From ccdcda7d8682ac5b7fe73c7eadb72f812c550b8c Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Wed, 27 Mar 2024 10:17:17 +0000 Subject: [PATCH 1/2] add build_tag variables --- .github/scripts/variables.sh | 42 +++++++++++++++++++++++++++++--- .github/workflows/ci.yml | 47 ++++++++++++++++++++++++------------ 2 files changed, 70 insertions(+), 19 deletions(-) diff --git a/.github/scripts/variables.sh b/.github/scripts/variables.sh index ba31016b2d..42b60a8b31 100755 --- a/.github/scripts/variables.sh +++ b/.github/scripts/variables.sh @@ -12,14 +12,50 @@ if [ "$PWD" != "$ROOTDIR" ]; then cd "$ROOTDIR"; fi +get_docker_md5() { + docker_md5=$(find build .github/data/version.txt -type f ! -name "*.md" -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }') + echo "${docker_md5:0:8}" +} + +get_go_code_md5() { + find . -type f \( -name "*.go" -o -name go.mod -o -name go.sum -o -name "*.tmpl" -o -name "version.txt" \) -not -path "./docs*" -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }' +} + +get_tests_md5() { + find tests perf-tests .github/data/version.txt -type f -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }' +} + +get_chart_md5() { + find charts .github/data/version.txt -type f -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }' +} + +get_actions_md5() { + find .github .github/data/version.txt -type f -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }' +} + +get_build_tag() { + echo "$(get_docker_md5) $(get_go_code_md5)" | md5sum | awk '{ print $1 }' +} + +get_stable_tag() { + echo "$(get_build_tag) $(get_tests_md5) $(get_chart_md5) $(get_actions_md5)" | md5sum | awk '{ print $1 }' +} + case $INPUT in docker_md5) - docker_md5=$(find . -type f \( -name "Dockerfile" -o -name version.txt \) -not -path "./tests*" -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }') - echo "docker_md5=${docker_md5:0:8}" + echo "docker_md5=$(get_docker_md5)" ;; go_code_md5) - echo "go_code_md5=$(find . -type f \( -name "*.go" -o -name go.mod -o -name go.sum -o -name "*.tmpl" \) -not -path "./docs*" -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }')" + echo "go_code_md5=$(get_go_code_md5)" + ;; + + build_tag) + echo "build_tag=$(get_build_tag)" + ;; + + stable_tag) + echo "stable_tag=$(get_stable_tag)" ;; *) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bad4df685a..8aa6178458 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,6 +46,8 @@ jobs: ic_version: ${{ steps.vars.outputs.ic_version }} publish_images: ${{ steps.vars.outputs.publish }} docker_md5: ${{ steps.vars.outputs.docker_md5 }} + build_tag: ${{ steps.vars.outputs.build_tag }} + stable_tag: ${{ steps.vars.outputs.stable_tag }} forked_workflow: ${{ (github.event.pull_request.head.repo.full_name != github.repository) && ! (startsWith(github.ref, 'refs/heads/release-') || github.ref_name == 'main') }} steps: - name: Checkout Repository @@ -96,6 +98,8 @@ jobs: echo "publish=$publish" >> $GITHUB_OUTPUT ./.github/scripts/variables.sh go_code_md5 >> $GITHUB_OUTPUT ./.github/scripts/variables.sh docker_md5 >> $GITHUB_OUTPUT + ./.github/scripts/variables.sh build_tag >> $GITHUB_OUTPUT + ./.github/scripts/variables.sh stable_tag >> $GITHUB_OUTPUT cat $GITHUB_OUTPUT - name: Fetch Cached Binary Artifacts @@ -241,10 +245,14 @@ jobs: strategy: matrix: include: - - image: debian + - base-os: debian + image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress + tag: ${{ needs.checks.outputs.build_tag }} type: oss platforms: "linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" - - image: debian-plus + - base-os: debian-plus + image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress + tag: ${{ needs.checks.outputs.build_tag }} type: plus platforms: "linux/arm64, linux/amd64" permissions: @@ -289,7 +297,7 @@ jobs: - name: Check if base images exist id: base_exists run: | - if docker manifest inspect gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/${{ matrix.type }}:${{ needs.checks.outputs.docker_md5 }}-${{ matrix.image }}; then + if docker manifest inspect gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/${{ matrix.type }}:${{ needs.checks.outputs.docker_md5 }}-${{ matrix.base-os }}; then echo "exists=0" >> $GITHUB_OUTPUT else echo "exists=1" >> $GITHUB_OUTPUT @@ -301,34 +309,34 @@ jobs: with: file: build/Dockerfile context: "." - cache-from: type=gha,scope=${{ matrix.image }} - cache-to: type=gha,scope=${{ matrix.image }},mode=max + cache-from: type=gha,scope=${{ matrix.base-os }} + cache-to: type=gha,scope=${{ matrix.base-os }},mode=max target: common - tags: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/${{ matrix.type }}:${{ needs.checks.outputs.docker_md5 }}-${{ matrix.image }} + tags: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/${{ matrix.type }}:${{ needs.checks.outputs.docker_md5 }}-${{ matrix.base-os }} platforms: ${{ matrix.platforms }} pull: true push: true build-args: | - BUILD_OS=${{ matrix.image }} + BUILD_OS=${{ matrix.base-os }} IC_VERSION=${{ needs.checks.outputs.ic_version }} secrets: | ${{ matrix.type == 'plus' && format('"nginx-repo.crt={0}"', secrets.NGINX_CRT) || '' }} ${{ matrix.type == 'plus' && format('"nginx-repo.key={0}"', secrets.NGINX_KEY) || '' }} if: ${{ needs.checks.outputs.forked_workflow == 'false' && steps.base_exists.outputs.exists != 0 }} - - name: Build Docker Image ${{ matrix.image }} + - name: Build Docker Image ${{ matrix.base-os }} uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: file: build/Dockerfile context: "." - cache-from: type=gha,scope=${{ matrix.image }} + cache-from: type=gha,scope=${{ matrix.base-os }} target: goreleaser${{ needs.checks.outputs.forked_workflow == 'false' && '-prebuilt' || '' }} - tags: ${{ matrix.type }}:${{ github.sha }} + tags: "${{ matrix.image }}:${{ matrix.tag }}" pull: true load: true build-args: | - BUILD_OS=${{ matrix.image }} - PREBUILT_BASE_IMG=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/${{ matrix.type }}:${{ needs.checks.outputs.docker_md5 }}-${{ matrix.image }} + BUILD_OS=${{ matrix.base-os }} + PREBUILT_BASE_IMG=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/${{ matrix.type }}:${{ needs.checks.outputs.docker_md5 }}-${{ matrix.base-os }} IC_VERSION=CI secrets: | ${{ matrix.type == 'plus' && format('"nginx-repo.crt={0}"', secrets.NGINX_CRT) || '' }} @@ -338,7 +346,7 @@ jobs: id: k8s run: | kind create cluster --name ${{ github.run_id }} --image=kindest/node:v${{ needs.checks.outputs.k8s_latest }} --wait 75s - kind load docker-image ${{ matrix.type }}:${{ github.sha }} --name ${{ github.run_id }} + kind load docker-image ${{ matrix.image }}:${{ matrix.tag }} --name ${{ github.run_id }} - name: Install Chart run: > @@ -453,6 +461,13 @@ jobs: - name: Checkout Repository uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - name: Set image variables + id: image_details + run: | + echo "name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic${{ contains(matrix.images.nap_modules, 'dos') && '-dos' || '' }}${{ contains(matrix.images.nap_modules, 'waf') && '-nap' || '' }}/nginx${{ contains(matrix.images.image, 'plus') && '-plus' || '' }}-ingress" >> $GITHUB_OUTPUT + echo "build_tag=${{ needs.checks.outputs.build_tag }}${{ contains(matrix.images.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.images.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.images.target, 'aws') && '-mktpl' || '' }}${{ contains(matrix.images.image, 'fips') && '-fips' || ''}}" >> $GITHUB_OUTPUT + echo "stable_tag=${{ needs.checks.outputs.stable_tag }}${{ contains(matrix.images.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.images.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.images.target, 'aws') && '-mktpl' || '' }}${{ contains(matrix.images.image, 'fips') && '-fips' || ''}}" >> $GITHUB_OUTPUT + - name: NAP modules id: nap_modules run: | @@ -553,7 +568,7 @@ jobs: cache-from: type=gha,scope=${{ matrix.images.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }} cache-to: type=gha,scope=${{ matrix.images.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }},mode=max target: goreleaser${{ needs.checks.outputs.forked_workflow == 'false' && '-prebuilt' || '' }} - tags: "docker.io/nginx/nginx${{ contains(matrix.images.image, 'plus') && '-plus' || '' }}-ingress:${{ matrix.images.image }}${{ contains(matrix.images.marker, 'dos') && '-dos' || '' }}${{ contains(matrix.images.marker, 'appprotect') && '-nap' || '' }}-${{ github.sha }}" + tags: "${{ steps.image_details.outputs.name }}:${{ steps.image_details.outputs.build_tag }}" load: true pull: true build-args: | @@ -572,8 +587,8 @@ jobs: uses: ./.github/actions/smoke-tests with: image-type: ${{ matrix.images.image }} - image-name: docker.io/nginx/nginx${{ contains(matrix.images.image, 'plus') && '-plus' || '' }}-ingress - tag: ${{ matrix.images.image }}${{ contains(matrix.images.marker, 'dos') && '-dos' || '' }}${{ contains(matrix.images.marker, 'appprotect') && '-nap' || '' }}-${{ github.sha }} + image-name: ${{ steps.image_details.outputs.name }} + tag: ${{ steps.image_details.outputs.build_tag }} marker: ${{ matrix.images.marker != '' && matrix.images.marker || '' }} k8s-version: ${{ matrix.k8s }} azure-ad-secret: ${{ secrets.AZURE_AD_AUTOMATION }} From e1c55212d82bee28b923621a50646873a1543998 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Wed, 27 Mar 2024 10:34:45 +0000 Subject: [PATCH 2/2] adjust name of helm test --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8aa6178458..97fb8ea42e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -239,7 +239,7 @@ jobs: if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} helm-tests: - name: Helm Tests + name: Helm Tests ${{ matrix.base-os }} runs-on: ubuntu-22.04 needs: [checks, binaries] strategy: @@ -353,8 +353,8 @@ jobs: helm install ${{ matrix.type }} . - --set controller.image.repository=${{ matrix.type }} - --set controller.image.tag=${{ github.sha }} + --set controller.image.repository=${{ matrix.image }} + --set controller.image.tag=${{ matrix.tag }} --set controller.service.type=NodePort --set controller.nginxplus=${{ contains(matrix.type, 'plus') && 'true' || 'false' }} --wait