diff --git a/.github/resources/configmap_role.yaml b/.github/resources/configmap_role.yaml new file mode 100644 index 000000000..38380d8fe --- /dev/null +++ b/.github/resources/configmap_role.yaml @@ -0,0 +1,8 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: configmap-manager +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/.github/resources/configmap_role_binding.yaml b/.github/resources/configmap_role_binding.yaml new file mode 100644 index 000000000..ed50ccfa0 --- /dev/null +++ b/.github/resources/configmap_role_binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: configmap-rolebinding-github-action +subjects: + - kind: User + name: arc-runner-set-aissemble-gha-rs-no-permission + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: configmap-manager + apiGroup: rbac.authorization.k8s.io + + diff --git a/.github/resources/configmap_role_binding_default.yaml b/.github/resources/configmap_role_binding_default.yaml new file mode 100644 index 000000000..c57ed8e9d --- /dev/null +++ b/.github/resources/configmap_role_binding_default.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: configmap-rolebinding-github-action-default + namespace: default +subjects: + - kind: User + name: arc-runner-set-aissemble-gha-rs-no-permission + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: configmap-manager-default + apiGroup: rbac.authorization.k8s.io + + diff --git a/.github/resources/configmap_role_default.yaml b/.github/resources/configmap_role_default.yaml new file mode 100644 index 000000000..2a3d6bc21 --- /dev/null +++ b/.github/resources/configmap_role_default.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: configmap-manager-default + namespace: default +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/.github/resources/helm_it_role_binding.yaml b/.github/resources/helm_it_role_binding.yaml new file mode 100644 index 000000000..fe69bc2be --- /dev/null +++ b/.github/resources/helm_it_role_binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: helm-it-user-binding + namespace: actions-runners +subjects: + - kind: ServiceAccount + name: arc-runner-set-aissemble-gha-rs-no-permission + namespace: actions-runners +roleRef: + kind: ClusterRole + name: helm-it-user + apiGroup: rbac.authorization.k8s.io diff --git a/.github/resources/helm_it_roles.yaml b/.github/resources/helm_it_roles.yaml new file mode 100644 index 000000000..b6a9923bc --- /dev/null +++ b/.github/resources/helm_it_roles.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: helm-it-user +rules: + - apiGroups: [""] + resources: ["namespaces", "pods", "services", "configmaps", "secrets", "serviceaccounts", "persistentvolumeclaims"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["apps"] + resources: ["deployments", "statefulsets", "daemonsets", "replicasets"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["roles", "rolebindings"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list"] diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6b84b1dcb..512f9d5e6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ on: description: "Branch you want to build" required: true type: string - default: 'dev' + default: '248-gh-build-it-tests' push: branches: [ "dev" ] diff --git a/.github/workflows/build2.yml b/.github/workflows/build2.yml new file mode 100644 index 000000000..98f68717d --- /dev/null +++ b/.github/workflows/build2.yml @@ -0,0 +1,109 @@ +# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Build aissemble 2 + +on: + workflow_dispatch: + inputs: + buildBranch: + description: "Branch you want to build" + required: true + type: string + default: '248-gh-build-it-tests' + push: + branches: [ "248-gh-build-it-tests" ] + +jobs: + build: + + runs-on: arc-runner-set-aissemble + env: + DOCKER_CONFIG: /home/runner/.docker + + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.buildBranch }} + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Install required packages + run: | + sudo apt-get update + sudo apt install -y build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev curl \ + git libncursesw5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev libffi-dev liblzma-dev zip unzip \ + libpython3.11 + - name: Install Python + uses: gabrielfalcao/pyenv-action@v18 + with: + default: 3.11.4 + - name: Load m2 repository cache # Manually caching .m2 repo as the setup-java caching isn't falling back to older caches + id: cached-m2-repo + uses: actions/cache@v4 + with: + path: ~/.m2/repository + key: maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + maven- + - name: Load m2 build cache + id: cached-m2-build + uses: actions/cache@v4 + with: + path: ~/.m2/build-cache + key: maven-build-cache-${{ hashFiles('**/pom.xml') }} + restore-keys: | + maven-build-cache- + - name: Install Poetry + uses: snok/install-poetry@v1 + - name: Poetry cache + id: cached-poetry + uses: actions/cache@v4 + with: + path: ~/.cache/pypoetry + key: poetry-cache-${{ hashFiles('**/pom.xml') }} + restore-keys: | + poetry- + - name: Install Helm + run: | + curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 + chmod 700 get_helm.sh + ./get_helm.sh + - name: Install Helm Unittest Plugin + run: | + echo "Updating helm unittest plugin to latest version..." + helm plugin install https://github.com/helm-unittest/helm-unittest.git +# helm plugin install https://github.com/quintush/helm-unittest + - name: Set up JDK 11 + uses: actions/setup-java@v4 + with: + java-version: '11' + distribution: 'temurin' + - name: Create Docker Builder Config File + run: sudo touch /etc/buildkitd.toml + - name: Build aiSSEMBLE + run: | + ./mvnw -B clean install --file pom.xml -Pci,integration-test + #NB: The following two explicit cache saves are necessary to ensure caches are saved on build failure, + # until https://github.com/actions/cache/issues/1315 is resolved + - name: Save m2 repository cache + id: save-m2-repo + uses: actions/cache/save@v4 + if: always() + with: + path: ~/.m2/repository + key: maven-${{ hashFiles('**/pom.xml') }} + - name: Save m2 build cache + id: save-m2-build + uses: actions/cache/save@v4 + if: always() + with: + path: ~/.m2/build-cache + key: maven-build-cache-${{ hashFiles('**/pom.xml') }} diff --git a/extensions/extensions-helm/pom.xml b/extensions/extensions-helm/pom.xml index 39068d159..24a2d4861 100644 --- a/extensions/extensions-helm/pom.xml +++ b/extensions/extensions-helm/pom.xml @@ -84,6 +84,9 @@ + + actions-runners +