-
Notifications
You must be signed in to change notification settings - Fork 2.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add auto-commit capability to build base images GH workflow
This commit adds the ability to have automatic commits being pushed for the base images github workflow. This simplifies the build process of the base images as it will no longer require developers to wait and re-push changes. Resume of the changes: - Re-write documentation with the new process - Moved scripts to update tags in the git tree to the respective directories of the images. This is to prevent accidental or malicious changes by third-parties in the script files that could compromise the build process. If the files are modified, it will require an approval from the cilium/build team before the GH action is executed. - Changed CODEOWNERS file to request for a review from the cilium/github-sec team as the scripts are directly used in the GH workflow. - For future reference, this GH auto-committer workflow is using a token created by the machine-learning-apps/actions-app-token GH action and that GH action is using the auto-committer app [1] created exclusively for this purpose. [1] https://github.com/organizations/cilium/settings/apps/auto-committer/permissions Signed-off-by: André Martins <andre@cilium.io>
- Loading branch information
Showing
7 changed files
with
120 additions
and
70 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/bin/bash | ||
|
||
# Copyright Authors of Cilium | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
set -o xtrace | ||
set -o errexit | ||
set -o pipefail | ||
set -o nounset | ||
|
||
image_full=${1} | ||
root_dir="$(git rev-parse --show-toplevel)" | ||
|
||
cd "${root_dir}" | ||
|
||
image="quay.io/cilium/cilium-builder" | ||
|
||
# shellcheck disable=SC2207 | ||
used_by=($(git grep -l CILIUM_BUILDER_IMAGE= images/*/Dockerfile) "test/k8s/manifests/demo-customcalls.yaml" "api/v1/Makefile") | ||
|
||
for i in "${used_by[@]}" ; do | ||
sed -E "s#(CILIUM_BUILDER_IMAGE=|image: )${image}:.*\$#\1${image_full}#" "${i}" > "${i}.sedtmp" && mv "${i}.sedtmp" "${i}" | ||
done | ||
|
||
do_check="${CHECK:-false}" | ||
if [ "${do_check}" = "true" ] ; then | ||
git diff --exit-code "${used_by[@]}" | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
#!/bin/bash | ||
|
||
# Copyright Authors of Cilium | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
set -o xtrace | ||
set -o errexit | ||
set -o pipefail | ||
set -o nounset | ||
|
||
image_full=${1} | ||
root_dir="$(git rev-parse --show-toplevel)" | ||
|
||
cd "${root_dir}" | ||
|
||
image="quay.io/cilium/cilium-runtime" | ||
|
||
# shellcheck disable=SC2207 | ||
used_by=($(git grep -l CILIUM_RUNTIME_IMAGE= images/*/Dockerfile)) | ||
|
||
for i in "${used_by[@]}" ; do | ||
sed -E "s#((CILIUM_RUNTIME|BASE)_IMAGE=)${image}:.*\$#\1${image_full}#" "${i}" > "${i}.sedtmp" && mv "${i}.sedtmp" "${i}" | ||
done | ||
|
||
# shellcheck disable=SC2207 | ||
jenkins_used_by=($(git grep -l "${image}:" jenkinsfiles/)) | ||
|
||
for i in "${jenkins_used_by[@]}" ; do | ||
sed -E "s#\"${image}:.*\"#\"${image_full}\"#" "${i}" > "${i}.sedtmp" && mv "${i}.sedtmp" "${i}" | ||
done | ||
|
||
# shellcheck disable=SC2207 | ||
github_used_by=($(git grep -l "${image}:" .github/workflows/)) | ||
|
||
for i in "${github_used_by[@]}" ; do | ||
sed -E "s#${image}:.*#${image_full}#" "${i}" > "${i}.sedtmp" && mv "${i}.sedtmp" "${i}" | ||
done | ||
|
||
do_check="${CHECK:-false}" | ||
if [ "${do_check}" = "true" ] ; then | ||
git diff --exit-code "${used_by[@]}" | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters