wip

scalyr · Sep 2, 2024 · 981f4ab · 981f4ab
1 parent 8325f3f
commit 981f4ab
Show file tree

Hide file tree

Showing 2 changed files with 119 additions and 44 deletions.
diff --git a/.github/workflows/agent-build-new.yml b/.github/workflows/agent-build-new.yml
@@ -66,49 +66,6 @@ jobs:
       CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_WRITE: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_WRITE }}
       CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_READ: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_READ }}
 
-  # Invoke workflow that builds all agent container mages.
-  build_container_images:
-    name: "Build Container Images ${{matrix.builder.builder-name}}"
-    needs:
-      - pre_job
-    uses: ./.github/workflows/reusable-agent-build-container-images.yml
-    strategy:
-      matrix:
-        builder: ${{ fromJson(vars.ENABLED_BUILDERS) }}
-    with:
-      python_version: ${{ needs.pre_job.outputs.python_version }}
-      cache_version: ${{ needs.pre_job.outputs.cache_version }}
-      aws_region: ${{ needs.pre_job.outputs.aws_region }}
-      cicd_workflow: ${{ needs.pre_job.outputs.cicd_workflow }}
-      builder_name: ${{ matrix.builder.builder_name }}
-      base_image: ${{ matrix.builder.base_image }}
-      architectures: ${{ toJson(matrix.builder.architectures) }}
-    secrets:
-      CT_AWS_DEV_EC2_PRIVATE_KEY: ${{ secrets.CT_AWS_DEV_EC2_PRIVATE_KEY }}
-      CT_AWS_DEV_EC2_PRIVATE_KEY_NAME: ${{ secrets.CT_AWS_DEV_EC2_PRIVATE_KEY_NAME }}
-      CT_AWS_DEV_EC2_ACCESS_KEY: ${{ secrets.CT_AWS_DEV_EC2_ACCESS_KEY }}
-      CT_AWS_DEV_EC2_SECRET_KEY: ${{ secrets.CT_AWS_DEV_EC2_SECRET_KEY }}
-      CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_WRITE: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_WRITE }}
-      CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_READ: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_READ }}
-      SCALYR_API_KEY_READ_2: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_2_READ }}
-      SCALYR_API_KEY_READ_3: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_3_READ }}
-      SCALYR_API_KEY_READ_4: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_4_READ }}
-      SCALYR_API_KEY_READ_5: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_5_READ }}
-      SCALYR_API_KEY_READ_6: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_6_READ }}
-      SCALYR_API_KEY_READ_7: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_7_READ }}
-      SCALYR_API_KEY_WRITE_2: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_2_WRITE }}
-      SCALYR_API_KEY_WRITE_3: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_3_WRITE }}
-      SCALYR_API_KEY_WRITE_4: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_4_WRITE }}
-      SCALYR_API_KEY_WRITE_5: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_5_WRITE }}
-      SCALYR_API_KEY_WRITE_6: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_6_WRITE }}
-      SCALYR_API_KEY_WRITE_7: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_7_WRITE }}
-      PULL_REGISTRY_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME_PROD_ACCOUNT }}
-      PULL_REGISTRY_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD_PROD_ACCOUNT }}
-      PUBLISH_REGISTRY_USERNAME: ${{ (github.ref_type == 'tag' || github.ref_name == 'master') && secrets.DOCKER_HUB_USERNAME_PROD_ACCOUNT || secrets.DOCKER_HUB_USERNAME_TEST_ACCOUNT }}
-      PUBLISH_REGISTRY_PASSWORD: ${{ (github.ref_type == 'tag' || github.ref_name == 'master') && secrets.DOCKER_HUB_PASSWORD_PROD_ACCOUNT || secrets.DOCKER_HUB_PASSWORD_TEST_ACCOUNT }}
-      INTERNAL_BUILD_REGISTRY_USERNAME: ${{ secrets.INTERNAL_BUILD_REGISTRY_USERNAME }}
-      INTERNAL_BUILD_REGISTRY_PASSWORD: ${{ secrets.INTERNAL_BUILD_REGISTRY_PASSWORD }}
-
   build_tarball:
     runs-on: ubuntu-20.04
 
@@ -181,7 +138,6 @@ jobs:
     if: ${{ always() }}
     needs:
       - pre_job
-      - build_container_images
       - build_linux_packages
       - build_tarball
     runs-on: ubuntu-20.04

diff --git a/.github/workflows/build-container-images.yml b/.github/workflows/build-container-images.yml
@@ -0,0 +1,119 @@
+name: Build Container Images
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - v*.*.*
+  pull_request:
+    branches:
+      - master
+  workflow_dispatch:
+
+  schedule:
+    - cron: '0 4 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  pre_job:
+    name: Skip Duplicate Jobs Pre Job
+    runs-on: ubuntu-22.04
+    permissions:
+      actions: write  # Needed for skip-duplicate-jobs job
+      contents: read
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+      python_version: ${{ steps.define_constants.outputs.python_version }}
+      cache_version: ${{ steps.define_constants.outputs.cache_version }}
+      aws_region: ${{ steps.define_constants.outputs.aws_region }}
+      aws_private_key_name: ${{ steps.define_constants.outputs.aws_private_key_name }}
+      cicd_workflow: ${{ steps.define_constants.outputs.cicd_workflow }}
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281 # v4.0.0
+        with:
+          cancel_others: 'true'
+          github_token: ${{ github.token }}
+
+      - name: Checkout repository
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
+
+      - id: define_constants
+        run: |
+          echo "python_version=3.8" >> "${GITHUB_OUTPUT}"
+          echo "cache_version=$GITHUB_REF_NAME" >> "${GITHUB_OUTPUT}"
+          echo "aws_region=us-east-1" >> "${GITHUB_OUTPUT}"
+          echo "cicd_workflow=${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}" >> "${GITHUB_OUTPUT}"
+
+  # Invoke workflow that builds all agent container mages.
+  build_container_images:
+    name: "Build Container Images ${{matrix.builder.builder-name}}"
+    needs:
+      - pre_job
+    uses: ./.github/workflows/reusable-agent-build-container-images.yml
+    strategy:
+      matrix:
+        builder: ${{ fromJson(vars.ENABLED_BUILDERS) }}
+    with:
+      python_version: ${{ needs.pre_job.outputs.python_version }}
+      cache_version: ${{ needs.pre_job.outputs.cache_version }}
+      aws_region: ${{ needs.pre_job.outputs.aws_region }}
+      cicd_workflow: ${{ needs.pre_job.outputs.cicd_workflow }}
+      builder_name: ${{ matrix.builder.builder_name }}
+      base_image: ${{ matrix.builder.base_image }}
+      architectures: ${{ toJson(matrix.builder.architectures) }}
+    secrets:
+      CT_AWS_DEV_EC2_PRIVATE_KEY: ${{ secrets.CT_AWS_DEV_EC2_PRIVATE_KEY }}
+      CT_AWS_DEV_EC2_PRIVATE_KEY_NAME: ${{ secrets.CT_AWS_DEV_EC2_PRIVATE_KEY_NAME }}
+      CT_AWS_DEV_EC2_ACCESS_KEY: ${{ secrets.CT_AWS_DEV_EC2_ACCESS_KEY }}
+      CT_AWS_DEV_EC2_SECRET_KEY: ${{ secrets.CT_AWS_DEV_EC2_SECRET_KEY }}
+      CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_WRITE: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_WRITE }}
+      CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_READ: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_READ }}
+      SCALYR_API_KEY_READ_2: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_2_READ }}
+      SCALYR_API_KEY_READ_3: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_3_READ }}
+      SCALYR_API_KEY_READ_4: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_4_READ }}
+      SCALYR_API_KEY_READ_5: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_5_READ }}
+      SCALYR_API_KEY_READ_6: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_6_READ }}
+      SCALYR_API_KEY_READ_7: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_7_READ }}
+      SCALYR_API_KEY_WRITE_2: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_2_WRITE }}
+      SCALYR_API_KEY_WRITE_3: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_3_WRITE }}
+      SCALYR_API_KEY_WRITE_4: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_4_WRITE }}
+      SCALYR_API_KEY_WRITE_5: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_5_WRITE }}
+      SCALYR_API_KEY_WRITE_6: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_6_WRITE }}
+      SCALYR_API_KEY_WRITE_7: ${{ secrets.CT_SCALYR_TOKEN_PROD_US_CLOUDTECH_TESTING_7_WRITE }}
+      PULL_REGISTRY_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME_PROD_ACCOUNT }}
+      PULL_REGISTRY_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD_PROD_ACCOUNT }}
+      PUBLISH_REGISTRY_USERNAME: ${{ (github.ref_type == 'tag' || github.ref_name == 'master') && secrets.DOCKER_HUB_USERNAME_PROD_ACCOUNT || secrets.DOCKER_HUB_USERNAME_TEST_ACCOUNT }}
+      PUBLISH_REGISTRY_PASSWORD: ${{ (github.ref_type == 'tag' || github.ref_name == 'master') && secrets.DOCKER_HUB_PASSWORD_PROD_ACCOUNT || secrets.DOCKER_HUB_PASSWORD_TEST_ACCOUNT }}
+      INTERNAL_BUILD_REGISTRY_USERNAME: ${{ secrets.INTERNAL_BUILD_REGISTRY_USERNAME }}
+      INTERNAL_BUILD_REGISTRY_PASSWORD: ${{ secrets.INTERNAL_BUILD_REGISTRY_PASSWORD }}
+
+  clean-ec2-tests-objects:
+    name: Remove ec2 object that were created by this workflow
+    if: ${{ always() }}
+    needs:
+      - pre_job
+      - build_container_images
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
+
+      - name: install python and requirements
+        uses: ./.github/actions/install_python_and_requirements
+        with:
+          python_version: ${{ needs.pre_job.outputs.python_version }}
+
+      - name: Cleanup old prefix lists for ec2 test security group.
+        env:
+          AWS_ACCESS_KEY: ${{ secrets.CT_AWS_DEV_EC2_ACCESS_KEY }}
+          AWS_SECRET_KEY: ${{ secrets.CT_AWS_DEV_EC2_SECRET_KEY }}
+          AWS_PRIVATE_KEY_NAME: ${{ secrets.CT_AWS_DEV_EC2_PRIVATE_KEY_NAME }}
+          AWS_PRIVATE_KEY: ${{ secrets.CT_AWS_DEV_EC2_PRIVATE_KEY }}
+          AWS_REGION: ${{ needs.pre_job.outputs.aws_region }}
+          CICD_WORKFLOW: ${{ needs.pre_job.outputs.cicd_workflow }}
+        run: |
+          python3 agent_build_refactored/utils/scripts/cicd/cleanup_ec2_objects.py