Skip to content

Commit 2ad4211

Browse files
anurag4DSBanurag4DSB
authored
Merge pull request #143 from scality/improvement/OSIS-147-move-to-ghcr
Improvement/osis 147 move to ghcr and bump OSIS
2 parents d2d41a0 + 2c118c5 commit 2ad4211

File tree

11 files changed

+126
-50
lines changed

11 files changed

+126
-50
lines changed

.github/workflows/codeql.yaml

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
---
2+
name: codeQL
3+
4+
on:
5+
push:
6+
branches:
7+
- main
8+
- development/2.1
9+
pull_request:
10+
branches:
11+
- main
12+
- development/2.1
13+
workflow_dispatch:
14+
15+
jobs:
16+
analyze:
17+
name: Static analysis with CodeQL
18+
permissions:
19+
actions: read
20+
contents: read
21+
security-events: write
22+
runs-on: ubuntu-latest
23+
env:
24+
NEXUS_UNAME: ${{ secrets.NEXUS_USERNAME }}
25+
NEXUS_PWD: ${{ secrets.NEXUS_PASSWORD }}
26+
steps:
27+
- name: Checkout code
28+
uses: actions/checkout@v4
29+
30+
- name: Initialize CodeQL
31+
uses: github/codeql-action/init@v3
32+
with:
33+
languages: java
34+
35+
- name: Setup Java
36+
uses: actions/setup-java@v4
37+
with:
38+
distribution: "corretto"
39+
java-version: "17"
40+
41+
- name: Setup Gradle
42+
uses: gradle/gradle-build-action@v3
43+
with:
44+
gradle-version: 7.3
45+
46+
- name: Execute build with Gradle wrapper
47+
run: ./gradlew build -PsonatypeUsername=$NEXUS_UNAME -PsonatypePassword=$NEXUS_PWD
48+
49+
- name: Build and analyze
50+
uses: github/codeql-action/analyze@v3

.github/workflows/dependency-review.yaml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
---
2+
name: dependency review
3+
4+
on:
5+
pull_request:
6+
branches:
7+
- main
8+
- development/2.1
9+
10+
jobs:
11+
dependency-review:
12+
runs-on: ubuntu-latest
13+
steps:
14+
- name: 'Checkout Repository'
15+
uses: actions/checkout@v4
16+
17+
- name: 'Dependency Review'
18+
uses: actions/dependency-review-action@v4

.github/workflows/docker-build.yml

Lines changed: 8 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -4,28 +4,13 @@ name: docker-build
44
on:
55
workflow_call:
66
inputs:
7-
namespace:
8-
required: false
9-
type: string
10-
default: osis-dev
117
tag:
128
required: false
139
type: string
1410
default: "${{ github.sha }}"
15-
registry:
16-
required: false
17-
type: string
18-
default: registry.scality.com
19-
secrets:
20-
REGISTRY_LOGIN:
21-
required: true
22-
REGISTRY_PASSWORD:
23-
required: true
2411

2512
env:
26-
NAMESPACE: ${{ inputs.namespace }}
2713
TAG: ${{ inputs.tag }}
28-
REGISTRY: ${{ inputs.registry }}
2914

3015
jobs:
3116
build:
@@ -34,25 +19,23 @@ jobs:
3419
timeout-minutes: 10
3520
steps:
3621
- name: Checkout
37-
uses: actions/checkout@v3
22+
uses: actions/checkout@v4
3823

3924
- name: Set up Docker Buildx
40-
uses: docker/setup-buildx-action@v2
25+
uses: docker/setup-buildx-action@v3
4126

4227
- name: Login to Registry
43-
uses: docker/login-action@v2
28+
uses: docker/login-action@v3
4429
with:
45-
registry: ${{ env.REGISTRY }}
46-
username: ${{ secrets.REGISTRY_LOGIN }}
47-
password: ${{ secrets.REGISTRY_PASSWORD }}
30+
registry: ghcr.io
31+
username: ${{ github.repository_owner }}
32+
password: ${{ github.token }}
4833

4934
- name: Build and push development docker image
50-
uses: docker/build-push-action@v3
35+
uses: docker/build-push-action@v5
5136
with:
5237
context: .
5338
push: true
54-
tags: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/osis:${{ env.TAG }}
39+
tags: ghcr.io/${{ github.repository }}:${{ env.TAG }}
5540
cache-from: type=gha,scope=osis
5641
cache-to: type=gha,mode=max,scope=osis
57-
build-args: |
58-
NODE_ENV=${{ matrix.build.env }}

.github/workflows/gradle-build-and-upload.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,16 +21,16 @@ jobs:
2121
SIGNING_PWD: ${{ secrets.SIGNING_PASSWORD }}
2222
steps:
2323
- name: Checkout
24-
uses: actions/checkout@v3
24+
uses: actions/checkout@v4
2525

2626
- name: Setup Java
27-
uses: actions/setup-java@v3
27+
uses: actions/setup-java@v4
2828
with:
2929
distribution: "corretto"
3030
java-version: "17"
3131

3232
- name: Setup Gradle
33-
uses: gradle/gradle-build-action@v2
33+
uses: gradle/gradle-build-action@v3
3434
with:
3535
gradle-version: 7.3
3636

.github/workflows/release.yml

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,7 @@ jobs:
1313
name: Docker image
1414
uses: ./.github/workflows/docker-build.yml
1515
with:
16-
namespace: osis
1716
tag: ${{ github.event.inputs.tag }}
18-
secrets:
19-
REGISTRY_LOGIN: ${{ secrets.REGISTRY_LOGIN }}
20-
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
2117

2218
github-release:
2319
name: Creating GitHub Release
@@ -27,7 +23,7 @@ jobs:
2723
- docker-build
2824
steps:
2925
- name: Github Release
30-
uses: softprops/action-gh-release@v1
26+
uses: softprops/action-gh-release@v2
3127
env:
3228
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
3329
with:

.github/workflows/security.yaml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
---
2+
name: security
3+
4+
on:
5+
push:
6+
branches:
7+
- main
8+
- development/2.1
9+
release:
10+
types: [published]
11+
pull_request:
12+
branches:
13+
- main
14+
- development/2.1
15+
schedule:
16+
- cron: '0 8 * * 1' # Monday - 8am - UTC
17+
workflow_dispatch:
18+
19+
jobs:
20+
build:
21+
permissions:
22+
contents: read
23+
packages: write
24+
uses: ./.github/workflows/docker-build.yml
25+
26+
trivy:
27+
needs: build
28+
name: Trivy Vulnerability Scan for Code
29+
uses: scality/workflows/.github/workflows/trivy.yaml@v2
30+
with:
31+
name: ${{ github.event.repository.name }}
32+
namespace: ${{ github.repository_owner }}
33+
registry: ghcr.io

.github/workflows/test-and-build.yml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,17 +16,14 @@ jobs:
1616
docker-build:
1717
name: Development docker image
1818
uses: ./.github/workflows/docker-build.yml
19-
secrets:
20-
REGISTRY_LOGIN: ${{ secrets.REGISTRY_LOGIN }}
21-
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
2219

2320
code_coverage:
2421
name: code coverage
2522
runs-on: ubuntu-latest
2623
timeout-minutes: 10
2724
steps:
2825
- name: Upload coverage to Codecov
29-
uses: codecov/codecov-action@v3
26+
uses: codecov/codecov-action@v4
3027
with:
3128
token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
3229
name: codecov-osis

README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,11 +20,11 @@ This project is for OSIS, which integrates [Scality RING](https://www.scality.co
2020
```
2121
Dev:
2222
```sh
23-
$ docker pull registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality:<short SHA-1 commit hash>
23+
docker pull ghcr.io/scality/osis:<short SHA-1 commit hash>
2424
```
2525
Production image:
2626
```sh
27-
$ docker pull registry.scality.com/vmware-ose-scality/vmware-ose-scality:<tag>
27+
docker pull ghcr.io/scality/osis:<tag>
2828
```
2929
1. Generate a self-signed SSL certificate and store it in a binary PKCS#12 format file with extension `.p12` file. (Refer [here](#To-generate-PKCS12-file-for-self-signed-SSL-certificate))
3030

@@ -57,7 +57,7 @@ This project is for OSIS, which integrates [Scality RING](https://www.scality.co
5757
-v <absolute_path_to_.p12_file>:/app/lib/osis.p12:ro,z \
5858
-v <absolute_path_to_crypto.yml_file>:/conf/crypto.yml:ro,z \
5959
-v <absolute_path_to_application.properties_file>:/conf/application.properties:ro,z \
60-
registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality:<short SHA-1 commit hash>
60+
ghcr.io/scality/osis:<short SHA-1 commit hash>
6161
```
6262
Production image:
6363
```sh
@@ -68,7 +68,7 @@ This project is for OSIS, which integrates [Scality RING](https://www.scality.co
6868
-v <absolute_path_to_.p12_file>:/app/lib/osis.p12:ro,z \
6969
-v <absolute_path_to_crypto.yml_file>:/conf/crypto.yml:ro,z \
7070
-v <absolute_path_to_application.properties_file>:/conf/application.properties:ro,z \
71-
registry.scality.com/vmware-ose-scality/vmware-ose-scality:<tag>
71+
ghcr.io/scality/osis:<tag>
7272
```
7373
7474

build.gradle

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
buildscript {
22
ext {
3-
osisVersion = '2.1.3'
3+
osisVersion = '2.1.4'
44
vaultclientVersion = '1.1.2'
55
springBootVersion = '2.7.6'
66
}

docs/RELEASE.md

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,10 @@
22

33
## Docker Image generation
44

5-
Docker images are hosted on registry.scality.com.
6-
It has two names spaces for Vmware-ose-scality:
5+
Docker images are hosted on ghcr.io/scality.
6+
It has one image:
77

8-
* Production Namespace: registry.scality.com/vmware-ose-scality
9-
* Dev Namespace: registry.scality.com/vmware-ose-scality-dev
8+
* Production container image: ghcr.io/scality/osis
109

1110
Production namespace provides write access to a few admins and CI while read
1211
access is given to all the developers. Dev namespace provides write access
@@ -17,8 +16,8 @@ images to be used by developers, CI builds, build chain and so on.
1716
## How to pull docker images
1817

1918
```sh
20-
docker pull registry.scality.com/vmware-ose-scality-dev/vmware-ose-scality:<short SHA-1 commit hash>
21-
docker pull registry.scality.com/vmware-ose-scality/vmware-ose-scality:<tag>
19+
docker pull ghcr.io/scality/osis:<short SHA-1 commit hash>
20+
docker pull ghcr.io/scality/osis:<tag>
2221
```
2322

2423
## Release Process

0 commit comments

Comments
 (0)