external-secrets/.github/workflows/ci.yml

name: CI

on:
  push:
    branches:
      - main
  pull_request: {}

env:
  # Common versions
  GOLANGCI_VERSION: 'v1.49.0'
  KUBERNETES_VERSION: '1.24.x'

  # Sonar
  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

jobs:
  detect-noop:
    runs-on: ubuntu-latest
    outputs:
      noop: ${{ steps.noop.outputs.should_skip }}
    steps:
      - name: Detect No-op Changes
        id: noop
        uses: fkirc/skip-duplicate-actions@v5.2.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
          concurrent_skipping: false

  lint:
    runs-on: ubuntu-latest
    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup Go
        uses: actions/setup-go@v3
        with:
          go-version-file: "go.mod"

      - name: Find the Go Cache
        id: go
        run: |
          echo "::set-output name=build-cache::$(go env GOCACHE)"
          echo "::set-output name=mod-cache::$(go env GOMODCACHE)"

      - name: Cache the Go Build Cache
        uses: actions/cache@v3
        with:
          path: ${{ steps.go.outputs.build-cache }}
          key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }}

      - name: Cache Go Dependencies
        uses: actions/cache@v3
        with:
          path: ${{ steps.go.outputs.mod-cache }}
          key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }}

      - name: Lint
        uses: golangci/golangci-lint-action@v3
        with:
          version: ${{ env.GOLANGCI_VERSION }}
          skip-pkg-cache: true
          skip-build-cache: true

  check-diff:
    runs-on: ubuntu-latest
    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup Go
        uses: actions/setup-go@v3
        with:
          go-version-file: "go.mod"

      - name: Find the Go Cache
        id: go
        run: |
          echo "::set-output name=build-cache::$(go env GOCACHE)"
          echo "::set-output name=mod-cache::$(go env GOMODCACHE)"

      - name: Cache the Go Build Cache
        uses: actions/cache@v3
        with:
          path: ${{ steps.go.outputs.build-cache }}
          key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }}

      - name: Cache Go Dependencies
        uses: actions/cache@v3
        with:
          path: ${{ steps.go.outputs.mod-cache }}
          key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }}

      # Check DIff also runs Reviewable which needs golangci-lint installed
      - name: Check Diff
        run: |
          wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s ${{ env.GOLANGCI_VERSION }}
          export PATH=$PATH:./bin
          make check-diff

  unit-tests:
    runs-on: ubuntu-latest
    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Fetch History
        run: git fetch --prune --unshallow

      - name: Setup Go
        uses: actions/setup-go@v3
        with:
          go-version-file: "go.mod"

      - name: Find the Go Cache
        id: go
        run: |
          echo "::set-output name=build-cache::$(go env GOCACHE)"
          echo "::set-output name=mod-cache::$(go env GOMODCACHE)"

      - name: Cache the Go Build Cache
        uses: actions/cache@v3
        with:
          path: ${{ steps.go.outputs.build-cache }}
          key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }}

      - name: Cache Go Dependencies
        uses: actions/cache@v3
        with:
          path: ${{ steps.go.outputs.mod-cache }}
          key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }}

      - name: Add setup-envtest
        run: |
          go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
          setup-envtest use ${{env.KUBERNETES_VERSION}} -p env --os $(go env GOOS) --arch $(go env GOARCH)

      - name: Cache envtest binaries
        uses: actions/cache@v3
        with:
          path: /home/runner/.local/share/kubebuilder-envtest/
          key: ${{ runner.os }}-kubebuilder-${{env.KUBERNETES_VERSION}}

      - name: Run Unit Tests
        run: |
          export KUBEBUILDER_ATTACH_CONTROL_PLANE_OUTPUT=true
          source <(setup-envtest use ${{env.KUBERNETES_VERSION}} -p env --os $(go env GOOS) --arch $(go env GOARCH))
          make test

  publish-artifacts:
    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'
    uses: ./.github/workflows/publish.yml
    permissions:
      id-token: write
      contents: read
    strategy:
      matrix:
        include:
        - dockerfile: "Dockerfile"
          tag-suffix: "" # distroless
        - dockerfile: "Dockerfile.ubi"
          tag-suffix: "-ubi"
    with:
      dockerfile: ${{ matrix.dockerfile }}
      tag-suffix: ${{ matrix.tag-suffix }}
      image-name: ghcr.io/${{ github.repository }}
    secrets:
      GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
      GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}