| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269 |
- name: CI
- on:
- push:
- branches:
- - main
- - release-*
- pull_request: {}
- workflow_dispatch: {}
- env:
- # Common versions
- GO_VERSION: '1.17'
- GOLANGCI_VERSION: 'v1.42.1'
- KUBERNETES_VERSION: '1.24.x'
- DOCKER_BUILDX_VERSION: 'v0.4.2'
- # Common users. We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run
- # a step 'if env.GHCR_USERNAME' != ""', so we copy these to succinctly test whether
- # credentials have been provided before trying to run steps that need them.
- GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
- # Sonar
- SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- jobs:
- detect-noop:
- runs-on: ubuntu-18.04
- outputs:
- noop: ${{ steps.noop.outputs.should_skip }}
- steps:
- - name: Detect No-op Changes
- id: noop
- uses: fkirc/skip-duplicate-actions@v4.0.0
- with:
- github_token: ${{ secrets.GITHUB_TOKEN }}
- paths_ignore: '["**.md", "**.png", "**.jpg"]'
- do_not_skip: '["workflow_dispatch", "schedule", "push"]'
- concurrent_skipping: false
- lint:
- runs-on: ubuntu-18.04
- needs: detect-noop
- if: needs.detect-noop.outputs.noop != 'true'
- steps:
- - name: Checkout
- uses: actions/checkout@v3
- - name: Setup Go
- uses: actions/setup-go@v3
- with:
- go-version: ${{ env.GO_VERSION }}
- - name: Find the Go Cache
- id: go
- run: |
- echo "::set-output name=build-cache::$(go env GOCACHE)"
- echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
- - name: Cache the Go Build Cache
- uses: actions/cache@v3
- with:
- path: ${{ steps.go.outputs.build-cache }}
- key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }}
- restore-keys: ${{ runner.os }}-build-lint-
- - name: Cache Go Dependencies
- uses: actions/cache@v3
- with:
- path: ${{ steps.go.outputs.mod-cache }}
- key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
- restore-keys: ${{ runner.os }}-pkg-
- # This action uses its own setup-go, which always seems to use the latest
- # stable version of Go. We could run 'make lint' to ensure our desired Go
- # version, but we prefer this action because it leaves 'annotations' (i.e.
- # it comments on PRs to point out linter violations).
- - name: Lint
- uses: golangci/golangci-lint-action@v3.2.0
- with:
- version: ${{ env.GOLANGCI_VERSION }}
- skip-pkg-cache: true
- skip-build-cache: true
- skip-go-installation: true
- check-diff:
- runs-on: ubuntu-18.04
- needs: detect-noop
- if: needs.detect-noop.outputs.noop != 'true'
- steps:
- - name: Checkout
- uses: actions/checkout@v3
- - name: Setup Go
- uses: actions/setup-go@v3
- with:
- go-version: ${{ env.GO_VERSION }}
- - name: Find the Go Cache
- id: go
- run: |
- echo "::set-output name=build-cache::$(go env GOCACHE)"
- echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
- - name: Cache the Go Build Cache
- uses: actions/cache@v3
- with:
- path: ${{ steps.go.outputs.build-cache }}
- key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }}
- restore-keys: ${{ runner.os }}-build-check-diff-
- - name: Cache Go Dependencies
- uses: actions/cache@v3
- with:
- path: ${{ steps.go.outputs.mod-cache }}
- key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
- restore-keys: ${{ runner.os }}-pkg-
- # Check DIff also runs Reviewable which needs golangci-lint installed
- - name: Check Diff
- run: |
- wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.42.1
- export PATH=$PATH:./bin
- make check-diff
- unit-tests:
- runs-on: ubuntu-18.04
- needs: detect-noop
- if: needs.detect-noop.outputs.noop != 'true'
- steps:
- - name: Checkout
- uses: actions/checkout@v3
- - name: Fetch History
- run: git fetch --prune --unshallow
- - name: Setup Go
- uses: actions/setup-go@v3
- with:
- go-version: ${{ env.GO_VERSION }}
- - name: Find the Go Cache
- id: go
- run: |
- echo "::set-output name=build-cache::$(go env GOCACHE)"
- echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
- - name: Cache the Go Build Cache
- uses: actions/cache@v3
- with:
- path: ${{ steps.go.outputs.build-cache }}
- key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
- restore-keys: ${{ runner.os }}-build-unit-tests-
- - name: Cache Go Dependencies
- uses: actions/cache@v3
- with:
- path: ${{ steps.go.outputs.mod-cache }}
- key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
- restore-keys: ${{ runner.os }}-pkg-
- - name: Add setup-envtest
- run: |
- go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
- setup-envtest use ${{env.KUBERNETES_VERSION}} -p env --os $(go env GOOS) --arch $(go env GOARCH)
- - name: Cache envtest binaries
- uses: actions/cache@v3
- with:
- path: /home/runner/.local/share/kubebuilder-envtest/
- key: ${{ runner.os }}-kubebuilder-${{env.KUBERNETES_VERSION}}
- restore-keys: ${{ runner.os }}-kubebuilder-
- - name: Run Unit Tests
- run: |
- export KUBEBUILDER_ATTACH_CONTROL_PLANE_OUTPUT=true
- source <(setup-envtest use ${{env.KUBERNETES_VERSION}} -p env --os $(go env GOOS) --arch $(go env GOARCH))
- make test
- publish-artifacts:
- runs-on: ubuntu-18.04
- needs: detect-noop
- if: needs.detect-noop.outputs.noop != 'true'
- permissions:
- id-token: write
- contents: read
- steps:
- - name: Setup QEMU
- uses: docker/setup-qemu-action@v2
- with:
- platforms: all
- - name: Setup Docker Buildx
- uses: docker/setup-buildx-action@v2
- with:
- version: ${{ env.DOCKER_BUILDX_VERSION }}
- install: true
- - name: Checkout
- uses: actions/checkout@v3
- - name: Fetch History
- run: git fetch --prune --unshallow
- - name: Setup Go
- uses: actions/setup-go@v3
- with:
- go-version: ${{ env.GO_VERSION }}
- - name: Find the Go Cache
- id: go
- run: |
- echo "::set-output name=build-cache::$(go env GOCACHE)"
- echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
- - name: Cache the Go Build Cache
- uses: actions/cache@v3
- with:
- path: ${{ steps.go.outputs.build-cache }}
- key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }}
- restore-keys: ${{ runner.os }}-build-publish-artifacts-
- - name: Cache Go Dependencies
- uses: actions/cache@v3
- with:
- path: ${{ steps.go.outputs.mod-cache }}
- key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
- restore-keys: ${{ runner.os }}-pkg-
- - name: Login to Docker
- uses: docker/login-action@v2
- if: env.GHCR_USERNAME != ''
- with:
- registry: ghcr.io
- username: ${{ secrets.GHCR_USERNAME }}
- password: ${{ secrets.GHCR_TOKEN }}
- - name: Build & Publish Artifacts
- if: env.GHCR_USERNAME != ''
- env:
- BUILD_ARGS: "--push --platform linux/amd64,linux/arm64"
- run: make docker.build
- - name: Promote Artifacts to main release channel
- if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
- run: make docker.promote
- env:
- RELEASE_TAG: main
- - name: Set up crane
- if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
- run: go install github.com/google/go-containerregistry/cmd/crane@v0.8.0
- - name: Install cosign
- if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
- uses: sigstore/cosign-installer@v2.5.1
- - name: Sign Artifacts to main release channel
- if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
- run: make docker.sign
- env:
- RELEASE_TAG: main
- COSIGN_EXPERIMENTAL: true
|
