From e9a4ccd0096f3460d1ebd529b185ee720b0c075c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?=
 <66256922+daniel-weisse@users.noreply.github.com>
Date: Thu, 4 Jul 2024 10:02:59 +0200
Subject: [PATCH] ci: run versionsapi through Bazel instead of building a
 container (#3231)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
---
 .github/actions/find_latest_image/action.yml  |  2 ++
 .github/actions/select_image/action.yml       |  4 +++
 .github/actions/versionsapi/Dockerfile        | 21 ------------
 .github/actions/versionsapi/action.yml        |  9 +-----
 .../workflows/build-versionsapi-ci-image.yml  | 32 -------------------
 .github/workflows/purge-main.yml              |  2 ++
 .github/workflows/versionsapi.yml             |  2 ++
 7 files changed, 11 insertions(+), 61 deletions(-)
 delete mode 100644 .github/actions/versionsapi/Dockerfile
 delete mode 100644 .github/workflows/build-versionsapi-ci-image.yml

diff --git a/.github/actions/find_latest_image/action.yml b/.github/actions/find_latest_image/action.yml
index 7c21308f9..8c07ff307 100644
--- a/.github/actions/find_latest_image/action.yml
+++ b/.github/actions/find_latest_image/action.yml
@@ -43,6 +43,8 @@ runs:
         role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
         aws-region: eu-central-1
 
+    - uses: ./.github/actions/setup_bazel_nix
+
     - name: Find latest image
       id: find-latest-image
       if: inputs.imageVersion == ''
diff --git a/.github/actions/select_image/action.yml b/.github/actions/select_image/action.yml
index 391814256..59f455619 100644
--- a/.github/actions/select_image/action.yml
+++ b/.github/actions/select_image/action.yml
@@ -43,6 +43,10 @@ runs:
         echo "ref=$(echo $REFSTREAM | cut -d/ -f2)" | tee -a "$GITHUB_OUTPUT"
         echo "stream=$(echo $REFSTREAM | cut -d/ -f4)" | tee -a "$GITHUB_OUTPUT"
 
+    - name: Setup Bazel & Nix
+      if: steps.input-is-preset.outputs.result == 'true'
+      uses: ./.github/actions/setup_bazel_nix
+
     - name: Find latest image
       if: steps.input-is-preset.outputs.result == 'true'
       id: find-latest-image
diff --git a/.github/actions/versionsapi/Dockerfile b/.github/actions/versionsapi/Dockerfile
deleted file mode 100644
index 06f343486..000000000
--- a/.github/actions/versionsapi/Dockerfile
+++ /dev/null
@@ -1,21 +0,0 @@
-FROM golang:1.22.4@sha256:a66eda637829ce891e9cf61ff1ee0edf544e1f6c5b0e666c7310dce231a66f28 as builder
-
-# Download project root dependencies
-WORKDIR /workspace
-COPY go.mod go.mod
-COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
-
-COPY . .
-
-# Build
-WORKDIR /workspace/internal/api/versionsapi/cli
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o versionsapi .
-
-FROM scratch as release
-
-COPY --from=builder /workspace/internal/api/versionsapi/cli/versionsapi .
-
-CMD ["/notIntendedToBeExecuted"]
diff --git a/.github/actions/versionsapi/action.yml b/.github/actions/versionsapi/action.yml
index fd236dec1..817064334 100644
--- a/.github/actions/versionsapi/action.yml
+++ b/.github/actions/versionsapi/action.yml
@@ -52,19 +52,12 @@ outputs:
 runs:
   using: composite
   steps:
-    - name: Get versionsapi binary
-      shell: bash
-      # TODO: This should probably be `bazel run`.
-      run: |
-        containerID=$(docker create "ghcr.io/edgelesssys/constellation/versionsapi-ci-cli:latest")
-        docker cp ${containerID}:/versionsapi .
-
     - name: Run versionsapi
       id: run
       shell: bash
       run: |
         out=$(
-          ./versionsapi \
+          bazel run //internal/api/versionsapi/cli:cli -- \
             ${{ inputs.command }} \
             ${{ inputs.ref != '' && format('--ref="{0}"', inputs.ref) || '' }} \
             ${{ inputs.stream != '' && format('--stream="{0}"', inputs.stream) || '' }} \
diff --git a/.github/workflows/build-versionsapi-ci-image.yml b/.github/workflows/build-versionsapi-ci-image.yml
deleted file mode 100644
index 7c8aa449c..000000000
--- a/.github/workflows/build-versionsapi-ci-image.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-name: Build and upload versionsapi CI image
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-    paths:
-      - "internal/api/versionsapi/**"
-      - ".github/workflows/build-versionsapi-ci-image.yml"
-      - ".github/actions/versionsapi/**"
-      - "go.mod"
-
-jobs:
-  build-versionsapi-ci-cli:
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Check out repository
-        id: checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
-
-      - name: Build and upload container image
-        uses: ./.github/actions/build_micro_service
-        with:
-          name: versionsapi-ci-cli
-          dockerfile: .github/actions/versionsapi/Dockerfile
-          githubToken: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/purge-main.yml b/.github/workflows/purge-main.yml
index 100851c0b..20e39e0bf 100644
--- a/.github/workflows/purge-main.yml
+++ b/.github/workflows/purge-main.yml
@@ -47,6 +47,8 @@ jobs:
               ;;
           esac
 
+      - uses: ./.github/actions/setup_bazel_nix
+
       - name: List versions
         id: list
         uses: ./.github/actions/versionsapi
diff --git a/.github/workflows/versionsapi.yml b/.github/workflows/versionsapi.yml
index 46188769d..50a99fed8 100644
--- a/.github/workflows/versionsapi.yml
+++ b/.github/workflows/versionsapi.yml
@@ -180,6 +180,8 @@ jobs:
         with:
           service_account: "image-deleter@constellation-images.iam.gserviceaccount.com"
 
+      - uses: ./.github/actions/setup_bazel_nix
+
       - name: Execute versionsapi CLI
         id: run
         uses: ./.github/actions/versionsapi