ci: run versionsapi through Bazel instead of building a container (#3231)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

.github/actions/find_latest_image/action.yml

@@ -43,6 +43,8 @@ runs:
         role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
         aws-region: eu-central-1
 
+    - uses: ./.github/actions/setup_bazel_nix
+
     - name: Find latest image
       id: find-latest-image
       if: inputs.imageVersion == ''

.github/actions/select_image/action.yml

@@ -43,6 +43,10 @@ runs:
         echo "ref=$(echo $REFSTREAM | cut -d/ -f2)" | tee -a "$GITHUB_OUTPUT"
         echo "stream=$(echo $REFSTREAM | cut -d/ -f4)" | tee -a "$GITHUB_OUTPUT"
 
+    - name: Setup Bazel & Nix
+      if: steps.input-is-preset.outputs.result == 'true'
+      uses: ./.github/actions/setup_bazel_nix
+
     - name: Find latest image
       if: steps.input-is-preset.outputs.result == 'true'
       id: find-latest-image

.github/actions/versionsapi/Dockerfile

@@ -1,21 +0,0 @@
-FROM golang:1.22.4@sha256:a66eda637829ce891e9cf61ff1ee0edf544e1f6c5b0e666c7310dce231a66f28 as builder
-
-# Download project root dependencies
-WORKDIR /workspace
-COPY go.mod go.mod
-COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
-
-COPY . .
-
-# Build
-WORKDIR /workspace/internal/api/versionsapi/cli
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o versionsapi .
-
-FROM scratch as release
-
-COPY --from=builder /workspace/internal/api/versionsapi/cli/versionsapi .
-
-CMD ["/notIntendedToBeExecuted"]

.github/actions/versionsapi/action.yml

@@ -52,19 +52,12 @@ outputs:
 runs:
   using: composite
   steps:
-    - name: Get versionsapi binary
-      shell: bash
-      # TODO: This should probably be `bazel run`.
-      run: |
-        containerID=$(docker create "ghcr.io/edgelesssys/constellation/versionsapi-ci-cli:latest")
-        docker cp ${containerID}:/versionsapi .
-
     - name: Run versionsapi
       id: run
       shell: bash
       run: |
         out=$(
-          ./versionsapi \
+          bazel run //internal/api/versionsapi/cli:cli -- \
             ${{ inputs.command }} \
             ${{ inputs.ref != '' && format('--ref="{0}"', inputs.ref) || '' }} \
             ${{ inputs.stream != '' && format('--stream="{0}"', inputs.stream) || '' }} \

.github/workflows/build-versionsapi-ci-image.yml

@@ -1,32 +0,0 @@
-name: Build and upload versionsapi CI image
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-    paths:
-      - "internal/api/versionsapi/**"
-      - ".github/workflows/build-versionsapi-ci-image.yml"
-      - ".github/actions/versionsapi/**"
-      - "go.mod"
-
-jobs:
-  build-versionsapi-ci-cli:
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Check out repository
-        id: checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
-
-      - name: Build and upload container image
-        uses: ./.github/actions/build_micro_service
-        with:
-          name: versionsapi-ci-cli
-          dockerfile: .github/actions/versionsapi/Dockerfile
-          githubToken: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/purge-main.yml

@@ -47,6 +47,8 @@ jobs:
               ;;
           esac
 
+      - uses: ./.github/actions/setup_bazel_nix
+
       - name: List versions
         id: list
         uses: ./.github/actions/versionsapi

.github/workflows/versionsapi.yml

@@ -180,6 +180,8 @@ jobs:
         with:
           service_account: "image-deleter@constellation-images.iam.gserviceaccount.com"
 
+      - uses: ./.github/actions/setup_bazel_nix
+
       - name: Execute versionsapi CLI
         id: run
         uses: ./.github/actions/versionsapi