diff --git a/.github/workflows/pull-build-rotate-service-account-keys.yml b/.github/workflows/pull-build-rotate-service-account-keys.yml new file mode 100644 index 000000000000..fd157586729b --- /dev/null +++ b/.github/workflows/pull-build-rotate-service-account-keys.yml @@ -0,0 +1,19 @@ +name: pull-build-rotate-service-account-keys.yml +# description: Build image for rotate-service-account +on: + pull_request_target: + types: [ opened, edited, synchronize, reopened, ready_for_review ] + paths: + - "cmd/cloud-run/rotate-service-account/Dockerfile" + - "cmd/cloud-run/rotate-service-account/*.go" + - "pkg/**" + - "go.mod" + - "go.sum" + +jobs: + build_oidc-token-verifier: + uses: ./.github/workflows/image-builder.yml + with: + name: test-infra/rotate-service-account + dockerfile: cmd/cloud-run/rotate-service-account/Dockerfile + context: . \ No newline at end of file diff --git a/.github/workflows/pull-build-service-account-keys-cleaner.yml b/.github/workflows/pull-build-service-account-keys-cleaner.yml new file mode 100644 index 000000000000..a9b20a145d4f --- /dev/null +++ b/.github/workflows/pull-build-service-account-keys-cleaner.yml @@ -0,0 +1,19 @@ +name: pull-build--service-account-keys-cleaner.yml +# description: Build image for service-account-keys-cleaner +on: + pull_request_target: + types: [ opened, edited, synchronize, reopened, ready_for_review ] + paths: + - "cmd/cloud-run/service-account-keys-cleaner/Dockerfile" + - "cmd/cloud-run/service-account-keys-cleaner/*.go" + - "pkg/**" + - "go.mod" + - "go.sum" + +jobs: + build_oidc-token-verifier: + uses: ./.github/workflows/image-builder.yml + with: + name: test-infra/service-account-keys-cleaner + dockerfile: cmd/cloud-run/service-account-keys-cleaner/Dockerfile + context: . \ No newline at end of file diff --git a/.github/workflows/pull-build-slack-message-sender.yml b/.github/workflows/pull-build-slack-message-sender.yml new file mode 100644 index 000000000000..60efbf4f0934 --- /dev/null +++ b/.github/workflows/pull-build-slack-message-sender.yml @@ -0,0 +1,15 @@ +name: pull-build-slack-message-sender.yml +# description: "Build slack-message-sender image for sending labeling notification to kyma teams. +on: + pull_request_target: + types: [ opened, edited, synchronize, reopened, ready_for_review ] + paths: + - "cmd/cloud-run/slack-message-sender/**" + +jobs: + build_oidc-token-verifier: + uses: ./.github/workflows/image-builder.yml + with: + name: test-infra/slackmessagesender + dockerfile: cmd/cloud-run/slack-message-sender/Dockerfile + context: . \ No newline at end of file diff --git a/.github/workflows/push-build-rotate-service-account-keys.yml b/.github/workflows/push-build-rotate-service-account-keys.yml new file mode 100644 index 000000000000..aeea2d578afc --- /dev/null +++ b/.github/workflows/push-build-rotate-service-account-keys.yml @@ -0,0 +1,20 @@ +name: push-build-rotate-service-account-keys.yml +# description: Build image for rotate-service-account +on: + push: + branches: + - main + paths: + - "cmd/cloud-run/rotate-service-account/Dockerfile" + - "cmd/cloud-run/rotate-service-account/*.go" + - "pkg/**" + - "go.mod" + - "go.sum" + +jobs: + build_oidc-token-verifier: + uses: ./.github/workflows/image-builder.yml + with: + name: test-infra/rotate-service-account + dockerfile: cmd/cloud-run/rotate-service-account/Dockerfile + context: . \ No newline at end of file diff --git a/.github/workflows/push-build-service-account-keys-cleaner.yml b/.github/workflows/push-build-service-account-keys-cleaner.yml new file mode 100644 index 000000000000..cf306bcd8ca2 --- /dev/null +++ b/.github/workflows/push-build-service-account-keys-cleaner.yml @@ -0,0 +1,20 @@ +name: push-build-service-account-keys-cleaner.yml +# description: Build image for service-account-keys-cleaner +on: + push: + branches: + - main + paths: + - "cmd/cloud-run/service-account-keys-cleaner/Dockerfile" + - "cmd/cloud-run/service-account-keys-cleaner/*.go" + - "pkg/**" + - "go.mod" + - "go.sum" + +jobs: + build_oidc-token-verifier: + uses: ./.github/workflows/image-builder.yml + with: + name: test-infra/service-account-keys-cleaner + dockerfile: cmd/cloud-run/service-account-keys-cleaner/Dockerfile + context: . \ No newline at end of file diff --git a/.github/workflows/push-build-slack-message-sender.yml b/.github/workflows/push-build-slack-message-sender.yml new file mode 100644 index 000000000000..05d83cf91483 --- /dev/null +++ b/.github/workflows/push-build-slack-message-sender.yml @@ -0,0 +1,16 @@ +name: push-build-slack-message-sender.yml +# description: "Build slack-message-sender image for sending labeling notification to kyma teams. +on: + push: + branches: + - main + paths: + - "cmd/cloud-run/slack-message-sender/**" + +jobs: + build_oidc-token-verifier: + uses: ./.github/workflows/image-builder.yml + with: + name: test-infra/slackmessagesender + dockerfile: cmd/cloud-run/slack-message-sender/Dockerfile + context: . \ No newline at end of file diff --git a/prow/jobs/kyma-project/test-infra/secret-leaks-log-scanner.yaml b/prow/jobs/kyma-project/test-infra/secret-leaks-log-scanner.yaml deleted file mode 100644 index a6e49a1a007d..000000000000 --- a/prow/jobs/kyma-project/test-infra/secret-leaks-log-scanner.yaml +++ /dev/null @@ -1,103 +0,0 @@ -presubmits: # runs on PRs - kyma-project/test-infra: - - name: pull-build-image-slackmessagesender - annotations: - description: "Build test-infra/slackmessagesender image for secret-leaks-log-scanner application." - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-build-image-slackmessagesender" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^cmd/cloud-run/slack-message-sender/' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^main$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240604-ff0c326b" - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - env: - - name: "ADO_PAT" - valueFrom: - secretKeyRef: - name: "image-builder-ado-token" - key: "token" - command: - - "/image-builder" - args: - - "--name=test-infra/slackmessagesender" - - "--config=/config/kaniko-build-config.yaml" - - "--context=." - - "--dockerfile=cmd/cloud-run/slack-message-sender/Dockerfile" - - "--build-in-ado=true" - resources: - requests: - memory: 1.5Gi - cpu: 1 - volumeMounts: - - name: config - mountPath: /config - readOnly: true - volumes: - - name: config - configMap: - name: kaniko-build-config - -postsubmits: # runs on main - kyma-project/test-infra: - - name: post-build-image-slackmessagesender - annotations: - description: "Build test-infra/slackmessagesender image for secret-leaks-log-scanner application." - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "post-build-image-slackmessagesender" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^cmd/cloud-run/slack-message-sender/|^go\.mod$|^go\.sum$' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^main$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240604-ff0c326b" - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - env: - - name: "ADO_PAT" - valueFrom: - secretKeyRef: - name: "image-builder-ado-token" - key: "token" - command: - - "/image-builder" - args: - - "--name=test-infra/slackmessagesender" - - "--config=/config/kaniko-build-config.yaml" - - "--context=." - - "--dockerfile=cmd/cloud-run/slack-message-sender/Dockerfile" - - "--build-in-ado=true" - resources: - requests: - memory: 1.5Gi - cpu: 1 - volumeMounts: - - name: config - mountPath: /config - readOnly: true - volumes: - - name: config - configMap: - name: kaniko-build-config diff --git a/prow/jobs/kyma-project/test-infra/secrets-rotator.yaml b/prow/jobs/kyma-project/test-infra/secrets-rotator.yaml deleted file mode 100644 index 140263d38ea2..000000000000 --- a/prow/jobs/kyma-project/test-infra/secrets-rotator.yaml +++ /dev/null @@ -1,201 +0,0 @@ -presubmits: # runs on PRs - kyma-project/test-infra: - - name: pull-build-image-rotate-service-account - annotations: - description: "Build image for rotate-service-account" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-build-image-rotate-service-account" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^cmd/cloud-run/rotate-service-account/(Dockerfile|.*\.go)$' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^main$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240604-ff0c326b" - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - env: - - name: "ADO_PAT" - valueFrom: - secretKeyRef: - name: "image-builder-ado-token" - key: "token" - command: - - "/image-builder" - args: - - "--name=test-infra/rotate-service-account" - - "--config=/config/kaniko-build-config.yaml" - - "--context=." - - "--dockerfile=cmd/cloud-run/rotate-service-account/Dockerfile" - - "--build-in-ado=true" - resources: - requests: - memory: 1.5Gi - cpu: 1 - volumeMounts: - - name: config - mountPath: /config - readOnly: true - volumes: - - name: config - configMap: - name: kaniko-build-config - - name: pull-build-image-service-account-keys-cleaner - annotations: - description: "Build image for service-account-keys-cleaner" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-build-image-service-account-keys-cleaner" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^cmd/cloud-run/service-account-keys-cleaner/(Dockerfile|.*\.go)$' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^main$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240604-ff0c326b" - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - env: - - name: "ADO_PAT" - valueFrom: - secretKeyRef: - name: "image-builder-ado-token" - key: "token" - command: - - "/image-builder" - args: - - "--name=test-infra/service-account-keys-cleaner" - - "--config=/config/kaniko-build-config.yaml" - - "--context=." - - "--dockerfile=cmd/cloud-run/service-account-keys-cleaner/Dockerfile" - - "--build-in-ado=true" - resources: - requests: - memory: 1.5Gi - cpu: 1 - volumeMounts: - - name: config - mountPath: /config - readOnly: true - volumes: - - name: config - configMap: - name: kaniko-build-config - -postsubmits: # runs on main - kyma-project/test-infra: - - name: post-build-image-rotate-service-account - annotations: - description: "Build image for rotate-service-account" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "post-build-image-rotate-service-account" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^cmd/cloud-run/rotate-service-account/(Dockerfile|.*\.go)$' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^main$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240604-ff0c326b" - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - env: - - name: "ADO_PAT" - valueFrom: - secretKeyRef: - name: "image-builder-ado-token" - key: "token" - command: - - "/image-builder" - args: - - "--name=test-infra/rotate-service-account" - - "--config=/config/kaniko-build-config.yaml" - - "--context=." - - "--dockerfile=cmd/cloud-run/rotate-service-account/Dockerfile" - - "--build-in-ado=true" - resources: - requests: - memory: 1.5Gi - cpu: 1 - volumeMounts: - - name: config - mountPath: /config - readOnly: true - volumes: - - name: config - configMap: - name: kaniko-build-config - - name: post-build-image-service-account-keys-cleaner - annotations: - description: "Build image for service-account-keys-cleaner" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "post-build-image-service-account-keys-cleaner" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^cmd/cloud-run/service-account-keys-cleaner/(Dockerfile|.*\.go)$' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^main$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240604-ff0c326b" - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - env: - - name: "ADO_PAT" - valueFrom: - secretKeyRef: - name: "image-builder-ado-token" - key: "token" - command: - - "/image-builder" - args: - - "--name=test-infra/service-account-keys-cleaner" - - "--config=/config/kaniko-build-config.yaml" - - "--context=." - - "--dockerfile=cmd/cloud-run/service-account-keys-cleaner/Dockerfile" - - "--build-in-ado=true" - resources: - requests: - memory: 1.5Gi - cpu: 1 - volumeMounts: - - name: config - mountPath: /config - readOnly: true - volumes: - - name: config - configMap: - name: kaniko-build-config