Skip to content

Commit

Permalink
Reorganize workflows (#103)
Browse files Browse the repository at this point in the history
Signed-off-by: Sergio Castaño Arteaga <[email protected]>
  • Loading branch information
tegioz authored Sep 28, 2023
1 parent 6cfca9d commit 7435df8
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 56 deletions.
51 changes: 51 additions & 0 deletions .github/workflows/build-images.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: Build images

on:
push:
branches:
- main

jobs:
build-clowarden-dbmigrator-image:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Login to AWS ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build and push clowarden-dbmigrator image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
docker build -f database/migrations/Dockerfile -t $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA .
docker push $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA
build-clowarden-server-image:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Login to AWS ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build and push clowarden server image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
docker build -f clowarden-server/Dockerfile -t $ECR_REGISTRY/clowarden-server:$GITHUB_SHA .
docker push $ECR_REGISTRY/clowarden-server:$GITHUB_SHA
57 changes: 6 additions & 51 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
name: CI
on: [push, pull_request]

on:
merge_group:
pull_request:
branches:
- main

jobs:
linter-backend:
Expand Down Expand Up @@ -68,53 +73,3 @@ jobs:
working-directory: ./web
run: yarn test --watchAll=false --passWithNoTests --verbose --maxWorkers=4

build-clowarden-dbmigrator-image:
if: github.ref == 'refs/heads/main'
needs:
- linter-backend
- tests-backend
- tests-frontend
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Login to AWS ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build and push clowarden-dbmigrator image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
docker build -f database/migrations/Dockerfile -t $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA .
docker push $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA
build-clowarden-server-image:
if: github.ref == 'refs/heads/main'
needs:
- linter-backend
- tests-backend
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Login to AWS ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build and push clowarden server image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
docker build -f clowarden-server/Dockerfile -t $ECR_REGISTRY/clowarden-server:$GITHUB_SHA .
docker push $ECR_REGISTRY/clowarden-server:$GITHUB_SHA
8 changes: 3 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
# CLOWarden

[![CI](https://github.com/cncf/clowarden/actions/workflows/ci.yml/badge.svg)](https://github.com/cncf/clowarden/actions/workflows/ci.yml)

**CLOWarden** is a tool that manages the access to resources across multiple services with the initial focus on repositories in a GitHub organization.
CLOWarden allows you to grant access to an individual user or a defined team of users by submitting a PR to a file that defines access rules.

Expand Down Expand Up @@ -33,7 +31,7 @@ Let's go through a full example to see how this would work in practice.

Our goal in this example will be to create a new team (named `team1`) with one maintainer and one member, as well as a new repository (named `repo1`). We want to give `team1` write permissions on `repo1`, and we'd also like to add a external collaborator, named `collaborator1`, with read permissions.

The first step will be to create a pull request to add the entries below to the configuration files
The first step will be to create a pull request to add the entries below to the configuration files

(*This configuration intentionally introduces a typo so we can describe CLOWarden's PR validation checks -team1 is misspelled-*):

Expand All @@ -50,7 +48,7 @@ teams:
repositories:
- name: repo1
teams:
team1: write # team1 does not exist! The CLOWarden validation check will report an error in a PR as a comment
team1: write # team1 does not exist! The CLOWarden validation check will report an error in a PR as a comment
external_collaborators:
collaborator1: read
visibility: public
Expand All @@ -76,7 +74,7 @@ The pull request creator can now push a fix to address these issues. Once that's

Now CLOWarden is happy with the changes proposed! This time, it also tried to help the maintainer who will approve the changes by describing in the comment what had changed.

Sometimes this may be easy to spot by just looking at a the diff on the PR. But on other occasions, depending on the changes applied, it can get trickier and be error prone, as just a single extra space or tabulation can have unintented consequences. So CLOWarden simplifies this by analyzing the changes itself and displaying them in an easy to read way as a comment on the PR.
Sometimes this may be easy to spot by just looking at a the diff on the PR. But on other occasions, depending on the changes applied, it can get trickier and be error prone, as just a single extra space or tabulation can have unintented consequences. So CLOWarden simplifies this by analyzing the changes itself and displaying them in an easy to read way as a comment on the PR.

Outside of the context of a PR it is possible to view an autdit log of the changes made see the [#Audit tool](Audit tool) below

Expand Down

0 comments on commit 7435df8

Please sign in to comment.