helm-external-secrets/.github/workflows/main.yml

name: CI

on:
  push:
    branches: [ master ]
    tags:
      - '*'
  pull_request:
    branches: [ master ]

env: 
  KUBEBUILDER_VERSION: 2.3.1

jobs:

  build:
    name: Build
    container: 
      image: golang:1.15
    runs-on: ubuntu-latest

    steps:
    - name: Check out code into the Go module directory
      uses: actions/checkout@v2

    - name: Get dependencies
      run: |
        go get -v -t -d ./...
        
    - name: Add kubebuilder
      run:  |
        curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{env.KUBEBUILDER_VERSION}}/kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz > kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
        tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
        mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder

    - name: Vet and Build
      run: make manager

    - name: Test
      run: make test

    - name: Coverage
      uses: codecov/codecov-action@v1
      with:
        # token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
        file: ./cover.out
        # flags: unittests # optional
        name: externalsecret-operator
        fail_ci_if_error: true 

  docker:
    name: Docker
    runs-on: ubuntu-latest
    needs: build
    steps:
    - name: Prepare
      id: prep
      run: |
        DOCKER_IMAGE=ghcr.io/external-secrets/external-secrets

        VERSION=edge
        if [[ $GITHUB_REF == refs/tags/* ]]; then
          VERSION=${GITHUB_REF#refs/tags/}
        elif [[ $GITHUB_REF == refs/heads/* ]]; then
          VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
        elif [[ $GITHUB_REF == refs/pull/* ]]; then
          VERSION=pr-${{ github.event.number }}
        fi

        TAGS="${DOCKER_IMAGE}:${VERSION}"
        if [ "${{ github.event_name }}" = "push" ]; then
          TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
        fi

        PUSH_IMAGE=true
        REPO_FULL_NAME="${{ github.event.pull_request.head.repo.full_name }}"
        # If this is both a pull request and a fork, then don't push the image
        if [[ ${{ github.event_name }} == pull_request ]]; then
          if [[ $REPO_FULL_NAME != external-secrets/xternal-secrets ]]; then
            PUSH_IMAGE=false
          fi
        fi

        echo ::set-output name=version::${VERSION}
        echo ::set-output name=tags::${TAGS}
        echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
        echo ::set-output name=push_image::$PUSH_IMAGE

    - name: Check out the repo
      uses: actions/checkout@v2
      
    - name: Set up QEMU
      id: qemu
      uses: docker/setup-qemu-action@v1
      with:
        platforms: all

    - name: Set up Docker Buildx
      id: buildx
      uses: docker/setup-buildx-action@v1
      
    - name: Login to Github Packages
      id: docker-login
      uses: docker/login-action@v1
      with:
        registry: docker.pkg.github.com
        username: external-secrets
        password: ${{ secrets.GITHUB_TOKEN }}
      if: ${{ steps.prep.outputs.push_image == 'true' }}

    - name: Build and push
      id: docker_build
      uses: docker/build-push-action@v2
      with:
        context: .
        file: ./Dockerfile
        builder: ${{ steps.buildx.outputs.name }}
        platforms: linux/amd64,linux/arm/v7,linux/arm64
        tags: ${{ steps.prep.outputs.tags }}
        push: ${{ steps.prep.outputs.push_image }}
        labels: |
          org.opencontainers.image.source=${{ github.event.repository.clone_url }}
          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
          org.opencontainers.image.revision=${{ github.sha }}
          
    - name: Image digest
      run: echo ${{ steps.docker_build.outputs.digest }}