Skip to content

Commit

Permalink
Merge branch 'main' into fix-ort-violations
Browse files Browse the repository at this point in the history
  • Loading branch information
MP91 authored May 13, 2024
2 parents a557053 + b6d9595 commit 36c50cf
Show file tree
Hide file tree
Showing 12 changed files with 152 additions and 103 deletions.
2 changes: 1 addition & 1 deletion .github/scripts/deploy_image_from_artifact.sh
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ APP_REGISTRY="localhost:12345"
local_tag="$APP_REGISTRY/$APP_NAME_LOWERCASE:local"
echo "Local URL: $local_tag"

docker load -i "$APP_ARTIFACT_NAME.tar" | sed -n 's/^Loaded image: \([0-9a-f]*\).*/\1/p' | xargs -i docker tag {} $local_tag
docker load -i "$APP_ARTIFACT_NAME.tar" | cut -d ':' -f 3 | xargs -i docker tag {} $local_tag
docker push $local_tag

cd $ROOT_DIRECTORY
Expand Down
118 changes: 88 additions & 30 deletions .github/workflows/build-docker-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ jobs:
name: "Building image (${{ inputs.app_name }})"
runs-on: ubuntu-22.04
container: ghcr.io/eclipse-velocitas/devcontainer-base-images/python:v0.3
outputs:
archs: ${{ steps.set_args.outputs.archs_matrix }}
env:
APP_NAME: ${{ inputs.app_name }}

Expand Down Expand Up @@ -74,15 +76,19 @@ jobs:
- name: Set Arguments for next step
id: set_args
run: |
archs=""
if [ ${{ inputs.platform }} = "multiarch" ]; then
echo "Build Multiarch"
echo "platforms=linux/amd64, linux/arm64" >> $GITHUB_OUTPUT
echo "type=oci,dest=./${{ env.APP_NAME }}.tar" >> $GITHUB_OUTPUT
archs=$(echo "linux/amd64, linux/arm64" | tr -d "linux\/,")
else
echo "Build ${{inputs.platform}}"
echo "platforms=linux/${{ inputs.platform }}" >> $GITHUB_OUTPUT
echo "type=docker,dest=./${{ env.APP_NAME }}.tar" >> $GITHUB_OUTPUT
archs=${{ inputs.platform }}
fi
echo "archs=$archs" >> $GITHUB_OUTPUT
json_array=$(echo "$archs" | jq -R 'sub("^ "; "") | split(" ")' )
echo "archs_matrix=$(jq -cn --argjson archs "$json_array" '{arch: $archs}')" >> $GITHUB_OUTPUT
shell: bash

- name: "${{ env.APP_NAME }} -- Build image"
Expand All @@ -93,7 +99,7 @@ jobs:
pull: true
push: false
outputs: |
type=${{ steps.set_args.outputs.type }}
type=oci,dest=./${{ env.APP_NAME }}-oci-${{inputs.platform}}.tar
file: ./app/Dockerfile
context: .
platforms: ${{ steps.set_args.outputs.platforms }}
Expand All @@ -108,16 +114,88 @@ jobs:
sudo apt-get update
sudo apt-get -y install skopeo
- name: "${{ env.APP_NAME }} -- Inspect tar image with skopeo"
- name: "${{ env.APP_NAME }} -- Inspect image with skopeo and create docker archives"
id: inspect_tar
run: |
skopeo inspect --raw oci-archive:${{ env.APP_NAME }}.tar | jq
skopeo inspect oci-archive:${{ env.APP_NAME }}.tar
skopeo copy oci-archive:${{ env.APP_NAME }}.tar docker-archive:${{ env.APP_NAME }}-arch.tar
skopeo inspect --raw oci-archive:${{ env.APP_NAME }}-oci-${{inputs.platform}}.tar | jq
skopeo inspect oci-archive:${{ env.APP_NAME }}-oci-${{inputs.platform}}.tar
for arch in ${{ steps.set_args.outputs.archs }}; do
skopeo copy --override-arch $arch oci-archive:${{ env.APP_NAME }}-oci-${{inputs.platform}}.tar docker-archive:${{ env.APP_NAME }}-docker-$arch.tar
done
- name: "${{ env.APP_NAME }} -- Get Native Binaries from image"
run: |
for arch in ${{ steps.set_args.outputs.archs }}; do
image=$(docker load -i ${{ env.APP_NAME }}-docker-$arch.tar | cut -d ':' -f 3)
id=$(docker create $image --platform linux/$arch)
mkdir -p ./out
app_name=$(echo ${{ env.APP_NAME }}_$arch | tr '[:upper:]' '[:lower:]')
docker cp $id:/app ./out/$app_name
done
- name: "${{ env.APP_NAME }} -- Upload native binaries to artifacts"
uses: actions/upload-artifact@v4
with:
name: binaries
path: |
out/*
- name: "${{ env.APP_NAME }} -- Upload oci compliant image to artifacts"
if: ${{ steps.image_build.outcome == 'success' }}
uses: actions/upload-artifact@v4
with:
name: ${{ env.APP_NAME }}-${{ inputs.platform }}-oci-archive
path: ./${{ env.APP_NAME }}-oci*.tar
if-no-files-found: error

- name: "${{ env.APP_NAME }} -- Upload docker image to artifacts"
if: ${{ steps.image_build.outcome == 'success' }}
uses: actions/upload-artifact@v4
with:
name: ${{ env.APP_NAME }}-${{ inputs.platform }}-docker-archive
path: ./${{ env.APP_NAME }}-docker*.tar
if-no-files-found: error

- name: "${{ env.APP_NAME }} -- Upload AppManifest.json to artifacts"
if: ${{ steps.image_build.outcome == 'success' }}
uses: actions/upload-artifact@v4
with:
name: AppManifest
path: ./app/AppManifest.json
if-no-files-found: error

scan-image:
name: "Scan image (${{ inputs.app_name }}-${{ matrix.arch }})"
runs-on: ubuntu-22.04
needs: build-image
strategy:
matrix: ${{fromJSON(needs.build-image.outputs.archs)}}
env:
APP_NAME: ${{ inputs.app_name }}

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: "recursive"

- name: Clone Release Documentation Action repository
uses: actions/checkout@v4
with:
repository: eclipse-velocitas/release-documentation-action
path: "./.github/actions"

- name: Download Artifacts
uses: actions/download-artifact@v4
with:
path: .
pattern: ${{ env.APP_NAME }}*-docker-archive
merge-multiple: true

- name: "${{ env.APP_NAME }} -- Scan docker image for vulnerabilities"
uses: aquasecurity/trivy-action@0.11.2
uses: aquasecurity/trivy-action@0.19.0
with:
input: ${{ env.APP_NAME }}-arch.tar
input: ${{ env.APP_NAME }}-docker-${{ matrix.arch }}.tar
exit-code: "0"
ignore-unfixed: true
severity: "CRITICAL,HIGH"
Expand All @@ -139,37 +217,17 @@ jobs:
packagePath: results/Documentation/renderer

- name: "${{ env.APP_NAME }} -- Upload trivy report as artifacts"
if: ${{ always() && steps.image_build.outcome == 'success' }}
uses: actions/upload-artifact@v4
with:
name: test-results-trivy
name: test-results-trivy-${{ matrix.arch }}
path: |
results/Documentation/renderer/*
- name: "${{ env.APP_NAME }} -- Publish Trivy Scan Results"
uses: mikepenz/action-junit-report@v4
if: ${{ always() && steps.image_build.outcome == 'success' }}
with:
check_name: Trivy Scan Results (${{ env.APP_NAME }})
report_paths: ./junit.xml
summary: true
update_check: true
annotate_only: true

- name: "${{ env.APP_NAME }} -- Upload image to artifacts"
if: ${{ steps.image_build.outcome == 'success' }}
uses: actions/upload-artifact@v4
env:
VAPP_IMAGE: ${{ env.APP_NAME }}-${{ inputs.platform }}
with:
name: ${{ env.VAPP_IMAGE }}
path: ./${{ env.APP_NAME }}.tar
if-no-files-found: error

- name: "${{ env.APP_NAME }} -- Upload AppManifest.json to artifacts"
if: ${{ steps.image_build.outcome == 'success' }}
uses: actions/upload-artifact@v4
with:
name: AppManifest
path: ./app/AppManifest.json
if-no-files-found: error
12 changes: 12 additions & 0 deletions .github/workflows/build-multiarch-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,15 @@ jobs:
with:
platform: multiarch
app_name: ${{ needs.get-app-name.outputs.app_name }}

merge-test-results:
runs-on: ubuntu-22.04
name: Merge Trivy results
needs: build-image-multiarch
steps:
- name: Merge Artifacts
uses: actions/upload-artifact/merge@v4
with:
delete-merged: true
name: test-results-trivy
pattern: test-results-*
11 changes: 6 additions & 5 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -190,15 +190,15 @@ jobs:

- name: Download stored image from artifacts
uses: actions/download-artifact@v4
env:
VAPP_IMAGE: ${{ env.APP_NAME }}-amd64
with:
name: ${{ env.VAPP_IMAGE }}
name: ${{ env.APP_NAME }}-amd64-docker-archive
path: ./.github/scripts/

- name: Deploy image
working-directory: ./.github/scripts
run: ./deploy_image_from_artifact.sh
run: |
mv ${{ env.APP_NAME }}-docker-amd64.tar ${{ env.APP_NAME }}.tar
./deploy_image_from_artifact.sh
- name: Run Python integration tests
shell: bash
Expand Down Expand Up @@ -242,11 +242,12 @@ jobs:
results/Documentation/renderer/*
merge-test-results:
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: run-integration-tests
steps:
- name: Merge Artifacts
uses: actions/upload-artifact/merge@v4
with:
delete-merged: true
name: test-results
pattern: test-results-*
5 changes: 3 additions & 2 deletions .github/workflows/gen-desired-state.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
#
# SPDX-License-Identifier: Apache-2.0

name: Build Docker Image for single arch
name: Generate desired state

on:
workflow_call:
Expand All @@ -26,6 +26,7 @@ jobs:
gen-desired-state:
name: "Generate desired state for ${{ inputs.app_name }}"
runs-on: ubuntu-22.04
container: ghcr.io/eclipse-velocitas/devcontainer-base-images/python:v0.3

steps:
- name: Checkout repository
Expand Down Expand Up @@ -59,7 +60,7 @@ jobs:
velocitas exec pantaris-integration generate-desired-state -s $(echo $REGISTRY/${{ inputs.app_name }}:$VAPP_VERSION | tr '[:upper:]' '[:lower:]')
- name: Upload desired state manifest
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
Expand Down
14 changes: 8 additions & 6 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,9 @@ jobs:
string: ${{ github.repository }}

- name: Wait for Multi-Arch build to succeed
uses: fountainhead/action-wait-for-check@v1.1.0
uses: fountainhead/action-wait-for-check@v1.2.0
with:
checkName: build-image-multiarch / Building image (${{ env.APP_NAME }})
checkName: Merge Trivy results
token: ${{ secrets.GITHUB_TOKEN }}
timeoutSeconds: 1800
intervalSeconds: 20
Expand All @@ -92,7 +92,7 @@ jobs:
- name: "${{ env.APP_NAME }} -- Publish release image to GHCR"
working-directory: ${{github.workspace}}
env:
VAPP_IMAGE: ${{ env.APP_NAME }}-multiarch/${{ env.APP_NAME }}.tar
VAPP_IMAGE: ${{ env.APP_NAME }}-multiarch-oci-archive/${{ env.APP_NAME }}-oci-multiarch.tar
VAPP_NAME: ${{ env.APP_NAME }}
VAPP_VERSION: ${{ steps.get_version.outputs.version-without-v }}
REGISTRY: "ghcr.io/${{steps.github-repository-name-case-adjusted.outputs.lowercase}}"
Expand All @@ -102,11 +102,13 @@ jobs:
skopeo copy --all oci-archive:$VAPP_IMAGE "$tag"
- name: ${{ env.APP_NAME }} -- Upload assets
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
${{github.workspace}}/AppManifest/AppManifest.json
${{github.workspace}}/binaries/*
${{github.workspace}}/${{ env.APP_NAME }}-multiarch-docker-archive/*
release-documentation:
name: Generate release documentation
Expand Down Expand Up @@ -138,7 +140,7 @@ jobs:
if_false: ${{ github.sha }}

- name: Wait for CI workflow to succeed
uses: fountainhead/action-wait-for-check@v1.1.0
uses: fountainhead/action-wait-for-check@v1.2.0
with:
checkName: Run Integration Tests (${{ env.APP_NAME }})
token: ${{ secrets.GITHUB_TOKEN }}
Expand Down Expand Up @@ -232,7 +234,7 @@ jobs:
zip -r .vehicleApp/Documentation/release-documentation.zip ${{github.workspace}}/hugo/public
- name: Upload assets
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
Expand Down
8 changes: 8 additions & 0 deletions .velocitas-lock.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"packages": {
"devenv-runtimes": "v3.1.1",
"devenv-github-workflows": "v6.0.1",
"devenv-github-templates": "v1.0.5",
"devenv-devcontainer-setup": "v2.2.0"
}
}
66 changes: 17 additions & 49 deletions .velocitas.json
Original file line number Diff line number Diff line change
@@ -1,53 +1,21 @@
{
"packages": [
{
"repo": "devenv-runtimes",
"version": "v3.0.0"
},
{
"repo": "devenv-github-workflows",
"version": "v5.0.0"
},
{
"repo": "devenv-github-templates",
"version": "v1.0.4"
},
{
"repo": "devenv-devcontainer-setup",
"version": "v2.0.0"
}
],
"packages": {
"devenv-runtimes": "v3.1.1",
"devenv-github-workflows": "v6.0.1",
"devenv-github-templates": "v1.0.5",
"devenv-devcontainer-setup": "v2.2.0"
},
"components": [
{
"id": "runtime-local"
},
{
"id": "runtime-kanto"
},
{
"id": "deployment-kanto"
},
{
"id": "pantaris-integration"
},
{
"id": "github-workflows"
},
{
"id": "github-templates"
},
{
"id": "devcontainer-setup"
},
{
"id": "vehicle-signal-interface"
},
{
"id": "sdk-installer"
},
{
"id": "grpc-interface-support"
}
"runtime-local",
"runtime-kanto",
"deployment-kanto",
"pantaris-integration",
"github-workflows",
"github-templates",
"devcontainer-setup",
"vehicle-signal-interface",
"sdk-installer",
"grpc-interface-support"
],
"variables": {
"language": "python",
Expand All @@ -56,5 +24,5 @@
"githubRepoId": "eclipse-velocitas/vehicle-app-python-template",
"generatedModelPath": "./gen/vehicle_model"
},
"cliVersion": "v0.7.0"
"cliVersion": "v0.9.0"
}
Loading

0 comments on commit 36c50cf

Please sign in to comment.