Skip to content

Report AWS operations with service identity #1257

Report AWS operations with service identity

Report AWS operations with service identity #1257

Workflow file for this run

name: Build
concurrency:
group: "${{ github.repository }}${{ github.ref }}"
cancel-in-progress: true
on:
pull_request:
types:
- opened
- synchronize
push:
branches:
- main
- develop
env:
REGISTRY: us-central1-docker.pkg.dev/main-383408/otterize
jobs:
build:
if: (github.event_name == 'push' && github.repository == 'otterize/network-mapper') || github.event.pull_request.head.repo.full_name == 'otterize/network-mapper'
name: Build
runs-on: ubuntu-latest
outputs:
registry: ${{ steps.registry.outputs.registry }} # workaround since env is not available outside of steps, i.e. in calling external workflows like we later do in e2e-test
strategy:
matrix:
service:
- mapper
- sniffer
- kafka-watcher
steps:
- id: registry
run: echo "registry=${{ env.REGISTRY }}" >> "$GITHUB_OUTPUT"
- name: Checkout
uses: actions/checkout@v2
with:
submodules: recursive
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
with:
driver-opts: network=host
- name: Login to GCR
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: _json_key_base64
password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }}
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: otterize
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Test & Build production image
uses: docker/build-push-action@v2
with:
context: src/
file: build/${{ matrix.service }}.Dockerfile
tags: ${{ env.REGISTRY }}/${{ matrix.service }}:${{ github.sha }}
push: true
network: host
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
"VERSION=0.0.${{ github.run_id }}"
build-iamlive:
name: Build (IAMLive)
runs-on: ubuntu-latest
steps:
- name: Checkout IAMLive fork
uses: actions/checkout@v2
with:
repository: otterize/iamlive
path: iamlive
ref: main
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
with:
driver-opts: network=host
- name: Login to GCR
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: _json_key_base64
password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }}
- name: Test & Build production image
uses: docker/build-push-action@v2
with:
context: iamlive/
file: iamlive/Dockerfile
tags: ${{ env.REGISTRY }}/iamlive:${{ github.sha }}
push: true
network: host
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
"VERSION=0.0.${{ github.run_id }}"
e2e-test:
uses: ./.github/workflows/e2e-test.yaml
name: Trigger e2e tests
# Must pass the secrets as the called workflow does not have access to the same context
secrets:
B64_GCLOUD_SERVICE_ACCOUNT_JSON: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }}
with:
registry: ${{ needs.build.outputs.registry }}
mapper-tag: ${{ github.sha }}
sniffer-tag: ${{ github.sha }}
mapper-image: mapper
sniffer-image: sniffer
needs:
- build
tag-latest:
name: Tag latest
if: github.ref == 'refs/heads/main'
needs: e2e-test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: GCP auth
uses: 'google-github-actions/auth@v1'
with:
credentials_json: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON }}
- name: Set up Cloud SDK
uses: 'google-github-actions/setup-gcloud@v1'
# Push the Docker image to AWS ECR
- name: Tag Images as latest
run: |-
retag_image_as_latest() { if [[ $(gcloud container images add-tag "${{ env.REGISTRY }}/$1:${{ github.sha }}" "${{ env.REGISTRY }}/$1:latest" --quiet) ]]; then echo "Failed tagging $1 as latest"; exit 1; fi } # using --quiet to avoid prompt
retag_image_as_latest mapper
retag_image_as_latest sniffer
retag_image_as_latest kafka-watcher