mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
b85e229970
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.0.1 to 6.1.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](a4f60bb28d...aaa42aa062
)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
172 lines
5.1 KiB
YAML
172 lines
5.1 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- release-*
|
|
pull_request: {}
|
|
|
|
env:
|
|
# Common versions
|
|
GOLANGCI_VERSION: 'v1.57.2'
|
|
KUBERNETES_VERSION: '1.30.x'
|
|
|
|
# Sonar
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
detect-noop:
|
|
permissions:
|
|
actions: write # for fkirc/skip-duplicate-actions to skip or stop workflow runs
|
|
contents: read # for fkirc/skip-duplicate-actions to read and compare commits
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
noop: ${{ steps.noop.outputs.should_skip }}
|
|
steps:
|
|
- name: Detect No-op Changes
|
|
id: noop
|
|
uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
paths_ignore: '["**.md", "**.png", "**.jpg"]'
|
|
do_not_skip: '["workflow_dispatch", "schedule", "push"]'
|
|
concurrent_skipping: false
|
|
|
|
lint:
|
|
permissions:
|
|
contents: read # for actions/checkout to fetch code
|
|
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
|
|
runs-on: ubuntu-latest
|
|
needs: detect-noop
|
|
if: needs.detect-noop.outputs.noop != 'true' && github.ref != 'refs/heads/main'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
|
id: setup-go
|
|
with:
|
|
go-version-file: "go.mod"
|
|
|
|
- name: Download Go modules
|
|
if: ${{ steps.setup-go.outputs.cache-hit != 'true' }}
|
|
run: go mod download
|
|
|
|
- name: Lint
|
|
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
|
|
with:
|
|
version: ${{ env.GOLANGCI_VERSION }}
|
|
skip-pkg-cache: true
|
|
skip-build-cache: true
|
|
|
|
check-diff:
|
|
runs-on: ubuntu-latest
|
|
needs: detect-noop
|
|
if: needs.detect-noop.outputs.noop != 'true' && github.ref != 'refs/heads/main'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
|
id: setup-go
|
|
with:
|
|
go-version-file: "go.mod"
|
|
|
|
- name: Download Go modules
|
|
if: ${{ steps.setup-go.outputs.cache-hit != 'true' }}
|
|
run: go mod download
|
|
|
|
- name: Configure Git
|
|
run: |
|
|
git config user.name "$GITHUB_ACTOR"
|
|
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
|
|
|
|
- name: Check Diff
|
|
run: |
|
|
make check-diff
|
|
|
|
unit-tests:
|
|
runs-on: ubuntu-latest
|
|
needs: detect-noop
|
|
if: needs.detect-noop.outputs.noop != 'true'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
|
|
|
- name: Fetch History
|
|
run: git fetch --prune --unshallow
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
|
|
id: setup-go
|
|
with:
|
|
go-version-file: "go.mod"
|
|
|
|
- name: Download Go modules
|
|
if: ${{ steps.setup-go.outputs.cache-hit != 'true' }}
|
|
run: go mod download
|
|
|
|
- name: Cache envtest binaries
|
|
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
|
|
with:
|
|
path: bin/k8s
|
|
key: ${{ runner.os }}-envtest-${{env.KUBERNETES_VERSION}}
|
|
|
|
- name: Run Unit Tests
|
|
run: |
|
|
make test
|
|
|
|
- name: Publish Unit Test Coverage
|
|
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
|
|
env:
|
|
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
|
|
with:
|
|
flags: unittests
|
|
file: ./cover.out
|
|
|
|
publish-artifacts:
|
|
needs: detect-noop
|
|
if: needs.detect-noop.outputs.noop != 'true'
|
|
uses: ./.github/workflows/publish.yml
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- dockerfile: "Dockerfile"
|
|
build-args: "CGO_ENABLED=0"
|
|
build-arch: "amd64 arm64 s390x ppc64le"
|
|
build-platform: "linux/amd64,linux/arm64,linux/s390x,linux/ppc64le"
|
|
tag-suffix: "" # distroless
|
|
- dockerfile: "Dockerfile.ubi"
|
|
build-args: "CGO_ENABLED=0"
|
|
build-arch: "amd64 arm64 ppc64le"
|
|
build-platform: "linux/amd64,linux/arm64,linux/ppc64le"
|
|
tag-suffix: "-ubi"
|
|
- dockerfile: "Dockerfile.ubi"
|
|
build-args: "CGO_ENABLED=0 GOEXPERIMENT=boringcrypto"
|
|
build-arch: "amd64 ppc64le"
|
|
build-platform: "linux/amd64,linux/ppc64le"
|
|
tag-suffix: "-ubi-boringssl"
|
|
with:
|
|
dockerfile: ${{ matrix.dockerfile }}
|
|
tag-suffix: ${{ matrix.tag-suffix }}
|
|
image-name: ghcr.io/${{ github.repository }}
|
|
build-platform: ${{ matrix.build-platform }}
|
|
build-args: ${{ matrix.build-args }}
|
|
build-arch: ${{ matrix.build-arch }}
|
|
ref: ${{ github.ref }}
|
|
secrets:
|
|
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
|
|
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
|
|
|