Migrate the Pipeline from Azure to Github actions (#571)

* update pipeline

Signed-off-by: Shubham Gupta <[email protected]>

* fix : container_quality_dockerfile_lint

Signed-off-by: Shubham Gupta <[email protected]>

* fix bugs

Signed-off-by: Shubham Gupta <[email protected]>

* fix : build_container_image and build_go_binary

Signed-off-by: Shubham Gupta <[email protected]>

* fix the image scanning

Signed-off-by: Shubham Gupta <[email protected]>

* Remove the trivy scan

Signed-off-by: Shubham Gupta <[email protected]>

* Move trivy scan

Signed-off-by: Shubham Gupta <[email protected]>

* change

Signed-off-by: Shubham Gupta <[email protected]>

* add scanner

Signed-off-by: Shubham Gupta <[email protected]>

* fix image Name

Signed-off-by: Shubham Gupta <[email protected]>

* remove scan

Signed-off-by: Shubham Gupta <[email protected]>

* UPDATE ACCESS TOKEN

Signed-off-by: Shubham Gupta <[email protected]>

---------

Signed-off-by: Shubham Gupta <[email protected]>

.github/workflows/operator-ci.yaml

@@ -0,0 +1,144 @@
+name: CI
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+env:
+  GolangVersion: 1.17
+  ApplicationName: redis-operator
+  DockerImagName: docker.io/opstree/redis-operator
+  BuildDocs: true
+  AppVersion: "v0.15.0"
+  DOCKERFILE_PATH: '**/Dockerfile'
+
+jobs:
+  gofmt:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GolangVersion }}
+      - name: Check Go Fmt
+        run: |
+          gofmt_files=$(go fmt ./... | wc -l)
+          if [[ ${gofmt_files} > 0 ]]
+          then
+              echo "Please format golang files using:- go fmt ./..."
+              exit 1
+          else
+              echo "All files are formated using gofmt"
+          fi
+
+  govet:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GolangVersion }}
+      - name: Run Go Vet
+        run: go vet ./...
+
+  code_quality_golang_ci_lint:
+    needs: [gofmt, govet]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GolangVersion }}
+      - name: Install GolangCI-Lint
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.40.0
+      - name: Run GolangCI-Lint
+        run: ./bin/golangci-lint run --timeout 5m0s ./...
+
+  container_quality_dockerfile_lint:
+    needs: [gofmt, govet]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Execute dockerlinter
+        uses: hadolint/[email protected]
+        with:
+          dockerfile: Dockerfile
+          ignore: DL3007,DL3018
+
+  build_go_binary:
+    needs: [code_quality_golang_ci_lint]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        arch: ['amd64', 'arm64']
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v2
+      - name: Setup Go Environment
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ env.GOLANG_VERSION }}
+      - name: Set GOARCH
+        run: echo "GOARCH=${{ matrix.arch }}" >> $GITHUB_ENV
+      - name: Build Go Binary
+        run: go build -o ${{ github.workspace }}/${{ env.APPLICATION_NAME }}
+      - name: Archive Binary
+        run: |
+          mkdir -p ${{ github.workspace }}/compiled/${{ matrix.arch }}
+          zip ${{ github.workspace }}/compiled/${{ matrix.arch }}/${{ env.APPLICATION_NAME }}-${{ matrix.arch }}.zip ${{ github.workspace }}/${{ env.APPLICATION_NAME }}
+
+  build_scan_container_image:
+    needs: [container_quality_dockerfile_lint]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Build arm64 image
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        platforms: linux/arm64
+        push: false
+        tags: ${{ env.DockerImagName }}:arm64
+
+    - name: Build amd64 image
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        platforms: linux/amd64
+        push: false
+        tags: ${{ env.DockerImagName }}:amd64
+    - name: Build multi-arch image
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        platforms: linux/arm64,linux/amd64
+        push: false
+        tags: ${{ env.DockerImagName }}:latest
+
+  gosec_scan:
+    needs: [build_go_binary]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v2
+      - name: Gosec Scan
+        uses: securego/gosec@master
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GOSEC_OUTPUT: "junit-xml:/github/workspace/gosec-results.xml"
+

.github/workflows/release-images.yaml

@@ -0,0 +1,150 @@
+name: Release container images
+
+on:
+  pull_request:
+    types: [closed]
+    branches:
+      - master
+
+env:
+  ApplicationName: redis-operator
+  QuayImageName: quay.io/opstree/redis-operator
+  AppVersion: "v0.15.0"
+  DOCKERFILE_PATH: '**/Dockerfile'
+
+jobs:
+  setup:
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Login to Quay.io
+      uses: docker/login-action@v2
+      with:
+        registry: quay.io
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.ACCESS_TOKEN }}
+
+  build_arm64:
+    needs: setup
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check existing AppVersion
+      id: check_version_arm64
+      run: |
+        EXISTS=$(curl -s https://quay.io/api/v1/repository/${{ env.QuayImageName }}/tag/?specificTag=${{ env.AppVersion }}-arm64 | jq '.tags | length')
+        echo "::set-output name=exists::$EXISTS"
+
+    - name: Build and push arm64 image
+      if: steps.check_version_arm64.outputs.exists == '0'
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        file: ${{ env.DOCKERFILE_PATH }}
+        platforms: linux/arm64
+        push: true
+        tags: ${{ env.QuayImageName }}:${{ env.AppVersion }}-arm64
+
+  build_amd64:
+    needs: setup
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check existing AppVersion
+      id: check_version_amd64
+      run: |
+        EXISTS=$(curl -s https://quay.io/api/v1/repository/${{ env.QuayImageName }}/tag/?specificTag=${{ env.AppVersion }}-amd64 | jq '.tags | length')
+        echo "::set-output name=exists::$EXISTS"
+
+    - name: Build and push amd64 image
+      if: steps.check_version_amd64.outputs.exists == '0'
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        file: ${{ env.DOCKERFILE_PATH }}
+        platforms: linux/amd64
+        push: true
+        tags: ${{ env.QuayImageName }}:${{ env.AppVersion }}-amd64
+
+  build_multi_arch:
+    needs: setup
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check existing AppVersion
+      id: check_version_multi_arch
+      run: |
+        EXISTS=$(curl -s https://quay.io/api/v1/repository/${{ env.QuayImageName }}/tag/?specificTag=${{ env.AppVersion }} | jq '.tags | length')
+        echo "::set-output name=exists::$EXISTS"
+
+    - name: Build and push multi-arch image
+      if: steps.check_version_multi_arch.outputs.exists == '0'
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        file: ${{ env.DOCKERFILE_PATH }}
+        platforms: linux/amd64,linux/arm64
+        push: true
+        tags: ${{ env.QuayImageName }}:${{ env.AppVersion }}
+
+    - name: Build and push multi-arch latest image
+      uses: docker/build-push-action@v2
+      with:
+        context: .
+        file: ${{ env.DOCKERFILE_PATH }}
+        platforms: linux/amd64,linux/arm64
+        push: true
+        tags: ${{ env.QuayImageName }}:latest
+
+  trivy_scan:
+    needs: [build_arm64, build_amd64, build_multi_arch]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Run Trivy vulnerability scanner for arm64 image
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ env.QuayImageName }}:${{ env.AppVersion }}-arm64
+        format: 'template'
+        template: '@/contrib/sarif.tpl'
+        output: 'trivy-results-arm64.sarif'
+        exit-code: '1'
+        ignore-unfixed: true
+        severity: 'CRITICAL,HIGH'
+    - name: Run Trivy vulnerability scanner for amd64 image
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ env.QuayImageName }}:${{ env.AppVersion }}-amd64
+        format: 'template'
+        template: '@/contrib/sarif.tpl'
+        output: 'trivy-results-amd64.sarif'
+        exit-code: '1'
+        ignore-unfixed: true
+        severity: 'CRITICAL,HIGH'
+    - name: Run Trivy vulnerability scanner for multi-arch image
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ env.QuayImageName }}:${{ env.AppVersion }}
+        format: 'template'
+        template: '@/contrib/sarif.tpl'
+        output: 'trivy-results-latest.sarif'
+        exit-code: '1'
+        ignore-unfixed: true
+        severity: 'CRITICAL,HIGH'
+    - name: Run Trivy vulnerability scanner for latest image
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref:  ${{ env.QuayImageName }}:latest
+        format: 'template'
+        template: '@/contrib/sarif.tpl'
+        output: 'trivy-results-latest.sarif'
+        exit-code: '1'
+        ignore-unfixed: true
+        severity: 'CRITICAL,HIGH'