |
network: host | |
platforms: linux/amd64,linux/arm64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
build-args: | | |
"VERSION=${{ github.run_id }}" | |
e2e-test: | |
uses: ./.github/workflows/e2e-test.yaml | |
name: Trigger e2e tests | |
# Must pass the secrets as the called workflow does not have access to the same context | |
secrets: | |
OTTERIZEBOT_GITHUB_TOKEN: ${{ secrets.OTTERIZEBOT_GITHUB_TOKEN }} | |
B64_GCLOUD_SERVICE_ACCOUNT_JSON: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }} | |
with: | |
mapper-tag: ${{ github.sha }} | |
sniffer-tag: ${{ github.sha }} | |
needs: | |
- build | |
tag-latest: | |
name: Tag latest | |
if: github.ref == 'refs/heads/main' | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: GCP auth | |
uses: 'google-github-actions/auth@v1' | |
with: | |
credentials_json: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }} | |
- name: Set up Cloud SDK | |
uses: 'google-github-actions/setup-gcloud@v1' | |
# Push the Docker image to AWS ECR | |
- name: Tag Images as latest | |
run: |- | |
retag_image_as_latest() { if [[ $(gcloud container images add-tag "${{ env.REGISTRY }}/$1:${{ github.sha }}" "${{ env.REGISTRY }}/$1:latest" --quiet) ]]; then echo "Failed tagging $1 as latest"; exit 1; fi } # using --quiet to avoid prompt | |
retag_image_as_latest mapper | |
retag_image_as_latest sniffer | |
retag_image_as_latest kafka-watcher | |
retag_image_as_latest istio-watcher |