2021-02-18 10:27:10 +00:00
|
|
|
name: CI
|
|
|
|
|
|
|
|
on:
|
|
|
|
push:
|
|
|
|
branches:
|
|
|
|
- main
|
|
|
|
- release-*
|
|
|
|
pull_request: {}
|
|
|
|
workflow_dispatch: {}
|
|
|
|
|
|
|
|
env:
|
|
|
|
# Common versions
|
2022-09-06 17:46:36 +00:00
|
|
|
GOLANGCI_VERSION: 'v1.49.0'
|
2022-08-19 15:32:06 +00:00
|
|
|
KUBERNETES_VERSION: '1.24.x'
|
2021-02-18 10:27:10 +00:00
|
|
|
DOCKER_BUILDX_VERSION: 'v0.4.2'
|
|
|
|
|
2021-03-18 01:28:06 +00:00
|
|
|
# Common users. We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run
|
|
|
|
# a step 'if env.GHCR_USERNAME' != ""', so we copy these to succinctly test whether
|
2021-02-18 10:27:10 +00:00
|
|
|
# credentials have been provided before trying to run steps that need them.
|
2021-03-18 01:28:06 +00:00
|
|
|
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
|
2021-12-17 11:23:57 +00:00
|
|
|
|
2021-09-28 16:55:16 +00:00
|
|
|
# Sonar
|
|
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
jobs:
|
|
|
|
detect-noop:
|
|
|
|
runs-on: ubuntu-18.04
|
|
|
|
outputs:
|
|
|
|
noop: ${{ steps.noop.outputs.should_skip }}
|
|
|
|
steps:
|
|
|
|
- name: Detect No-op Changes
|
|
|
|
id: noop
|
2022-04-18 13:31:44 +00:00
|
|
|
uses: fkirc/skip-duplicate-actions@v4.0.0
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
paths_ignore: '["**.md", "**.png", "**.jpg"]'
|
|
|
|
do_not_skip: '["workflow_dispatch", "schedule", "push"]'
|
|
|
|
concurrent_skipping: false
|
|
|
|
|
|
|
|
lint:
|
|
|
|
runs-on: ubuntu-18.04
|
|
|
|
needs: detect-noop
|
|
|
|
if: needs.detect-noop.outputs.noop != 'true'
|
|
|
|
|
|
|
|
steps:
|
|
|
|
- name: Checkout
|
2022-03-07 08:06:46 +00:00
|
|
|
uses: actions/checkout@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
|
2021-06-25 23:56:42 +00:00
|
|
|
- name: Setup Go
|
2022-04-11 08:06:16 +00:00
|
|
|
uses: actions/setup-go@v3
|
2021-06-25 23:56:42 +00:00
|
|
|
with:
|
2022-09-15 15:17:52 +00:00
|
|
|
go-version-file: "go.mod"
|
2021-06-25 23:56:42 +00:00
|
|
|
|
2021-02-18 10:27:10 +00:00
|
|
|
- name: Find the Go Cache
|
|
|
|
id: go
|
|
|
|
run: |
|
|
|
|
echo "::set-output name=build-cache::$(go env GOCACHE)"
|
|
|
|
echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
|
|
|
|
|
|
|
|
- name: Cache the Go Build Cache
|
2022-03-28 08:07:03 +00:00
|
|
|
uses: actions/cache@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
path: ${{ steps.go.outputs.build-cache }}
|
2022-09-06 17:46:36 +00:00
|
|
|
key: ${{ runner.os }}-build-lint-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
|
|
|
|
restore-keys: ${{ runner.os }}-build-lint-${{ github.sha }}-
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
- name: Cache Go Dependencies
|
2022-03-28 08:07:03 +00:00
|
|
|
uses: actions/cache@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
path: ${{ steps.go.outputs.mod-cache }}
|
2022-09-06 17:46:36 +00:00
|
|
|
key: ${{ runner.os }}-pkg-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
|
|
|
|
restore-keys: ${{ runner.os }}-pkg-${{ github.sha }}-
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
# This action uses its own setup-go, which always seems to use the latest
|
|
|
|
# stable version of Go. We could run 'make lint' to ensure our desired Go
|
|
|
|
# version, but we prefer this action because it leaves 'annotations' (i.e.
|
|
|
|
# it comments on PRs to point out linter violations).
|
|
|
|
- name: Lint
|
2022-05-16 08:05:30 +00:00
|
|
|
uses: golangci/golangci-lint-action@v3.2.0
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
version: ${{ env.GOLANGCI_VERSION }}
|
2021-03-06 22:57:02 +00:00
|
|
|
skip-pkg-cache: true
|
|
|
|
skip-build-cache: true
|
2021-06-25 23:56:42 +00:00
|
|
|
skip-go-installation: true
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
check-diff:
|
|
|
|
runs-on: ubuntu-18.04
|
|
|
|
needs: detect-noop
|
|
|
|
if: needs.detect-noop.outputs.noop != 'true'
|
|
|
|
|
|
|
|
steps:
|
|
|
|
- name: Checkout
|
2022-03-07 08:06:46 +00:00
|
|
|
uses: actions/checkout@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
- name: Setup Go
|
2022-04-11 08:06:16 +00:00
|
|
|
uses: actions/setup-go@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
2022-09-15 15:17:52 +00:00
|
|
|
go-version-file: "go.mod"
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
- name: Find the Go Cache
|
|
|
|
id: go
|
|
|
|
run: |
|
|
|
|
echo "::set-output name=build-cache::$(go env GOCACHE)"
|
|
|
|
echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
|
|
|
|
|
|
|
|
- name: Cache the Go Build Cache
|
2022-03-28 08:07:03 +00:00
|
|
|
uses: actions/cache@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
path: ${{ steps.go.outputs.build-cache }}
|
2022-09-15 15:17:52 +00:00
|
|
|
key: ${{ runner.os }}-build-check-diff-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
|
|
|
|
restore-keys: ${{ runner.os }}-build-check-diff-${{ github.sha }}-
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
- name: Cache Go Dependencies
|
2022-03-28 08:07:03 +00:00
|
|
|
uses: actions/cache@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
path: ${{ steps.go.outputs.mod-cache }}
|
2022-09-15 15:17:52 +00:00
|
|
|
key: ${{ runner.os }}-pkg-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
|
|
|
|
restore-keys: ${{ runner.os }}-pkg-${{ github.sha }}-
|
2021-02-18 10:27:10 +00:00
|
|
|
|
2021-10-23 13:33:01 +00:00
|
|
|
# Check DIff also runs Reviewable which needs golangci-lint installed
|
2021-02-18 10:27:10 +00:00
|
|
|
- name: Check Diff
|
2021-10-23 13:33:01 +00:00
|
|
|
run: |
|
2022-09-06 17:46:36 +00:00
|
|
|
wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s ${{ env.GOLANGCI_VERSION }}
|
2021-10-23 13:33:01 +00:00
|
|
|
export PATH=$PATH:./bin
|
|
|
|
make check-diff
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
unit-tests:
|
|
|
|
runs-on: ubuntu-18.04
|
|
|
|
needs: detect-noop
|
|
|
|
if: needs.detect-noop.outputs.noop != 'true'
|
|
|
|
|
|
|
|
steps:
|
|
|
|
- name: Checkout
|
2022-03-07 08:06:46 +00:00
|
|
|
uses: actions/checkout@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
- name: Fetch History
|
|
|
|
run: git fetch --prune --unshallow
|
|
|
|
|
|
|
|
- name: Setup Go
|
2022-04-11 08:06:16 +00:00
|
|
|
uses: actions/setup-go@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
2022-09-15 15:17:52 +00:00
|
|
|
go-version-file: "go.mod"
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
- name: Find the Go Cache
|
|
|
|
id: go
|
|
|
|
run: |
|
|
|
|
echo "::set-output name=build-cache::$(go env GOCACHE)"
|
|
|
|
echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
|
|
|
|
|
|
|
|
- name: Cache the Go Build Cache
|
2022-03-28 08:07:03 +00:00
|
|
|
uses: actions/cache@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
path: ${{ steps.go.outputs.build-cache }}
|
2022-09-06 17:46:36 +00:00
|
|
|
key: ${{ runner.os }}-build-unit-tests-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
|
|
|
|
restore-keys: ${{ runner.os }}-build-unit-tests-${{ github.sha }}-
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
- name: Cache Go Dependencies
|
2022-03-28 08:07:03 +00:00
|
|
|
uses: actions/cache@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
path: ${{ steps.go.outputs.mod-cache }}
|
2022-09-06 17:46:36 +00:00
|
|
|
key: ${{ runner.os }}-pkg-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
|
|
|
|
restore-keys: ${{ runner.os }}-pkg-${{ github.sha }}-
|
2021-02-18 10:27:10 +00:00
|
|
|
|
2022-01-28 18:51:07 +00:00
|
|
|
- name: Add setup-envtest
|
|
|
|
run: |
|
|
|
|
go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
|
|
|
|
setup-envtest use ${{env.KUBERNETES_VERSION}} -p env --os $(go env GOOS) --arch $(go env GOARCH)
|
2021-02-18 10:27:10 +00:00
|
|
|
|
2021-06-25 23:56:42 +00:00
|
|
|
- name: Cache envtest binaries
|
2022-03-28 08:07:03 +00:00
|
|
|
uses: actions/cache@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
2022-01-28 18:51:07 +00:00
|
|
|
path: /home/runner/.local/share/kubebuilder-envtest/
|
|
|
|
key: ${{ runner.os }}-kubebuilder-${{env.KUBERNETES_VERSION}}
|
2021-02-18 10:27:10 +00:00
|
|
|
restore-keys: ${{ runner.os }}-kubebuilder-
|
|
|
|
|
|
|
|
- name: Run Unit Tests
|
2021-06-25 23:56:42 +00:00
|
|
|
run: |
|
|
|
|
export KUBEBUILDER_ATTACH_CONTROL_PLANE_OUTPUT=true
|
2022-01-28 18:51:07 +00:00
|
|
|
source <(setup-envtest use ${{env.KUBERNETES_VERSION}} -p env --os $(go env GOOS) --arch $(go env GOARCH))
|
2021-06-25 23:56:42 +00:00
|
|
|
make test
|
2021-02-18 10:27:10 +00:00
|
|
|
|
2021-04-24 23:39:06 +00:00
|
|
|
|
2021-02-18 10:27:10 +00:00
|
|
|
publish-artifacts:
|
|
|
|
runs-on: ubuntu-18.04
|
|
|
|
needs: detect-noop
|
|
|
|
if: needs.detect-noop.outputs.noop != 'true'
|
|
|
|
|
2022-03-19 20:07:50 +00:00
|
|
|
permissions:
|
|
|
|
id-token: write
|
2022-03-20 08:43:25 +00:00
|
|
|
contents: read
|
2022-03-19 20:07:50 +00:00
|
|
|
|
2021-02-18 10:27:10 +00:00
|
|
|
steps:
|
|
|
|
- name: Setup QEMU
|
2022-05-09 08:05:35 +00:00
|
|
|
uses: docker/setup-qemu-action@v2
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
platforms: all
|
|
|
|
|
|
|
|
- name: Setup Docker Buildx
|
2022-05-09 08:05:33 +00:00
|
|
|
uses: docker/setup-buildx-action@v2
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
version: ${{ env.DOCKER_BUILDX_VERSION }}
|
|
|
|
install: true
|
|
|
|
|
|
|
|
- name: Checkout
|
2022-03-07 08:06:46 +00:00
|
|
|
uses: actions/checkout@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
- name: Fetch History
|
|
|
|
run: git fetch --prune --unshallow
|
|
|
|
|
|
|
|
- name: Setup Go
|
2022-04-11 08:06:16 +00:00
|
|
|
uses: actions/setup-go@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
2022-09-15 15:17:52 +00:00
|
|
|
go-version-file: "go.mod"
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
- name: Find the Go Cache
|
|
|
|
id: go
|
|
|
|
run: |
|
|
|
|
echo "::set-output name=build-cache::$(go env GOCACHE)"
|
|
|
|
echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
|
|
|
|
|
|
|
|
- name: Cache the Go Build Cache
|
2022-03-28 08:07:03 +00:00
|
|
|
uses: actions/cache@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
path: ${{ steps.go.outputs.build-cache }}
|
2022-09-06 17:46:36 +00:00
|
|
|
key: ${{ runner.os }}-build-publish-artifacts-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
|
|
|
|
restore-keys: ${{ runner.os }}-build-publish-artifacts-${{ github.sha }}-
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
- name: Cache Go Dependencies
|
2022-03-28 08:07:03 +00:00
|
|
|
uses: actions/cache@v3
|
2021-02-18 10:27:10 +00:00
|
|
|
with:
|
|
|
|
path: ${{ steps.go.outputs.mod-cache }}
|
2022-09-06 17:46:36 +00:00
|
|
|
key: ${{ runner.os }}-pkg-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
|
|
|
|
restore-keys: ${{ runner.os }}-pkg-${{ github.sha }}-
|
2021-02-18 10:27:10 +00:00
|
|
|
|
|
|
|
- name: Login to Docker
|
2022-05-09 08:05:30 +00:00
|
|
|
uses: docker/login-action@v2
|
2021-02-18 10:27:10 +00:00
|
|
|
if: env.GHCR_USERNAME != ''
|
|
|
|
with:
|
|
|
|
registry: ghcr.io
|
|
|
|
username: ${{ secrets.GHCR_USERNAME }}
|
|
|
|
password: ${{ secrets.GHCR_TOKEN }}
|
|
|
|
|
2021-07-21 15:00:43 +00:00
|
|
|
- name: Build & Publish Artifacts
|
2021-02-18 10:27:10 +00:00
|
|
|
if: env.GHCR_USERNAME != ''
|
2021-07-21 15:00:43 +00:00
|
|
|
env:
|
|
|
|
BUILD_ARGS: "--push --platform linux/amd64,linux/arm64"
|
|
|
|
run: make docker.build
|
2021-02-18 10:27:10 +00:00
|
|
|
|
2022-09-15 15:17:52 +00:00
|
|
|
- name: Get docker image tag
|
2022-09-15 21:40:02 +00:00
|
|
|
if: env.GHCR_USERNAME != ''
|
2022-09-15 15:17:52 +00:00
|
|
|
id: image_version
|
|
|
|
run: echo "::set-output name=image::$(make docker.image)"
|
|
|
|
|
|
|
|
- name: Run Trivy vulnerability scanner
|
2022-09-15 21:40:02 +00:00
|
|
|
if: env.GHCR_USERNAME != ''
|
2022-09-15 15:17:52 +00:00
|
|
|
uses: aquasecurity/trivy-action@master
|
|
|
|
with:
|
|
|
|
image-ref: '${{ steps.image_version.outputs.image }}'
|
|
|
|
format: 'table'
|
|
|
|
exit-code: '1'
|
|
|
|
ignore-unfixed: true
|
|
|
|
vuln-type: 'os,library'
|
|
|
|
severity: 'CRITICAL,HIGH'
|
|
|
|
|
2021-02-18 10:27:10 +00:00
|
|
|
- name: Promote Artifacts to main release channel
|
|
|
|
if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
|
|
|
|
run: make docker.promote
|
|
|
|
env:
|
|
|
|
RELEASE_TAG: main
|
2022-03-19 20:07:50 +00:00
|
|
|
|
|
|
|
- name: Set up crane
|
|
|
|
if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
|
|
|
|
run: go install github.com/google/go-containerregistry/cmd/crane@v0.8.0
|
|
|
|
|
2022-03-20 08:43:25 +00:00
|
|
|
- name: Install cosign
|
|
|
|
if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
|
2022-09-13 05:27:36 +00:00
|
|
|
uses: sigstore/cosign-installer@v2.6.0
|
2022-03-20 08:43:25 +00:00
|
|
|
|
2022-03-19 20:07:50 +00:00
|
|
|
- name: Sign Artifacts to main release channel
|
|
|
|
if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
|
|
|
|
run: make docker.sign
|
|
|
|
env:
|
|
|
|
RELEASE_TAG: main
|
2022-06-11 10:08:28 +00:00
|
|
|
COSIGN_EXPERIMENTAL: true
|