From 736ec5921b931d8ceebbc86c9189e196abb5e057 Mon Sep 17 00:00:00 2001 From: Vishnu Soman Date: Thu, 1 Feb 2024 09:43:14 +0530 Subject: [PATCH] chore(gh-action): remove unused gh actions Signed-off-by: Vishnu Soman --- .github/workflows/spire-agent-action.yaml | 188 --------------------- .github/workflows/spire-server-action.yaml | 119 ------------- 2 files changed, 307 deletions(-) delete mode 100644 .github/workflows/spire-agent-action.yaml delete mode 100644 .github/workflows/spire-server-action.yaml diff --git a/.github/workflows/spire-agent-action.yaml b/.github/workflows/spire-agent-action.yaml deleted file mode 100644 index c5b1afa828..0000000000 --- a/.github/workflows/spire-agent-action.yaml +++ /dev/null @@ -1,188 +0,0 @@ -name: spire-agent workflow -on: - push: - tags: - - "v[0-9]+.[0-9]+.[0-9]+" - - "v[0-9]+.[0-9]+.[0-9]+-*" - pull_request_target: - branches: - - "*" -env: - GO_VERSION: 1.20.1 - REPO: 956994857092.dkr.ecr.us-east-2.amazonaws.com - IMAGE_NAME: spire-agent - CHART_NAME: spire-agent - CHART_PATH: ./spire-agent-chart - CHART_REVISION_NAME: spire-agent - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} - AWS_REGION: us-east-2 -permissions: - contents: read - -jobs: - tag-validate: - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/v') - steps: - - uses: rubenesp87/semver-validation-action@0.1.0 - with: - version: ${{ github.ref_name }} - - cache-deps: - name: cache-deps (linux) - runs-on: ubuntu-20.04 - - permissions: - contents: read - - steps: - - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3.3.0 - - name: Setup go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/setup-go@v3.5.0 - with: - go-version: ${{ env.GO_VERSION }} - - name: Set git token - run: git remote set-url origin https://${{ secrets.V_GIT_KEY }}@github.com/accuknox/spire.git - - name: Update submodules - run: git submodule update --init --recursive - - name: Setup dep cache - uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # ratchet:actions/cache@v3.2.4 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - - name: Pull go deps - run: go mod download - - artifacts: - name: artifacts (linux) - runs-on: ubuntu-20.04 - needs: [cache-deps] - - permissions: - contents: read - - steps: - - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3.3.0 - - name: Setup go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/setup-go@v3.5.0 - with: - go-version: ${{ env.GO_VERSION }} - - name: Load cached deps - uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # ratchet:actions/cache@v3.2.4 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - - name: Load cached build tools - uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # ratchet:actions/cache@v3.2.4 - with: - path: .build - key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} - - name: Build artifacts - run: ./.github/workflows/scripts/build_artifacts.sh - - images: - name: images (linux) - runs-on: ubuntu-20.04 - needs: [cache-deps] - - permissions: - contents: read - - steps: - - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3.3.0 - - name: Setup go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/setup-go@v3.5.0 - with: - go-version: ${{ env.GO_VERSION }} - - name: Load cached deps - uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # ratchet:actions/cache@v3.2.4 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - - name: Load cached build tools - uses: actions/cache@6998d139ddd3e68c71e9e398d8e40b71a2f39812 # ratchet:actions/cache@v3.2.4 - with: - path: .build - key: ${{ runner.os }}-tools-${{ hashFiles('.go-version','Makefile') }} - - name: Set up QEMU - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # ratchet:docker/setup-qemu-action@v2.1.0 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # ratchet:docker/setup-buildx-action@v2.4.1 - - name: download regctl - run: | - curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl - chmod 755 regctl - mv regctl /usr/bin - whereis regctl - - name: Build spire-agent-image - run: make spire-agent-image - - name: load spire-agent-image - run: make load-images - - name: Tag docker images - run: docker image tag ${{ env.IMAGE_NAME }}:latest ${{ env.REPO }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} - - docker-image-scan: - runs-on: ubuntu-latest - needs: [tag-validate] - if: always() && !contains(needs.tag-validate.result, 'failure') - steps: - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ${{ env.REPO }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} - output: ./trivy-results - severity: CRITICAL,HIGH - exit-code: 0 - - docker-image-push: - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/v') - needs: [docker-image-scan, helm-chart-validate] - steps: - - name: Login to ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - name: Docker push to ECR - shell: bash - run: docker push ${{ env.REPO }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} - - helm-chart-validate: - runs-on: ubuntu-latest - needs: [tag-validate] - if: always() && !contains(needs.version-validation.result, 'failure') - steps: - - name: Checkout source - uses: accuknox/common-gh-actions/actions/checkout-source@main - - name: Validate helm chart - uses: accuknox/common-gh-actions/actions/helm-check@main - with: - chart-path: ${{ env.CHART_PATH }} - revision-name: ${{ env.CHART_REVISION_NAME }} - - helm-chart-push: - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/v') - needs: [docker-image-push] - steps: - - name: Checkout source - uses: accuknox/common-gh-actions/actions/checkout-source@main - - name: Push helm chart to ECR - uses: accuknox/common-gh-actions/actions/helm-push@main - with: - chart-path: ${{ env.CHART_PATH }} - version: ${{ github.ref_name }} - ecr-region: ${{ env.AWS_REGION }} - ecr-repo: ${{ env.REPO }} - - success: - runs-on: ubuntu-20.04 - needs: [artifacts] - permissions: - contents: read - steps: - - name: Declare victory! - run: echo "# Successful" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/spire-server-action.yaml b/.github/workflows/spire-server-action.yaml deleted file mode 100644 index eab848b4c5..0000000000 --- a/.github/workflows/spire-server-action.yaml +++ /dev/null @@ -1,119 +0,0 @@ -name: spire-server workflow -on: - push: - tags: - - "v[0-9]+.[0-9]+.[0-9]+" - - "v[0-9]+.[0-9]+.[0-9]+-*" - pull_request_target: - branches: - - "*" -env: - GO_VERSION: 1.20.1 - REPO: 956994857092.dkr.ecr.us-east-2.amazonaws.com - IMAGE_NAME: spire-server - CHART_NAME: spire-server - CHART_PATH: ./spire-server-chart - CHART_REVISION_NAME: spire-server - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} - AWS_REGION: us-east-2 -permissions: - contents: read - -jobs: - tag-validate: - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/v') - steps: - - uses: rubenesp87/semver-validation-action@0.1.0 - with: - version: ${{ github.ref_name }} - - images: - name: images (linux) - runs-on: ubuntu-20.04 - - permissions: - contents: read - - steps: - - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3.3.0 - - name: Setup go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/setup-go@v3.5.0 - with: - go-version: ${{ env.GO_VERSION }} - - name: Set git token - run: git remote set-url origin https://${{ secrets.V_GIT_KEY }}@github.com/accuknox/spire.git - - name: Update submodules - run: git submodule update --init --recursive - - name: Set up QEMU - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # ratchet:docker/setup-qemu-action@v2.1.0 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # ratchet:docker/setup-buildx-action@v2.4.1 - - name: Build spire-server-sidecar-image - run: make server-sidecar - - name: Tag docker images - run: docker image tag spire-sidecar:latest ${{ env.REPO }}/spire-sidecar:latest - - success: - runs-on: ubuntu-20.04 - needs: [artifacts] - permissions: - contents: read - steps: - - name: Declare victory! - run: echo "# Successful" >> $GITHUB_STEP_SUMMARY - - docker-image-scan: - runs-on: ubuntu-latest - needs: [tag-validate] - if: always() && !contains(needs.tag-validate.result, 'failure') - steps: - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ${{ env.REPO }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} - output: ./trivy-results - severity: CRITICAL,HIGH - exit-code: 0 - - docker-image-push: - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/v') - needs: [docker-image-scan, helm-chart-validate] - steps: - - name: Login to ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - name: Docker push to ECR - shell: bash - run: docker push ${{ env.REPO }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} - - helm-chart-validate: - runs-on: ubuntu-latest - needs: [tag-validate] - if: always() && !contains(needs.version-validation.result, 'failure') - steps: - - name: Checkout source - uses: accuknox/common-gh-actions/actions/checkout-source@main - - name: Validate helm chart - uses: accuknox/common-gh-actions/actions/helm-check@main - with: - chart-path: ${{ env.CHART_PATH }} - revision-name: ${{ env.CHART_REVISION_NAME }} - - helm-chart-push: - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/v') - needs: [docker-image-push] - steps: - - name: Checkout source - uses: accuknox/common-gh-actions/actions/checkout-source@main - - name: Push helm chart to ECR - uses: accuknox/common-gh-actions/actions/helm-push@main - with: - chart-path: ${{ env.CHART_PATH }} - version: ${{ github.ref_name }} - ecr-region: ${{ env.AWS_REGION }} - ecr-repo: ${{ env.REPO }}