Merge branch 'docker-pipeline-cleanup' into develop

rollkit · Nov 8, 2024 · 85031cd · 85031cd
2 parents 155ad55 + 9214ab3
commit 85031cd
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 78 deletions.
diff --git a/.github/workflows/reusable_dockerfile_pipeline.yml b/.github/workflows/reusable_dockerfile_pipeline.yml
@@ -142,49 +142,48 @@ jobs:
           echo "Failing step due to build_for_pr == build_for_merge"
           exit 1
 
-  docker-security:
-    needs: ["prepare-env", "logic-check"]
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: Checkout
-        uses: "actions/checkout@v4"
+  # docker-security:
+  #   needs: ["prepare-env", "logic-check"]
+  #   runs-on: "ubuntu-latest"
+  #   steps:
+  #     - name: Checkout
+  #       uses: "actions/checkout@v4"
 
-      - name: Build
-        uses: docker/build-push-action@v5
-        env:
-          OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}
-          OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
-        with:
-          context: ${{ inputs.dockerContext}}
-          push: false
-          platforms: linux/amd64
-          # we're building the container before the scan, use the short sha tag
-          # for referring to it later
-          tags: ${{ env.OUTPUT_IMAGE_NAME }}:${{ env.OUTPUT_SHORT_SHA }}
-          file: ${{ inputs.dockerfile }}
+  #     - name: Build
+  #       uses: docker/build-push-action@v5
+  #       env:
+  #         OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}
+  #         OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
+  #       with:
+  #         context: ${{ inputs.dockerContext}}
+  #         push: false
+  #         platforms: linux/amd64
+  #         # we're building the container before the scan, use the short sha tag
+  #         # for referring to it later
+  #         tags: ${{ env.OUTPUT_IMAGE_NAME }}:${{ env.OUTPUT_SHORT_SHA }}
+  #         file: ${{ inputs.dockerfile }}
 
-      - name: Run Trivy vulnerability scanner
-        # source: https://github.com/aquasecurity/trivy-action
-        # https://github.com/marketplace/actions/aqua-security-trivy
-        uses: aquasecurity/trivy-action@master
-        env:
-          OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}
-          OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
-        with:
-          # here we use the local tag that we've built before
-          image-ref: "${{ env.OUTPUT_IMAGE_NAME }}:${{ env.OUTPUT_SHORT_SHA }}"
-          format: "table"
-          #exit-code: '1' # uncomment to stop the CI if the scanner fails
-          ignore-unfixed: true
-          vuln-type: "os,library"
-          severity: "CRITICAL,HIGH"
-          timeout: 10m
+  #     - name: Run Trivy vulnerability scanner
+  #       # source: https://github.com/aquasecurity/trivy-action
+  #       # https://github.com/marketplace/actions/aqua-security-trivy
+  #       uses: aquasecurity/trivy-action@master
+  #       env:
+  #         OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}
+  #         OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
+  #       with:
+  #         # here we use the local tag that we've built before
+  #         image-ref: "${{ env.OUTPUT_IMAGE_NAME }}:${{ env.OUTPUT_SHORT_SHA }}"
+  #         format: "table"
+  #         #exit-code: '1' # uncomment to stop the CI if the scanner fails
+  #         ignore-unfixed: true
+  #         vuln-type: "os,library"
+  #         severity: "CRITICAL,HIGH"
 
   docker-build:
     name: docker-build (${{ matrix.registry.name }}; ${{ matrix.registry.registry-url }}/${{ matrix.registry.registry-owner }}/${{ needs.prepare-env.outputs.output_image_name }})
     runs-on: "ubuntu-latest"
     # wait until the jobs are finished.
-    needs: ["prepare-env", "logic-check", "docker-security"]
+    needs: ["prepare-env", "logic-check"]
     # We only want to run this step if one of the build flags is true. We don't
     # run if both logic flags are false. This is the case for push events on PR
     # commits. The logic-check job protects us from the case of both build flags
@@ -269,34 +268,8 @@ jobs:
         if: ${{ steps.run_check.outputs.run == 'true'}}
         uses: docker/setup-buildx-action@v3
 
-      # Build and Publish images on main, master, and versioned branches.
-      #
-      # The reason we split out these steps into 2 is for better handling of
-      # forks when building amd64 images and to enable faster availability of
-      # the amd64 image since building the arm64 image takes significantly
-      # longer.
-      - name: "Merge on Main Trigger: Build and Push All Docker Images"
-        if: ${{ needs.prepare-env.outputs.build_for_merge == 'true' && steps.run_check.outputs.run == 'true'}}
-        uses: docker/build-push-action@v5
-        env:
-          OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}
-          OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
-        with:
-          context: ${{ inputs.dockerContext}}
-          platforms: linux/arm64,linux/amd64
-          provenance: false
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          file: ${{ inputs.dockerfile }}
-
-      # Build amd64 images always, and publish when it is not a fork. The Github
-      # security model prevents forks from pushing to the registry so we can
-      # only push if the branch/PR is not generated from a fork. Even though
-      # forks can't push, we still want to try and build the image to catch
-      # bugs. For testing purposes we only need an amd64 image.
-      - name: "Pull Request Trigger: Build and Push amd64 Docker Image"
-        if: ${{ needs.prepare-env.outputs.build_for_pr == 'true' && steps.run_check.outputs.run == 'true'}}
+      - name: "Build and Push amd64 Docker Image"
+        if: ${{ steps.run_check.outputs.run == 'true'}}
         uses: docker/build-push-action@v5
         env:
           OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}

diff --git a/pull_request_template.md b/pull_request_template.md
@@ -3,6 +3,8 @@ Please read and fill out this form before submitting your PR.
 
 Please make sure you have reviewed our contributors guide before submitting your
 first PR.
+
+NOTE: PR titles should follow semantic commits: https://www.conventionalcommits.org/en/v1.0.0/
 -->
 
 ## Overview
@@ -11,19 +13,6 @@ first PR.
 Please provide an explanation of the PR, including the appropriate context,
 background, goal, and rationale. If there is an issue with this information,
 please provide a tl;dr and link the issue. 
--->
-
-## Checklist
 
-<!-- 
-Please complete the checklist to ensure that the PR is ready to be reviewed.
-
-IMPORTANT:
-PRs should be left in Draft until the below checklist is completed.
+Ex: Closes #<issue number>
 -->
-
-- [ ] New and updated code has appropriate documentation
-- [ ] New and updated code has new and/or updated testing
-- [ ] Required CI checks are passing
-- [ ] Visual proof for any user facing features like CLI or documentation updates
-- [ ] Linked issues closed with keywords