Report Artifact #
Every time you build an artifact - in our case a Docker image - you can store (and easily access) all the information you have about it in Kosli. We call it reporting an artifact.
Artifacts in Kosli are reported to Kosli Pipelines. You can find the Pipelines section just below Environments.
Create a pipeline #
To report an artifact from your GitHub workflow you need to create a Kosli pipeline first. Every time your workflow builds a new version of Docker image it will be reported to the same Kosli pipeline. Kosli pipeline has to exist before you can start reporting artifacts to it, and you can make the creation of a pipeline a part of the build workflow. (It's safe - rerunning pipeline creation command won't erase existing entries.) In this guide we're creating a Kosli pipeline called github-k8s-demo and that's the name you'll see in the code.
As it was in the case of reporting environment, we need to download Kosli CLI in the workflow, to be able to run the commands.
Report an artifact #
Here is a complete workflow that takes care of CLI download, pipeline creation and docker image build and reports it to the Kosli pipeline.
Remember:
K8S_CLUSTER_NAME,K8S_GCP_ZONEandNAMESPACEshould be the same you used in Report Environment stepIMAGEshould contain your dockerhub username (instead of our colleague's Ewelina username). You also need to use the correct username in Login to hub.docker.com stepKOSLI_OWNERshould be the same your Kosli username.
In the workflow you'll find comments about specific parts of it.
name: Build and Deploy
on:
push:
env:
# gke k8s cluster variables
K8S_CLUSTER_NAME: kosli-dev
K8S_GCP_ZONE: europe-west1
NAMESPACE: github-k8s-demo
# name of the docker image to build, replace with the name
# that will contain your dockerhub id
IMAGE: ewelinawilkosz/github-k8s-demo
# kosli variables - will be picked up by commands
KOSLI_OWNER: demo
KOSLI_PIPELINE: github-k8s-demo
KOSLI_ENVIRONMENT: github-k8s-test
KOSLI_CLI_VERSION: "2.0.0"
jobs:
build-report:
runs-on: ubuntu-20.04
# outputs to be passed on to 'deploy' job below
outputs:
tag: ${{ steps.prep.outputs.tag }}
tagged-image: ${{ steps.prep.outputs.tagged-image }}
image-digest: ${{ steps.digest-prep.outputs.image-digest }}
steps:
# checkout code
- uses: actions/checkout@v2
with:
fetch-depth: 1
- name: Prepare
id: prep
run: |
TAG=$(echo $GITHUB_SHA | head -c7)
TAGGED_IMAGE=${{ env.IMAGE }}:${TAG}
echo "TAG=${TAG}" >> ${GITHUB_ENV}
echo "TAGGED_IMAGE=${TAGGED_IMAGE}" >> ${GITHUB_ENV}
echo ::set-output name=tag::${TAG}
echo ::set-output name=tagged-image::${TAGGED_IMAGE}
# This is the a separate action that sets up buildx (buildkit) runner
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
# use your own username and configured token to log into dockerhub
- name: Login to hub.docker.com
uses: docker/login-action@v1
with:
username: ewelinawilkosz
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push Docker image
id: docker_build
uses: docker/build-push-action@v2
with:
push: true
tags: ${{ env.TAGGED_IMAGE }}
no-cache: true
# the digest will be passed to kosli commands using 'sha256' flags
- name: Make the image digest available for following steps
id: digest-prep
run: |
ARTIFACT_SHA=$( echo ${{ steps.docker_build.outputs.digest }} | sed 's/.*://')
echo "DIGEST=$ARTIFACT_SHA" >> ${GITHUB_ENV}
echo ::set-output name=image-digest::${ARTIFACT_SHA}
- name: Download Kosli cli client
id: download-kosli-cli
run: |
wget https://github.com/kosli-dev/cli/releases/download/v${{ env.KOSLI_CLI_VERSION }}/kosli_${{ env.KOSLI_CLI_VERSION }}_linux_amd64.tar.gz
tar -xf kosli_${{ env.KOSLI_CLI_VERSION }}_linux_amd64.tar.gz kosli
- name: Declare pipeline in Kosli
env:
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
run:
./kosli pipeline declare
--description "Kosli server"
--pipeline ${{ env.KOSLI_PIPELINE }}
--template "artifact"
- name: Report Docker image in Kosli
env:
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
run:
./kosli pipeline artifact report creation ${{ env.TAGGED_IMAGE }}
--sha256 ${{ env.DIGEST }}
# deploy review environment
deploy:
needs: [build-report]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 1
- id: auth
uses: google-github-actions/auth@v0.4.0
with:
credentials_json: ${{ secrets.GCP_K8S_CREDENTIALS }}
- id: connect-to-k8s
uses: google-github-actions/get-gke-credentials@main
with:
cluster_name: ${{ env.K8S_CLUSTER_NAME }}
location: ${{ env.K8S_GCP_ZONE }}
- uses: azure/setup-kubectl@v1
id: install-kubectl
# The KUBECONFIG env var is automatically exported and picked up by kubectl.
- name: Ensure review env namespace
run: |
kubectl get namespace ${{ env.NAMESPACE }} || kubectl create namespace ${{ env.NAMESPACE }}
- name: Deploy
run: |
sed -i 's/TAG/${{ needs.build-report.outputs.tag }}/g' k8s/deployment.yaml
kubectl apply -f k8s/deployment.yaml -n ${{ env.NAMESPACE }}
Once the workflow runs succesfully, you should see it reported in Kosli github-k8s-demo pipeline:
With more details once you click on it:
You will also notice a change in the state of your github-k8s-test environment (if the environment reporting workflow ran successfully): it is still incompliant, but now the artifact running there has provenance (you can see the name of Kosli pipeline: github-k8s-demo that the artifact was reported to, in a grey, pill shaped field) so we can check how it was built:
Now that your aritfact reporting works the only thing missing is reporting the deployment.
