Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-22 16:00:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

ci: disable BuildBuddy (#3077)

Browse Source
This commit is contained in:
Malte Poll 2024-05-10 11:14:45 +02:00 committed by GitHub
parent 97e5c437b4
commit 03475b60b3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
24 changed files with 4 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.bazelrc
View File

@ -54,15 +54,6 @@ common --crosstool_top=@local_config_cc//:toolchain
# bazel config to explicitly disable stamping (hide version information at build time)
common:nostamp --nostamp --workspace_status_command=
# bazel config to use (buildbuddy) remote cache
common:remote_cache --bes_results_url=https://app.buildbuddy.io/invocation/
common:remote_cache --bes_backend=grpcs://remote.buildbuddy.io
common:remote_cache --remote_cache=grpcs://remote.buildbuddy.io
common:remote_cache --remote_timeout=3600
common:remote_cache --experimental_remote_build_event_upload=minimal
common:remote_cache --nolegacy_important_outputs
common:remote_cache_readonly --noremote_upload_local_results # Uploads logs & artifacts without writing to cache
common:build_barn_rbe_ubuntu_22_04 --remote_timeout=3600
common:build_barn_rbe_ubuntu_22_04 --remote_executor=grpc://frontend.buildbarn:8980 # this maps to the kubernetes internal buildbarn/frontend service
common:build_barn_rbe_ubuntu_22_04 --extra_execution_platforms=//bazel/rbe:ubuntu-act-22-04-platform

6
.github/actions/e2e_attestationconfigapi/action.yml vendored
View File

@ -5,9 +5,6 @@ inputs:
csp:
description: "Cloud provider to run tests against"
default: "azure"
buildBuddyApiKey:
description: "BuildBuddy API key for caching Bazel artifacts"
required: true
cosignPrivateKey:
description: "Cosign private key"
required: true
@ -20,9 +17,6 @@ runs:
steps:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ inputs.buildBuddyApiKey }}
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2

6
.github/actions/e2e_mini/action.yml vendored
View File

@ -11,9 +11,6 @@ inputs:
azureTenantID:
description: "Azure tenant to use for login with OIDC"
required: true
buildBuddyApiKey:
description: "BuildBuddy API key for caching Bazel artifacts"
required: true
registry:
description: "Container registry to use"
required: true
@ -31,9 +28,6 @@ runs:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ inputs.buildBuddyApiKey }}
- name: Log in to the Container registry
uses: ./.github/actions/container_registry_login

6
.github/actions/e2e_s3proxy/action.yml vendored
View File

@ -11,9 +11,6 @@ inputs:
s3SecretKey:
description: "Secret key for s3proxy"
required: true
buildBuddyApiKey:
description: "BuildBuddy API key"
required: true
githubToken:
description: "GitHub token"
required: true
@ -23,9 +20,6 @@ runs:
steps:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ inputs.buildBuddyApiKey }}
- name: Get pseudoversion
id: pseudoversion

6
.github/actions/e2e_test/action.yml vendored
View File

@ -57,8 +57,6 @@ inputs:
required: true
sonobuoyTestSuiteCmd:
description: "The sonobuoy test suite to run."
buildBuddyApiKey:
description: "BuildBuddy API key for caching Bazel artifacts"
registry:
description: "Container registry to use"
required: true
@ -139,9 +137,6 @@ runs:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: ${{ inputs.buildBuddyApiKey != '' }}
buildBuddyApiKey: ${{ inputs.buildBuddyApiKey }}
- name: Log in to the Container registry
uses: ./.github/actions/container_registry_login
@ -412,5 +407,4 @@ runs:
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
s3AccessKey: ${{ inputs.s3AccessKey }}
s3SecretKey: ${{ inputs.s3SecretKey }}
buildBuddyApiKey: ${{ inputs.buildBuddyApiKey }}
githubToken: ${{ inputs.githubToken }}

82
.github/actions/setup_bazel_nix/action.yml vendored
View File

@ -3,12 +3,9 @@ description: Setup Bazel and Nix for CI builds and tests
inputs:
useCache:
description: "Cache Bazel artifacts. Use 'true' to enable with rw, 'readonly' to download, 'rbe' to enable with remote execution, 'log' to disable cache but upload logs, and 'false' to disable."
description: "Cache Bazel artifacts. Use 'rbe' to enable with remote execution, and 'false' to disable."
default: "false"
required: true
buildBuddyApiKey:
description: "BuildBuddy API key for caching Bazel artifacts"
required: false
rbePlatform:
description: "RBE platform to use. If empty, RBE will not be used."
required: false
@ -25,12 +22,8 @@ runs:
shell: bash
run: |
echo "::group::Check inputs"
if [[ "${{ inputs.useCache }}" != "true" && "${{ inputs.useCache }}" != "readonly" && "${{ inputs.useCache }}" != "rbe" && "${{ inputs.useCache }}" != "logs" && "${{ inputs.useCache }}" != "false" ]]; then
echo "Invalid value for 'useCache' input: '${{ inputs.useCache }}'. Must be 'true', 'readonly', or 'false'."
exit 1
fi
if [[ "${{ inputs.useCache }}" == "true" || "${{ inputs.useCache }}" == "readonly" || "${{ inputs.useCache }}" == "logs" ]] && [[ -z "${{ inputs.buildBuddyApiKey }}" ]]; then
echo "BuildBuddy API key is required when cache is enabled."
if [[ "${{ inputs.useCache }}" != "rbe" && "${{ inputs.useCache }}" != "false" ]]; then
echo "Invalid value for 'useCache' input: '${{ inputs.useCache }}'. Must be 'rbe', or 'false'."
exit 1
fi
if [[ "${{ inputs.useCache }}" == "rbe" && -z "${{ inputs.rbePlatform }}" ]]; then
@ -182,57 +175,6 @@ runs:
EOF
echo "::endgroup::"
- name: Configure Bazel (rw)
if: inputs.useCache == 'true' || inputs.useCache == 'readonly'
shell: bash
env:
BUILDBUDDY_ORG_API_KEY: ${{ inputs.buildBuddyApiKey }}
WORKSPACE: ${{ github.workspace }}
run: |
echo "::group::Configure Bazel"
cat <<EOF >> "${WORKSPACE}/.bazeloverwriterc"
common --bes_results_url=https://app.buildbuddy.io/invocation/
common --bes_backend=grpcs://remote.buildbuddy.io
common --remote_cache=grpcs://remote.buildbuddy.io
common --remote_header=x-buildbuddy-api-key=${BUILDBUDDY_ORG_API_KEY}
cquery --bes_results_url=
cquery --bes_backend=
cquery --remote_cache=
query --bes_results_url=
query --bes_backend=
query --remote_cache=
EOF
echo "::endgroup::"
- name: Configure Bazel (readonly)
if: inputs.useCache == 'readonly'
shell: bash
env:
WORKSPACE: ${{ github.workspace }}
run: |
echo "::group::Configure Bazel (readonly)"
echo "common --remote_upload_local_results=false" >> "${WORKSPACE}/.bazeloverwriterc"
echo "::endgroup::"
- name: Configure Bazel (logs)
if: inputs.useCache == 'logs'
shell: bash
env:
BUILDBUDDY_ORG_API_KEY: ${{ inputs.buildBuddyApiKey }}
WORKSPACE: ${{ github.workspace }}
run: |
echo "::group::Configure Bazel"
cat <<EOF >> "${WORKSPACE}/.bazeloverwriterc"
common --bes_results_url=https://app.buildbuddy.io/invocation/
common --bes_backend=grpcs://remote.buildbuddy.io
common --remote_header=x-buildbuddy-api-key=${BUILDBUDDY_ORG_API_KEY}
cquery --bes_results_url=
cquery --bes_backend=
query --bes_results_url=
query --bes_backend=
EOF
echo "::endgroup::"
- name: Configure Bazel (rbe)
if: inputs.useCache == 'rbe'
shell: bash
@ -247,24 +189,6 @@ runs:
common --repo_env=GOPROXY=http://goproxy:3000
EOF
echo "::endgroup::"
- name: Configure Bazel (rbe logs)
if: inputs.useCache == 'rbe' && inputs.buildBuddyApiKey != ''
shell: bash
env:
BUILDBUDDY_ORG_API_KEY: ${{ inputs.buildBuddyApiKey }}
WORKSPACE: ${{ github.workspace }}
run: |
echo "::group::Configure Bazel"
cat <<EOF >> "${WORKSPACE}/.bazeloverwriterc"
common --bes_results_url=https://app.buildbuddy.io/invocation/
common --bes_backend=grpcs://remote.buildbuddy.io
common --remote_header=x-buildbuddy-api-key=${BUILDBUDDY_ORG_API_KEY}
cquery --bes_results_url=
cquery --bes_backend=
query --bes_results_url=
query --bes_backend=
EOF
echo "::endgroup::"
- name: Disable disk cache on GitHub Actions runners
if: startsWith(runner.name , 'GitHub Actions')

1
.github/workflows/build-binaries.yml vendored
View File

@ -31,7 +31,6 @@ jobs:
with:
useCache: "rbe"
rbePlatform: "ubuntu-22.04"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Build all
shell: bash

1
.github/workflows/build-libvirt-container.yml vendored
View File

@ -24,7 +24,6 @@ jobs:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "false"
nixTools: |
crane
gzip

1
.github/workflows/e2e-attestationconfigapi.yml vendored
View File

@ -34,7 +34,6 @@ jobs:
- name: Run Attestationconfig API E2E
uses: ./.github/actions/e2e_attestationconfigapi
with:
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
cosignPrivateKey: ${{ secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ secrets.COSIGN_DEV_PASSWORD }}
csp: ${{ matrix.csp }}

1
.github/workflows/e2e-mini.yml vendored
View File

@ -46,6 +46,5 @@ jobs:
azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
azureTenantID: ${{ secrets.AZURE_TENANT_ID }}
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
registry: ghcr.io
githubToken: ${{ secrets.GITHUB_TOKEN }}

2
.github/workflows/e2e-test-daily.yml vendored
View File

@ -96,7 +96,6 @@ jobs:
gcpIAMCreateServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
kubernetesVersion: ${{ matrix.kubernetesVersion }}
test: ${{ matrix.test }}
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
registry: ghcr.io
@ -182,7 +181,6 @@ jobs:
azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
azureTenantID: ${{ secrets.AZURE_TENANT_ID }}
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
registry: ghcr.io
githubToken: ${{ secrets.GITHUB_TOKEN }}

2
.github/workflows/e2e-test-provider-example.yml vendored
View File

@ -113,8 +113,6 @@ jobs:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
nixTools: terraform
- name: Create prefix

1
.github/workflows/e2e-test-release.yml vendored
View File

@ -349,7 +349,6 @@ jobs:
gcpClusterCreateServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"
gcpIAMCreateServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
test: ${{ matrix.test }}
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
registry: ghcr.io

2
.github/workflows/e2e-test-weekly.yml vendored
View File

@ -347,7 +347,6 @@ jobs:
gcpClusterCreateServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"
gcpIAMCreateServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
test: ${{ matrix.test }}
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
registry: ghcr.io
@ -455,7 +454,6 @@ jobs:
azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
azureTenantID: ${{ secrets.AZURE_TENANT_ID }}
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
registry: ghcr.io
githubToken: ${{ secrets.GITHUB_TOKEN }}

1
.github/workflows/e2e-test.yml vendored
View File

@ -246,7 +246,6 @@ jobs:
osImage: ${{ needs.find-latest-image.outputs.image }}
cliVersion: ${{ inputs.cliVersion }}
isDebugImage: ${{ needs.find-latest-image.outputs.isDebugImage }}
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
registry: ghcr.io

10
.github/workflows/e2e-upgrade.yml vendored
View File

@ -149,9 +149,6 @@ jobs:
- name: Setup Bazel & Nix
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Log in to the Container registry
uses: ./.github/actions/container_registry_login
@ -206,9 +203,6 @@ jobs:
ref: ${{ inputs.gitRef }}
- uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Create cluster with 'fromVersion' CLI.
id: e2e_test
@ -226,7 +220,6 @@ jobs:
gcpClusterCreateServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"
gcpIAMCreateServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
test: "upgrade"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
registry: ghcr.io
@ -295,9 +288,6 @@ jobs:
- name: Setup Bazel & Nix
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2

7
.github/workflows/e2e-windows.yml vendored
View File

@ -27,9 +27,6 @@ jobs:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Log in to the Container registry
uses: ./.github/actions/container_registry_login
@ -195,9 +192,6 @@ jobs:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Notify about failure
continue-on-error: true
@ -207,4 +201,3 @@ jobs:
test: Windows E2E Test
provider: Azure
attestationVariant: "azure-sev-snp"

2
.github/workflows/on-release.yml vendored
View File

@ -140,8 +140,6 @@ jobs:
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: ./.github/actions/setup_bazel_nix
with:
useCache: "false"
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2

6
.github/workflows/reproducible-builds.yml vendored
View File

@ -37,9 +37,6 @@ jobs:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "logs"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Build
shell: bash
@ -93,9 +90,6 @@ jobs:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "logs"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Build
shell: bash

3
.github/workflows/test-integration.yml vendored
View File

@ -31,9 +31,6 @@ jobs:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Integration Tests
env:

1
.github/workflows/test-tidy.yml vendored
View File

@ -34,7 +34,6 @@ jobs:
with:
useCache: "rbe"
rbePlatform: "ubuntu-22.04"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Assume AWS role to upload Bazel dependencies to S3
if: startsWith(github.head_ref, 'renovate/')

1
.github/workflows/test-unittest.yml vendored
View File

@ -40,7 +40,6 @@ jobs:
with:
useCache: "rbe"
rbePlatform: "ubuntu-22.04"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Install AWS cli
run: |

3
.github/workflows/update-rpms.yml vendored
View File

@ -23,9 +23,6 @@ jobs:
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Update rpms
run: bazel run //image/mirror:update_packages

11
dev-docs/workflows/bazel.md
View File

@ -46,17 +46,6 @@ Also note that some errors shown in `check` (non-silent mode) by `golicenses_che
* `bazel query //subfolder` - list all targets in a subfolder
* `bazel cquery --output=files //subfolder:target` - get location of a build artifact
### (Optional) Remote caching and execution
We use BuildBuddy for remote caching (and maybe remote execution in the future). To use it, you need to join the BuildBuddy organization and get an API key. Then, you can write it to `~/.bazelrc`:
```sh
build --remote_header=x-buildbuddy-api-key=<redacted>
```
To use the remote cache, build the project with `bazel build --config remote_cache //path/to:target`.
You can also copy the `remote_cache` config from `.bazelrc` to your `~/.bazelrc` and remove the `remote_cache` prefix to make it the default.
## Setup
### VS Code integration