From ff8a82d07076da1bbbdbbf92b6e4cf41310fdbed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Casta=C3=B1o=20Arteaga?= Date: Thu, 28 Sep 2023 12:47:43 +0200 Subject: [PATCH] Reorganize workflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sergio CastaƱo Arteaga --- .github/workflows/build-images.yml | 51 ++++++++++++++++++++++++++ .github/workflows/ci.yml | 57 ++++-------------------------- README.md | 8 ++--- 3 files changed, 60 insertions(+), 56 deletions(-) create mode 100644 .github/workflows/build-images.yml diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml new file mode 100644 index 0000000..328d5c7 --- /dev/null +++ b/.github/workflows/build-images.yml @@ -0,0 +1,51 @@ +name: Build images + +on: + push: + branches: + - main + +jobs: + build-clowarden-dbmigrator-image: + if: github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-2 + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Build and push clowarden-dbmigrator image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + run: | + docker build -f database/migrations/Dockerfile -t $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA . + docker push $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA + + build-clowarden-server-image: + if: github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-2 + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Build and push clowarden server image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + run: | + docker build -f clowarden-server/Dockerfile -t $ECR_REGISTRY/clowarden-server:$GITHUB_SHA . + docker push $ECR_REGISTRY/clowarden-server:$GITHUB_SHA diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 39eaba9..1c84b1a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,10 @@ name: CI -on: [push, pull_request] + +on: + merge_group: + pull_request: + branches: + - main jobs: linter-backend: @@ -68,53 +73,3 @@ jobs: working-directory: ./web run: yarn test --watchAll=false --passWithNoTests --verbose --maxWorkers=4 - build-clowarden-dbmigrator-image: - if: github.ref == 'refs/heads/main' - needs: - - linter-backend - - tests-backend - - tests-frontend - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 - - name: Login to AWS ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - name: Build and push clowarden-dbmigrator image - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - run: | - docker build -f database/migrations/Dockerfile -t $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA . - docker push $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA - - build-clowarden-server-image: - if: github.ref == 'refs/heads/main' - needs: - - linter-backend - - tests-backend - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 - - name: Login to AWS ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - name: Build and push clowarden server image - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - run: | - docker build -f clowarden-server/Dockerfile -t $ECR_REGISTRY/clowarden-server:$GITHUB_SHA . - docker push $ECR_REGISTRY/clowarden-server:$GITHUB_SHA diff --git a/README.md b/README.md index 058db57..5593e2e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ # CLOWarden -[![CI](https://github.com/cncf/clowarden/actions/workflows/ci.yml/badge.svg)](https://github.com/cncf/clowarden/actions/workflows/ci.yml) - **CLOWarden** is a tool that manages the access to resources across multiple services with the initial focus on repositories in a GitHub organization. CLOWarden allows you to grant access to an individual user or a defined team of users by submitting a PR to a file that defines access rules. @@ -33,7 +31,7 @@ Let's go through a full example to see how this would work in practice. Our goal in this example will be to create a new team (named `team1`) with one maintainer and one member, as well as a new repository (named `repo1`). We want to give `team1` write permissions on `repo1`, and we'd also like to add a external collaborator, named `collaborator1`, with read permissions. -The first step will be to create a pull request to add the entries below to the configuration files +The first step will be to create a pull request to add the entries below to the configuration files (*This configuration intentionally introduces a typo so we can describe CLOWarden's PR validation checks -team1 is misspelled-*): @@ -50,7 +48,7 @@ teams: repositories: - name: repo1 teams: - team1: write # team1 does not exist! The CLOWarden validation check will report an error in a PR as a comment + team1: write # team1 does not exist! The CLOWarden validation check will report an error in a PR as a comment external_collaborators: collaborator1: read visibility: public @@ -76,7 +74,7 @@ The pull request creator can now push a fix to address these issues. Once that's Now CLOWarden is happy with the changes proposed! This time, it also tried to help the maintainer who will approve the changes by describing in the comment what had changed. -Sometimes this may be easy to spot by just looking at a the diff on the PR. But on other occasions, depending on the changes applied, it can get trickier and be error prone, as just a single extra space or tabulation can have unintented consequences. So CLOWarden simplifies this by analyzing the changes itself and displaying them in an easy to read way as a comment on the PR. +Sometimes this may be easy to spot by just looking at a the diff on the PR. But on other occasions, depending on the changes applied, it can get trickier and be error prone, as just a single extra space or tabulation can have unintented consequences. So CLOWarden simplifies this by analyzing the changes itself and displaying them in an easy to read way as a comment on the PR. Outside of the context of a PR it is possible to view an autdit log of the changes made see the [#Audit tool](Audit tool) below