Skip to content

Commit

Permalink
Merge branch 'main' into make-lint-target
Browse files Browse the repository at this point in the history
  • Loading branch information
Jesús Miguel Benito Calzada authored Nov 15, 2022
2 parents 4424ad4 + a000581 commit 3698b79
Show file tree
Hide file tree
Showing 2 changed files with 104 additions and 1 deletion.
89 changes: 89 additions & 0 deletions .github/actions/srp-source-provenance/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
# Copyright 2018-2022 the Kubeapps contributors.
# SPDX-License-Identifier: Apache-2.0

---
name: SRP Report
description: Install SRP CLI and Submit Provenance
inputs:
SRP_CLI_VERSION:
description: Version of the SRP CLI tool
required: false
default: latest
SRP_CLIENT_ID:
description: ID for SRP API Credentials
required: true
SRP_CLIENT_SECRET:
description: SECRET for SRP API Credentials
required: true
VERSION:
description: Release Version
required: true
runs:
using: "composite"
steps:
- name: Download SRP CLI
shell: bash
env:
SRP_CLI_VERSION: ${{ inputs.SRP_CLI_VERSION }}
run: |
set -u
mkdir -p /tmp/srp-cli
if [[ "${SRP_CLI_VERSION}" == "latest" ]]; then
curl https://srp-cli.s3.amazonaws.com/srp-cli-latest.tgz -o /tmp/srp-cli/srp-cli-latest.tgz
tar xvzf /tmp/srp-cli/srp-cli-latest.tgz -C /tmp/srp-cli/
else
wget "https://vmwaresaas.jfrog.io/artifactory/srp-tools/srpcli/${SRP_CLI_VERSION}/linux/srp" -O /tmp/srp-cli/srp
fi
chmod +x /tmp/srp-cli/srp
sudo mv /tmp/srp-cli/srp /usr/local/bin/.
srp --version
- name: Configure SRP
env:
SRP_CLIENT_ID: ${{ inputs.SRP_CLIENT_ID }}
SRP_CLIENT_SECRET: ${{ inputs.SRP_CLIENT_SECRET }}
shell: bash
run: |
set -u
srp config auth --client-id=${SRP_CLIENT_ID} --client-secret=${SRP_CLIENT_SECRET}
- name: Create Source Provenance File
env:
VERSION: ${{ inputs.VERSION }}
shell: bash
run: |
set -eu
export GITHUB_FQDN=$(echo "${GITHUB_SERVER_URL}" | sed -e "s/^https:\/\///")
export BUILD_ID=${GITHUB_RUN_ID}_${GITHUB_RUN_ATTEMPT}
export COMP_UID="uid.obj.build.github(instance='${GITHUB_FQDN}',namespace='${GITHUB_REPOSITORY}',ref='${GITHUB_REF}',action='${GITHUB_ACTION}',build_id='$BUILD_ID')"
echo "COMP_UID=$COMP_UID" >> $GITHUB_ENV
echo "COMP_UID=$COMP_UID"
mkdir -p /tmp/provenance
sudo srp provenance source \
--verbose\
--scm-type git \
--name "kubeapps" \
--path ./ \
--saveto /tmp/provenance/source.json \
--comp-uid ${COMP_UID} \
--build-number ${BUILD_ID} \
--version ${VERSION} \
--all-ephemeral true \
--build-type release
- name: Validate and submit the source provenance files to the SRP Metadata service
shell: bash
run: |
echo "COMP_UID: $COMP_UID"
export COMP_UID=${COMP_UID//\//\%2f}
export SRP_UID="uid.mtd.provenance_2_5.fragment(obj_uid=$COMP_UID,revision='')"
echo "SRP_UID: ${SRP_UID}"
cat /tmp/provenance/source.json
srp uid validate ${SRP_UID}
srp metadata submit \
--verbose \
--url https://apigw.vmware.com/v1/s1/api/helix-beta \
--uid "${SRP_UID}" \
--path /tmp/provenance/source.json
- name: Upload SRP file as a build artifact
uses: actions/upload-artifact@v3
with:
name: srp-source-provenance-file
path: /tmp/provenance/source.json
16 changes: 15 additions & 1 deletion .github/workflows/kubeapps-general.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ env:
GKE_ZONE: "us-east1-c"
GKE_PROJECT: "vmware-kubeapps-ci"
GKE_CLUSTER: "kubeapps-test"
SRP_CLI_VERSION: "0.2.20220825211752-571e676-57"

jobs:
setup:
Expand Down Expand Up @@ -124,7 +125,7 @@ jobs:
echo "version=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT
else
echo "img_prod_tag=latest" >> $GITHUB_OUTPUT
echo "version=" >> $GITHUB_OUTPUT
echo "version=${GITHUB_SHA}" >> $GITHUB_OUTPUT
fi;
if [[ ${GITHUB_REF_NAME} == ${BRANCH_KUBEAPPS_REPO} ]]; then
Expand Down Expand Up @@ -602,6 +603,19 @@ jobs:
docker push $prod_image
done
srp_report:
needs:
- setup
- push_images
runs-on: ubuntu-latest
steps:
- uses: ./.github/actions/srp-source-provenance
with:
SRP_CLI_VERSION: ${SRP_CLI_VERSION}
SRP_CLIENT_ID: ${{secrets.SRP_CLIENT_ID}}
SRP_CLIENT_SECRET: ${{secrets.SRP_CLIENT_SECRET}}
VERSION: ${{needs.setup.outputs.version}}

sync_chart_from_bitnami:
needs:
- setup
Expand Down

0 comments on commit 3698b79

Please sign in to comment.