From 5edc4de6b9d52ddf6f9cabeb268d724fe8909586 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 12 Sep 2025 09:59:05 +0200 Subject: [PATCH 1/3] test building docker images on AWS --- .github/workflows/build-docker.yml | 30 +++++++++++++----------------- .github/workflows/current.yml | 1 + .github/workflows/e2e.yml | 22 +++++++++++++++++----- 3 files changed, 31 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 13ded1fedf..c17f985182 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -18,24 +18,22 @@ env: jobs: build-docker: runs-on: - - self-hosted - - Linux - - ${{ matrix.runner }} + - codebuild-defguard-core-runner-${{ github.run_id }}-${{ github.run_attempt }} + image:${{ matrix.os }} + instance-size:${{ matrix.size }} strategy: matrix: - # cpu: [arm64, amd64, arm/v7] cpu: [arm64, amd64] include: - - cpu: arm64 - runner: ARM64 + - os: arm-3.0 + size: xlarge + cpu: arm64 tag: arm64 - - cpu: amd64 - runner: X64 + - os: ubuntu-7.0 + size: xlarge + cpu: amd64 tag: amd64 - # - cpu: arm/v7 - # runner: ARM - # tag: armv7 permissions: contents: read @@ -56,10 +54,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | - [registry."docker.io"] - mirrors = ["dockerhub-proxy.teonite.net"] - name: Build container uses: docker/build-push-action@v6 @@ -69,8 +63,10 @@ jobs: provenance: false push: true tags: "${{ env.GHCR_REPO }}:${{ github.sha }}-${{ matrix.tag }}" - cache-from: type=gha - cache-to: type=gha,mode=max + cache-from: | + type=registry,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }} + type=registry,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }}-${{ github.ref_name }} + cache-to: type=registry,mode=max,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }}-${{ github.ref_name }} - name: Scan image with Trivy uses: aquasecurity/trivy-action@0.32.0 diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml index 62bb823050..c84e007ce7 100644 --- a/.github/workflows/current.yml +++ b/.github/workflows/current.yml @@ -9,6 +9,7 @@ on: - main - dev - "release/**" + - aws_docker_build paths-ignore: - "*.md" - "LICENSE" diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 5382d55c24..e81577820b 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -10,21 +10,22 @@ permissions: jobs: test: - runs-on: [self-hosted, Linux, X64] + runs-on: + - codebuild-defguard-core-runner-${{ github.run_id }}-${{ github.run_attempt }} + instance-size:2xlarge + steps: - uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | - [registry."docker.io"] - mirrors = ["dockerhub-proxy.teonite.net"] + - name: Login to GitHub container registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Export image tag run: | # strip "refs/heads.” to get just the branch name @@ -38,16 +39,19 @@ jobs: fi echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV echo "E2E tests will run on IMAGE_TAG=$IMAGE_TAG" + - name: Set up Node uses: actions/setup-node@v4 with: node-version-file: "./e2e/.nvmrc" + - name: Install pnpm id: pnpm-install uses: pnpm/action-setup@v4 with: version: 10 run_install: false + - name: Get pnpm store directory id: pnpm-cache shell: bash @@ -61,20 +65,26 @@ jobs: key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} restore-keys: | ${{ runner.os }}-pnpm-store- + - name: Pull images run: docker compose --file './docker-compose.e2e.yaml' pull + - name: Install E2E dependencies working-directory: ./e2e run: pnpm install --frozen-lockfile + - name: Install playwright chromium working-directory: ./e2e run: npx playwright install chromium + - name: run tests working-directory: ./e2e run: pnpm test + - name: Stop compose if: always() run: docker compose --file './docker-compose.e2e.yaml' down + - uses: actions/upload-artifact@v4 if: failure() with: @@ -82,11 +92,13 @@ jobs: path: | ./e2e/playwright-report retention-days: 7 + trigger-dev-deploy: needs: test if: ${{ github.event_name != 'pull_request' && github.ref_name == 'dev' }} uses: ./.github/workflows/dev-deployment.yml secrets: inherit + trigger-staging-deploy: needs: test if: ${{ github.event_name != 'pull_request' && startsWith(github.ref_name, 'release/') }} From b94cf2644427866d91116bfe696ccebaa409ec67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 12 Sep 2025 10:23:42 +0200 Subject: [PATCH 2/3] add temporary tag override --- .github/workflows/e2e.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index e81577820b..f1122d62ed 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -37,6 +37,7 @@ jobs: # main/dev branch IMAGE_TAG=$BRANCH fi + IMAGE_TAG=main echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV echo "E2E tests will run on IMAGE_TAG=$IMAGE_TAG" From d39a32509467556067bf169aadf5cc21b851276e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 12 Sep 2025 10:58:53 +0200 Subject: [PATCH 3/3] remove temporary overrides --- .github/workflows/current.yml | 1 - .github/workflows/e2e.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml index c84e007ce7..62bb823050 100644 --- a/.github/workflows/current.yml +++ b/.github/workflows/current.yml @@ -9,7 +9,6 @@ on: - main - dev - "release/**" - - aws_docker_build paths-ignore: - "*.md" - "LICENSE" diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index f1122d62ed..e81577820b 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -37,7 +37,6 @@ jobs: # main/dev branch IMAGE_TAG=$BRANCH fi - IMAGE_TAG=main echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV echo "E2E tests will run on IMAGE_TAG=$IMAGE_TAG"