From a059a6fbd3f64f905d55ccabd350aef5d7179210 Mon Sep 17 00:00:00 2001 From: Kate Goldenring Date: Wed, 2 Dec 2020 16:29:00 -0800 Subject: [PATCH 1/4] don't persist github creds and remove setup.sh from workflows --- .github/workflows/build-agent-container.yml | 8 +++++--- .github/workflows/build-controller-container.yml | 8 +++++--- .../build-onvif-video-broker-container.yml | 5 +++++ .github/workflows/build-opencv-base-container.yml | 3 +++ .../workflows/build-rust-crossbuild-container.yml | 3 +++ .../workflows/build-udev-video-broker-container.yml | 8 +++++--- .../build-video-streaming-app-container.yml | 5 +++++ .github/workflows/check-rust.yml | 13 +++++++++---- .github/workflows/check-versioning.yml | 3 +++ .github/workflows/run-helm.yml | 7 +++++++ .github/workflows/run-tarpaulin.yml | 8 ++++---- .github/workflows/run-test-cases.yml | 6 +++--- 12 files changed, 57 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build-agent-container.yml b/.github/workflows/build-agent-container.yml index b036195ea..e8e4971ed 100644 --- a/.github/workflows/build-agent-container.yml +++ b/.github/workflows/build-agent-container.yml @@ -10,7 +10,6 @@ on: - build/containers/Dockerfile.agent - agent/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -23,7 +22,6 @@ on: - build/containers/Dockerfile.agent - agent/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -36,7 +34,6 @@ on: - build/containers/Dockerfile.agent - agent/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -74,10 +71,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - name: Prepare To Install uses: actions/setup-node@v1 @@ -115,6 +115,8 @@ jobs: steps: - name: Checkout repo uses: actions/checkout@v2 + with: + persist-credentials: false - name: Prepare To Install uses: actions/setup-node@v1 diff --git a/.github/workflows/build-controller-container.yml b/.github/workflows/build-controller-container.yml index c1a87b786..e829f36d1 100644 --- a/.github/workflows/build-controller-container.yml +++ b/.github/workflows/build-controller-container.yml @@ -10,7 +10,6 @@ on: - build/containers/Dockerfile.controller - controller/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -23,7 +22,6 @@ on: - build/containers/Dockerfile.controller - controller/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -36,7 +34,6 @@ on: - build/containers/Dockerfile.controller - controller/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -73,10 +70,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - name: Prepare To Install uses: actions/setup-node@v1 @@ -114,6 +114,8 @@ jobs: steps: - name: Checkout repo uses: actions/checkout@v2 + with: + persist-credentials: false - name: Prepare To Install uses: actions/setup-node@v1 diff --git a/.github/workflows/build-onvif-video-broker-container.yml b/.github/workflows/build-onvif-video-broker-container.yml index 348783471..378572a29 100644 --- a/.github/workflows/build-onvif-video-broker-container.yml +++ b/.github/workflows/build-onvif-video-broker-container.yml @@ -68,10 +68,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - name: Prepare To Install uses: actions/setup-node@v1 @@ -109,6 +112,8 @@ jobs: steps: - name: Checkout repo uses: actions/checkout@v2 + with: + persist-credentials: false - name: Prepare To Install uses: actions/setup-node@v1 diff --git a/.github/workflows/build-opencv-base-container.yml b/.github/workflows/build-opencv-base-container.yml index 92cd96381..e6f082b6c 100644 --- a/.github/workflows/build-opencv-base-container.yml +++ b/.github/workflows/build-opencv-base-container.yml @@ -55,10 +55,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - name: Akri intermediate builds are LONG running and should only be run when absolutely needed if: >- diff --git a/.github/workflows/build-rust-crossbuild-container.yml b/.github/workflows/build-rust-crossbuild-container.yml index 91698b41c..f296e186e 100644 --- a/.github/workflows/build-rust-crossbuild-container.yml +++ b/.github/workflows/build-rust-crossbuild-container.yml @@ -55,10 +55,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - name: Akri intermediate builds are LONG running and should only be run when absolutely needed if: >- diff --git a/.github/workflows/build-udev-video-broker-container.yml b/.github/workflows/build-udev-video-broker-container.yml index 3174dcae4..5f347535f 100644 --- a/.github/workflows/build-udev-video-broker-container.yml +++ b/.github/workflows/build-udev-video-broker-container.yml @@ -10,7 +10,6 @@ on: - build/containers/Dockerfile.udev-video-broker - samples/brokers/udev-video-broker/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -23,7 +22,6 @@ on: - build/containers/Dockerfile.udev-video-broker - samples/brokers/udev-video-broker/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -36,7 +34,6 @@ on: - build/containers/Dockerfile.udev-video-broker - samples/brokers/udev-video-broker/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -74,10 +71,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - name: Prepare To Install uses: actions/setup-node@v1 @@ -115,6 +115,8 @@ jobs: steps: - name: Checkout repo uses: actions/checkout@v2 + with: + persist-credentials: false - name: Prepare To Install uses: actions/setup-node@v1 diff --git a/.github/workflows/build-video-streaming-app-container.yml b/.github/workflows/build-video-streaming-app-container.yml index d6f3694ac..645d3fcaa 100644 --- a/.github/workflows/build-video-streaming-app-container.yml +++ b/.github/workflows/build-video-streaming-app-container.yml @@ -68,10 +68,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - name: Prepare To Install uses: actions/setup-node@v1 @@ -109,6 +112,8 @@ jobs: steps: - name: Checkout repo uses: actions/checkout@v2 + with: + persist-credentials: false - name: Prepare To Install uses: actions/setup-node@v1 diff --git a/.github/workflows/check-rust.yml b/.github/workflows/check-rust.yml index 4f2011eed..66d34d3af 100644 --- a/.github/workflows/check-rust.yml +++ b/.github/workflows/check-rust.yml @@ -8,7 +8,6 @@ on: - '**.rs' - '**/Cargo.toml' - '**/Cargo.lock' - - build/setup.sh pull_request: branches: [ main ] paths: @@ -16,7 +15,6 @@ on: - '**.rs' - '**/Cargo.toml' - '**/Cargo.lock' - - build/setup.sh pull_request_target: branches: [ main ] paths: @@ -24,7 +22,6 @@ on: - '**.rs' - '**/Cargo.toml' - '**/Cargo.lock' - - build/setup.sh env: CARGO_TERM_COLOR: always @@ -49,10 +46,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - name: Rust install uses: actions-rs/toolchain@v1 @@ -61,7 +61,12 @@ jobs: override: true components: clippy, rustfmt - name: Install linux requirement - run: ./build/setup.sh + run: | + apt_dependencies="git curl libssl-dev pkg-config libudev-dev libv4l-dev" + echo "Install dependencies: $apt_dependencies" + echo "Run apt update and apt install without sudo" + apt update + apt install -y $apt_dependencies - name: Check rust format run: cargo fmt --all -- --check - name: Check clippy diff --git a/.github/workflows/check-versioning.yml b/.github/workflows/check-versioning.yml index 8f319051e..4a0e41775 100644 --- a/.github/workflows/check-versioning.yml +++ b/.github/workflows/check-versioning.yml @@ -78,10 +78,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false # Only run version check for PRs. If PR title does NOT contain "[SAME VERSION]", then ensure that # version.txt is different from what is in main. diff --git a/.github/workflows/run-helm.yml b/.github/workflows/run-helm.yml index 77a222478..dc351e21e 100644 --- a/.github/workflows/run-helm.yml +++ b/.github/workflows/run-helm.yml @@ -43,10 +43,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - uses: azure/setup-helm@v1 @@ -71,10 +74,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - uses: azure/setup-helm@v1 with: @@ -123,6 +129,7 @@ jobs: uses: actions/checkout@v2 with: ref: gh-pages + persist-credentials: false - name: Get new chart from artifact path if: (github.event_name == 'release') || (github.event_name == 'push' && github.ref == 'refs/heads/main') || (startsWith(github.event_name, 'pull_request') && github.event.action == 'closed' && github.event.pull_request.merged == true && github.ref != 'refs/heads/main') diff --git a/.github/workflows/run-tarpaulin.yml b/.github/workflows/run-tarpaulin.yml index 533ff56ed..9628a9c56 100644 --- a/.github/workflows/run-tarpaulin.yml +++ b/.github/workflows/run-tarpaulin.yml @@ -7,21 +7,18 @@ on: - .github/workflows/run-tarpaulin.yml - '**.rs' - '**/Cargo.toml' - - build/setup.sh pull_request: branches: [ main ] paths: - .github/workflows/run-tarpaulin.yml - '**.rs' - '**/Cargo.toml' - - build/setup.sh pull_request_target: branches: [ main ] paths: - .github/workflows/run-tarpaulin.yml - '**.rs' - '**/Cargo.toml' - - build/setup.sh env: CARGO_TERM_COLOR: always @@ -45,10 +42,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - name: Log into dockerhub to avoid throttled anonymous dockerhub pulls run: echo "${{ secrets.DHPASSWORD }}" | docker login --username "${{ secrets.DHUSERNAME }}" --password-stdin @@ -57,7 +57,7 @@ jobs: - name: Start tarpaulin instance run: docker start $(cat container_id.txt) - name: Install linux requirement in tarpaulin instance - run: docker exec $(cat container_id.txt) sh -c "./build/setup.sh" + run: docker exec $(cat container_id.txt) sh -c "apt_dependencies='git curl libssl-dev pkg-config libudev-dev libv4l-dev' ; echo 'Install dependencies: $apt_dependencies' ; echo 'Run apt update and apt install without sudo' ; apt update ; apt install -y $apt_dependencies" - name: Install rust requirements in tarpaulin instance run: docker exec $(cat container_id.txt) sh -c "rustup component add rustfmt" - name: Run tarpaulin diff --git a/.github/workflows/run-test-cases.yml b/.github/workflows/run-test-cases.yml index 0ad531572..382f6ef37 100644 --- a/.github/workflows/run-test-cases.yml +++ b/.github/workflows/run-test-cases.yml @@ -16,7 +16,6 @@ on: - agent/** - controller/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -34,7 +33,6 @@ on: - agent/** - controller/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -52,7 +50,6 @@ on: - agent/** - controller/** - shared/** - - build/setup.sh - version.txt - build/akri-containers.mk - Makefile @@ -92,10 +89,13 @@ jobs: # of the pull request, so the default ref is master branch and # ref should be manually set to the head of the PR ref: refs/pull/${{ github.event.pull_request.number }}/head + persist-credentials: false - name: Checkout the head commit of the branch if: ${{ github.event_name != 'pull_request_target' }} uses: actions/checkout@v2 + with: + persist-credentials: false - name: Log into dockerhub to avoid throttled anonymous dockerhub pulls run: echo "${{ secrets.DHPASSWORD }}" | docker login --username "${{ secrets.DHUSERNAME }}" --password-stdin From 8335c32c59dd86f863087e6b014769a6ddcba9c2 Mon Sep 17 00:00:00 2001 From: Kate Goldenring Date: Wed, 2 Dec 2020 16:41:51 -0800 Subject: [PATCH 2/4] change Linux requirements installation to run as root --- .github/workflows/check-rust.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/check-rust.yml b/.github/workflows/check-rust.yml index 66d34d3af..4d8d60e51 100644 --- a/.github/workflows/check-rust.yml +++ b/.github/workflows/check-rust.yml @@ -60,13 +60,13 @@ jobs: toolchain: 1.41.0 override: true components: clippy, rustfmt - - name: Install linux requirement + - name: Install Linux requirements run: | apt_dependencies="git curl libssl-dev pkg-config libudev-dev libv4l-dev" echo "Install dependencies: $apt_dependencies" echo "Run apt update and apt install without sudo" - apt update - apt install -y $apt_dependencies + sudo apt update + sudo apt install -y $apt_dependencies - name: Check rust format run: cargo fmt --all -- --check - name: Check clippy From dd693f11249abb975c31d1f4fc1b1c070aa0d873 Mon Sep 17 00:00:00 2001 From: Kate Goldenring Date: Wed, 2 Dec 2020 17:11:47 -0800 Subject: [PATCH 3/4] fix dependencies installation instructions --- .github/workflows/check-rust.yml | 3 +-- .github/workflows/run-tarpaulin.yml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/check-rust.yml b/.github/workflows/check-rust.yml index 4d8d60e51..35d7ad5da 100644 --- a/.github/workflows/check-rust.yml +++ b/.github/workflows/check-rust.yml @@ -63,8 +63,7 @@ jobs: - name: Install Linux requirements run: | apt_dependencies="git curl libssl-dev pkg-config libudev-dev libv4l-dev" - echo "Install dependencies: $apt_dependencies" - echo "Run apt update and apt install without sudo" + echo "Run apt update and apt install the following dependencies: $apt_dependencies" sudo apt update sudo apt install -y $apt_dependencies - name: Check rust format diff --git a/.github/workflows/run-tarpaulin.yml b/.github/workflows/run-tarpaulin.yml index 9628a9c56..4596e905b 100644 --- a/.github/workflows/run-tarpaulin.yml +++ b/.github/workflows/run-tarpaulin.yml @@ -57,7 +57,7 @@ jobs: - name: Start tarpaulin instance run: docker start $(cat container_id.txt) - name: Install linux requirement in tarpaulin instance - run: docker exec $(cat container_id.txt) sh -c "apt_dependencies='git curl libssl-dev pkg-config libudev-dev libv4l-dev' ; echo 'Install dependencies: $apt_dependencies' ; echo 'Run apt update and apt install without sudo' ; apt update ; apt install -y $apt_dependencies" + run: docker exec $(cat container_id.txt) sh -c "echo 'Run apt update and apt install the following dependencies: git curl libssl-dev pkg-config libudev-dev libv4l-dev' ; apt update ; apt install -y git curl libssl-dev pkg-config libudev-dev libv4l-dev" - name: Install rust requirements in tarpaulin instance run: docker exec $(cat container_id.txt) sh -c "rustup component add rustfmt" - name: Run tarpaulin From c94e718934e5f875e01e3d0788a347ac137bd62a Mon Sep 17 00:00:00 2001 From: Kate Goldenring Date: Wed, 2 Dec 2020 17:20:07 -0800 Subject: [PATCH 4/4] fix workflow yaml formatting error --- .github/workflows/run-tarpaulin.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/run-tarpaulin.yml b/.github/workflows/run-tarpaulin.yml index 4596e905b..31382a5ab 100644 --- a/.github/workflows/run-tarpaulin.yml +++ b/.github/workflows/run-tarpaulin.yml @@ -57,7 +57,7 @@ jobs: - name: Start tarpaulin instance run: docker start $(cat container_id.txt) - name: Install linux requirement in tarpaulin instance - run: docker exec $(cat container_id.txt) sh -c "echo 'Run apt update and apt install the following dependencies: git curl libssl-dev pkg-config libudev-dev libv4l-dev' ; apt update ; apt install -y git curl libssl-dev pkg-config libudev-dev libv4l-dev" + run: docker exec $(cat container_id.txt) sh -c "echo Run apt update and apt install the following dependencies - git curl libssl-dev pkg-config libudev-dev libv4l-dev ; apt update ; apt install -y git curl libssl-dev pkg-config libudev-dev libv4l-dev" - name: Install rust requirements in tarpaulin instance run: docker exec $(cat container_id.txt) sh -c "rustup component add rustfmt" - name: Run tarpaulin