Skip to content

Commit 052b144

Browse files
author
alexandre-teilhet_stb
committed
Merge branch 'develop'
# Conflicts: # .github/workflows/build.packages.yml # .github/workflows/tests.all.yml # version.sbt
2 parents 99379b0 + 749ed9a commit 052b144

52 files changed

Lines changed: 1454 additions & 446 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/build.docker.baselayer.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
actions: read
1919
contents: read
2020
packages: write
21-
runs-on: [ linux ]
21+
runs-on: [ ubuntu-latest ]
2222
steps:
2323
- uses: actions/checkout@v4
2424

.github/workflows/build.docker.yml

Lines changed: 32 additions & 63 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,10 @@
11
name: build.docker.image.cortex
22
on:
33
workflow_dispatch:
4-
inputs:
5-
is_prod:
6-
description: "Publish docker image in dockerhub?"
7-
type: boolean
8-
default: false
94
workflow_call:
105
inputs:
11-
is_prod:
12-
description: "Publish docker image in dockerhub?"
13-
type: boolean
14-
default: false
15-
override_version:
16-
description: "Override version tag (e.g., pr-60 for pull requests)"
6+
version:
7+
description: "Version to be used (passed as input variable from other workflows)"
178
type: string
189
required: false
1910
outputs:
@@ -44,10 +35,9 @@ jobs:
4435
image_version: ${{ steps.get_version.outputs.app_version }}
4536
steps:
4637
- uses: actions/checkout@v4
47-
- name: Set up Docker Buildx
48-
uses: docker/setup-buildx-action@v3
4938
- uses: ./.github/actions/get_code_version
5039
id: get_version
40+
if: github.event_name != 'workflow_call'
5141

5242
build:
5343
needs:
@@ -56,12 +46,13 @@ jobs:
5646
actions: read
5747
contents: read
5848
packages: write
49+
id-token: write
5950
runs-on: [ self-hosted, linux, domain=sb ]
6051
outputs:
61-
image_id: ${{ steps.push.outputs.imageid }}
62-
image_digest: ${{ steps.push.outputs.digest }}
63-
image_metadata: ${{ steps.push.outputs.metadata }}
64-
image_version: ${{ inputs.override_version || needs.prepare.outputs.image_version }}
52+
image_id: ${{ steps.docker-build.outputs.image_id }}
53+
image_digest: ${{ steps.docker-build.outputs.image_digest }}
54+
image_metadata: ${{ steps.docker-build.outputs.image_metadata }}
55+
image_version: ${{ inputs.version || needs.prepare.outputs.image_version }}
6556
steps:
6657
- name: Set up Python
6758
uses: actions/setup-python@v5
@@ -102,9 +93,6 @@ jobs:
10293
10394
- uses: actions/checkout@v4
10495

105-
- name: Set up Docker Buildx
106-
uses: docker/setup-buildx-action@v3
107-
10896
- uses: coursier/setup-action@v1
10997
with:
11098
jvm: corretto:11
@@ -124,45 +112,38 @@ jobs:
124112
- name: Build packages
125113
run: sbt Docker/stage
126114

127-
- name: setup vault token
128-
if: inputs.is_prod
129-
run: echo "VAULT_TOKEN=$VAULT_TOKEN" >> $GITHUB_ENV
130-
131-
- name: Import prod secrets
132-
if: inputs.is_prod
133-
id: secrets_prod
134-
uses: hashicorp/vault-action@v2.5.0
135-
with:
136-
url: https://vault.service.infra.sb:8200
137-
token: ${{ env.VAULT_TOKEN }}
138-
tlsSkipVerify: true
139-
secrets: |
140-
infra/data/ci/dockerhub username | DOCKERHUB_USERNAME;
141-
infra/data/ci/dockerhub token | DOCKERHUB_TOKEN;
115+
- name: Compute clean version (strip -rcN suffix)
116+
if: ${{ inputs.version != '' }}
117+
id: clean_version
118+
env:
119+
VERSION: ${{ inputs.version }}
120+
run: |
121+
clean=$(echo "$VERSION" | sed 's/-rc[0-9]*$//')
122+
echo "clean_version=$clean" >> $GITHUB_OUTPUT
142123
143124
- name: Generate docker tags for PR builds
144-
if: ${{ inputs.override_version != '' }}
125+
if: ${{ inputs.version != '' }}
145126
id: meta_pr
146127
uses: docker/metadata-action@v4
147128
with:
148129
images: |
149130
name=${{ vars.SB_GHCR }}/cortex
150131
tags: |
151-
type=raw,value=${{ inputs.override_version }}
132+
type=raw,value=${{ inputs.version }}
133+
type=raw,value=${{ steps.clean_version.outputs.clean_version }}
152134
labels: |
153135
org.opencontainers.image.title=cortex
154136
org.opencontainers.image.description=A Powerful Observable Analysis and Active Response Engine
155137
org.opencontainers.image.vendor=StrangeBee
156-
org.opencontainers.image.version=${{ inputs.override_version }}
138+
org.opencontainers.image.version=${{ steps.clean_version.outputs.clean_version }}
157139
158140
- name: Generate full docker tags for releases
159-
if: ${{ inputs.override_version == '' }}
141+
if: ${{ inputs.version == '' }}
160142
id: meta_release
161143
uses: docker/metadata-action@v4
162144
with:
163145
images: |
164146
name=${{ vars.SB_GHCR }}/cortex
165-
name=thehiveproject/cortex,enable=${{ inputs.is_prod }}
166147
tags: |
167148
type=raw,value=${{ fromJson(steps.image_details.outputs.image_details)['core_version'] }}
168149
type=raw,value=${{ needs.prepare.outputs.image_version }}
@@ -174,27 +155,15 @@ jobs:
174155
org.opencontainers.image.vendor=StrangeBee
175156
org.opencontainers.image.version=${{ needs.prepare.outputs.image_version }}
176157
177-
- name: Login to GitHub Container Registry
178-
uses: docker/login-action@v3
179-
with:
180-
registry: ghcr.io
181-
username: ${{ github.actor }}
182-
password: ${{ secrets.GITHUB_TOKEN }}
183-
184-
- name: Login to GitHub Container Registry
185-
if: inputs.is_prod
186-
uses: docker/login-action@v3
187-
with:
188-
username: ${{ steps.secrets_prod.outputs.DOCKERHUB_USERNAME }}
189-
password: ${{ steps.secrets_prod.outputs.DOCKERHUB_TOKEN }}
190-
191-
- name: Build and push docker image
192-
uses: docker/build-push-action@v3
193-
id: push
158+
- name: Build and push Docker image
159+
id: docker-build
160+
uses: StrangeBee/ci-resources/.github/actions/generic_docker_build@main
194161
with:
195-
no-cache: 'true'
196-
context: target/docker/stage
197-
push: true
198-
platforms: linux/amd64,linux/arm64
199-
tags: ${{ inputs.override_version != '' && steps.meta_pr.outputs.tags || steps.meta_release.outputs.tags }}
200-
labels: ${{ inputs.override_version != '' && steps.meta_pr.outputs.labels || steps.meta_release.outputs.labels }}
162+
skip_checkout: "true"
163+
registry_username: ${{ github.actor }}
164+
registry_password: ${{ secrets.GITHUB_TOKEN }}
165+
image_name: ${{ vars.SB_GHCR }}/cortex
166+
docker_context_path: target/docker/stage
167+
docker_file_path: target/docker/stage/Dockerfile
168+
computed_tags: ${{ inputs.version != '' && steps.meta_pr.outputs.tags || steps.meta_release.outputs.tags }}
169+
computed_labels: ${{ inputs.version != '' && steps.meta_pr.outputs.labels || steps.meta_release.outputs.labels }}

.github/workflows/build.docs.yaml

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
---
2+
name: BuildDocumentation
3+
on:
4+
push:
5+
branches:
6+
- develop
7+
paths:
8+
- docs/**
9+
- .github/workflows/build.docs.yaml
10+
permissions:
11+
contents: read
12+
pages: write
13+
id-token: write
14+
jobs:
15+
Deploy:
16+
outputs:
17+
url: ${{ steps.deployment.outputs.page_url }}
18+
environment:
19+
name: github-pages
20+
url: ${{ steps.deployment.outputs.page_url }}
21+
runs-on: ubuntu-latest
22+
steps:
23+
- uses: actions/configure-pages@v5
24+
- uses: actions/checkout@v5
25+
- name: Install uv
26+
uses: astral-sh/setup-uv@v7
27+
with:
28+
version: "0.9.18"
29+
- run: uvx zensical build --clean
30+
- uses: actions/upload-pages-artifact@v4
31+
with:
32+
path: .site
33+
- uses: actions/deploy-pages@v4
34+
id: deployment
35+
NotifySuccess:
36+
if: success()
37+
runs-on: ubuntu-latest
38+
needs:
39+
- Deploy
40+
steps:
41+
- uses: marocchino/sticky-pull-request-comment@v2
42+
with:
43+
message: |
44+
:rocket: New version of website available at ${{ needs.deploy.outputs.url }}
Lines changed: 30 additions & 71 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,33 @@
11
name: Build packages
22
on:
3-
push:
4-
tags: ["*"]
53
workflow_dispatch:
4+
workflow_call:
65
inputs:
7-
is_prod:
8-
description: Push to prod ?
9-
type: boolean
10-
11-
env:
12-
AWS_REGION: 'us-east-1'
13-
AWS_CONFIG_FILE: "${{ github.workspace }}/.aws/config"
6+
version:
7+
description: Version to use (e.g. 4.0.1-1-rc3)
8+
type: string
9+
required: false
10+
default: ""
1411

1512
jobs:
1613
build:
1714
name: Build
18-
runs-on: [linux, self-hosted, domain=sb]
15+
runs-on: [self-hosted, domain=sb]
1916
steps:
2017
- uses: actions/checkout@v3
2118

2219
- name: Import secrets
2320
id: secrets
2421
uses: hashicorp/vault-action@v3
25-
if: ${{ github.ref_type == 'tag' || github.event.inputs.is_prod == 'true' }}
2622
with:
2723
url: https://vault.service.infra.sb:8200
24+
method: token
2825
token: ${{ secrets.VAULT_TOKEN }}
2926
tlsSkipVerify: true
3027
secrets: |
3128
aws/data/packages/sb-cortex-packages-preprod access_key | AWS_ACCESS_KEY_PREPROD;
3229
aws/data/packages/sb-cortex-packages-preprod secret_key | AWS_SECRET_KEY_PREPROD;
30+
infra/data/ci/pgp private_key | PGP_KEY;
3331
3432
- uses: coursier/setup-action@v1
3533
with:
@@ -45,7 +43,7 @@ jobs:
4543
apt install -y rpm dpkg-dev gnupg2 fakeroot
4644
4745
- name: Setup node
48-
uses: actions/setup-node@v4
46+
uses: actions/setup-node@v3
4947
timeout-minutes: 15
5048
continue-on-error: true
5149
with:
@@ -55,16 +53,19 @@ jobs:
5553
run: npm install -g bower
5654

5755
- name: Import PGP Key
58-
run: |
59-
export GPG_TTY=$(tty)
60-
gpg --batch --import - <<< $PGP_KEY
61-
env:
62-
PGP_KEY: ${{ secrets.PGP_KEY }}
56+
uses: crazy-max/ghaction-import-gpg@v6
57+
with:
58+
gpg_private_key: ${{ steps.secrets.outputs.PGP_KEY }}
59+
60+
- name: Get code version
61+
id: get_version
62+
if: github.event_name != 'workflow_call'
63+
uses: ./.github/actions/get_code_version
6364

6465
- name: Write version
6566
id: version
6667
run: |
67-
V=$(sbt -no-colors --error "print version" | awk 'END{print $1}')
68+
V="${{ inputs.version || steps.get_version.outputs.app_version }}"
6869
echo "version=$V"
6970
echo "version=$V" >> $GITHUB_OUTPUT
7071
@@ -77,18 +78,6 @@ jobs:
7778
mv target/universal/cortex*.zip target/
7879
ls -al target/
7980
80-
- name: Make github release
81-
if: ${{ github.ref_type == 'tag' }}
82-
uses: "softprops/action-gh-release@v1"
83-
id: make-release
84-
with:
85-
generate_release_notes: true
86-
files: |
87-
target/cortex*.deb
88-
target/cortex*.rpm
89-
target/cortex*.zip
90-
target/cortex*.bom.xml
91-
9281
- name: Store artifacts
9382
uses: actions/upload-artifact@v4
9483
with:
@@ -100,47 +89,17 @@ jobs:
10089
target/cortex*.bom.xml
10190
retention-days: 3
10291

103-
- name: Set up Python3
104-
if: ${{ github.ref_type == 'tag' || github.event.inputs.is_prod == 'true' }}
105-
uses: actions/setup-python@v5
106-
with:
107-
python-version: 3
92+
- name: ls packages
93+
run: ls -l target/
10894

109-
- name: Setup s3
110-
if: ${{ github.ref_type == 'tag' || github.event.inputs.is_prod == 'true' }}
111-
id: aws
112-
shell: bash
113-
run: |
114-
python3 -m venv "${{ github.workspace }}/.venv"
115-
"${{ github.workspace }}/.venv/bin/pip" install awscli
116-
AWS="${{ github.workspace }}/.venv/bin/aws"
117-
echo "aws=$AWS" >> $GITHUB_OUTPUT
118-
119-
"$AWS" configure set region "${{ env.AWS_REGION }}" --profile ci
120-
"$AWS" configure set output "json" --profile ci
121-
122-
"$AWS" configure set aws_access_key_id "${{ steps.secrets.outputs.AWS_ACCESS_KEY_PREPROD }}" --profile ci
123-
"$AWS" configure set aws_secret_access_key "${{ steps.secrets.outputs.AWS_SECRET_KEY_PREPROD }}" --profile ci
124-
125-
- name: Upload packages
126-
if: ${{ github.ref_type == 'tag' || github.event.inputs.is_prod == 'true' }}
127-
run: |
128-
cd target
129-
AWS="${{ steps.aws.outputs.aws }}"
130-
version="$(awk -F. '{print $1"."$2}' <<< ${{ steps.version.outputs.version }})"
131-
132-
for I in cortex*.bom.xml cortex*.zip cortex*.deb cortex*.rpm
133-
do
134-
type="${I##*.}"
135-
key="${version}/${type}/$I"
136-
137-
gpg --output "$I.asc" --armor --detach-sig "$I"
138-
sha256sum "$I" > "$I.sha256"
139-
140-
"$AWS" s3 cp --profile ci "$I" "s3://sb-cortex-packages-preprod/${key}"
141-
"$AWS" s3 cp --profile ci "$I.sha256" "s3://sb-cortex-packages-preprod/${version}/sha256/$I.sha256"
142-
"$AWS" s3 cp --profile ci "$I.asc" "s3://sb-cortex-packages-preprod/${version}/asc/$I.asc"
143-
done
95+
- name: Upload packages to S3
96+
uses: StrangeBee/ci-resources/.github/actions/upload.packages.s3@main
97+
with:
98+
aws-access-key-id: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_PREPROD }}
99+
aws-secret-access-key: ${{ steps.secrets.outputs.AWS_SECRET_KEY_PREPROD }}
100+
s3-bucket: sb-cortex-packages-preprod
101+
version: ${{ steps.version.outputs.version }}
102+
product: cortex
144103

145104
notify:
146105
needs: [ build ]
@@ -155,4 +114,4 @@ jobs:
155114
channel: "#ci-cortex"
156115
name: Cortex build
157116
include_commit_message: true
158-
include_jobs: true
117+
include_jobs: true

.github/workflows/deploy.nomad.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,7 @@ jobs:
3030
if: ${{ (github.event.label.name == 'ci:deploy' || contains(github.event.pull_request.labels.*.name, 'ci:deploy')) || github.event_name == 'workflow_dispatch' }}
3131
uses: ./.github/workflows/build.docker.yml
3232
with:
33-
is_prod: false
34-
override_version: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || '' }}
33+
version: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || '' }}
3534
secrets: inherit
3635

3736
prepare:
@@ -62,6 +61,7 @@ jobs:
6261
deploy:
6362
if: ${{ (github.event.label.name == 'ci:deploy' || contains(github.event.pull_request.labels.*.name, 'ci:deploy')) || github.event_name == 'workflow_dispatch' }}
6463
needs:
64+
- build
6565
- prepare
6666
permissions:
6767
actions: read

0 commit comments

Comments
 (0)