diff --git a/.github/workflows/reusables/staging-container-build.yml b/.github/workflows/reusables/staging-container-build.yml new file mode 100644 index 000000000..762e47675 --- /dev/null +++ b/.github/workflows/reusables/staging-container-build.yml @@ -0,0 +1,65 @@ +name: Build staging container (REUSABLE) + + workflow_call: + inputs: + IMAGE: + required: true + type: string + DOCKERFILE: + required: true + type: string + secrets: + DOCKER_USERNAME: + required: true + DOCKER_TOKEN: + required: true + PRIVATE_REGISTRY: + required: true + PRIVATE_REGISTRY_TOKEN: + required: true + +jobs: + build: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Build image + - name: Build container for amd64 + uses: docker/build-push-action@v3 + with: + context: . + file: ${{ inputs.DOCKERFILE }} + platforms: linux/amd64 + load: true + tags: local/${{ inputs.IMAGE }} + cache-from: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-staging + cache-to: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-staging,mode=min + # Check OS vulnerabilities + - name: Check OS vulnerabilities + uses: aquasecurity/trivy-action@master + with: + vuln-type: os + image-ref: local/${{ inputs.IMAGE }} + format: table + exit-code: 1 + ignore-unfixed: false + severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL + trivyignores: .trivyignore + # Push image + - name: Push image + run: docker tag local/${{ inputs.IMAGE }} ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:staging && docker push ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:staging \ No newline at end of file diff --git a/.github/workflows/reusables/staging-create-infra.yml b/.github/workflows/reusables/staging-create-infra.yml new file mode 100644 index 000000000..e49a5e058 --- /dev/null +++ b/.github/workflows/reusables/staging-create-infra.yml @@ -0,0 +1,49 @@ +name: Create staging infra (REUSABLE) + + workflow_call: + inputs: + TYPE: + required: true + type: string + secrets: + CICD_SECRETS: + required: true + +jobs: + create: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Generate SSH keypair + run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config + if: inputs.TYPE != 'k8s' + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - name: Install kubectl + uses: azure/setup-kubectl@v3 + if: inputs.TYPE == 'k8s' + - name: Set up Python 3.11 + uses: actions/setup-python@v4 + if: inputs.TYPE != 'k8s' + with: + python-version: '3.11' + cache: 'pip' + - name: Install ansible + run: pip install ansible + if: inputs.TYPE != 'k8s' + - name: Install ansible libs + run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner && ansible-galaxy collection install --timeout 120 community.general + if: inputs.TYPE != 'k8s' + # Create infra + - run: ./tests/create.sh ${{ inputs.TYPE }} + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + - run: tar -cvf terraform.tar /tmp/${{ inputs.TYPE }} + if: always() + - uses: actions/upload-artifact@v3 + if: always() + with: + name: tf-${{ inputs.TYPE }} + path: terraform.tar diff --git a/.github/workflows/reusables/staging-delete-infra.yml b/.github/workflows/reusables/staging-delete-infra.yml new file mode 100644 index 000000000..beffa0240 --- /dev/null +++ b/.github/workflows/reusables/staging-delete-infra.yml @@ -0,0 +1,38 @@ +name: Delete staging infra (REUSABLE) + +on: + workflow_call: + inputs: + TYPE: + required: true + type: string + secrets: + CICD_SECRETS: + required: true + +jobs: + delete: + if: ${{ always() }} + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - uses: actions/download-artifact@v3 + with: + name: tf-${{ inputs.TYPE }} + path: /tmp + - run: tar xvf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub + - uses: azure/setup-kubectl@v3 + if: inputs.TYPE == "k8s" + # Remove infra + - run: kubectl delete daemonsets,replicasets,services,deployments,pods,rc,ingress,statefulsets --all --all-namespaces --timeout=60s ; kubectl delete pvc --all --timeout=60s ; kubectl delete pv --all --timeout=60s + if: inputs.TYPE == "k8s" + continue-on-error: true + env: + KUBECONFIG: /tmp/k8s/kubeconfig + - run: ./tests/rm.sh ${{ inputs.TYPE }} + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} diff --git a/.github/workflows/reusables/staging-linux-build.yml b/.github/workflows/reusables/staging-linux-build.yml new file mode 100644 index 000000000..222402308 --- /dev/null +++ b/.github/workflows/reusables/staging-linux-build.yml @@ -0,0 +1,67 @@ +name: Build staging Linux package (REUSABLE) + + workflow_call: + inputs: + LINUX: + required: true + type: string + PACKAGE: + required: true + type: string + secrets: + DOCKER_USERNAME: + required: true + DOCKER_TOKEN: + required: true + PRIVATE_REGISTRY: + required: true + PRIVATE_REGISTRY_TOKEN: + required: true + +jobs: + build: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Build package image + - name: Build package image + uses: docker/build-push-action@v3 + with: + context: . + load: true + file: src/linux/Dockerfile-${{ inputs.LINUX }} + platforms: linux/amd64 + tags: local/bunkerweb-${{ inputs.LINUX }}:latest + cache-from: type=registry,ref=bunkerity/cache:${{ inputs.LINUX }}-staging + cache-to: type=registry,ref=bunkerity/cache:${{ inputs.LINUX }}-staging,mode=min + # Generate package + - name: Generate package + run: ./src/linux/package.sh ${{ inputs.LINUX }} + - uses: actions/upload-artifact@v3 + with: + name: package-${{ inputs.LINUX }} + path: package-${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }} + # Build test image + - name: Build test image + uses: docker/build-push-action@v3 + with: + context: . + file: tests/linux/Dockerfile-${{ inputs.LINUX }} + platforms: linux/amd64 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.LINUX }}-tests:staging \ No newline at end of file diff --git a/.github/workflows/reusables/staging-push-docker.yml b/.github/workflows/reusables/staging-push-docker.yml new file mode 100644 index 000000000..7bbaa94fb --- /dev/null +++ b/.github/workflows/reusables/staging-push-docker.yml @@ -0,0 +1,40 @@ +name: Push staging container (REUSABLE) + +on: + workflow_call: + inputs: + PRIVATE_IMAGE: + required: true + type: string + PUBLIC_IMAGE: + required: true + type: string + secrets: + DOCKER_USERNAME: + required: true + DOCKER_TOKEN: + required: true + PRIVATE_REGISTRY: + required: true + PRIVATE_REGISTRY_TOKEN: + required: true + +jobs: + push: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Push + - name: Push bunkerweb + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.PRIVATE_IMAGE }} && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.PRIVATE_IMAGE }} bunkerity/${{ inputs.PUBLIC_IMAGE }} && docker push bunkerity/${{ inputs.PUBLIC_IMAGE }} diff --git a/.github/workflows/reusables/staging-push-packagecloud.yml b/.github/workflows/reusables/staging-push-packagecloud.yml new file mode 100644 index 000000000..df001113b --- /dev/null +++ b/.github/workflows/reusables/staging-push-packagecloud.yml @@ -0,0 +1,89 @@ +name: Push staging packagecloud (REUSABLE) + +on: + workflow_call: + inputs: + SEPARATOR: + required: true + type: string + SUFFIX: + required: true + type: string + REPO: + required: true + type: string + LINUX: + required: true + type: string + VERSION: + required: true + type: string + PACKAGE: + required: true + type: string + secrets: + PACKAGECLOUD_TOKEN: + required: true + +jobs: + push: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Check out repository code + uses: actions/checkout@v3 + - name: Set variables + run: | + VER=$(cat src/VERSION | tr -d '\n') + echo "VERSION=$VER" >> $GITHUB_ENV + - name: Install ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: '3.0' + - name: Install packagecloud + run: gem install package_cloud + # Download packages + - uses: actions/download-artifact@v3 + with: + name: package-${{ inputs.LINUX }} + path: /tmp/${{ inputs.LINUX }} + # Remove existing packages + - name: Remove existing package + run: package_cloud yank bunkerity/${{ inputs.REPO }}/${{ inputs.LINUX }}/${{ inputs.VERSION }} bunkerweb${{ inputs.SEPARATOR }}${{ env.VERSION }}${{ inputs.SEPARATOR }}${{ inputs.SUFFIX }}.${{ inputs.PACKAGE }} + continue-on-error: true + env: + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + # TODO : push + # Push packages + - name: Push Ubuntu DEB to packagecloud + uses: danielmundi/upload-packagecloud@v1 + with: + PACKAGE-NAME: /tmp/ubuntu/bunkerweb_${{ env.VERSION }}-1_amd64.deb + PACKAGECLOUD-USERNAME: bunkerity + PACKAGECLOUD-REPO: bunkerweb-dev + PACKAGECLOUD-DISTRIB: ubuntu/jammy + PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Push Debian DEB to packagecloud + uses: danielmundi/upload-packagecloud@v1 + with: + PACKAGE-NAME: /tmp/debian/bunkerweb_${{ env.VERSION }}-1_amd64.deb + PACKAGECLOUD-USERNAME: bunkerity + PACKAGECLOUD-REPO: bunkerweb-dev + PACKAGECLOUD-DISTRIB: debian/bullseye + PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Push CentOS RPM to packagecloud + uses: danielmundi/upload-packagecloud@v1 + with: + PACKAGE-NAME: /tmp/centos/bunkerweb-${{ env.VERSION }}-1.x86_64.rpm + PACKAGECLOUD-USERNAME: bunkerity + PACKAGECLOUD-REPO: bunkerweb-dev + PACKAGECLOUD-DISTRIB: el/8 + PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Push Fedora RPM to packagecloud + uses: danielmundi/upload-packagecloud@v1 + with: + PACKAGE-NAME: /tmp/fedora/bunkerweb-${{ env.VERSION }}-1.x86_64.rpm + PACKAGECLOUD-USERNAME: bunkerity + PACKAGECLOUD-REPO: bunkerweb-dev + PACKAGECLOUD-DISTRIB: fedora/36 + PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} diff --git a/.github/workflows/reusables/staging-tests.yml b/.github/workflows/reusables/staging-tests.yml new file mode 100644 index 000000000..c173812a7 --- /dev/null +++ b/.github/workflows/reusables/staging-tests.yml @@ -0,0 +1,111 @@ +name: Perform staging tests (REUSABLE) + +on: + workflow_call: + inputs: + TYPE: + required: true + type: string + secrets: + PRIVATE_REGISTRY: + required: true + PRIVATE_REGISTRY_TOKEN: + required: true + TEST_DOMAINS: + required: true + ROOT_DOMAIN: + required: true + +jobs: + tests: + runs-on: [self-hosted, bw-${{ inputs.TYPE }}] + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + - name: Pull BW image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests:staging local/bunkerweb-tests:latest + if: ! contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) + - name: Pull Scheduler image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests:staging local/scheduler-tests:latest + if: ! contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) + - name: Pull Autoconf image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests:staging local/scheduler-tests:latest + if: contains(fromJSON('["autoconf", "swarm"]'), inputs.TYPE) + - name: Push images to local repo + run: docker tag local/bunkerweb-tests:latest 192.168.42.100:5000/bunkerweb-tests:latest && docker push 192.168.42.100:5000/bunkerweb-tests:latest && docker tag local/scheduler-tests:latest 192.168.42.100:5000/scheduler-tests:latest && docker push 192.168.42.100:5000/scheduler-tests:latest && docker tag local/autoconf-tests:latest 192.168.42.100:5000/autoconf-tests:latest && docker push 192.168.42.100:5000/autoconf-tests:latest + if: inputs.TYPE == 'swarm' + - name: Install test dependencies + run: pip3 install -r tests/requirements.txt + - uses: actions/download-artifact@v3 + with: + name: tf-k8s + path: /tmp + if: inputs.TYPE == 'k8s' + - run: tar xvf /tmp/terraform.tar -C / + if: inputs.TYPE == 'k8s' + - uses: azure/setup-kubectl@v3 + if: inputs.TYPE == 'k8s' + - uses: azure/setup-helm@v3 + if: inputs.TYPE == 'k8s' + - name: Pull BW linux ubuntu test image + if: inputs.TYPE == "linux" + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/ubuntu-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/ubuntu-tests:staging local/ubuntu:latest + - name: Pull BW linux debian test image + if: inputs.TYPE == "linux" + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/debian-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/debian-tests:staging local/debian:latest + - name: Pull BW linux centos test image + if: inputs.TYPE == "linux" + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/centos-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/centos-tests:staging local/centos:latest + - name: Pull BW linux fedora test image + if: inputs.TYPE == "linux" + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/fedora-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/fedora-tests:staging local/fedora:latest + - name: Pull BW linux redhat test image + if: inputs.TYPE == "linux" + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/redhat-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/redhat-tests:staging local/redhat:latest + # Do tests + - name: Run tests + if: contains(fromJSON('["docker", "autoconf", "swarm"]'), inputs.TYPE) + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + - name: Run tests + if: inputs.TYPE == "k8s" + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "kubernetes" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + KUBECONFIG: "/tmp/k8s/kubeconfig" + PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} + IMAGE_TAG: "latest" + - name: Run Linux ubuntu tests + if: inputs.TYPE == "linux" + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "ubuntu" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + - name: Run Linux debian tests + if: inputs.TYPE == "linux" + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "debian" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + - name: Run Linux centos tests + if: inputs.TYPE == "linux" + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "centos" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + - name: Run Linux fedora tests + if: inputs.TYPE == "linux" + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "fedora" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} \ No newline at end of file diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml new file mode 100644 index 000000000..1f41b0330 --- /dev/null +++ b/.github/workflows/staging.yml @@ -0,0 +1,1072 @@ +name: Automatic build, test and deploy (STAGING) + +on: + push: + branches: [staging] + +jobs: + + # Containers + build-bw: + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-container-build.yml@staging + with: + IMAGE: bunkerweb + DOCKERFILE: src/bw/Dockerfile + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} + PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} + PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + build-scheduler: + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-container-build.yml@staging + with: + IMAGE: scheduler + DOCKERFILE: src/scheduler/Dockerfile + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} + PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} + PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + build-autoconf: + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-container-build.yml@staging + with: + IMAGE: autoconf + DOCKERFILE: src/autoconf/Dockerfile + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} + PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} + PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + build-ui: + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-container-build.yml@staging + with: + IMAGE: ui + DOCKERFILE: src/ui/Dockerfile + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} + PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} + PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + + # Linux + build-ubuntu: + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-linux-build.yml@staging + with: + LINUX: ubuntu + PACKAGE: deb + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} + PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} + PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + build-debian: + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-linux-build.yml@staging + with: + LINUX: debian + PACKAGE: deb + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} + PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} + PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + build-centos: + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-linux-build.yml@staging + with: + LINUX: centos + PACKAGE: rpm + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} + PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} + PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + build-fedora: + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-linux-build.yml@staging + with: + LINUX: fedora + PACKAGE: rpm + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} + PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} + PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + build-redhat: + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-linux-build.yml@staging + with: + LINUX: redhat + PACKAGE: rpm + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} + PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} + PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + + # Code security + code-security: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + strategy: + fail-fast: false + matrix: + language: ["python"] + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + config-file: ./.github/codeql.yml + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" + + # Create infrastructures + create-infra-docker: + needs: [code-security, build-bw, build-scheduler] + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-create-infra.yml@staging + with: + TYPE: docker + secrets: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + create-infra-autoconf: + needs: [code-security, build-bw, build-scheduler, build-autoconf] + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-create-infra.yml@staging + with: + TYPE: autoconf + secrets: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + create-infra-swarm: + needs: [code-security, build-bw, build-scheduler, build-autoconf] + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-create-infra.yml@staging + with: + TYPE: swarm + secrets: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + create-infra-k8s: + needs: [code-security, build-bw, build-scheduler, build-autoconf] + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-create-infra.yml@staging + with: + TYPE: k8s + secrets: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + create-infra-linux: + needs: [code-security, build-bw, build-scheduler, build-autoconf] + uses: bunkerity/bunkerweb/.github/workflows/reusables/staging-create-infra.yml@staging + with: + TYPE: k8s + secrets: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + + # Build bunkerweb / amd64 + build-bunkerweb-amd64: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Build image + - name: Build BW for amd64 + uses: docker/build-push-action@v3 + with: + context: . + file: src/bw/Dockerfile + platforms: linux/amd64 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:staging + cache-from: type=registry,ref=bunkerity/cache:bw-amd64-cache-staging + cache-to: type=registry,ref=bunkerity/cache:bw-amd64-cache-staging,mode=min + + # Build scheduler / amd64 + build-scheduler-amd64: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Build image + - name: Build Scheduler for amd64 + uses: docker/build-push-action@v3 + with: + context: . + file: src/scheduler/Dockerfile + platforms: linux/amd64 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/scheduler-tests-amd64:staging + cache-from: type=registry,ref=bunkerity/cache:scheduler-amd64-cache-staging + cache-to: type=registry,ref=bunkerity/cache:scheduler-amd64-cache-staging,mode=min + + # Build autoconf / amd64 + build-autoconf-amd64: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Build image + - name: Build Autoconf for amd64 + uses: docker/build-push-action@v3 + with: + context: . + file: src/autoconf/Dockerfile + platforms: linux/amd64 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/autoconf-tests-amd64:staging + cache-from: type=registry,ref=bunkerity/cache:autoconf-amd64-cache-staging + cache-to: type=registry,ref=bunkerity/cache:autoconf-amd64-cache-staging,mode=min + + # Build UI / amd64 + build-ui-amd64: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Build image + - name: Build UI for amd64 + uses: docker/build-push-action@v3 + with: + context: . + file: src/ui/Dockerfile + platforms: linux/amd64 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/ui-tests-amd64:staging + cache-from: type=registry,ref=bunkerity/cache:ui-amd64-cache-staging + cache-to: type=registry,ref=bunkerity/cache:ui-amd64-cache-staging,mode=min + + # Build linux ubuntu + build-bw-ubuntu: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Build package image + - name: Build ubuntu package image + uses: docker/build-push-action@v3 + with: + context: . + load: true + file: src/linux/Dockerfile-ubuntu + platforms: linux/amd64 + tags: local/bunkerweb-ubuntu:latest + cache-from: type=registry,ref=bunkerity/cache:bw-ubuntu-cache-staging + cache-to: type=registry,ref=bunkerity/cache:bw-ubuntu-cache-staging,mode=min + # Generate package + - name: Generate ubuntu deb + run: ./src/linux/package.sh ubuntu + - uses: actions/upload-artifact@v3 + with: + name: package-ubuntu + path: package-ubuntu/*.deb + # Build test image + - name: Build BW ubuntu test image + uses: docker/build-push-action@v3 + with: + context: . + file: tests/linux/Dockerfile-ubuntu + platforms: linux/amd64 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ubuntu:staging + + # Build linux debian + build-bw-debian: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Build package image + - name: Build debian package image + uses: docker/build-push-action@v3 + with: + context: . + load: true + file: linux/Dockerfile-debian + platforms: linux/amd64 + tags: local/bunkerweb-debian:latest + cache-from: type=registry,ref=bunkerity/cache:bw-debian-cache-dev + cache-to: type=registry,ref=bunkerity/cache:bw-debian-cache-dev,mode=min + # Generate package + - name: Generate debian deb + run: ./linux/package.sh debian + - uses: actions/upload-artifact@v3 + with: + name: package-debian + path: package-debian/*.deb + # Build test image + - name: Build BW debian test image + uses: docker/build-push-action@v3 + with: + context: . + file: tests/linux/Dockerfile-debian + platforms: linux/amd64 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-debian:dev + + # Build linux centos + build-bw-centos: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Build package image + - name: Build centos package image + uses: docker/build-push-action@v3 + with: + context: . + load: true + file: linux/Dockerfile-centos + platforms: linux/amd64 + tags: local/bunkerweb-centos:latest + cache-from: type=registry,ref=bunkerity/cache:bw-centos-cache-dev + cache-to: type=registry,ref=bunkerity/cache:bw-centos-cache-dev,mode=min + # Generate package + - name: Generate centos rpm + run: ./linux/package.sh centos + - uses: actions/upload-artifact@v3 + with: + name: package-centos + path: package-centos/*.rpm + # Build test image + - name: Build BW centos test image + uses: docker/build-push-action@v3 + with: + context: . + file: tests/linux/Dockerfile-centos + platforms: linux/amd64 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-centos:dev + + # Build linux fedora + build-bw-fedora: + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Build package image + - name: Build fedora package image + uses: docker/build-push-action@v3 + with: + context: . + load: true + file: linux/Dockerfile-fedora + platforms: linux/amd64 + tags: local/bunkerweb-fedora:latest + cache-from: type=registry,ref=bunkerity/cache:bw-fedora-cache-dev + cache-to: type=registry,ref=bunkerity/cache:bw-fedora-cache-dev,mode=min + # Generate package + - name: Generate fedora rpm + run: ./linux/package.sh fedora + - uses: actions/upload-artifact@v3 + with: + name: package-fedora + path: package-fedora/*.rpm + # Build test image + - name: Build BW fedora test image + uses: docker/build-push-action@v3 + with: + context: . + file: tests/linux/Dockerfile-fedora + platforms: linux/amd64 + push: true + tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-fedora:dev + + # Perform security checks + security: + needs: [build-bw-amd64] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + - name: Import BW image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:dev bunkerweb-tests-amd64:latest + - name: Import BW autoconf image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:dev bunkerweb-autoconf-tests-amd64:latest + - name: Import BW UI image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:dev bunkerweb-ui-tests-amd64:latest + # CVE check on OS + - name: Check security vulnerabilities for BW + uses: aquasecurity/trivy-action@master + with: + vuln-type: os + image-ref: bunkerweb-tests-amd64:latest + format: table + exit-code: 1 + ignore-unfixed: false + severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL + trivyignores: .trivyignore + - name: Check security vulnerabilities for autoconf + uses: aquasecurity/trivy-action@master + with: + vuln-type: os + image-ref: bunkerweb-autoconf-tests-amd64:latest + format: table + exit-code: 1 + ignore-unfixed: false + severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL + trivyignores: .trivyignore + - name: Check security vulnerabilities for UI + uses: aquasecurity/trivy-action@master + with: + vuln-type: os + image-ref: bunkerweb-ui-tests-amd64:latest + format: table + exit-code: 1 + ignore-unfixed: false + severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL + trivyignores: .trivyignore + + # Create Docker infra + infra-create-docker: + needs: [security] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Generate SSH keypair + run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: '3.10' + cache: 'pip' + - name: Install ansible + run: pip install ansible + - name: Install ansible libs + run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner && ansible-galaxy collection install --timeout 120 community.general + # Create Docker infra + - run: ./tests/create.sh docker + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + - run: tar -cvf terraform.tar /tmp/docker + if: always() + - uses: actions/upload-artifact@v3 + if: always() + with: + name: tf-docker + path: terraform.tar + + # Create autoconf infra + infra-create-autoconf: + needs: [security] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Generate SSH keypair + run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: '3.10' + cache: 'pip' + - name: Install ansible + run: pip install ansible + - name: Install ansible libs + run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner && ansible-galaxy collection install --timeout 120 community.general + # Create Autoconf infra + - run: ./tests/create.sh autoconf + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + - run: tar -cvf terraform.tar /tmp/autoconf + if: always() + - uses: actions/upload-artifact@v3 + if: always() + with: + name: tf-autoconf + path: terraform.tar + + # Create swarm infra + infra-create-swarm: + needs: [security] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Generate SSH keypair + run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: '3.10' + cache: 'pip' + - name: Install ansible + run: pip install ansible + - name: Install ansible libs + run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner && ansible-galaxy collection install --timeout 120 community.general + # Create Swarm infra + - run: ./tests/create.sh swarm + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + - run: tar -cvf terraform.tar /tmp/swarm + if: always() + - uses: actions/upload-artifact@v3 + if: always() + with: + name: tf-swarm + path: terraform.tar + + # Create k8s infra + infra-create-k8s: + needs: [security] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - name: Install kubectl + uses: azure/setup-kubectl@v3 + # Create k8s infra + - run: ./tests/create.sh k8s + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + - run: tar -cvf terraform.tar /tmp/k8s + if: always() + - uses: actions/upload-artifact@v3 + if: always() + with: + name: tf-k8s + path: terraform.tar + + # Create linux infra + infra-create-linux: + needs: [build-bw-ubuntu, build-bw-debian, build-bw-centos, build-bw-fedora] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Generate SSH keypair + run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: '3.10' + cache: 'pip' + - name: Install ansible + run: pip install ansible + - name: Install ansible libs + run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner && ansible-galaxy collection install --timeout 120 community.general + # Create Linux infra + - run: ./tests/create.sh linux + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + - run: tar -cvf terraform.tar /tmp/linux + if: always() + - uses: actions/upload-artifact@v3 + if: always() + with: + name: tf-linux + path: terraform.tar + + # Perform docker tests + tests-docker: + needs: [infra-create-docker] + runs-on: [self-hosted, bw-docker] + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + - name: Pull BW image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:dev local/bw-tests:latest + - name: Install test dependencies + run: pip3 install -r tests/requirements.txt + # Do tests + - name: Run Docker tests + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "docker" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_DOCKER }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + + # Perform autoconf tests + tests-autoconf: + needs: [infra-create-autoconf] + runs-on: [self-hosted, bw-autoconf] + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + - name: Pull BW image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:dev local/bw-tests:latest + - name: Pull autoconf image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:dev local/bw-autoconf-tests:latest + - name: Install test dependencies + run: pip3 install -r tests/requirements.txt + # Do tests + - name: Run Autoconf tests + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "autoconf" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_AUTOCONF }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + + # Perform swarm tests + tests-swarm: + needs: [infra-create-swarm] + runs-on: [self-hosted, bw-swarm] + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + - name: Pull BW image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:dev 192.168.42.100:5000/bw-tests:latest && docker push 192.168.42.100:5000/bw-tests:latest + - name: Pull autoconf image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:dev 192.168.42.100:5000/bw-autoconf-tests:latest && docker push 192.168.42.100:5000/bw-autoconf-tests:latest + - name: Install test dependencies + run: pip3 install -r tests/requirements.txt + # Do tests + - name: Run Swarm tests + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "swarm" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_SWARM }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + + # Perform k8s tests + tests-k8s: + needs: [infra-create-k8s] + runs-on: [ubuntu-latest] + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install test dependencies + run: pip3 install -r tests/requirements.txt + - uses: actions/download-artifact@v3 + with: + name: tf-k8s + path: /tmp + - run: tar xvf /tmp/terraform.tar -C / + - uses: azure/setup-kubectl@v3 + - uses: azure/setup-helm@v3 + # Do tests + - name: Run Kubernetes tests + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "kubernetes" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_KUBERNETES }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + KUBECONFIG: "/tmp/k8s/kubeconfig" + PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} + IMAGE_TAG: "dev" + + # Perform linux tests + tests-linux: + needs: [infra-create-linux] + runs-on: [self-hosted, bw-linux] + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + - name: Pull BW linux ubuntu test image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ubuntu:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ubuntu:dev local/bw-ubuntu:latest + - name: Pull BW linux debian test image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-debian:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-debian:dev local/bw-debian:latest + - name: Pull BW linux centos test image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-centos:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-centos:dev local/bw-centos:latest + - name: Pull BW linux fedora test image + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-fedora:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-fedora:dev local/bw-fedora:latest + - name: Install test dependencies + run: pip3 install -r tests/requirements.txt + # Do tests + - name: Run Linux ubuntu tests + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "ubuntu" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + - name: Run Linux debian tests + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "debian" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + - name: Run Linux centos tests + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "centos" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + - name: Run Linux fedora tests + run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "fedora" + env: + TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }} + ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }} + + # Remove docker infra + infra-rm-docker: + if: ${{ always() }} + needs: [tests-docker] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - uses: actions/download-artifact@v3 + with: + name: tf-docker + path: /tmp + - run: tar xvf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub + # Remove Docker infra + - run: ./tests/rm.sh docker + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + + # Remove docker infra + infra-rm-autoconf: + if: ${{ always() }} + needs: [tests-autoconf] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - uses: actions/download-artifact@v3 + with: + name: tf-autoconf + path: /tmp + - run: tar xvf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub + # Remove Autoconf infra + - run: ./tests/rm.sh autoconf + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + + # Remove swarm infra + infra-rm-swarm: + if: ${{ always() }} + needs: [tests-swarm] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - uses: actions/download-artifact@v3 + with: + name: tf-swarm + path: /tmp + - run: tar xvf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub + # Remove Swarm infra + - run: ./tests/rm.sh swarm + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + + # Remove k8s infra + infra-rm-k8s: + if: ${{ always() }} + needs: [tests-k8s] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - uses: azure/setup-kubectl@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - uses: actions/download-artifact@v3 + with: + name: tf-k8s + path: /tmp + - run: tar xvf /tmp/terraform.tar -C / + # Remove k8s infra + - run: kubectl delete daemonsets,replicasets,services,deployments,pods,rc,ingress,statefulsets --all --all-namespaces --timeout=60s ; kubectl delete pvc --all --timeout=60s ; kubectl delete pv --all --timeout=60s + continue-on-error: true + env: + KUBECONFIG: /tmp/k8s/kubeconfig + - run: ./tests/rm.sh k8s + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + + # Remove linux infra + infra-rm-linux: + if: ${{ always() }} + needs: [tests-linux] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Checkout source code + uses: actions/checkout@v3 + - name: Install terraform + uses: hashicorp/setup-terraform@v2 + - uses: actions/download-artifact@v3 + with: + name: tf-linux + path: /tmp + - run: tar xvf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub + # Remove Linux infra + - run: ./tests/rm.sh linux + env: + CICD_SECRETS: ${{ secrets.CICD_SECRETS }} + + # Push to docker hub + push-docker-hub: + needs: [tests-linux, tests-docker, tests-autoconf, tests-swarm, tests-k8s] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Login to private repository + uses: docker/login-action@v2 + with: + registry: ${{ secrets.PRIVATE_REGISTRY }} + username: registry + password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + # Push + - name: Push bunkerweb + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-tests-amd64:dev bunkerity/bunkerweb:dev && docker push bunkerity/bunkerweb:dev + - name: Push bunkerweb-autoconf + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf-tests-amd64:dev bunkerity/bunkerweb-autoconf:dev && docker push bunkerity/bunkerweb-autoconf:dev + - name: Push bunkerweb-ui + run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:dev && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui-tests-amd64:dev bunkerity/bunkerweb-ui:dev && docker push bunkerity/bunkerweb-ui:dev + + # Push to packagecloud + push-packagecloud: + needs: [tests-linux, tests-docker, tests-autoconf, tests-swarm, tests-k8s] + runs-on: ubuntu-latest + steps: + # Prepare + - name: Check out repository code + uses: actions/checkout@v3 + - name: Set variables + run: | + VER=$(cat VERSION | tr -d '\n') + echo "VERSION=$VER" >> $GITHUB_ENV + - name: Install ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: '3.0' + - name: Install packagecloud + run: gem install package_cloud + # Download packages + - uses: actions/download-artifact@v3 + with: + name: package-ubuntu + path: /tmp/ubuntu + - uses: actions/download-artifact@v3 + with: + name: package-debian + path: /tmp/debian + - uses: actions/download-artifact@v3 + with: + name: package-centos + path: /tmp/centos + - uses: actions/download-artifact@v3 + with: + name: package-fedora + path: /tmp/fedora + # Remove existing packages + - name: Remove Ubuntu DEB from packagecloud + run: package_cloud yank bunkerity/bunkerweb-dev/ubuntu/jammy bunkerweb_${{ env.VERSION }}_amd64.deb + continue-on-error: true + env: + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Remove Debian DEB from packagecloud + run: package_cloud yank bunkerity/bunkerweb-dev/debian/bullseye bunkerweb_${{ env.VERSION }}_amd64.deb + continue-on-error: true + env: + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Remove CentOS RPM from packagecloud + run: package_cloud yank bunkerity/bunkerweb-dev/el/8 bunkerweb-${{ env.VERSION }}-1.x86_64.rpm + continue-on-error: true + env: + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Remove Fedora RPM from packagecloud + run: package_cloud yank bunkerity/bunkerweb-dev/fedora/36 bunkerweb-${{ env.VERSION }}-1.x86_64.rpm + continue-on-error: true + env: + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + # Push packages + - name: Push Ubuntu DEB to packagecloud + uses: danielmundi/upload-packagecloud@v1 + with: + PACKAGE-NAME: /tmp/ubuntu/bunkerweb_${{ env.VERSION }}-1_amd64.deb + PACKAGECLOUD-USERNAME: bunkerity + PACKAGECLOUD-REPO: bunkerweb-dev + PACKAGECLOUD-DISTRIB: ubuntu/jammy + PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Push Debian DEB to packagecloud + uses: danielmundi/upload-packagecloud@v1 + with: + PACKAGE-NAME: /tmp/debian/bunkerweb_${{ env.VERSION }}-1_amd64.deb + PACKAGECLOUD-USERNAME: bunkerity + PACKAGECLOUD-REPO: bunkerweb-dev + PACKAGECLOUD-DISTRIB: debian/bullseye + PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Push CentOS RPM to packagecloud + uses: danielmundi/upload-packagecloud@v1 + with: + PACKAGE-NAME: /tmp/centos/bunkerweb-${{ env.VERSION }}-1.x86_64.rpm + PACKAGECLOUD-USERNAME: bunkerity + PACKAGECLOUD-REPO: bunkerweb-dev + PACKAGECLOUD-DISTRIB: el/8 + PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} + - name: Push Fedora RPM to packagecloud + uses: danielmundi/upload-packagecloud@v1 + with: + PACKAGE-NAME: /tmp/fedora/bunkerweb-${{ env.VERSION }}-1.x86_64.rpm + PACKAGECLOUD-USERNAME: bunkerity + PACKAGECLOUD-REPO: bunkerweb-dev + PACKAGECLOUD-DISTRIB: fedora/36 + PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}