This repository has been archived by the owner on Mar 23, 2024. It is now read-only.

Merge pull request #15 from ajayk/actions #12

Workflow file for this run

.github/workflows/dag-push-production.yaml at b6cac32

	name: Build Packages Prod using dag

	on:
	workflow_dispatch:
	push:
	branches:
	- main

	env:
	PROJECT: prod-images-c6e5
	CLUSTER_NAME: tmp-cluster-prod-stage3-${{github.run_id}}
	CLUSTER_ZONE: us-central1-b
	SERVICE_ACCOUNT: prod-images-ci
	FQ_SERVICE_ACCOUNT: [email protected]
	BUCKET: wolfi-production-registry-source/bootstrap/stage3/
	SRC_BUCKET: gs://wolfi-production-registry-destination/bootstrap/stage3/

	jobs:
	setup-cluster:
	name: Setup build cluster
	runs-on: ubuntu-latest

	permissions:
	id-token: write
	contents: read

	steps:
	- uses: google-github-actions/auth@v0
	with:
	workload_identity_provider: "projects/618116202522/locations/global/workloadIdentityPools/prod-shared-e350/providers/prod-shared-gha"
	service_account: ${{env.FQ_SERVICE_ACCOUNT}}
	- uses: google-github-actions/setup-gcloud@v0
	with:
	project_id: ${{env.PROJECT}}

	- uses: actions/checkout@v3
	with:
	repository: wolfi-dev/dag
	path: ${{github.workspace}}/dag
	fetch-depth: 0
	- name: Setup Build Cluster
	working-directory: ${{github.workspace}}/dag
	run: \|
	gcloud container clusters create "${CLUSTER_NAME}" \
	--enable-ip-alias \
	--network projects/prod-shared-37eb/global/networks/prod-shared-586cca3 \
	--subnetwork projects/prod-shared-37eb/regions/us-central1/subnetworks/prod-shared-imgs-us-c1-b9c111f \
	--cluster-secondary-range-name gke-a-pods \
	--services-secondary-range-name gke-a-svcs \
	--tags "egress-inet" \
	--enable-dataplane-v2 \
	--enable-intra-node-visibility \
	--service-account "${FQ_SERVICE_ACCOUNT}" \
	--zone "${CLUSTER_ZONE}" \
	--release-channel rapid \
	--workload-pool "${PROJECT}.svc.id.goog" \
	--machine-type e2-standard-32 \
	--num-nodes 1

	gcloud container node-pools create arm-nodes \
	--cluster "${CLUSTER_NAME}" \
	--zone "${CLUSTER_ZONE}" \
	--tags "egress-inet" \
	--service-account "${FQ_SERVICE_ACCOUNT}" \
	--machine-type t2a-standard-32 \
	--num-nodes 1

	- uses: imjasonh/[email protected]
	with:
	project: "${PROJECT}"
	location: "${CLUSTER_ZONE}"
	cluster: "${CLUSTER_NAME}"

	- working-directory: ${{github.workspace}}/dag
	run: \|
	git checkout c8bb454c91090f3aa3916a65dc55488864af7169
	./scripts/setup-cluster.sh ${SERVICE_ACCOUNT}

	build-amd64:
	name: Build (amd64)
	runs-on: ubuntu-latest
	needs: setup-cluster

	permissions:
	id-token: write
	contents: read

	steps:
	# Checkout and build dag from main
	# Can't `go install` because its go.mod has `replace`s.
	- uses: actions/setup-go@v3
	with:
	go-version: '>=1.19.0'
	- uses: actions/checkout@v3
	with:
	repository: wolfi-dev/dag
	path: ${{github.workspace}}/dag
	fetch-depth: 0
	- working-directory: ${{github.workspace}}/dag
	run: \|
	git checkout c8bb454c91090f3aa3916a65dc55488
	go install

	- uses: google-github-actions/auth@v0
	with:
	workload_identity_provider: "projects/618116202522/locations/global/workloadIdentityPools/prod-shared-e350/providers/prod-shared-gha"
	service_account: ${{env.FQ_SERVICE_ACCOUNT}}
	- uses: google-github-actions/setup-gcloud@v0
	with:
	project_id: ${{env.PROJECT}}
	- uses: 'google-github-actions/get-gke-credentials@v0'
	with:
	cluster_name: ${{ env.CLUSTER_NAME }}
	location: ${{ env.CLUSTER_ZONE }}
	- run: gcloud auth configure-docker --quiet

	- uses: actions/checkout@v3
	with:
	repository: wolfi-dev/bootstrap-stage3
	path: ${{github.workspace}}/bootstrap-stage3

	- working-directory: ${{github.workspace}}/bootstrap-stage3
	run: \|
	dag pod \
	--cpu=30 --ram=100Gi \
	--bucket=${BUCKET} \
	--src-bucket=${SRC_BUCKET} \
	--secret-key

	build-arm64:
	name: Build (arm64)
	runs-on: ubuntu-latest
	needs: setup-cluster

	permissions:
	id-token: write
	contents: read

	steps:
	# Checkout and build dag from main
	# Can't `go install` because its go.mod has `replace`s.
	- uses: actions/setup-go@v3
	with:
	go-version: '>=1.19.0'
	- uses: actions/checkout@v3
	with:
	repository: wolfi-dev/dag
	path: ${{github.workspace}}/dag
	fetch-depth: 0
	- working-directory: ${{github.workspace}}/dag
	run: \|
	git checkout c8bb454c91090f3aa3916a65dc55488864af7169
	go install

	- uses: google-github-actions/auth@v0
	with:
	workload_identity_provider: "projects/618116202522/locations/global/workloadIdentityPools/prod-shared-e350/providers/prod-shared-gha"
	service_account: ${{env.FQ_SERVICE_ACCOUNT}}
	- uses: google-github-actions/setup-gcloud@v0
	with:
	project_id: ${{env.PROJECT}}
	- uses: 'google-github-actions/get-gke-credentials@v0'
	with:
	cluster_name: ${{ env.CLUSTER_NAME }}
	location: ${{ env.CLUSTER_ZONE }}
	- run: gcloud auth configure-docker --quiet

	- uses: actions/checkout@v3
	with:
	repository: wolfi-dev/bootstrap-stage3
	path: ${{github.workspace}}/bootstrap-stage3

	- working-directory: ${{github.workspace}}/bootstrap-stage3
	run: \|
	dag pod \
	--cpu=30 --ram=100Gi \
	--bucket=${BUCKET} \
	--src-bucket=${SRC_BUCKET} \
	--secret-key \
	--arch=arm64

	teardown-cluster:
	name: Teardown build cluster
	runs-on: ubuntu-latest
	needs: [build-amd64, build-arm64]
	if: always()

	permissions:
	id-token: write
	contents: read

	steps:
	- uses: google-github-actions/auth@v0
	with:
	workload_identity_provider: "projects/618116202522/locations/global/workloadIdentityPools/prod-shared-e350/providers/prod-shared-gha"
	service_account: ${{env.FQ_SERVICE_ACCOUNT}}
	- uses: google-github-actions/setup-gcloud@v0
	with:
	project_id: ${{env.PROJECT}}
	- uses: 'google-github-actions/get-gke-credentials@v0'
	with:
	cluster_name: ${{ env.CLUSTER_NAME }}
	location: ${{ env.CLUSTER_ZONE }}

	- name: Collect diagnostics
	if: always()
	run: \|
	resources="pods daemonsets serviceaccounts namespaces"
	for ns in $(kubectl get ns -oname \| cut -d'/' -f 2); do
	for resource in ${resources}; do
	echo --- $ns $resource ---
	kubectl get $resource -n${ns}
	for x in $(kubectl get $resource -n${ns} -oname \|\| true); do
	echo "::group:: describe $resource $x"
	# Don't fail if the resource disappears midway.
	kubectl describe -n${ns} $x \|\| true
	echo '::endgroup::'
	done
	done
	done

	- name: Teardown Build Cluster
	if: always()
	run: \|
	gcloud container clusters delete "${CLUSTER_NAME}" \
	--zone "${CLUSTER_ZONE}" \
	--quiet

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #15 from ajayk/actions #12

Workflow file

Merge pull request #15 from ajayk/actions #12

Jobs

Run details

Workflow file for this run