Merge pull request #353 from NikitaSkrynnik/script

Script
NikitaSkrynnik · Jan 11, 2024 · 5fc641f · 5fc641f
2 parents 62ede08 + d3d798f
commit 5fc641f
Show file tree

Hide file tree

Showing 224 changed files with 695 additions and 361 deletions.
diff --git a/.github/workflows/check-cves.yaml b/.github/workflows/check-cves.yaml
@@ -52,24 +52,21 @@ jobs:
             for file in cves/*; do
               files="${files} $file"
             done
-            
+
             jq '.runs[].results += [inputs.runs[].results.[]]' $files > temp.json
             jq '.runs[].tool.driver.rules += [inputs.runs[].tool.driver.rules[]]' temp.json $files > merged.json
             jq '.runs[].tool.driver.rules |= unique_by(.id)' merged.json > unique.json
-
             jq '.runs[].results | group_by(.ruleId)' unique.json > group_by.json
 
             jq 'map(.[0].message.text =
-              reduce .[] as $cve (""; . += $cve.locations[0].physicalLocation.artifactLocation.uri + "\n") + 
+              reduce .[] as $cve (""; . += $cve.locations[0].physicalLocation.artifactLocation.uri + "\n") +
               .[0].message.text) | [.[][0]]' group_by.json > reduced.json
-            
+
             jq '.runs[].results = input' unique.json reduced.json > final.json
             jq 'reduce .runs[].results[] as $cve ({}; .[$cve.ruleId] += 1) ' final.json > count.json
-            jq --arg sha ${GITHUB_SHA} '.runs[].results[].locations[].physicalLocation.artifactLocation.uri 
+            jq --arg sha ${GITHUB_SHA} '.runs[].results[].locations[].physicalLocation.artifactLocation.uri
               = "github.com/networkservicemesh/deployments-k8s:" + $sha' final.json > results.json
 
-            cat results.json
-
       - name: Upload CVEs
         uses: github/codeql-action/upload-sarif@v2
         with:

diff --git a/.github/workflows/check-failed-workflows.yaml b/.github/workflows/check-failed-workflows.yaml
@@ -0,0 +1,49 @@
+---
+name: Check failed auto-pull-request workflows
+on:
+  schedule:
+    # At 00:00 every day
+    - cron: '0 0 * * *'
+jobs:
+  fetch-cmd-repositories:
+    name: Fetch organization repositories
+    runs-on: ubuntu-latest
+    outputs:
+      repositories: ${{ steps.organization-repositories.outputs.repositories }}
+    steps:
+      - name: Run `get-organization-repositories`
+        id: organization-repositories
+        uses: denis-tingajkin/get-organization-repositories@v1.0.1
+        with:
+          github-organization: 'networkservicemesh'
+          regex: 'cmd-.*'
+  check-failed-workflows:
+    strategy:
+      matrix:
+        repository: ${{ fromJSON(needs.fetch-cmd-repositories.outputs.repositories) }}
+    needs: fetch-cmd-repositories
+    name: Check failed auto-pull-request workflows
+    runs-on: ubuntu-latest
+    if: github.repository != 'networkservicemesh/cmd-template'
+    steps:
+      - name: Check Failed Workflows
+        run: |
+          repo="deployments-k8s"
+          owner="networkservicemesh"
+
+          runs=$(gh api \
+          -H "Accept: application/vnd.github+json" \
+          -H "X-GitHub-Api-Version: 2022-11-28" \
+          /repos/$owner/$repo/actions/runs?branch=update/$owner/${{ matrix.repository }})
+
+          lastRun=$(echo $runs | jq '[.workflow_runs | .[] | select(.name=="Pull Request on update/* Branch Push")][0]')
+          lastRunConclusion=$(echo $lastRun | jq -r '.conclusion')
+          lastRunStatus=$(echo $lastRun | jq -r '.status')
+
+          echo Conclusion for ${{ matrix.repository }} is $lastRunConclusion
+          if [ "$lastRunConclusion" == "failure" ] && [ "$lastRunStatus" == "completed" ]; then
+            runID=$(echo $lastRun | jq -r '.id')
+            gh run rerun $runID --repo $owner/$repo
+          fi
+        env:
+          GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
diff --git a/.github/workflows/pr-for-updates.yaml b/.github/workflows/pr-for-updates.yaml
@@ -10,16 +10,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - name: Construct PR message
+      - name: Create a Pull Request
         run: |
-          PULL_REQUEST_BODY=$(git log --pretty='format:%B' -1 | sed '/^$/d;$d' | sed 's/#/# /g')
-          echo "$PULL_REQUEST_BODY"
-          echo "PULL_REQUEST_BODY<<EOF" >> $GITHUB_ENV
-          echo "$PULL_REQUEST_BODY" >> $GITHUB_ENV
-          echo "EOF" >> $GITHUB_ENV
-      - name: pull-request-action
-        uses: vsoch/pull-request-action@1.1.0
+          ref=${{ github.ref }}
+          branch=${ref#"refs/heads/"}
+
+          prTitle="Update from $branch"
+          prBody=$(git log --pretty='format:%B' -1 | sed '/^$/d;$d' | sed 's/#/# /g')
+          gh pr create -B "main" -H "$ref" --title "$prTitle" --body "$prBody"
         env:
           GITHUB_TOKEN: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
-          BRANCH_PREFIX: "update/"
-          PULL_REQUEST_BRANCH: "main"
diff --git a/apps/admission-webhook-k8s/admission-webhook.yaml b/apps/admission-webhook-k8s/admission-webhook.yaml
@@ -18,7 +18,7 @@ spec:
       serviceAccount: admission-webhook-sa
       containers:
         - name: admission-webhook-k8s
-          image: ghcr.io/networkservicemesh/ci/cmd-admission-webhook-k8s:d3803fe
+          image: ghcr.io/networkservicemesh/ci/cmd-admission-webhook-k8s:9dad9da
           imagePullPolicy: IfNotPresent
           readinessProbe:
             httpGet:
@@ -41,9 +41,9 @@ spec:
             - name: NSM_ANNOTATION
               value: networkservicemesh.io
             - name: NSM_CONTAINER_IMAGES
-              value: ghcr.io/networkservicemesh/ci/cmd-nsc:350e2cd
+              value: ghcr.io/networkservicemesh/ci/cmd-nsc:cfc2107
             - name: NSM_INIT_CONTAINER_IMAGES
-              value: ghcr.io/networkservicemesh/ci/cmd-nsc-init:3a833d2
+              value: ghcr.io/networkservicemesh/ci/cmd-nsc-init:3442d4c
             - name: NSM_LABELS
               value: spiffe.io/spiffe-id:true
             - name: NSM_ENVS

diff --git a/apps/cluster-info/cluster-info.yaml b/apps/cluster-info/cluster-info.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       serviceAccountName: cluster-info-sa
       containers:
-        - image: ghcr.io/networkservicemesh/ci/cmd-cluster-info-k8s:d538ffa
+        - image: ghcr.io/networkservicemesh/ci/cmd-cluster-info-k8s:e42bc28
           env:
             - name: NSM_NAMESPACE
               valueFrom:

diff --git a/apps/csi-driver/csi-driver.yaml b/apps/csi-driver/csi-driver.yaml
@@ -39,7 +39,7 @@ spec:
       containers:
         # This is the container which runs the NSM CSI driver.
         - name: nsm-csi-driver
-          image: ghcr.io/networkservicemesh/ci/cmd-csi-driver:0453973
+          image: ghcr.io/networkservicemesh/ci/cmd-csi-driver:fc7977f
           imagePullPolicy: IfNotPresent
           env:
             # The CSI driver needs a unique node ID. The node name can be
@@ -53,7 +53,7 @@ spec:
             - name: NSM_CSI_SOCKET_PATH
               value: "/nsm-csi/csi.sock"
             - name: NSM_VERSION
-              value: cmd-csi-driver:0453973
+              value: cmd-csi-driver:fc7977f
           volumeMounts:
             # The volume containing the Network Service API socket.
             # The NSM CSI driver will mount this directory into containers.

diff --git a/apps/dashboard/dashboard-pod.yaml b/apps/dashboard/dashboard-pod.yaml
@@ -10,7 +10,7 @@ metadata:
 spec:
   containers:
   - name: dashboard-backend
-    image: ghcr.io/networkservicemesh/ci/cmd-dashboard-backend:b5e41ee
+    image: ghcr.io/networkservicemesh/ci/cmd-dashboard-backend:907d075
     imagePullPolicy: IfNotPresent
     ports:
       - containerPort: 3001
@@ -24,7 +24,7 @@ spec:
         mountPath: /run/spire/sockets
         readOnly: true
   - name: dashboard-ui
-    image: ghcr.io/networkservicemesh/ci/cmd-dashboard-ui:24884b8
+    image: ghcr.io/networkservicemesh/ci/cmd-dashboard-ui:dba78d7
     imagePullPolicy: IfNotPresent
     ports:
       - containerPort: 3000

diff --git a/apps/forwarder-ovs/forwarder.yaml b/apps/forwarder-ovs/forwarder.yaml
@@ -18,7 +18,7 @@ spec:
       hostPID: true
       hostNetwork: true
       containers:
-        - image: ghcr.io/networkservicemesh/ci/cmd-forwarder-ovs:abd7fa6
+        - image: ghcr.io/networkservicemesh/ci/cmd-forwarder-ovs:73380e1
           imagePullPolicy: IfNotPresent
           name: forwarder-ovs
           securityContext:

diff --git a/apps/forwarder-sriov/forwarder.yaml b/apps/forwarder-sriov/forwarder.yaml
@@ -18,7 +18,7 @@ spec:
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
       containers:
-        - image: ghcr.io/networkservicemesh/ci/cmd-forwarder-sriov:07f10c4
+        - image: ghcr.io/networkservicemesh/ci/cmd-forwarder-sriov:1b00bb6
           imagePullPolicy: IfNotPresent
           name: forwarder-sriov
           securityContext:

diff --git a/apps/forwarder-vpp/forwarder.yaml b/apps/forwarder-vpp/forwarder.yaml
@@ -19,7 +19,7 @@ spec:
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
       containers:
-        - image: ghcr.io/networkservicemesh/ci/cmd-forwarder-vpp:25a92af
+        - image: ghcr.io/networkservicemesh/ci/cmd-forwarder-vpp:9e3a367
           imagePullPolicy: IfNotPresent
           name: forwarder-vpp
           securityContext:

diff --git a/apps/nsc-kernel/nsc.yaml b/apps/nsc-kernel/nsc.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: nsc
-          image: ghcr.io/networkservicemesh/ci/cmd-nsc:350e2cd
+          image: ghcr.io/networkservicemesh/ci/cmd-nsc:cfc2107
           imagePullPolicy: IfNotPresent
           env:
             - name: SPIFFE_ENDPOINT_SOCKET

diff --git a/apps/nsc-memif/nsc.yaml b/apps/nsc-memif/nsc.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: nsc
-          image: ghcr.io/networkservicemesh/ci/cmd-nsc-vpp:808ff58
+          image: nsc-vpp
           imagePullPolicy: IfNotPresent
           env:
             - name: SPIFFE_ENDPOINT_SOCKET

diff --git a/apps/nsc-simple-docker/docker-compose.yaml b/apps/nsc-simple-docker/docker-compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
   nsc-simple-docker:
-    image: ghcr.io/networkservicemesh/ci/cmd-nsc-simple-docker:76ec654
+    image: ghcr.io/networkservicemesh/ci/cmd-nsc-simple-docker:cd49885
     privileged: true
     container_name: nsc-simple-docker
     restart: always

diff --git a/apps/nsc-vfio/nsc.yaml b/apps/nsc-vfio/nsc.yaml
@@ -26,7 +26,7 @@ spec:
               mountPath: /dev/vfio
 
         - name: nsc
-          image: ghcr.io/networkservicemesh/ci/cmd-nsc:350e2cd
+          image: ghcr.io/networkservicemesh/ci/cmd-nsc:cfc2107
           imagePullPolicy: IfNotPresent
           env:
             - name: SPIFFE_ENDPOINT_SOCKET

diff --git a/apps/nse-firewall-vpp/nse.yaml b/apps/nse-firewall-vpp/nse.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: nse
-          image: ghcr.io/networkservicemesh/ci/cmd-nse-firewall-vpp:3b27d17
+          image: ghcr.io/networkservicemesh/ci/cmd-nse-firewall-vpp:545fb1e
           imagePullPolicy: IfNotPresent
           env:
             - name: SPIFFE_ENDPOINT_SOCKET

diff --git a/apps/nse-kernel/nse.yaml b/apps/nse-kernel/nse.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: nse
-          image: ghcr.io/networkservicemesh/ci/cmd-nse-icmp-responder:4989e87
+          image: ghcr.io/networkservicemesh/ci/cmd-nse-icmp-responder:75f6b17
           imagePullPolicy: IfNotPresent
           env:
             - name: SPIFFE_ENDPOINT_SOCKET

diff --git a/apps/nse-memif/nse.yaml b/apps/nse-memif/nse.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: nse
-          image: ghcr.io/networkservicemesh/ci/cmd-nse-icmp-responder-vpp:27c9319
+          image: ghcr.io/networkservicemesh/ci/cmd-nse-icmp-responder-vpp:3e405cd
           imagePullPolicy: IfNotPresent
           env:
             - name: SPIFFE_ENDPOINT_SOCKET

diff --git a/apps/nse-noop/nse.yaml b/apps/nse-noop/nse.yaml
@@ -18,7 +18,7 @@ spec:
       hostNetwork: true
       containers:
         - name: nse
-          image: ghcr.io/networkservicemesh/ci/cmd-nse-vfio:a826207
+          image: ghcr.io/networkservicemesh/ci/cmd-nse-vfio:5f83cc3
           env:
             - name: SPIFFE_ENDPOINT_SOCKET
               value: unix:///run/spire/sockets/agent.sock

diff --git a/apps/nse-remote-vlan/nse-remote-vlan.yaml b/apps/nse-remote-vlan/nse-remote-vlan.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: nse
-          image: ghcr.io/networkservicemesh/ci/cmd-nse-remote-vlan:0117218
+          image: ghcr.io/networkservicemesh/ci/cmd-nse-remote-vlan:4ee5122
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 5003

diff --git a/apps/nse-simple-vl3-docker/docker-compose.yaml b/apps/nse-simple-vl3-docker/docker-compose.yaml
@@ -1,7 +1,7 @@
 ---
 services:
   nse-simple-vl3-docker:
-    image: ghcr.io/networkservicemesh/ci/cmd-nse-simple-vl3-docker:e50d172
+    image: ghcr.io/networkservicemesh/ci/cmd-nse-simple-vl3-docker:42aacd8
     privileged: true
     container_name: nse-simple-vl3-docker
     restart: always

diff --git a/apps/nse-supplier-k8s/supplier.yaml b/apps/nse-supplier-k8s/supplier.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: nse-supplier
-          image: ghcr.io/networkservicemesh/ci/cmd-nse-supplier-k8s:56a4380
+          image: ghcr.io/networkservicemesh/ci/cmd-nse-supplier-k8s:2aa41de
           imagePullPolicy: IfNotPresent
           env:
             - name: SPIFFE_ENDPOINT_SOCKET

diff --git a/apps/nse-vfio/nse.yaml b/apps/nse-vfio/nse.yaml
@@ -32,7 +32,7 @@ spec:
               mountPath: /dev/vfio
 
         - name: nse
-          image: ghcr.io/networkservicemesh/ci/cmd-nse-vfio:a826207
+          image: ghcr.io/networkservicemesh/ci/cmd-nse-vfio:5f83cc3
           env:
             - name: SPIFFE_ENDPOINT_SOCKET
               value: unix:///run/spire/sockets/agent.sock

diff --git a/apps/nse-vl3-vpp/nse.yaml b/apps/nse-vl3-vpp/nse.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: nse
-          image: ghcr.io/networkservicemesh/ci/cmd-nse-vl3-vpp:fd53c1f
+          image: ghcr.io/networkservicemesh/ci/cmd-nse-vl3-vpp:b31ee45
           imagePullPolicy: IfNotPresent
           env:
             - name: SPIFFE_ENDPOINT_SOCKET

diff --git a/apps/nse-vlan-vpp/nse.yaml b/apps/nse-vlan-vpp/nse.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: nse
-          image: ghcr.io/networkservicemesh/ci/cmd-nse-vlan-vpp:eefc857
+          image: ghcr.io/networkservicemesh/ci/cmd-nse-vlan-vpp:74a21be
           imagePullPolicy: IfNotPresent
           securityContext:
             privileged: true

diff --git a/apps/nsmgr-proxy/nsmgr-proxy.yaml b/apps/nsmgr-proxy/nsmgr-proxy.yaml
@@ -56,7 +56,7 @@ spec:
             limits:
               memory: 100Mi
               cpu: 400m
-        - image: ghcr.io/networkservicemesh/ci/cmd-map-ip-k8s:2e6a141
+        - image: ghcr.io/networkservicemesh/ci/cmd-map-ip-k8s:c9d684d
           imagePullPolicy: IfNotPresent
           name: map-ip-k8s
           env:

diff --git a/apps/nsmgr/nsmgr.yaml b/apps/nsmgr/nsmgr.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       serviceAccount: nsmgr-sa
       containers:
-        - image: ghcr.io/networkservicemesh/ci/cmd-nsmgr:ecf912e
+        - image: ghcr.io/networkservicemesh/ci/cmd-nsmgr:93bffa8
           imagePullPolicy: IfNotPresent
           name: nsmgr
           ports:
@@ -81,7 +81,7 @@ spec:
               command: ["/bin/grpc-health-probe", "-spiffe", "-addr=unix:///var/lib/networkservicemesh/nsm.io.sock"]
             failureThreshold: 25
             periodSeconds: 5
-        - image: ghcr.io/networkservicemesh/ci/cmd-exclude-prefixes-k8s:e0fb1e9
+        - image: ghcr.io/networkservicemesh/ci/cmd-exclude-prefixes-k8s:3d53748
           imagePullPolicy: IfNotPresent
           name: exclude-prefixes
           env:

diff --git a/apps/registry-k8s/registry-k8s.yaml b/apps/registry-k8s/registry-k8s.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       serviceAccountName: registry-k8s-sa
       containers:
-        - image: ghcr.io/networkservicemesh/ci/cmd-registry-k8s:5720ae5
+        - image: ghcr.io/networkservicemesh/ci/cmd-registry-k8s:c10e92c
           env:
             - name: SPIFFE_ENDPOINT_SOCKET
               value: unix:///run/spire/sockets/agent.sock

diff --git a/apps/registry-memory/registry-memory.yaml b/apps/registry-memory/registry-memory.yaml
@@ -16,7 +16,7 @@ spec:
         "spiffe.io/spiffe-id": "true"
     spec:
       containers:
-        - image: ghcr.io/networkservicemesh/ci/cmd-registry-memory:2b6919c
+        - image: ghcr.io/networkservicemesh/ci/cmd-registry-memory:cd9e672
           env:
             - name: SPIFFE_ENDPOINT_SOCKET
               value: unix:///run/spire/sockets/agent.sock

diff --git a/apps/registry-proxy-dns/registry-proxy-dns.yaml b/apps/registry-proxy-dns/registry-proxy-dns.yaml
@@ -16,7 +16,7 @@ spec:
         "spiffe.io/spiffe-id": "true"
     spec:
       containers:
-        - image: ghcr.io/networkservicemesh/ci/cmd-registry-proxy-dns:6e10a90
+        - image: ghcr.io/networkservicemesh/ci/cmd-registry-proxy-dns:7c5041f
           env:
             - name: SPIFFE_ENDPOINT_SOCKET
               value: unix:///run/spire/sockets/agent.sock

diff --git a/apps/vl3-ipam/vl3-ipam.yaml b/apps/vl3-ipam/vl3-ipam.yaml
@@ -16,7 +16,7 @@ spec:
         "spiffe.io/spiffe-id": "true"
     spec:
       containers:
-        - image: ghcr.io/networkservicemesh/ci/cmd-ipam-vl3:dd3410f
+        - image: ghcr.io/networkservicemesh/ci/cmd-ipam-vl3:4f06606
           env:
             - name: SPIFFE_ENDPOINT_SOCKET
               value: unix:///run/spire/sockets/agent.sock

diff --git a/apps/vl3-lb/lb.yaml b/apps/vl3-lb/lb.yaml
@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: lb
-          image: ghcr.io/networkservicemesh/ci/cmd-lb-vl3-vpp:bf35180
+          image: ghcr.io/networkservicemesh/ci/cmd-lb-vl3-vpp:edce8b7
           imagePullPolicy: IfNotPresent
           env:
             - name: SPIFFE_ENDPOINT_SOCKET