mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-15 17:51:01 +00:00
12e771051c
Bumps [actions/cache](https://github.com/actions/cache) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](3624ceb22c...6849a64899
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
172 lines
5.1 KiB
YAML
172 lines
5.1 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- release-*
|
|
pull_request: {}
|
|
|
|
env:
|
|
# Common versions
|
|
GOLANGCI_VERSION: 'v1.60.1'
|
|
KUBERNETES_VERSION: '1.31.x'
|
|
|
|
# Sonar
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
detect-noop:
|
|
permissions:
|
|
actions: write # for fkirc/skip-duplicate-actions to skip or stop workflow runs
|
|
contents: read # for fkirc/skip-duplicate-actions to read and compare commits
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
noop: ${{ steps.noop.outputs.should_skip }}
|
|
steps:
|
|
- name: Detect No-op Changes
|
|
id: noop
|
|
uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
paths_ignore: '["**.md", "**.png", "**.jpg"]'
|
|
do_not_skip: '["workflow_dispatch", "schedule", "push"]'
|
|
concurrent_skipping: false
|
|
|
|
lint:
|
|
permissions:
|
|
contents: read # for actions/checkout to fetch code
|
|
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
|
|
runs-on: ubuntu-latest
|
|
needs: detect-noop
|
|
if: needs.detect-noop.outputs.noop != 'true' && github.ref != 'refs/heads/main'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
|
id: setup-go
|
|
with:
|
|
go-version-file: "go.mod"
|
|
|
|
- name: Download Go modules
|
|
if: ${{ steps.setup-go.outputs.cache-hit != 'true' }}
|
|
run: go mod download
|
|
|
|
- name: Lint
|
|
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
|
|
with:
|
|
version: ${{ env.GOLANGCI_VERSION }}
|
|
skip-pkg-cache: true
|
|
skip-build-cache: true
|
|
|
|
check-diff:
|
|
runs-on: ubuntu-latest
|
|
needs: detect-noop
|
|
if: needs.detect-noop.outputs.noop != 'true' && github.ref != 'refs/heads/main'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
|
id: setup-go
|
|
with:
|
|
go-version-file: "go.mod"
|
|
|
|
- name: Download Go modules
|
|
if: ${{ steps.setup-go.outputs.cache-hit != 'true' }}
|
|
run: go mod download
|
|
|
|
- name: Configure Git
|
|
run: |
|
|
git config user.name "$GITHUB_ACTOR"
|
|
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
|
|
|
|
- name: Check Diff
|
|
run: |
|
|
make check-diff
|
|
|
|
unit-tests:
|
|
runs-on: ubuntu-latest
|
|
needs: detect-noop
|
|
if: needs.detect-noop.outputs.noop != 'true'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Fetch History
|
|
run: git fetch --prune --unshallow
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
|
id: setup-go
|
|
with:
|
|
go-version-file: "go.mod"
|
|
|
|
- name: Download Go modules
|
|
if: ${{ steps.setup-go.outputs.cache-hit != 'true' }}
|
|
run: go mod download
|
|
|
|
- name: Cache envtest binaries
|
|
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
|
|
with:
|
|
path: bin/k8s
|
|
key: ${{ runner.os }}-envtest-${{env.KUBERNETES_VERSION}}
|
|
|
|
- name: Run Unit Tests
|
|
run: |
|
|
make test
|
|
|
|
- name: Publish Unit Test Coverage
|
|
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
|
|
env:
|
|
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
|
|
with:
|
|
flags: unittests
|
|
file: ./cover.out
|
|
|
|
publish-artifacts:
|
|
needs: detect-noop
|
|
if: needs.detect-noop.outputs.noop != 'true'
|
|
uses: ./.github/workflows/publish.yml
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- dockerfile: "Dockerfile"
|
|
build-args: "CGO_ENABLED=0"
|
|
build-arch: "amd64 arm64 s390x ppc64le"
|
|
build-platform: "linux/amd64,linux/arm64,linux/s390x,linux/ppc64le"
|
|
tag-suffix: "" # distroless
|
|
- dockerfile: "Dockerfile.ubi"
|
|
build-args: "CGO_ENABLED=0"
|
|
build-arch: "amd64 arm64 ppc64le"
|
|
build-platform: "linux/amd64,linux/arm64,linux/ppc64le"
|
|
tag-suffix: "-ubi"
|
|
- dockerfile: "Dockerfile.ubi"
|
|
build-args: "CGO_ENABLED=0 GOEXPERIMENT=boringcrypto"
|
|
build-arch: "amd64 ppc64le"
|
|
build-platform: "linux/amd64,linux/ppc64le"
|
|
tag-suffix: "-ubi-boringssl"
|
|
with:
|
|
dockerfile: ${{ matrix.dockerfile }}
|
|
tag-suffix: ${{ matrix.tag-suffix }}
|
|
image-name: ghcr.io/${{ github.repository }}
|
|
build-platform: ${{ matrix.build-platform }}
|
|
build-args: ${{ matrix.build-args }}
|
|
build-arch: ${{ matrix.build-arch }}
|
|
ref: ${{ github.ref }}
|
|
secrets:
|
|
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
|
|
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
|
|
|