logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
							name: main-ci

on:
  push:
    branches: [ main ]
    tags:
      - '*'
    paths-ignore:
      - 'deploy/**'
  pull_request:
    branches: [ main ]
    paths-ignore:
      - 'deploy/**'

env:
  KUBEBUILDER_VERSION: 2.3.1

jobs:

  build:
    name: Build
    container:
      image: golang:1.15
    runs-on: ubuntu-latest

    steps:
    - name: Check out code into the Go module directory
      uses: actions/checkout@v2

    - name: Set up Go
      uses: actions/setup-go@v2
      with:
        go-version: '~1.15'

    - name: Add kubebuilder
      run:  |
        curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{env.KUBEBUILDER_VERSION}}/kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz > kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
        tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
        mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder

    - name: Lint
      run: |
        make lint-install
        make lint

    - name: Build
      run: make build

  test:
    name: Test
    container:
      image: golang:1.15
    runs-on: ubuntu-latest

    steps:
    - name: Check out code into the Go module directory
      uses: actions/checkout@v2

    - name: Set up Go
      uses: actions/setup-go@v2
      with:
        go-version: '~1.15'

    - name: Add kubebuilder
      run:  |
        curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{env.KUBEBUILDER_VERSION}}/kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz > kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
        tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
        mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder

    - name: Test
      run: make test

    - name: Coverage
      uses: codecov/codecov-action@v1
      with:
        # token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
        file: ./cover.out
        # flags: unittests # optional
        name: external-secrets
        fail_ci_if_error: true

  docker:
    name: Docker
    runs-on: ubuntu-latest
    needs: [build, test]
    steps:
    - name: Prepare
      id: prep
      run: |
        DOCKER_IMAGE=ghcr.io/external-secrets/external-secrets

        VERSION=edge
        if [[ $GITHUB_REF == refs/tags/* ]]; then
          VERSION=${GITHUB_REF#refs/tags/}
        elif [[ $GITHUB_REF == refs/heads/* ]]; then
          VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
        elif [[ $GITHUB_REF == refs/pull/* ]]; then
          VERSION=pr-${{ github.event.number }}
        fi

        TAGS="${DOCKER_IMAGE}:${VERSION}"
        if [ "${{ github.event_name }}" = "push" ]; then
          TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
        fi

        PUSH_IMAGE=true
        REPO_FULL_NAME="${{ github.event.pull_request.head.repo.full_name }}"
        # If this is both a pull request and a fork, then don't push the image
        if [[ ${{ github.event_name }} == pull_request ]]; then
          if [[ $REPO_FULL_NAME != external-secrets/external-secrets ]]; then
            PUSH_IMAGE=false
          fi
        fi

        REPO_URL=https://github.com/${{github.repository}}

        echo ::set-output name=version::${VERSION}
        echo ::set-output name=tags::${TAGS}
        echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
        echo ::set-output name=push_image::$PUSH_IMAGE
        echo ::set-output name=repo_url::$REPO_URL

    - name: Check out the repo
      uses: actions/checkout@v2

    - name: Set up QEMU
      id: qemu
      uses: docker/setup-qemu-action@v1
      with:
        platforms: linux/amd64

    - name: Set up Docker Buildx
      id: buildx
      uses: docker/setup-buildx-action@v1

    - name: Login to Github Packages
      id: docker-login
      uses: docker/login-action@v1
      with:
        registry: ghcr.io
        username: ${{ secrets.GHCR_USERNAME }}
        password: ${{ secrets.GHCR_TOKEN }}
      if: ${{ steps.prep.outputs.push_image == 'true' }}

    - name: Build and push
      id: docker_build
      uses: docker/build-push-action@v2
      with:
        context: .
        file: ./Dockerfile
        builder: ${{ steps.buildx.outputs.name }}
        platforms: linux/amd64
        tags: ${{ steps.prep.outputs.tags }}
        push: ${{ steps.prep.outputs.push_image }}
        labels: |
          org.opencontainers.image.source=${{ steps.prep.outputs.repo_url }}
          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
          org.opencontainers.image.revision=${{ github.sha }}

    - name: Image digest
      run: echo ${{ steps.docker_build.outputs.digest }}