Cherry pick image builder (#1019)

* add workflow for release build with image-builder (#1012) * add workflow for release build with image-builder * move image building to create release workflow * remove separate release image build workflow * Apply suggestions from code review Co-authored-by: Tim Riffer <[email protected]> --------- Co-authored-by: Tim Riffer <[email protected]> * Move image build from steps to jobs (#1018) * Add image builder to verify commit pins allowList * adjust dockerfile to new image-builder (#1011) * Separate pull-integration-gardener between regular and release PRs (#1021) --------- Co-authored-by: Tim Riffer <[email protected]>
kyma-project · Sep 23, 2024 · 16354e5 · 16354e5
1 parent 1b7efae
commit 16354e5
Show file tree

Hide file tree

Showing 5 changed files with 172 additions and 32 deletions.
diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml
@@ -1,5 +1,9 @@
 name: "Create release"
 
+permissions:
+  id-token: write # This is required for requesting the JWT token
+  contents: read # This is required for actions/checkouts
+
 on:
   workflow_dispatch:
     inputs:
@@ -16,7 +20,6 @@ jobs:
   check-prerequisites:
     name: Check release prerequisites
     runs-on: ubuntu-latest
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -40,11 +43,31 @@ jobs:
             exit 1
           fi
 
+  build-image:
+    uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
+    with:
+      name: istio-manager
+      dockerfile: Dockerfile
+      context: .
+      build-args: |
+        VERSION=${{ github.event.inputs.name }}
+      tags: "${{ github.event.inputs.name }}"
+
+  build-image-experimental:
+    uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
+    with:
+      name: istio-manager
+      dockerfile: Dockerfile
+      context: .
+      build-args: |
+        VERSION=${{ github.event.inputs.name }}-experimental
+        GO_BUILD_TAGS=experimental
+      tags: "${{ github.event.inputs.name }}-experimental"
+
   create-draft:
     name: Create draft release
     runs-on: ubuntu-latest
-    needs: [check-prerequisites]
-
+    needs: [check-prerequisites, build-image, build-image-experimental]
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -84,31 +107,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-
-      - uses: autotelic/action-wait-for-status-check@6556cf50c8fb6608412945382eae73581f56cbb4
-        name: Build image
-        id: wait-for-build
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          statusName: "rel-istio-build"
-          intervalSeconds: "30"
-          timeoutSeconds: "1800"
-      - name: Check that module build status is success
-        if: steps.wait-for-build.outputs.state != 'success'
-        run: exit 1
-
-      - uses: autotelic/action-wait-for-status-check@6556cf50c8fb6608412945382eae73581f56cbb4
-        name: Verify build of experimental image
-        id: wait-for-experimental-build
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          statusName: "rel-istio-experimental-build"
-          intervalSeconds: "30"
-          timeoutSeconds: "300"
-      - name: Check that experimental module build status is success
-        if: steps.wait-for-experimental-build.outputs.state != 'success'
-        run: exit 1
-
       - name: Publish release assets
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/pull-integration-gardener-release.yaml b/.github/workflows/pull-integration-gardener-release.yaml
@@ -0,0 +1,142 @@
+# This workflow is responsible for all kinds of integration tests run on pull request to release branch.
+# Those tests depend on a container image, so in the first job we wait for the image build to succeed.
+
+name: PR-release Integration Gardener
+
+on:
+  # pull_request_target runs workflows from the base of PR
+  # It allows the workflow to get the repository secrets
+  pull_request_target:
+    types: [ synchronize, opened, reopened, ready_for_review ]
+    branches:
+      - 'release-**'
+
+jobs:
+  filter-changes:
+    name: List relevant VCS changes
+    outputs:
+      check: ${{ steps.changed-files.outputs.any_modified }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275
+        id: changed-files
+        with:
+          files_ignore: |
+            docs/**
+            **/*.md
+            OWNERS
+            CODEOWNERS
+            sec-scanners-config.yaml
+            .github/**
+            .**
+      - name: List all changed files
+        run: echo '${{ steps.changed-files.outputs.all_changed_files }}'
+
+  build-image:
+    name: Build manager image
+    needs: [ filter-changes ]
+    if: ${{ github.event.pull_request.draft == false && needs.filter-changes.outputs.check == 'true' }}
+    uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main
+    with:
+      name: istio-manager
+      dockerfile: Dockerfile
+      context: .
+      build-args: |
+        VERSION=PR-${{ github.event.pull_request.head.sha }}
+
+  istio-integration-gcp:
+    name: Istio integration test GCP
+    runs-on: ubuntu-latest
+    needs: [build-image]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+      - run: ./tests/integration/scripts/gardener-kubeconfig.sh
+        shell: bash
+        env:
+          GARDENER_TOKEN: ${{ secrets.GARDENER_TOKEN }}
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: "go.mod"
+      - run: make gardener-istio-integration-test
+        shell: bash
+        env:
+          IMG: "europe-docker.pkg.dev/kyma-project/dev/istio-manager:PR-${{github.event.number}}"
+          GARDENER_KUBECONFIG: "/home/runner/work/istio/istio/gardener_kubeconfig.yaml"
+          GARDENER_PROJECT_NAME: "goats"
+          GARDENER_PROVIDER_SECRET_NAME: "goat"
+          GARDENER_PROVIDER: "gcp"
+          GARDENER_REGION: "europe-west3"
+          GARDENER_CLUSTER_VERSION: "1.29.7"
+          MACHINE_TYPE: "n2-standard-4"
+          DISK_SIZE: 50
+          DISK_TYPE: "pd-standard"
+          SCALER_MAX: 20
+          SCALER_MIN: 3
+
+  istio-integration-aws-specific:
+    name: Istio integration test AWS specific
+    runs-on: ubuntu-latest
+    needs: [build-image]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+      - run: ./tests/integration/scripts/gardener-kubeconfig.sh
+        shell: bash
+        env:
+          GARDENER_TOKEN: ${{ secrets.GARDENER_TOKEN }}
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: "go.mod"
+      - run: make gardener-aws-integration-test
+        shell: bash
+        env:
+          IMG: "europe-docker.pkg.dev/kyma-project/dev/istio-manager:PR-${{github.event.number}}"
+          GARDENER_KUBECONFIG: "/home/runner/work/istio/istio/gardener_kubeconfig.yaml"
+          GARDENER_PROJECT_NAME: "goats"
+          GARDENER_PROVIDER_SECRET_NAME: "aws-gardener-access"
+          GARDENER_PROVIDER: "aws"
+          GARDENER_CLUSTER_VERSION: "1.29.7"
+          GARDENER_REGION: "eu-west-1"
+          MACHINE_TYPE: "m5.xlarge"
+          DISK_SIZE: 50
+          DISK_TYPE: "gp2"
+          SCALER_MAX: 3
+          SCALER_MIN: 1
+
+  istio-integration-gcp-specific:
+    name: Istio integration test GCP specific
+    runs-on: ubuntu-latest
+    needs: [build-image]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+      - run: ./tests/integration/scripts/gardener-kubeconfig.sh
+        shell: bash
+        env:
+          GARDENER_TOKEN: ${{ secrets.GARDENER_TOKEN }}
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: "go.mod"
+      - run: make gardener-gcp-integration-test
+        shell: bash
+        env:
+          IMG: "europe-docker.pkg.dev/kyma-project/dev/istio-manager:PR-${{github.event.number}}"
+          GARDENER_KUBECONFIG: "/home/runner/work/istio/istio/gardener_kubeconfig.yaml"
+          GARDENER_PROJECT_NAME: "goats"
+          GARDENER_PROVIDER_SECRET_NAME: "goat"
+          GARDENER_PROVIDER: "gcp"
+          GARDENER_REGION: "europe-west3"
+          GARDENER_CLUSTER_VERSION: "1.29.7"
+          MACHINE_TYPE: "n2-standard-4"
+          DISK_SIZE: 50
+          DISK_TYPE: "pd-standard"
+          SCALER_MAX: 20
+          SCALER_MIN: 3
diff --git a/.github/workflows/pull-integration-gardener.yaml b/.github/workflows/pull-integration-gardener.yaml
@@ -9,7 +9,6 @@ on:
   pull_request_target:
     types: [ synchronize, opened, reopened, ready_for_review ]
     branches:
-      - 'release-**'
       - 'main'
 
 jobs:

diff --git a/.github/workflows/verify-commit-pins.yaml b/.github/workflows/verify-commit-pins.yaml
@@ -16,3 +16,4 @@ jobs:
             actions/checkout
             actions/setup-go
             actions/upload-artifact
+            kyma-project/test-infra
diff --git a/Dockerfile b/Dockerfile
@@ -5,7 +5,7 @@ ARG TARGETARCH
 ARG GO_BUILD_TAGS
 ARG VERSION=dev
 
-WORKDIR /workspace
+WORKDIR /istio-build
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
@@ -33,8 +33,8 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH:-amd64} go build -
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
-COPY --from=builder /workspace/manager .
-COPY --from=builder /workspace/istio_install .
+COPY --from=builder /istio-build/manager .
+COPY --from=builder /istio-build/istio_install .
 
 USER 65532:65532