Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improvement/osis 147 move to ghcr and bump OSIS #143

Merged
merged 4 commits into from
May 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 50 additions & 0 deletions .github/workflows/codeql.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
---
name: codeQL

on:
push:
branches:
- main
- development/2.1
pull_request:
branches:
- main
- development/2.1
workflow_dispatch:

jobs:
analyze:
name: Static analysis with CodeQL
permissions:
actions: read
contents: read
security-events: write
runs-on: ubuntu-latest
env:
NEXUS_UNAME: ${{ secrets.NEXUS_USERNAME }}
NEXUS_PWD: ${{ secrets.NEXUS_PASSWORD }}
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: java

- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: "corretto"
java-version: "17"

- name: Setup Gradle
uses: gradle/gradle-build-action@v3
with:
gradle-version: 7.3

- name: Execute build with Gradle wrapper
run: ./gradlew build -PsonatypeUsername=$NEXUS_UNAME -PsonatypePassword=$NEXUS_PWD

- name: Build and analyze
uses: github/codeql-action/analyze@v3
18 changes: 18 additions & 0 deletions .github/workflows/dependency-review.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
name: dependency review

on:
pull_request:
branches:
- main
- development/2.1

jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4

- name: 'Dependency Review'
uses: actions/dependency-review-action@v4
33 changes: 8 additions & 25 deletions .github/workflows/docker-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,28 +4,13 @@ name: docker-build
on:
workflow_call:
inputs:
namespace:
required: false
type: string
default: osis-dev
tag:
required: false
type: string
default: "${{ github.sha }}"
registry:
required: false
type: string
default: registry.scality.com
secrets:
REGISTRY_LOGIN:
required: true
REGISTRY_PASSWORD:
required: true

env:
NAMESPACE: ${{ inputs.namespace }}
TAG: ${{ inputs.tag }}
REGISTRY: ${{ inputs.registry }}

jobs:
build:
Expand All @@ -34,25 +19,23 @@ jobs:
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3

- name: Login to Registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_LOGIN }}
password: ${{ secrets.REGISTRY_PASSWORD }}
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ github.token }}

- name: Build and push development docker image
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/osis:${{ env.TAG }}
tags: ghcr.io/${{ github.repository }}:${{ env.TAG }}
cache-from: type=gha,scope=osis
cache-to: type=gha,mode=max,scope=osis
build-args: |
NODE_ENV=${{ matrix.build.env }}
6 changes: 3 additions & 3 deletions .github/workflows/gradle-build-and-upload.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,16 @@ jobs:
SIGNING_PWD: ${{ secrets.SIGNING_PASSWORD }}
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Setup Java
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
distribution: "corretto"
java-version: "17"

- name: Setup Gradle
uses: gradle/gradle-build-action@v2
uses: gradle/gradle-build-action@v3
with:
gradle-version: 7.3

Expand Down
6 changes: 1 addition & 5 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,7 @@ jobs:
name: Docker image
uses: ./.github/workflows/docker-build.yml
with:
namespace: osis
tag: ${{ github.event.inputs.tag }}
secrets:
REGISTRY_LOGIN: ${{ secrets.REGISTRY_LOGIN }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}

github-release:
name: Creating GitHub Release
Expand All @@ -27,7 +23,7 @@ jobs:
- docker-build
steps:
- name: Github Release
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
33 changes: 33 additions & 0 deletions .github/workflows/security.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
name: security

on:
push:
branches:
- main
- development/2.1
release:
types: [published]
pull_request:
branches:
- main
- development/2.1
schedule:
- cron: '0 8 * * 1' # Monday - 8am - UTC
workflow_dispatch:

jobs:
build:
permissions:
contents: read
packages: write
uses: ./.github/workflows/docker-build.yml

trivy:
needs: build
name: Trivy Vulnerability Scan for Code
uses: scality/workflows/.github/workflows/trivy.yaml@v2
with:
name: ${{ github.event.repository.name }}
namespace: ${{ github.repository_owner }}
registry: ghcr.io
5 changes: 1 addition & 4 deletions .github/workflows/test-and-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,14 @@ jobs:
docker-build:
name: Development docker image
uses: ./.github/workflows/docker-build.yml
secrets:
REGISTRY_LOGIN: ${{ secrets.REGISTRY_LOGIN }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}

code_coverage:
name: code coverage
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
name: codecov-osis
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ This project is for OSIS, which integrates [Scality RING](https://www.scality.co
```
Dev:
```sh
$ docker pull registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality:<short SHA-1 commit hash>
docker pull ghcr.io/scality/osis:<short SHA-1 commit hash>
```
Production image:
```sh
$ docker pull registry.scality.com/vmware-ose-scality/vmware-ose-scality:<tag>
docker pull ghcr.io/scality/osis:<tag>
```
1. Generate a self-signed SSL certificate and store it in a binary PKCS#12 format file with extension `.p12` file. (Refer [here](#To-generate-PKCS12-file-for-self-signed-SSL-certificate))

Expand Down Expand Up @@ -57,7 +57,7 @@ This project is for OSIS, which integrates [Scality RING](https://www.scality.co
-v <absolute_path_to_.p12_file>:/app/lib/osis.p12:ro,z \
-v <absolute_path_to_crypto.yml_file>:/conf/crypto.yml:ro,z \
-v <absolute_path_to_application.properties_file>:/conf/application.properties:ro,z \
registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality:<short SHA-1 commit hash>
ghcr.io/scality/osis:<short SHA-1 commit hash>
```
Production image:
```sh
Expand All @@ -68,7 +68,7 @@ This project is for OSIS, which integrates [Scality RING](https://www.scality.co
-v <absolute_path_to_.p12_file>:/app/lib/osis.p12:ro,z \
-v <absolute_path_to_crypto.yml_file>:/conf/crypto.yml:ro,z \
-v <absolute_path_to_application.properties_file>:/conf/application.properties:ro,z \
registry.scality.com/vmware-ose-scality/vmware-ose-scality:<tag>
ghcr.io/scality/osis:<tag>
```


Expand Down
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
buildscript {
ext {
osisVersion = '2.1.3'
osisVersion = '2.1.4'
anurag4DSB marked this conversation as resolved.
Show resolved Hide resolved
vaultclientVersion = '1.1.2'
springBootVersion = '2.7.6'
}
Expand Down
11 changes: 5 additions & 6 deletions docs/RELEASE.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,10 @@

## Docker Image generation

Docker images are hosted on registry.scality.com.
It has two names spaces for Vmware-ose-scality:
Docker images are hosted on ghcr.io/scality.
It has one image:

* Production Namespace: registry.scality.com/vmware-ose-scality
* Dev Namespace: registry.scality.com/vmware-ose-scality-dev
* Production container image: ghcr.io/scality/osis

Production namespace provides write access to a few admins and CI while read
access is given to all the developers. Dev namespace provides write access
Expand All @@ -17,8 +16,8 @@ images to be used by developers, CI builds, build chain and so on.
## How to pull docker images

```sh
docker pull registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality:<short SHA-1 commit hash>
docker pull registry.scality.com/vmware-ose-scality/vmware-ose-scality:<tag>
docker pull ghcr.io/scality/osis:<short SHA-1 commit hash>
docker pull ghcr.io/scality/osis:<tag>
```

## Release Process
Expand Down
4 changes: 2 additions & 2 deletions docs/milestone-2-steps.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ docker restart scality-vault-1
- Pull this docker image. Use the latest commit from thew repository as SHA in the below command.

```sh
docker pull registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality:<SHA>
docker pull ghcr.io/scality/osis:<SHA>

```

Expand Down Expand Up @@ -105,7 +105,7 @@ docker pull registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality:<SHA>
-p 8443:8443 \
-v /root/keyStore.p12:/app/lib/osis.p12:ro,z \
-v /root/crypto.yml:/app/config/crypto.yml:ro,z \
registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality:<SHA1>
ghcr.io/scality/osis:<SHA1>
```

Note: For S3 Connector, use the host network as shows in the example above.
Expand Down
Loading