new(prow): added job to manage org repos variables and secrets throug…

…h pigeon Signed-off-by: cappellinsamuele <cappellinsamuele@gmail.com>
falcosecurity · Mar 10, 2023 · 225e790 · 225e790
1 parent 803a935
commit 225e790
Show file tree

Hide file tree

Showing 7 changed files with 129 additions and 0 deletions.
diff --git a/config/clusters/ecr.tf b/config/clusters/ecr.tf
@@ -66,4 +66,11 @@ resource "aws_ecr_repository" "update_rules_index" {
   encryption_configuration {
     encryption_type = "KMS"
   }
+}
+
+resource "aws_ecr_repository" "sync_ghrepos_secrets_vars" {
+  name = "test-infra/sync-ghrepos-secrets-vars"
+  encryption_configuration {
+    encryption_type = "KMS"
+  }
 }
diff --git a/config/jobs/build-prow-images/build-images.yaml b/config/jobs/build-prow-images/build-images.yaml
@@ -306,5 +306,33 @@ presubmits:
             ephemeral-storage: "2Gi"
         securityContext:
           privileged: true
+      nodeSelector:
+        Archtype: "x86"
+  - name: build-images-sync-ghrepos-secrets-vars
+    decorate: true
+    path_alias: github.com/falcosecurity/test-infra
+    skip_report: false
+    agent: kubernetes
+    run_if_changed: '^images/sync-ghrepos-secrets-vars/'
+    branches:
+      - ^master$
+    spec:
+      containers:
+      - command:
+          - "/home/prow/go/src/github.com/falcosecurity/test-infra/images/build.sh"
+        args:
+          - "/home/prow/go/src/github.com/falcosecurity/test-infra/images/sync-ghrepos-secrets-vars"
+        env:
+        - name: AWS_REGION
+          value: eu-west-1
+        image: 292999226676.dkr.ecr.eu-west-1.amazonaws.com/test-infra/docker-dind
+        imagePullPolicy: Always
+        resources:
+          requests:
+            memory: 3Gi
+            cpu: 1.5
+            ephemeral-storage: "2Gi"
+        securityContext:
+          privileged: true
       nodeSelector:
         Archtype: "x86"
diff --git a/config/jobs/build-prow-images/publish-images.yaml b/config/jobs/build-prow-images/publish-images.yaml
@@ -307,5 +307,33 @@ postsubmits:
             ephemeral-storage: "2Gi"
         securityContext:
           privileged: true
+      nodeSelector:
+        Archtype: "x86"
+  - name: publish-images-sync-ghrepos-secrets-vars
+    decorate: true
+    path_alias: github.com/falcosecurity/test-infra
+    skip_report: false
+    agent: kubernetes
+    run_if_changed: '^images/sync-ghrepos-secrets-vars/'
+    branches:
+      - ^master$
+    spec:
+      containers:
+      - command:
+          - "/home/prow/go/src/github.com/falcosecurity/test-infra/images/publish.sh"
+        args:
+          - "/home/prow/go/src/github.com/falcosecurity/test-infra/images/sync-ghrepos-secrets-vars"
+        env:
+        - name: AWS_REGION
+          value: eu-west-1
+        image: 292999226676.dkr.ecr.eu-west-1.amazonaws.com/test-infra/docker-dind
+        imagePullPolicy: Always
+        resources:
+          requests:
+            memory: 3Gi
+            cpu: 1.5
+            ephemeral-storage: "2Gi"
+        securityContext:
+          privileged: true
       nodeSelector:
         Archtype: "x86"
diff --git a/config/jobs/sync-ghrepos-secrets-vars/sync-ghrepos-secrets-vars.yaml b/config/jobs/sync-ghrepos-secrets-vars/sync-ghrepos-secrets-vars.yaml
@@ -0,0 +1,26 @@
+postsubmits:
+  falcosecurity/test-infra:
+    - name: sync-ghrepos-secrets-vars-post-submit
+      branches:
+        - ^master$
+      decorate: true
+      max_concurrency: 1
+      skip_report: false
+      run_if_changed: '^config/pigeon.yaml$|^config/jobs/pigeon/.*'
+      spec:
+        containers:
+          - image: 292999226676.dkr.ecr.eu-west-1.amazonaws.com/test-infra/pigeon:latest
+            command:
+              - pigeon
+            args:
+              - -gh-token /etc/github-token/oauth
+              - -conf config/pigeon.yaml
+            volumeMounts:
+              - name: github
+                mountPath: /etc/github-token
+        volumes:
+          - name: github
+            secret:
+              secretName: oauth-token
+        nodeSelector:
+          Archtype: "x86"
diff --git a/config/pigeon.yaml b/config/pigeon.yaml
@@ -0,0 +1 @@
+# TODO: To be filled
diff --git a/images/sync-ghrepos-secrets-vars/Dockerfile b/images/sync-ghrepos-secrets-vars/Dockerfile
@@ -0,0 +1,16 @@
+FROM golang:1.18 AS pigeon
+
+ENV PUBLISH_S3="true"
+ENV PUBLISH_TAG="dev"
+ENV S3_PATH="s3://falco-distribution/pigeon/"
+
+RUN curl -s "https://api.github.com/repos/falcosecurity/pigeon/releases/latest" | grep "browser_download_url.*tar.gz" \
+| cut -d : -f 2,3 \
+| tr -d \" \
+| xargs wget -qO- \
+| tar -xvz
+
+FROM ubuntu:22.04
+RUN apt-get update && apt-get install -y libsodium-dev
+
+COPY --from=pigeon /go/pigeon /bin
diff --git a/images/sync-ghrepos-secrets-vars/Makefile b/images/sync-ghrepos-secrets-vars/Makefile
@@ -0,0 +1,23 @@
+SHELL := /bin/bash
+
+IMG_SLUG := test-infra
+IMG_NAME := pigeon
+IMG_TAG ?= latest
+
+ACCOUNT := 292999226676
+DOCKER_PUSH_REPOSITORY = dkr.ecr.eu-west-1.amazonaws.com
+
+IMAGE := "$(ACCOUNT).$(DOCKER_PUSH_REPOSITORY)/$(IMG_SLUG)/$(IMG_NAME):$(IMG_TAG)"
+
+build-push: build-image push-image
+
+build-image:
+	docker build --no-cache -t "$(IMG_SLUG)/$(IMG_NAME)" .
+
+push-image:
+	docker tag "$(IMG_SLUG)/$(IMG_NAME)" $(IMAGE)
+	docker push $(IMAGE)
+
+local-registry:
+	docker tag "$(IMG_SLUG)/$(IMG_NAME)" localhost:5000/$(IMG_NAME)
+	docker push localhost:5000/$(IMG_NAME)