chore: add setup-build-env gh action (#5892)

* chore: use gh composite actions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * failure Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * failure Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * failure Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * failure Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * wait ready Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * restart Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: add setup-build-env gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix clone Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unshallow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unshallow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unshallow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unshallow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unshallow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unshallow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unshallow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unshallow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unshallow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unshallow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cache Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cache Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cache Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cache Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cache Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cache Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cache Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cache Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2025-03-31 03:45:17 +00:00 · 2023-01-05 16:52:52 +01:00 · 2023-01-05 16:52:52 +01:00 · 07cf2c120b
commit 07cf2c120b
parent c24e25fb56
14 changed files with 93 additions and 229 deletions
--- a/.github/actions/setup-build-env/action.yaml
+++ b/.github/actions/setup-build-env/action.yaml
@ -0,0 +1,40 @@
 name: Setup build env
 description: Clone repo, unshallow, setup go, cache and install tools.
 inputs:
  unshallow:
    description: git unshallow
    default: 'true'
  build-cache-key:
    description: build cache prefix
 runs:
  using: composite
  steps:
    - shell: bash
      if: ${{ inputs.unshallow == 'true' }}
      run: |
        git fetch --prune --unshallow
    - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
      with:
        go-version: ~1.19.4
    - uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # v3.2.2
      with:
        path: ~/go/pkg/mod
        key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('**/go.sum') }}-${{ hashFiles('Makefile') }}
    - uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # v3.2.2
      with:
        path: ~/.cache/kyverno/tools
        key: ${{ runner.os }}-cache-kyverno-tools-${{ hashFiles('**/go.sum') }}-${{ hashFiles('Makefile') }}
    - uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # v3.2.2
      if: ${{ inputs.build-cache-key }}
      with:
        path: ~/.cache/go-build
        key: ${{ runner.os }}-build-cache-${{ inputs.build-cache-key }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('Makefile') }}
    - shell: bash
      run: |
        go mod download
    - shell: bash
      run: |
        GOCACHE=~/.cache/kyverno/tools make install-tools
--- a/.github/workflows/cli.yaml
+++ b/.github/workflows/cli.yaml
@ -23,21 +23,10 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-      - name: Unshallow
+      - name: Setup build env
-        run: git fetch --prune --unshallow
+        uses: ./.github/actions/setup-build-env
      - name: Set up Go 
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
-          go-version: ~1.19.4
+          build-cache-key: cli-test
      - name: Cache Go modules
        uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # v3.2.2
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Setup TEST_GIT_BRANCH
        run: |
          if [[ ${{ github.event_name }} == "push" ]]
--- a/.github/workflows/codecov.yaml
+++ b/.github/workflows/codecov.yaml
@ -16,11 +16,10 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-      - name: Unshallow
+      - name: Setup build env
-        run: git fetch --prune --unshallow
+        uses: ./.github/actions/setup-build-env
      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
-          go-version: ~1.19.4
+          build-cache-key: codecov
      - name: Generate Code Coverage Report
        run: make code-cov-report
      - name: Upload Report to Codecov
--- a/.github/workflows/conformance.yaml
+++ b/.github/workflows/conformance.yaml
@ -20,13 +20,10 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-      - name: Unshallow
+      - name: Setup build env
-        run: git fetch --prune --unshallow
+        uses: ./.github/actions/setup-build-env
      - name: Setup go
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
-          go-version: ~1.19.4
+          build-cache-key: run-conformance
          cache: true
      - name: Prepare environment
        run: |
          export KIND_IMAGE=kindest/node:${{ matrix.k8s-version }}
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@ -14,10 +14,9 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+      - name: Setup build env
-        with:
+        uses: ./.github/actions/setup-build-env
-          go-version: ~1.19.4
+      - name: Run FOSSA analysis
      - name: run FOSSA analysis
        env:
          # FOSSA Push-Only API Token
          FOSSA_API_KEY: '760a966bd1687152ecfe23386d841df4'
--- a/.github/workflows/helm-release.yaml
+++ b/.github/workflows/helm-release.yaml
@ -13,17 +13,13 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-
+      - name: Setup build env
-      - name: Unshallow
+        uses: ./.github/actions/setup-build-env
        run: git fetch --prune --unshallow
      - uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0
        with:
          python-version: 3.7
      - name: Set up chart-testing
        uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec # v2.3.1
      - name: Run chart-testing (lint)
        run: ct lint --target-branch=main --check-version-increment=false
@ -38,8 +34,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-        with:
+      - name: Setup build env
-          fetch-depth: 0
+        uses: ./.github/actions/setup-build-env
      - name: Install Helm
        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
@ -51,7 +47,6 @@ jobs:
        with:
          cosign-release: 'v1.13.0'
      - name: Set version
        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
--- a/.github/workflows/helm-test.yaml
+++ b/.github/workflows/helm-test.yaml
@ -15,9 +15,10 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-        with:
+      - name: Setup build env
-          fetch-depth: 0
+        uses: ./.github/actions/setup-build-env
-      - uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0
+      - name: Setup python
        uses: actions/setup-python@5ccb29d8773c3f3f653e1705f474dfaa8a06a912 # v4.4.0
        with:
          python-version: 3.7
      - name: Set up chart-testing
--- a/.github/workflows/image-build.yaml
+++ b/.github/workflows/image-build.yaml
@ -20,25 +20,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-
+      - name: Setup build env
-      - name: Unshallow
+        uses: ./.github/actions/setup-build-env
        run: git fetch --prune --unshallow
      - name: Set up Go
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: ~1.19.4
      - name: Cache Go modules
        uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # pin@v3
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: gofmt check
        run: |
          if [ "$(gofmt -s -l . | wc -l)" -ne 0 ]
@ -48,7 +31,6 @@ jobs:
           echo "Please run 'make fmt' to go format the above files."
           exit 1
          fi
      - name: goimports
        run: |
          if [ "$(goimports -l . | wc -l)" -ne 0 ]
@ -58,10 +40,8 @@ jobs:
           echo "Please run 'make fmt' to go format the above files."
           exit 1
          fi
      - name: golangci-lint
        uses: reviewdog/action-golangci-lint@53f8eabb87b40b1a2c63ec75b0d418bd0f4aa919 # v2.2.2
      - name: Checking unused pkgs using go mod tidy
        run: |
          make unused-package-check
@ -72,25 +52,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-
+      - name: Setup build env
-      - name: Unshallow
+        uses: ./.github/actions/setup-build-env
        run: git fetch --prune --unshallow
      - name: Set up Go
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: ~1.19.4
      - name: Cache Go modules
        uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # pin@v3
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: ko build
        run: make ko-build-kyvernopre
@ -100,28 +63,10 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-
+      - name: Setup build env
-      - name: Unshallow
+        uses: ./.github/actions/setup-build-env
        run: git fetch --prune --unshallow
      - name: Set up Go
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: ~1.19.4
      - name: Cache Go modules
        uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # pin@v3
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: ko build
        run: make ko-build-kyverno
      - name: Trivy Scan Image
        uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
        with:
@ -137,25 +82,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-
+      - name: Setup build env
-      - name: Unshallow
+        uses: ./.github/actions/setup-build-env
        run: git fetch --prune --unshallow
      - name: Set up Go
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: ~1.19.4
      - name: Cache Go modules
        uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # pin@v3
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: ko build
        run: make ko-build-cleanup-controller
@ -165,24 +93,7 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-
+      - name: Setup build env
-      - name: Unshallow
+        uses: ./.github/actions/setup-build-env
        run: git fetch --prune --unshallow
      - name: Set up Go
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: ~1.19.4
      - name: Cache Go modules
        uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # pin@v3
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: ko build
        run: make ko-build-cli
--- a/.github/workflows/nancy.yaml
+++ b/.github/workflows/nancy.yaml
@ -13,6 +13,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      - name: Setup build env
        uses: ./.github/actions/setup-build-env
      - name: WriteGoList
        run: go list -json -m all > go.list
      - name: Nancy SAST Scan
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -136,27 +136,10 @@ jobs:
      - name: Set version
        id: version
        run: echo "version=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-        with:
+      - name: Setup build env
-          fetch-depth: 0
+        uses: ./.github/actions/setup-build-env
      - name: Set up Go
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: ~1.19.4
      - name: Cache Go modules
        uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # pin@v3
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # pin@v1.0
      - name: Make Release
@ -188,17 +171,10 @@ jobs:
      - name: Set version
        id: version
        run: echo "version=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-        with:
+      - name: Setup build env
-          fetch-depth: 0
+        uses: ./.github/actions/setup-build-env
      - name: Set up Go
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: ~1.19.4
      - name: Setup Flux CLI
        uses: fluxcd/flux2/action@f58b82fb4ed53939dc1c9d7e370deab885527368 # v0.38.2
        with:
@ -253,17 +229,14 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-
+      - name: Setup build env
-      - name: Unshallow
+        uses: ./.github/actions/setup-build-env
        run: git fetch --prune --unshallow
      - name: Check Tag
        id: check-tag
        run: |
          if [[ ${{ github.event.ref }} =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
              echo "match=true" >> $GITHUB_OUTPUT
          fi
      - name: Update new version in krew-index
        if: steps.check-tag.outputs.match == 'true'
        uses: rajatjindal/krew-release-bot@92da038bbf995803124a8e50ebd438b2f37bbbb0 # pin@v0.0.43
--- a/.github/workflows/report-on-vulnerabilities.yaml
+++ b/.github/workflows/report-on-vulnerabilities.yaml
@ -49,17 +49,17 @@ jobs:
    if: contains(needs.scan.outputs.results, 'SchemaVersion')
    needs: scan
    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
+      - name: Checkout
-
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      - name: Setup build env
        uses: ./.github/actions/setup-build-env
      - name: Download scan
        uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
        with:
          name: scan.json
      - name: Set scan output
        id: set-scan-output
        run: echo "results=$(cat scan.json)" >> $GITHUB_OUTPUT
      - uses: JasonEtco/create-an-issue@e27dddc79c92bc6e4562f268fffa5ed752639abd # v2.9.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/sonarcloud.yaml
+++ b/.github/workflows/sonarcloud.yaml
@ -10,9 +10,10 @@ jobs:
  sonarcloud:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
+      - name: Checkout
-        with:
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-          fetch-depth: 0
+      - name: Setup build env
        uses: ./.github/actions/setup-build-env
      - name: SonarCloud Scan
        uses: sonarsource/sonarcloud-github-action@cb201f3b2d7a38231a8c042dfea4539c8bea180b # v1.8
        env:
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@ -20,9 +20,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-
+      - name: Setup build env
-      - name: Unshallow
+        uses: ./.github/actions/setup-build-env
        run: git fetch --prune --unshallow
      # see https://michaelheap.com/ensure-github-actions-pinned-sha/
      - name: Ensure SHA pinned actions
@ -33,11 +32,6 @@ jobs:
          allowlist: |
            slsa-framework/slsa-github-generator
      - name: Setup go
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: ~1.19.4
      - name: golangci-lint
        uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376 # pin@v3
        with:
@ -78,25 +72,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-
+      - name: Setup build env
-      - name: Unshallow
+        uses: ./.github/actions/setup-build-env
        run: git fetch --prune --unshallow
      - name: Set up Go
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: ~1.19.4
      - name: Cache Go modules
        uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # pin@v3
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Kyverno unit test
        run: |
          export PROJECT_PATH=$(pwd)
--- a/.github/workflows/verify-codegen.yaml
+++ b/.github/workflows/verify-codegen.yaml
@ -16,29 +16,9 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-
+      - name: Setup build env
-      - name: Unshallow
+        uses: ./.github/actions/setup-build-env
        run: git fetch --prune --unshallow
      - name: Set up Go 
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
-          go-version: ~1.19.4
+          build-cache-key: verify-codegen
      - name: Set up Helm
        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
        with:
          version: v3.5.0
      - name: Cache Go modules
        uses: actions/cache@4723a57e26efda3a62cbde1812113b730952852d # pin@v3
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Verify generated code is up to date
        run: make verify-codegen