-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7dc3f10
commit 0619d1b
Showing
51 changed files
with
230 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
name: ci | ||
|
||
on: | ||
push: | ||
branches: [ main ] | ||
pull_request: | ||
branches: [ main ] | ||
workflow_dispatch: | ||
jobs: | ||
# Job to run change detection | ||
changes: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
# Expose matched filters as job 'images' output variable | ||
images: ${{ steps.filter.outputs.changes }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: dorny/paths-filter@v2 | ||
id: filter | ||
with: | ||
# Use context to get the branch where commits were pushed. | ||
# If there is only one long-lived branch (e.g. master), | ||
# you can specify it directly. | ||
# If it's not configured, the repository default branch is used. | ||
base: ${{ github.ref }} | ||
filters: | | ||
aws-cli: 'aws-cli/**' | ||
# Job to build and test each of the modified images | ||
build: | ||
needs: changes | ||
strategy: | ||
matrix: | ||
# Parse JSON array containing names of all filters matching any of changed files | ||
# e.g. ['image1', 'image2'] if both image folders contains changes | ||
image: ${{ fromJSON(needs.changes.outputs.images) }} | ||
if: ${{ needs.changes.outputs.images != '[]' && needs.changes.outputs.images != '' }} | ||
runs-on: ubuntu-latest | ||
defaults: | ||
run: | ||
working-directory: ${{ matrix.image }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Check the Containerfile with hadolint | ||
run: | | ||
$(git rev-parse --show-toplevel)/bin/lint.sh | ||
- name: Install QEMU static binaries | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Set up Docker Buildx | ||
id: buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Build locally for testing | ||
uses: docker/bake-action@v4 | ||
with: | ||
workdir: ${{ matrix.image }} | ||
targets: local | ||
|
||
- name: Build locally for testing | ||
uses: docker/build-push-action@v3 | ||
with: | ||
load: true | ||
context: ${{ matrix.image }} | ||
file: ${{ matrix.image }}/Containerfile | ||
tags: ${{ env.tags }} | ||
|
||
- name: Run tests on the image with cinc-auditor | ||
run: | | ||
$(git rev-parse --show-toplevel)/bin/test.sh | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,2 @@ | ||
README.md | ||
Polly.toml | ||
test/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,40 @@ | ||
target "default" { | ||
variable "IMAGE_NAME" { | ||
default = "aws-cli" | ||
} | ||
|
||
variable "VERSION" { | ||
default = "2.13.28" | ||
} | ||
|
||
variable "CONTAINER_REGISTRY" { | ||
default = "docker.io/boxcutter" | ||
} | ||
|
||
# There's no darwin-based Docker, so if we're running on macOS, change the platform to linux | ||
variable "LOCAL_PLATFORM" { | ||
default = regex_replace("${BAKE_LOCAL_PLATFORM}", "^(darwin)", "linux") | ||
} | ||
|
||
target "_common" { | ||
dockerfile = "Containerfile" | ||
tags = [ | ||
"docker.io/boxcutter/aws-cli:2.13.28", | ||
"docker.io/boxcutter/aws-cli:latest" | ||
"${CONTAINER_REGISTRY}/${IMAGE_NAME}:${VERSION}", | ||
"${CONTAINER_REGISTRY}/${IMAGE_NAME}:latest" | ||
] | ||
dockerfile = "Containerfile" | ||
} | ||
|
||
target "local" { | ||
inherits = ["_common"] | ||
platforms = ["${LOCAL_PLATFORM}"] | ||
} | ||
|
||
target "default" { | ||
inherits = ["_common"] | ||
target = "release" | ||
platforms = ["linux/amd64", "linux/arm64/v8"] | ||
labels = { | ||
"org.opencontainers.image.source" = "https://github.com/polymathrobotics/oci" | ||
"org.opencontainers.image.licenses" = "Apache-2.0" | ||
"org.opencontainers.image.description" = "AWS command-line interface." | ||
} | ||
} |
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
#!/bin/bash | ||
|
||
set -eu | ||
set -o pipefail | ||
|
||
HADOLINT_CONTAINER_IMAGE=boxcutter/hadolint:2.10.0 | ||
|
||
BIN_DIR="$(dirname -- "$(readlink -f "${BASH_SOURCE[0]}")")" | ||
|
||
"${BIN_DIR}/check-image.sh" "${HADOLINT_CONTAINER_IMAGE}" | ||
|
||
# shellcheck disable=SC2086 | ||
if [[ -f "${BIN_DIR}/hadolint-ignore" ]]; then | ||
lints_to_ignore=$(sed "s/#.*//" "${BIN_DIR}/hadolint-ignore" | sed '/^[[:space:]]*$/d' | sed 's/^/--ignore / ' | tr '\n' ' ') | ||
docker container run --rm -i "${HADOLINT_CONTAINER_IMAGE}" hadolint ${lints_to_ignore} - < "Containerfile" | ||
exit 0 | ||
fi | ||
|
||
docker container run --rm -i "${HADOLINT_CONTAINER_IMAGE}" hadolint - < "Containerfile" |
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
#!/bin/bash | ||
|
||
set -eu | ||
set -o pipefail | ||
|
||
CINC_AUDITOR_CONTAINER_IMAGE=boxcutter/cinc-auditor:5.18.14 | ||
|
||
BIN_DIR="$(dirname -- "$(readlink -f "${BASH_SOURCE[0]}")")" | ||
DEFAULT_TAG="$("${BIN_DIR}/list-tags.sh" | head -n 1)" | ||
CONTAINERFILE_DIR=$(pwd) | ||
CINC_PROFILE_DIR="${CONTAINERFILE_DIR}/test" | ||
|
||
usage() { | ||
cat <<EOF | ||
Usage: $0 [IMAGE_NAME] [ENTRYPOINT_COMMAND] | ||
Test image with cinc-auditor | ||
-h Print help | ||
-e Return error if profile does not exist | ||
EOF | ||
} | ||
|
||
args() { | ||
ERROR_IF_PROFILE_DOES_NOT_EXIST=0 | ||
while getopts he opt; do | ||
case "$opt" in | ||
h) | ||
usage | ||
exit | ||
;; | ||
e) | ||
ERROR_IF_PROFILE_DOES_NOT_EXIST=1 | ||
;; | ||
*) | ||
usage | ||
;; | ||
esac | ||
done | ||
|
||
if [ "$*" == "" ]; then | ||
TEST_CONTAINER_IMAGE="${DEFAULT_TAG}" | ||
else | ||
TEST_CONTAINER_IMAGE=$1 | ||
fi | ||
|
||
ENTRYPOINT_COMMAND="/bin/bash" | ||
if [ "$#" -gt 1 ]; then | ||
ENTRYPOINT_COMMAND="$2" | ||
fi | ||
} | ||
|
||
check_profile() { | ||
if [ ! -d "${CINC_PROFILE_DIR}" ]; then | ||
echo "==> ${CINC_PROFILE_DIR} does not exist." | ||
exit ${ERROR_IF_PROFILE_DOES_NOT_EXIST} | ||
fi | ||
} | ||
|
||
start_image_under_test() { | ||
CONTAINER_ID=$(docker container run --interactive --entrypoint "${ENTRYPOINT_COMMAND}" --detach "$TEST_CONTAINER_IMAGE" ) | ||
} | ||
|
||
run_cinc_auditor() { | ||
echo "==> running cinc-auditor against ${TEST_CONTAINER_IMAGE}" | ||
echo "==> with command: '${ENTRYPOINT_COMMAND}'" | ||
docker container run -t --rm \ | ||
-v "${CINC_PROFILE_DIR}:/share" \ | ||
-v /var/run/docker.sock:/var/run/docker.sock \ | ||
"${CINC_AUDITOR_CONTAINER_IMAGE}" exec . --no-create-lockfile -t "docker://${CONTAINER_ID}" | ||
} | ||
|
||
cleanup_image_under_test() { | ||
set +u | ||
if [ -n "$CONTAINER_ID" ]; then | ||
echo "==> stopping ${CONTAINER_ID}" | ||
docker container stop "${CONTAINER_ID}" | ||
echo "==> removing ${CONTAINER_ID}" | ||
docker container rm "${CONTAINER_ID}" | ||
fi | ||
set -u | ||
} | ||
|
||
trap cleanup_image_under_test EXIT | ||
|
||
"${BIN_DIR}/check-image.sh" "${CINC_AUDITOR_CONTAINER_IMAGE}" | ||
args "$@" | ||
check_profile | ||
start_image_under_test | ||
run_cinc_auditor | ||
|
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Submodule bats-assert
deleted from
ffe84e
Submodule bats-support
deleted from
3c8fad