From 66544baa7ffc0660c2aa09bda50361869d011f91 Mon Sep 17 00:00:00 2001 From: mmetc <92726601+mmetc@users.noreply.github.com> Date: Tue, 30 Jan 2024 10:20:25 +0100 Subject: [PATCH] CI: workflow improvements (#2792) - update deprecated action dependencies - remove go version matrix (track stable version) - optimize docker builds - comments, renamed workflow --- .github/workflows/bats-hub.yml | 4 +- .github/workflows/bats-mysql.yml | 12 +-- .github/workflows/bats-postgres.yml | 12 +-- .github/workflows/bats-sqlite-coverage.yml | 12 +-- .github/workflows/cache-cleanup.yaml | 2 +- .github/workflows/ci-windows-build-msi.yml | 12 +-- .github/workflows/codeql-analysis.yml | 4 +- .github/workflows/docker-tests.yml | 10 +-- .github/workflows/go-tests-windows.yml | 12 +-- .github/workflows/go-tests.yml | 4 +- .github/workflows/publish-docker-release.yml | 7 +- .github/workflows/publish-docker.yml | 85 ++++++++++++------- .github/workflows/publish-tarball-release.yml | 14 ++- .github/workflows/update_docker_hub_doc.yml | 2 +- 14 files changed, 97 insertions(+), 95 deletions(-) diff --git a/.github/workflows/bats-hub.yml b/.github/workflows/bats-hub.yml index a5e797a3e..aa29f1e1f 100644 --- a/.github/workflows/bats-hub.yml +++ b/.github/workflows/bats-hub.yml @@ -28,13 +28,13 @@ jobs: echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id - name: "Check out CrowdSec repository" - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: true - name: "Set up Go" - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "1.21.6" diff --git a/.github/workflows/bats-mysql.yml b/.github/workflows/bats-mysql.yml index aafa14cf2..7daab04a8 100644 --- a/.github/workflows/bats-mysql.yml +++ b/.github/workflows/bats-mysql.yml @@ -12,10 +12,6 @@ env: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: "Build + tests" runs-on: ubuntu-latest timeout-minutes: 30 @@ -35,15 +31,15 @@ jobs: echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id - name: "Check out CrowdSec repository" - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: true - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: "Install bats dependencies" env: diff --git a/.github/workflows/bats-postgres.yml b/.github/workflows/bats-postgres.yml index a8e4ef280..14fe2939c 100644 --- a/.github/workflows/bats-postgres.yml +++ b/.github/workflows/bats-postgres.yml @@ -8,10 +8,6 @@ env: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: "Build + tests" runs-on: ubuntu-latest timeout-minutes: 30 @@ -44,15 +40,15 @@ jobs: echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id - name: "Check out CrowdSec repository" - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: true - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: "Install bats dependencies" env: diff --git a/.github/workflows/bats-sqlite-coverage.yml b/.github/workflows/bats-sqlite-coverage.yml index 7d7c51f2d..309e4d6b3 100644 --- a/.github/workflows/bats-sqlite-coverage.yml +++ b/.github/workflows/bats-sqlite-coverage.yml @@ -9,10 +9,6 @@ env: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: "Build + tests" runs-on: ubuntu-latest timeout-minutes: 20 @@ -25,15 +21,15 @@ jobs: echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id - name: "Check out CrowdSec repository" - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: true - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: "Install bats dependencies" env: diff --git a/.github/workflows/cache-cleanup.yaml b/.github/workflows/cache-cleanup.yaml index d19365024..4f320cf24 100644 --- a/.github/workflows/cache-cleanup.yaml +++ b/.github/workflows/cache-cleanup.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Cleanup run: | diff --git a/.github/workflows/ci-windows-build-msi.yml b/.github/workflows/ci-windows-build-msi.yml index bfb2cdaca..26c981143 100644 --- a/.github/workflows/ci-windows-build-msi.yml +++ b/.github/workflows/ci-windows-build-msi.yml @@ -21,25 +21,21 @@ on: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: Build runs-on: windows-2019 steps: - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: false - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: Build run: make windows_installer BUILD_RE2_WASM=1 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f23355b49..0904769dd 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # required to pick up tags for BUILD_VERSION fetch-depth: 0 @@ -72,7 +72,7 @@ jobs: # uses a compiled language - name: "Set up Go" - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "1.21.6" cache-dependency-path: "**/go.sum" diff --git a/.github/workflows/docker-tests.yml b/.github/workflows/docker-tests.yml index 913c47662..fdf2b1a52 100644 --- a/.github/workflows/docker-tests.yml +++ b/.github/workflows/docker-tests.yml @@ -21,17 +21,17 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 with: config: .github/buildkit.toml - name: "Build flavor: slim" - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile @@ -43,7 +43,7 @@ jobs: cache-to: type=gha,mode=min - name: "Build flavor: full" - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile @@ -55,7 +55,7 @@ jobs: cache-to: type=gha,mode=min - name: "Build flavor: full (debian)" - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile.debian diff --git a/.github/workflows/go-tests-windows.yml b/.github/workflows/go-tests-windows.yml index 3f36327f3..63781a7b2 100644 --- a/.github/workflows/go-tests-windows.yml +++ b/.github/workflows/go-tests-windows.yml @@ -20,25 +20,21 @@ env: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: "Build + tests" runs-on: windows-2022 steps: - name: Check out CrowdSec repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: false - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: Build run: | diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml index f6d2f9c98..e8840c07f 100644 --- a/.github/workflows/go-tests.yml +++ b/.github/workflows/go-tests.yml @@ -118,13 +118,13 @@ jobs: steps: - name: Check out CrowdSec repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: false - name: "Set up Go" - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "1.21.6" diff --git a/.github/workflows/publish-docker-release.yml b/.github/workflows/publish-docker-release.yml index 185dcf181..648b08ce9 100644 --- a/.github/workflows/publish-docker-release.yml +++ b/.github/workflows/publish-docker-release.yml @@ -4,10 +4,10 @@ on: workflow_dispatch: inputs: image_version: - description: Docker Image Version (base tag) + description: Docker Image version (base tag, i.e. v1.6.0-2) required: true crowdsec_version: - description: Crowdsec Version (BUILD_VERSION) + description: Crowdsec version (BUILD_VERSION) required: true latest: description: Overwrite latest (and slim) tags? @@ -23,7 +23,6 @@ jobs: strategy: matrix: platform: ["linux/amd64", "linux/386", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] - slim: [false, true] uses: ./.github/workflows/publish-docker.yml secrets: @@ -35,7 +34,7 @@ jobs: crowdsec_version: ${{ github.event.inputs.crowdsec_version }} latest: ${{ github.event.inputs.latest == 'true' }} push: ${{ github.event.inputs.push == 'true' }} - slim: ${{ matrix.slim }} + slim: true debian: false debian: diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index e475ef5cd..99218f588 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -37,62 +37,89 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Prepare - id: prep - run: | - DOCKERHUB_IMAGE=${{ secrets.DOCKER_USERNAME }}/crowdsec - GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec - VERSION=${{ inputs.image_version }} - SLIM=${{ inputs.slim && '-slim' || '' }} - DEBIAN=${{ inputs.debian && '-debian' || '' }} - TAGS="${DOCKERHUB_IMAGE}:${VERSION}${SLIM}${DEBIAN},${GHCR_IMAGE}:${VERSION}${SLIM}${DEBIAN}" - if [[ ${{ inputs.latest }} == true ]]; then - if [[ ${{ inputs.slim }} == true ]]; then - TAGS=$TAGS,${DOCKERHUB_IMAGE}:slim${DEBIAN},${GHCR_IMAGE}:slim${DEBIAN} - else - TAGS=$TAGS,${DOCKERHUB_IMAGE}:latest${DEBIAN},${GHCR_IMAGE}:latest${DEBIAN} - fi - fi - echo "tags=${TAGS}" >> $GITHUB_OUTPUT - echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 with: config: .github/buildkit.toml - name: Login to DockerHub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push image - uses: docker/build-push-action@v4 + - name: Prepare (slim) + if: ${{ inputs.slim }} + id: slim + run: | + DOCKERHUB_IMAGE=${{ secrets.DOCKER_USERNAME }}/crowdsec + GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec + VERSION=${{ inputs.image_version }} + DEBIAN=${{ inputs.debian && '-debian' || '' }} + TAGS="${DOCKERHUB_IMAGE}:${VERSION}-slim${DEBIAN},${GHCR_IMAGE}:${VERSION}-slim${DEBIAN}" + if [[ ${{ inputs.latest }} == true ]]; then + TAGS=$TAGS,${DOCKERHUB_IMAGE}:slim${DEBIAN},${GHCR_IMAGE}:slim${DEBIAN} + fi + echo "tags=${TAGS}" >> $GITHUB_OUTPUT + echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT + + - name: Prepare (full) + id: full + run: | + DOCKERHUB_IMAGE=${{ secrets.DOCKER_USERNAME }}/crowdsec + GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec + VERSION=${{ inputs.image_version }} + DEBIAN=${{ inputs.debian && '-debian' || '' }} + TAGS="${DOCKERHUB_IMAGE}:${VERSION}${DEBIAN},${GHCR_IMAGE}:${VERSION}${DEBIAN}" + if [[ ${{ inputs.latest }} == true ]]; then + TAGS=$TAGS,${DOCKERHUB_IMAGE}:latest${DEBIAN},${GHCR_IMAGE}:latest${DEBIAN} + fi + echo "tags=${TAGS}" >> $GITHUB_OUTPUT + echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT + + - name: Build and push image (slim) + if: ${{ inputs.slim }} + uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile${{ inputs.debian && '.debian' || '' }} push: ${{ inputs.push }} - tags: ${{ steps.prep.outputs.tags }} - target: ${{ inputs.slim && 'slim' || 'full' }} + tags: ${{ steps.slim.outputs.tags }} + target: slim platforms: ${{ inputs.platform }} labels: | org.opencontainers.image.source=${{ github.event.repository.html_url }} - org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.created=${{ steps.slim.outputs.created }} + org.opencontainers.image.revision=${{ github.sha }} + build-args: | + BUILD_VERSION=${{ inputs.crowdsec_version }} + + - name: Build and push image (full) + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile${{ inputs.debian && '.debian' || '' }} + push: ${{ inputs.push }} + tags: ${{ steps.full.outputs.tags }} + target: full + platforms: ${{ inputs.platform }} + labels: | + org.opencontainers.image.source=${{ github.event.repository.html_url }} + org.opencontainers.image.created=${{ steps.full.outputs.created }} org.opencontainers.image.revision=${{ github.sha }} build-args: | BUILD_VERSION=${{ inputs.crowdsec_version }} diff --git a/.github/workflows/publish-tarball-release.yml b/.github/workflows/publish-tarball-release.yml index 855915824..202882791 100644 --- a/.github/workflows/publish-tarball-release.yml +++ b/.github/workflows/publish-tarball-release.yml @@ -1,5 +1,5 @@ # .github/workflows/build-docker-image.yml -name: build +name: Release on: release: @@ -12,24 +12,20 @@ permissions: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: Build and upload binary package runs-on: ubuntu-latest steps: - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: false - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: Build the binaries run: | diff --git a/.github/workflows/update_docker_hub_doc.yml b/.github/workflows/update_docker_hub_doc.yml index 0a5047ddc..1803802b6 100644 --- a/.github/workflows/update_docker_hub_doc.yml +++ b/.github/workflows/update_docker_hub_doc.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 if: ${{ github.repository_owner == 'crowdsecurity' }} - name: Update docker hub README