Skip to content

Enable encryption at host for vms #9047

Enable encryption at host for vms

Enable encryption at host for vms #9047

---
name: Docker build
on: # yamllint disable-line rule:truthy
pull_request:
branches:
- main
- 'feature/**'
workflow_dispatch:
# for each ref (branch/pr) run just the most recent, cancel
# other pending/running ones
concurrency:
group: "${{ github.workflow }}-${{ github.head_ref }}"
cancel-in-progress: true
jobs:
docker_build:
name: Build images
runs-on: ubuntu-latest
steps:
- name: Upload Event File
# this step is required to publish test results from forks
uses: actions/upload-artifact@v4
with:
name: Event File
path: ${{ github.event_path }}
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Filter changes
uses: dorny/paths-filter@v3
id: filter
with:
filters: |
api:
- 'api_app/**/*'
api_version:
- 'api_app/_version.py'
resource_processor:
- 'resource_processor/**/*'
resource_processor_version:
- 'resource_processor/_version.py'
guacamole_server:
- 'templates/workspace_services/guacamole/guacamole-server/**/*'
guacamole_server_version:
- 'templates/workspace_services/guacamole/guacamole-server/docker/version.txt'
gitea:
- 'templates/shared_services/gitea/docker/**/*'
gitea_version:
- 'templates/shared_services/gitea/docker/version.txt'
airlock_processor:
- 'airlock_processor/**/*'
airlock_processor_version:
- 'airlock_processor/_version.py'
ui_app:
- 'ui/app/**/*'
ui_app_version:
- 'ui/app/package.json'
- name: "Stale version: api"
if: ${{ steps.filter.outputs.api == 'true' &&
steps.filter.outputs.api_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: "Stale version: resource_processor"
if: ${{ steps.filter.outputs.resource_processor == 'true' &&
steps.filter.outputs.resource_processor_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: "Stale version: guacamole_server"
if: ${{ steps.filter.outputs.guacamole_server == 'true' &&
steps.filter.outputs.guacamole_server_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: "Stale version: gitea"
if: ${{ steps.filter.outputs.gitea == 'true' &&
steps.filter.outputs.gitea_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: "Stale version: airlock_processor"
if: ${{ steps.filter.outputs.airlock_processor == 'true' &&
steps.filter.outputs.airlock_processor_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: "Stale version: ui_app"
if: ${{ steps.filter.outputs.ui_app == 'true' &&
steps.filter.outputs.ui_app_version == 'false' }}
run: echo "::error::Code update without version change" && exit 1
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
# Unit Tests are executed by calling the 'test-results' target in the
# Dockerfile's. Test runner exit codes must be swallowed (and kept) so we
# can output the test results. This means we have to check for failure
# trigger files in later steps.
- name: "Test image: api"
# test should be before build since its docker target
# is prior to runtime
if: |
(steps.filter.outputs.api == 'true'
|| github.event_name == 'workflow_dispatch')
uses: docker/build-push-action@v5
with:
context: ./api_app/
file: ./api_app/Dockerfile
outputs: type=local,dest=test-results
target: test-results
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Check pytest failure file existence"
id: check_api_test_result
uses: andstor/file-existence-action@v3
with:
files: "test-results/pytest_api_unit_failed"
- name: "Build image: api"
if: |
(steps.filter.outputs.api == 'true'
|| github.event_name == 'workflow_dispatch')
&& steps.check_api_test_result.outputs.files_exists == 'false'
uses: docker/build-push-action@v5
with:
context: ./api_app/
file: ./api_app/Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Build image: resource_processor"
if: |
(steps.filter.outputs.resource_processor == 'true'
|| github.event_name == 'workflow_dispatch')
uses: docker/build-push-action@v5
with:
context: ./resource_processor
file: ./resource_processor/vmss_porter/Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Test image: guacamole_server"
if: |
(steps.filter.outputs.guacamole_server == 'true'
|| github.event_name == 'workflow_dispatch')
uses: docker/build-push-action@v5
with:
context: ./templates/workspace_services/guacamole/guacamole-server
file: ./templates/workspace_services/guacamole/guacamole-server/docker/Dockerfile
outputs: type=local,dest=test-results
target: test-results
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Check maven failure file existence"
id: check_maven_test_result
uses: andstor/file-existence-action@v3
with:
files: "test-results/guacamole_package_failed"
- name: "Build image: guacamole_server"
if: |
(steps.filter.outputs.guacamole_server == 'true'
|| github.event_name == 'workflow_dispatch')
&& steps.check_maven_test_result.outputs.files_exists == 'false'
uses: docker/build-push-action@v5
with:
context: ./templates/workspace_services/guacamole/guacamole-server
file: ./templates/workspace_services/guacamole/guacamole-server/docker/Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Build image: gitea"
if: |
(steps.filter.outputs.gitea == 'true'
|| github.event_name == 'workflow_dispatch')
uses: docker/build-push-action@v5
with:
context: ./templates/shared_services/gitea/docker
file: ./templates/shared_services/gitea/docker/Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
# Unit Tests are executed by calling the 'test-results' target in the
# Dockerfile's. Test runner exit codes must be swallowed (and kept) so we
# can output the test results. This means we have to check for failure
# trigger files in later steps.
- name: "Test image: airlock_processor"
# test should be before build since its docker target
# is prior to runtime
if: |
(steps.filter.outputs.airlock_processor == 'true'
|| github.event_name == 'workflow_dispatch')
uses: docker/build-push-action@v5
with:
context: ./airlock_processor/
file: ./airlock_processor/Dockerfile
outputs: type=local,dest=test-results
target: test-results
cache-from: type=gha
cache-to: type=gha,mode=max
- name: "Check pytest failure file existence"
id: check_airlock_processor_test_result
uses: andstor/file-existence-action@v3
with:
files: "test-results/pytest_airlock_processor_unit_failed"
- name: "Build image: airlock_processor"
if: |
(steps.filter.outputs.airlock_processor == 'true'
|| github.event_name == 'workflow_dispatch')
&& steps.check_airlock_processor_test_result.outputs.files_exists == 'false'
uses: docker/build-push-action@v5
with:
context: ./airlock_processor/
file: ./airlock_processor/Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Upload Unit Test Results
if: always()
uses: actions/upload-artifact@v4
with:
name: test-results
path: test-results