From 71edaba594af650686e0f68bcd11e44fa144ae58 Mon Sep 17 00:00:00 2001 From: Mathias Beaulieu-Duncan <52874619+singatias@users.noreply.github.com> Date: Sun, 13 Oct 2024 13:16:40 -0400 Subject: [PATCH 1/4] Update apps-webservice.yaml Signed-off-by: Mathias Beaulieu-Duncan <52874619+singatias@users.noreply.github.com> --- .github/workflows/apps-webservice.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/apps-webservice.yaml b/.github/workflows/apps-webservice.yaml index a86cab196..f7f44e8bb 100644 --- a/.github/workflows/apps-webservice.yaml +++ b/.github/workflows/apps-webservice.yaml @@ -15,6 +15,7 @@ on: - packages/** - .github/workflows/apps-webservice.yaml - pnpm-lock.yaml + workflow_dispatch: jobs: build: @@ -22,6 +23,11 @@ jobs: permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -33,6 +39,7 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v3 + if: github.event.pull_request.head.repo.full_name == github.repository with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +58,14 @@ jobs: with: push: false file: apps/webservice/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && github.event.pull_request.head.repo.full_name == github.repository with: push: true file: apps/webservice/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} From c5bce11cac2d9e414db52d7203b0c50f552a817e Mon Sep 17 00:00:00 2001 From: Mathias Beaulieu-Duncan <52874619+singatias@users.noreply.github.com> Date: Sun, 13 Oct 2024 13:40:08 -0400 Subject: [PATCH 2/4] test webservice with new condition --- .github/workflows/apps-webservice.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/apps-webservice.yaml b/.github/workflows/apps-webservice.yaml index f7f44e8bb..35b07bd95 100644 --- a/.github/workflows/apps-webservice.yaml +++ b/.github/workflows/apps-webservice.yaml @@ -39,7 +39,7 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v3 - if: github.event.pull_request.head.repo.full_name == github.repository + if: secrets.DOCKERHUB_USERNAME && secrets.DOCKERHUB_TOKEN with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -63,7 +63,7 @@ jobs: - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' && github.event.pull_request.head.repo.full_name == github.repository + if: github.ref == 'refs/heads/main' && secrets.DOCKERHUB_USERNAME && secrets.DOCKERHUB_TOKEN with: push: true file: apps/webservice/Dockerfile From 4a6d529f4a98352a12e942a5bd0a07dd6a512e5c Mon Sep 17 00:00:00 2001 From: Mathias Beaulieu-Duncan <52874619+singatias@users.noreply.github.com> Date: Sun, 13 Oct 2024 13:42:00 -0400 Subject: [PATCH 3/4] update --- .github/workflows/apps-webservice.yaml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/apps-webservice.yaml b/.github/workflows/apps-webservice.yaml index 35b07bd95..14ae34dc7 100644 --- a/.github/workflows/apps-webservice.yaml +++ b/.github/workflows/apps-webservice.yaml @@ -37,9 +37,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 - if: secrets.DOCKERHUB_USERNAME && secrets.DOCKERHUB_TOKEN + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -63,7 +71,7 @@ jobs: - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' && secrets.DOCKERHUB_USERNAME && secrets.DOCKERHUB_TOKEN + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: apps/webservice/Dockerfile From 8eef2043fde3a9ece09db25a2452336d10048f88 Mon Sep 17 00:00:00 2001 From: Mathias Beaulieu-Duncan <52874619+singatias@users.noreply.github.com> Date: Sun, 13 Oct 2024 14:25:24 -0400 Subject: [PATCH 4/4] updated all packages pipeliens --- .github/workflows/apps-event-worker.yaml | 19 ++++++++++++++++- .../workflows/apps-job-policy-checker.yaml | 19 ++++++++++++++++- .github/workflows/apps-webservice.yaml | 2 +- .../integrations-google-compute-scanner.yaml | 21 +++++++++++++++++-- .../integrations-kubernetes-job-agent.yaml | 19 ++++++++++++++++- .../integrations-terraform-cloud-scanner.yaml | 13 +++++++++++- .github/workflows/packages-migrations.yaml | 13 +++++++++++- 7 files changed, 98 insertions(+), 8 deletions(-) diff --git a/.github/workflows/apps-event-worker.yaml b/.github/workflows/apps-event-worker.yaml index 9d6df9b2a..be32ce417 100644 --- a/.github/workflows/apps-event-worker.yaml +++ b/.github/workflows/apps-event-worker.yaml @@ -23,9 +23,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -35,8 +41,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -55,12 +70,14 @@ jobs: with: push: false file: apps/event-worker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: apps/event-worker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/apps-job-policy-checker.yaml b/.github/workflows/apps-job-policy-checker.yaml index 8895c8c8e..79841af95 100644 --- a/.github/workflows/apps-job-policy-checker.yaml +++ b/.github/workflows/apps-job-policy-checker.yaml @@ -21,9 +21,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -33,8 +39,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -53,12 +68,14 @@ jobs: with: push: false file: apps/job-policy-checker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: apps/job-policy-checker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/apps-webservice.yaml b/.github/workflows/apps-webservice.yaml index 14ae34dc7..6f30ee36e 100644 --- a/.github/workflows/apps-webservice.yaml +++ b/.github/workflows/apps-webservice.yaml @@ -15,11 +15,11 @@ on: - packages/** - .github/workflows/apps-webservice.yaml - pnpm-lock.yaml - workflow_dispatch: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write diff --git a/.github/workflows/integrations-google-compute-scanner.yaml b/.github/workflows/integrations-google-compute-scanner.yaml index 0206a1a40..07f88c2ae 100644 --- a/.github/workflows/integrations-google-compute-scanner.yaml +++ b/.github/workflows/integrations-google-compute-scanner.yaml @@ -19,9 +19,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -31,8 +37,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +66,14 @@ jobs: with: push: false file: integrations/google-compute-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true - file: integrations/google-compute-scanner/Dockerfile + file: integrations/google-compute-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/integrations-kubernetes-job-agent.yaml b/.github/workflows/integrations-kubernetes-job-agent.yaml index e173e890e..d7dd33e31 100644 --- a/.github/workflows/integrations-kubernetes-job-agent.yaml +++ b/.github/workflows/integrations-kubernetes-job-agent.yaml @@ -19,9 +19,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -31,8 +37,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +66,14 @@ jobs: with: push: false file: integrations/kubernetes-job-agent/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: integrations/kubernetes-job-agent/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/integrations-terraform-cloud-scanner.yaml b/.github/workflows/integrations-terraform-cloud-scanner.yaml index 42a32937e..96b76b1d2 100644 --- a/.github/workflows/integrations-terraform-cloud-scanner.yaml +++ b/.github/workflows/integrations-terraform-cloud-scanner.yaml @@ -31,8 +31,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +60,14 @@ jobs: with: push: false file: integrations/terraform-cloud-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: integrations/terraform-cloud-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/packages-migrations.yaml b/.github/workflows/packages-migrations.yaml index 21480b705..21b6ab8c4 100644 --- a/.github/workflows/packages-migrations.yaml +++ b/.github/workflows/packages-migrations.yaml @@ -27,8 +27,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -47,12 +56,14 @@ jobs: with: push: false file: packages/db/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: packages/db/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }}