ci: simplify the CI orchestrator (#177)

* ci: point signer to image version instead of digest * ci: simplify orchestrator in CI * ci: fix orchestrator * ci: skip large directories in Trivy * ci: remove internal trigger
dvsa · Jul 15, 2024 · c5ba4e9 · c5ba4e9
1 parent db26227
commit c5ba4e9
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 55 deletions.
diff --git a/.github/workflows/assets.yaml b/.github/workflows/assets.yaml
@@ -16,7 +16,7 @@ on:
 
 jobs:
   build:
-    name: ${{ inputs.push && 'Deploy' || 'Build' }}
+    name: Build${{ inputs.push && ' and Push' || '' }}
     runs-on: ubuntu-latest
     defaults:
       run:

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -36,18 +36,18 @@ jobs:
       # Docs
       should-build-docs: ${{ steps.changed-website-files.outputs.any_changed == 'true' || null }}
       # App
-      should-build-app: ${{ steps.changed-api-files.outputs.any_changed == 'true' || steps.changed-selfserve-files.outputs.any_changed == 'true' || steps.changed-internal-files.outputs.any_changed == 'true' || null }}
-      should-build-api: ${{ steps.changed-api-files.outputs.any_changed == 'true' || null }}
-      should-build-selfserve: ${{ steps.changed-selfserve-files.outputs.any_changed == 'true' || null }}
-      should-build-internal: ${{ steps.changed-internal-files.outputs.any_changed == 'true' || null }}
+      should-build-app: ${{ steps.changed-app-files.outputs.any_changed == 'true' || steps.changed-docker-files.outputs.any_changed == 'true' || null }}
+      should-build-api: ${{ contains(steps.changed-app-files.outputs.all_changed_files, 'app/api') || null }}
+      should-build-selfserve: ${{ contains(steps.changed-app-files.outputs.all_changed_files, 'app/selfserve') || null }}
+      should-build-internal: ${{ contains(steps.changed-app-files.outputs.all_changed_files, 'app/internal') || null }}
       # Assets
-      should-build-assets: ${{ steps.changed-assets-files.outputs.any_changed == 'true' || null }}
+      should-build-assets: ${{ contains(steps.changed-app-files.outputs.all_changed_files, 'app/cdn') || null }}
       # Docker
-      should-build-docker: ${{ steps.changed-api-docker-files.outputs.any_changed == 'true' || steps.changed-selfserve-docker-files.outputs.any_changed == 'true' || steps.changed-internal-docker-files.outputs.any_changed == 'true' || steps.changed-cli-docker-files.outputs.any_changed == 'true' || null }}
-      should-build-api-docker: ${{ steps.changed-api-docker-files.outputs.any_changed == 'true' || steps.changed-api-files.outputs.any_changed == 'true' || null }}
-      should-build-cli-docker: ${{ steps.changed-cli-docker-files.outputs.any_changed == 'true' || steps.changed-api-files.outputs.any_changed == 'true' || null }}
-      should-build-selfserve-docker: ${{ steps.changed-selfserve-docker-files.outputs.any_changed == 'true' || steps.changed-selfserve-files.outputs.any_changed == 'true' || null }}
-      should-build-internal-docker: ${{ steps.changed-internal-docker-files.outputs.any_changed == 'true' || steps.changed-internal-files.outputs.any_changed == 'true' || null }}
+      should-build-docker: ${{ steps.changed-docker-files.outputs.any_changed == 'true' || null }}
+      should-build-api-docker: ${{ contains(steps.changed-docker-files.outputs.all_changed_files, 'infra/docker/api') || null }}
+      should-build-cli-docker: ${{ contains(steps.changed-docker-files.outputs.all_changed_files, 'infra/docker/cli') || null }}
+      should-build-selfserve-docker: ${{ contains(steps.changed-docker-files.outputs.all_changed_files, 'infra/docker/selfserve') || null }}
+      should-build-internal-docker: ${{ contains(steps.changed-docker-files.outputs.all_changed_files, 'infra/docker/internal') || null }}
       # Terraform accounts
       should-plan-terraform-accounts: ${{ steps.changed-accounts-terraform-files.outputs.any_changed == 'true' || null }}
       should-plan-nonprod-account-terraform: ${{ contains(steps.changed-accounts-terraform-files.outputs.all_changed_files, 'infra/terraform/modules') || contains(steps.changed-accounts-terraform-files.outputs.all_changed_files, 'infra/terraform/accounts/nonprod') || null }}
@@ -63,51 +63,18 @@ jobs:
         with:
           fetch-depth: 0
       - uses: tj-actions/changed-files@v44
-        id: changed-api-files
-        with:
-          files: |
-            app/api/**
-          # since_last_remote_commit: true
-      - uses: tj-actions/changed-files@v44
-        id: changed-selfserve-files
-        with:
-          files: |
-            app/selfserve/**
-          # since_last_remote_commit: true
-      - uses: tj-actions/changed-files@v44
-        id: changed-internal-files
-        with:
-          files: |
-            app/internal/**
-      - uses: tj-actions/changed-files@v44
-        id: changed-assets-files
-        with:
-          files: |
-            app/cdn/**
-          # since_last_remote_commit: true
-      - uses: tj-actions/changed-files@v44
-        id: changed-api-docker-files
-        with:
-          files: |
-            infra/docker/api/**
-          # since_last_remote_commit: true
-      - uses: tj-actions/changed-files@v44
-        id: changed-cli-docker-files
-        with:
-          files: |
-            infra/docker/cli/**
-          # since_last_remote_commit: true
-      - uses: tj-actions/changed-files@v44
-        id: changed-selfserve-docker-files
+        id: changed-app-files
         with:
+          dir_names: true
           files: |
-            infra/docker/selfserve/**
+            app/**
           # since_last_remote_commit: true
       - uses: tj-actions/changed-files@v44
-        id: changed-internal-docker-files
+        id: changed-docker-files
         with:
+          dir_names: true
           files: |
-            infra/docker/internal/**
+            infra/docker/**
           # since_last_remote_commit: true
       - uses: tj-actions/changed-files@v44
         id: changed-accounts-terraform-files

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -120,6 +120,7 @@ jobs:
         uses: aquasecurity/[email protected]
         with:
           image-ref: ${{ steps.build-and-push.outputs.imageid }}
+          skip-dirs: /var/clamav
 
       - name: Setup Notation CLI
         if: ${{ inputs.push }}
@@ -135,4 +136,4 @@ jobs:
           plugin_url: https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip
           plugin_checksum: cccfe8fdcdf853d83fd57ffc80524eddda75ad7ae9d9a257b087007230ec02f9
           key_id: arn:aws:signer:eu-west-1:054614622558:/signing-profiles/vol_app_20240313124948142600000001
-          target_artifact_reference: ${{ env.REGISTRY }}/vol-app/${{ inputs.project }}@${{ steps.build-and-push.outputs.digest }}
+          target_artifact_reference: ${{ env.REGISTRY }}/vol-app/${{ inputs.project }}:${{ inputs.version}}
diff --git a/app/api/.gitignore b/app/api/.gitignore
@@ -1,3 +1,3 @@
 *
 !.gitignore
-# Trigger CD - 15-07-2024 11:55.
+# Trigger CD - 15-07-2024 12:55.
diff --git a/app/cdn/.gitignore b/app/cdn/.gitignore
@@ -1,3 +1,3 @@
 *
 !.gitignore
-# Trigger CD - 15-07-2024 11:55.
+# Trigger CD - 15-07-2024 12:55.
diff --git a/app/internal/.gitignore b/app/internal/.gitignore
@@ -1,3 +1,3 @@
 *
 !.gitignore
-# Trigger CD - 15-07-2024 11:55.
+# Trigger CD - 15-07-2024 12:55.
diff --git a/app/selfserve/.gitignore b/app/selfserve/.gitignore
@@ -1,3 +1,3 @@
 *
 !.gitignore
-# Trigger CD - 15-07-2024 11:55.
+# Trigger CD - 15-07-2024 12:55.