Update select go packages to eliminate goproxy due to CVE. #244
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Publish Images | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - "[0-9]+.[0-9]+.[0-9]+" | |
| - "[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+" | |
| - "[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+" | |
| - "[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+" | |
| jobs: | |
| publish-generic-images: | |
| name: Publish | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - image: docker-registry | |
| - image: pause-container | |
| - image: session-manager | |
| - image: training-portal | |
| - image: secrets-manager | |
| - image: tunnel-manager | |
| - image: image-cache | |
| - image: assets-server | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker buildx | |
| uses: docker/setup-buildx-action@v2 | |
| # related issues for pinning buildkit | |
| # https://github.com/docker/build-push-action/issues/761 | |
| # https://github.com/containerd/containerd/issues/7972 | |
| # https://github.com/containerd/containerd/pull/6995 | |
| with: | |
| driver-opts: | | |
| image=moby/buildkit:v0.10.6 | |
| - name: Generate container image metadata | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/${{github.repository_owner}}/educates-${{matrix.image}} | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha | |
| - name: Login to GitHub container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{github.actor}} | |
| password: ${{secrets.GITHUB_TOKEN}} | |
| registry: ghcr.io | |
| - name: Build and push ${{matrix.image}} image | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: ${{matrix.image}} | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{steps.meta.outputs.tags}} | |
| push: true | |
| publish-workshop-base-image: | |
| name: Publish (base-environment) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker buildx | |
| uses: docker/setup-buildx-action@v2 | |
| # related issues for pinning buildkit | |
| # https://github.com/docker/build-push-action/issues/761 | |
| # https://github.com/containerd/containerd/issues/7972 | |
| # https://github.com/containerd/containerd/pull/6995 | |
| with: | |
| driver-opts: | | |
| image=moby/buildkit:v0.10.6 | |
| - name: Restore Docker cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{runner.os}}-buildx-base-environment-${{github.sha}} | |
| restore-keys: | | |
| ${{runner.os}}-buildx-base-environment- | |
| - name: Generate container image metadata | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/${{github.repository_owner}}/educates-base-environment | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha | |
| - name: Login to GitHub container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{github.actor}} | |
| password: ${{secrets.GITHUB_TOKEN}} | |
| registry: ghcr.io | |
| - name: Build and push base-environment image | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: workshop-images/base-environment | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{steps.meta.outputs.tags}} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new | |
| push: true | |
| - name: Save Docker cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| du -ks /tmp/.buildx-cache | |
| publish-workshop-images: | |
| name: Publish | |
| runs-on: ubuntu-latest | |
| needs: | |
| - publish-workshop-base-image | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - image: jdk8-environment | |
| - image: jdk11-environment | |
| - image: jdk17-environment | |
| - image: conda-environment | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v3 | |
| - name: Calculate variables | |
| shell: bash | |
| run: | | |
| echo "REPOSITORY_SHA_TAG=sha-${GITHUB_SHA::7}" >>${GITHUB_ENV} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker buildx | |
| uses: docker/setup-buildx-action@v2 | |
| # related issues for pinning buildkit | |
| # https://github.com/docker/build-push-action/issues/761 | |
| # https://github.com/containerd/containerd/issues/7972 | |
| # https://github.com/containerd/containerd/pull/6995 | |
| with: | |
| driver-opts: | | |
| image=moby/buildkit:v0.10.6 | |
| - name: Restore Docker cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{runner.os}}-buildx-${{matrix.image}}-${{github.sha}} | |
| restore-keys: | | |
| ${{runner.os}}-buildx-${{matrix.image}}- | |
| - name: Generate container image metadata | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/${{github.repository_owner}}/educates-${{matrix.image}} | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha | |
| - name: Login to GitHub container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{github.actor}} | |
| password: ${{secrets.GITHUB_TOKEN}} | |
| registry: ghcr.io | |
| - name: Build and push ${{matrix.image}} image | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: workshop-images/${{matrix.image}} | |
| platforms: linux/amd64,linux/arm64 | |
| build-args: | | |
| IMAGE_REPOSITORY=ghcr.io/${{github.repository_owner}} | |
| BASE_IMAGE_NAME=educates-base-environment | |
| PACKAGE_VERSION=${{env.REPOSITORY_SHA_TAG}} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new | |
| tags: ${{steps.meta.outputs.tags}} | |
| push: true | |
| - name: Save Docker cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| du -ks /tmp/.buildx-cache | |
| publish-carvel-bundles: | |
| name: Bundle | |
| runs-on: ubuntu-latest | |
| needs: | |
| - publish-generic-images | |
| - publish-workshop-images | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v3 | |
| - name: Install Carvel tools | |
| shell: bash | |
| run: curl -L https://carvel.dev/install.sh | bash | |
| - name: Calculate variables | |
| shell: bash | |
| run: | | |
| echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV} | |
| echo "REPOSITORY_SHA_TAG=sha-${GITHUB_SHA::7}" >>${GITHUB_ENV} | |
| - name: Publish educates-cluster-essentials bundle | |
| shell: bash | |
| run: | | |
| ytt -f carvel-packages/cluster-essentials/bundle/config | kbld -f - \ | |
| --imgpkg-lock-output carvel-packages/cluster-essentials/bundle/.imgpkg/images.yml | |
| imgpkg push \ | |
| -b ghcr.io/${{github.repository_owner}}/educates-cluster-essentials:${{env.REPOSITORY_TAG}} \ | |
| -f carvel-packages/cluster-essentials/bundle \ | |
| --registry-username=${{github.actor}} \ | |
| --registry-password=${{secrets.GITHUB_TOKEN}} | |
| ytt -f carvel-packages/cluster-essentials/bundle \ | |
| --data-values-schema-inspect -o openapi-v3 > educates-cluster-essentials-schema-openapi.yaml | |
| ytt -f carvel-packages/cluster-essentials/config/package.yaml \ | |
| -f carvel-packages/cluster-essentials/config/schema.yaml \ | |
| -v version=${{env.REPOSITORY_TAG}} \ | |
| -v releasedAt=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \ | |
| --data-value-file openapi=educates-cluster-essentials-schema-openapi.yaml \ | |
| -v imageRegistry.host=ghcr.io \ | |
| -v imageRegistry.namespace=${{github.repository_owner}} > educates-cluster-essentials.yaml | |
| - name: Save educates-cluster-essentials.yaml | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: educates-cluster-essentials.yaml | |
| path: educates-cluster-essentials.yaml | |
| - name: Publish educates-training-platform bundle | |
| shell: bash | |
| run: | | |
| ytt -f carvel-packages/training-platform/config/images.yaml \ | |
| -f carvel-packages/training-platform/config/schema.yaml \ | |
| -v version=${{env.REPOSITORY_TAG}} \ | |
| -v imageRegistry.host=ghcr.io \ | |
| -v imageRegistry.namespace=${{github.repository_owner}} \ | |
| > carvel-packages/training-platform/bundle/kbld-images.yaml | |
| cat carvel-packages/training-platform/bundle/kbld-images.yaml | kbld -f - \ | |
| --imgpkg-lock-output carvel-packages/training-platform/bundle/.imgpkg/images.yml | |
| imgpkg push \ | |
| -b ghcr.io/${{github.repository_owner}}/educates-training-platform:${{env.REPOSITORY_TAG}} \ | |
| -f carvel-packages/training-platform/bundle \ | |
| --registry-username=${{github.actor}} \ | |
| --registry-password=${{secrets.GITHUB_TOKEN}} | |
| ytt -f carvel-packages/training-platform/bundle \ | |
| --data-values-schema-inspect -o openapi-v3 > educates-training-platform-schema-openapi.yaml | |
| ytt -f carvel-packages/training-platform/config/package.yaml \ | |
| -f carvel-packages/training-platform/config/schema.yaml \ | |
| -v version=${{env.REPOSITORY_TAG}} \ | |
| -v releasedAt=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \ | |
| --data-value-file openapi=educates-training-platform-schema-openapi.yaml \ | |
| -v imageRegistry.host=ghcr.io \ | |
| -v imageRegistry.namespace=${{github.repository_owner}} > educates-training-platform.yaml | |
| - name: Save educates-training-platform.yaml | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: educates-training-platform.yaml | |
| path: educates-training-platform.yaml | |
| build-client-programs-linux-amd64: | |
| name: Build (clients) / amd64@linux | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: "1.19.0" | |
| - name: Build educates client program | |
| shell: bash | |
| run: | | |
| rm -rf client-programs/pkg/renderer/files | |
| mkdir client-programs/pkg/renderer/files | |
| cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/ | |
| cd client-programs | |
| REPOSITORY_TAG=${GITHUB_REF##*/} | |
| go build -o educates-linux-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG'" cmd/educates/main.go | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: educates-linux-amd64 | |
| path: client-programs/educates-linux-amd64 | |
| build-client-programs-darwin-amd64: | |
| name: Build (clients) / amd64@darwin | |
| runs-on: macos-latest | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: '>=1.20.0-rc.3' | |
| - name: Build educates client program | |
| shell: bash | |
| run: | | |
| rm -rf client-programs/pkg/renderer/files | |
| mkdir client-programs/pkg/renderer/files | |
| cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/ | |
| cd client-programs | |
| REPOSITORY_TAG=${GITHUB_REF##*/} | |
| # DO NOT USE GOOS/GOARCH for native build as it appears to produce a | |
| # binary which is different and cannot create a Kind cluster which can | |
| # run both AMD and ARM images. Version with GOOS/GOARCH only retained | |
| # here for documentation purposes. | |
| # GOOS=darwin GOARCH=amd64 go build -o educates-darwin-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG'" cmd/educates/main.go | |
| go build -o educates-darwin-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG'" cmd/educates/main.go | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: educates-darwin-amd64 | |
| path: client-programs/educates-darwin-amd64 | |
| build-client-programs-darwin-arm64: | |
| name: Build (clients) / arm64@darwin | |
| runs-on: macos-latest | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: '>=1.20.0-rc.3' | |
| - name: Build educates client program | |
| shell: bash | |
| run: | | |
| rm -rf client-programs/pkg/renderer/files | |
| mkdir client-programs/pkg/renderer/files | |
| cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/ | |
| cd client-programs | |
| REPOSITORY_TAG=${GITHUB_REF##*/} | |
| GOOS=darwin GOARCH=arm64 go build -o educates-darwin-arm64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG'" cmd/educates/main.go | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: educates-darwin-arm64 | |
| path: client-programs/educates-darwin-arm64 | |
| publish-client-programs: | |
| name: Programs | |
| runs-on: ubuntu-latest | |
| needs: | |
| - publish-carvel-bundles | |
| - build-client-programs-linux-amd64 | |
| - build-client-programs-darwin-amd64 | |
| - build-client-programs-darwin-arm64 | |
| steps: | |
| - name: Restore educates-linux-amd64 | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: educates-linux-amd64 | |
| path: client-programs | |
| - name: Restore educates-darwin-amd64 | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: educates-darwin-amd64 | |
| path: client-programs | |
| - name: Restore educates-darwin-arm64 | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: educates-darwin-arm64 | |
| path: client-programs | |
| - name: Install Carvel tools | |
| shell: bash | |
| run: curl -L https://carvel.dev/install.sh | bash | |
| - name: Calculate variables | |
| shell: bash | |
| run: | | |
| echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV} | |
| - name: Publish client programs | |
| shell: bash | |
| run: | | |
| chmod +x client-programs/* | |
| imgpkg push \ | |
| -i ghcr.io/${{github.repository_owner}}/educates-client-programs:${{env.REPOSITORY_TAG}} \ | |
| -f client-programs \ | |
| --registry-username=${{github.actor}} \ | |
| --registry-password=${{secrets.GITHUB_TOKEN}} | |
| release-artifacts: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/') | |
| needs: | |
| - publish-carvel-bundles | |
| - build-client-programs-linux-amd64 | |
| - build-client-programs-darwin-amd64 | |
| - build-client-programs-darwin-arm64 | |
| steps: | |
| - name: Restore educates-cluster-essentials.yaml | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: educates-cluster-essentials.yaml | |
| - name: Restore educates-training-platform.yaml | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: educates-training-platform.yaml | |
| - name: Restore educates-linux-amd64 | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: educates-linux-amd64 | |
| - name: Restore educates-darwin-amd64 | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: educates-darwin-amd64 | |
| - name: Restore educates-darwin-arm64 | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: educates-darwin-arm64 | |
| - name: Calculate variables | |
| shell: bash | |
| run: | | |
| echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV} | |
| - name: Create release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| with: | |
| tag_name: ${{env.REPOSITORY_TAG}} | |
| release_name: "educates:${{env.REPOSITORY_TAG}}" | |
| draft: false | |
| prerelease: false | |
| - name: Upload educates-cluster-essentials.yaml | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| with: | |
| upload_url: ${{steps.create_release.outputs.upload_url}} | |
| asset_path: educates-cluster-essentials.yaml | |
| asset_name: educates-cluster-essentials-${{env.REPOSITORY_TAG}}.yaml | |
| asset_content_type: text/yaml | |
| - name: Upload educates-training-platform.yaml | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| with: | |
| upload_url: ${{steps.create_release.outputs.upload_url}} | |
| asset_path: educates-training-platform.yaml | |
| asset_name: educates-training-platform-${{env.REPOSITORY_TAG}}.yaml | |
| asset_content_type: text/yaml | |
| - name: Upload educates-linux-amd64 | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| with: | |
| upload_url: ${{steps.create_release.outputs.upload_url}} | |
| asset_path: educates-linux-amd64 | |
| asset_name: educates-linux-amd64 | |
| asset_content_type: application/octet-stream | |
| - name: Upload educates-darwin-amd64 | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| with: | |
| upload_url: ${{steps.create_release.outputs.upload_url}} | |
| asset_path: educates-darwin-amd64 | |
| asset_name: educates-darwin-amd64 | |
| asset_content_type: application/octet-stream | |
| - name: Upload educates-darwin-arm64 | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| with: | |
| upload_url: ${{steps.create_release.outputs.upload_url}} | |
| asset_path: educates-darwin-arm64 | |
| asset_name: educates-darwin-arm64 | |
| asset_content_type: application/octet-stream |