Skip to content

Update lukaszraczylo/semver-generator action to v1.12.141 #4430

Update lukaszraczylo/semver-generator action to v1.12.141

Update lukaszraczylo/semver-generator action to v1.12.141 #4430

Workflow file for this run

name: CI
on:
push:
branches:
- main
tags:
- "v*.*.*"
pull_request:
branches:
- main
- version-bumps
jobs:
checkout:
name: Checkout
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: true
- name: Tar files
run: tar -cf checkout.tar ./
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: checkout.tar
path: checkout.tar
js-get-deps:
needs: checkout
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: checkout.tar
- name: Untar files
run: tar -xf checkout.tar ./
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: '.nvmrc'
- run: npm install
- name: Tar files
run: tar -cf codebase.tar ./
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: codebase.tar
path: codebase.tar
js-units:
runs-on: ubuntu-latest
needs: js-get-deps
permissions:
checks: write
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: codebase.tar
- name: Untar files
run: tar -xf codebase.tar ./
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: '.nvmrc'
- run: npm run ci-test
- uses: tanmen/jest-reporter@b51194185b294febdbe6d848f31f15614a06e2e3 # v1
if: always()
with:
action-name: Jest Unit Test Results
github-token: ${{ secrets.GITHUB_TOKEN }}
build-web-ui:
runs-on: ubuntu-latest
needs: js-get-deps
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: codebase.tar
- name: Untar files
run: tar -xf codebase.tar ./
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: '.nvmrc'
- run: "npm run build:webpack"
- name: Tar files
run: tar -cf webui.tar dist
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: webui.tar
path: webui.tar
publish-web-ui:
runs-on: ubuntu-latest
permissions:
contents: write
needs:
- build-web-ui
if: ${{ github.ref == 'refs/heads/main' }}
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: webui.tar
- name: Untar files
run: tar -xf webui.tar dist
- name: Deploy
uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./dist
js-build-binaries:
runs-on: ubuntu-latest
needs: js-get-deps
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: codebase.tar
- name: Untar files
run: tar -xf codebase.tar ./
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: '.nvmrc'
- uses: MOZGIII/install-ldid-action@d5ab465f3a66a4d60a59882b935eb30e18e8d043 # renovate: tag=v1
with:
tag: v2.1.5-procursus2
- run: npm run build
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: psp-migration-alpine-arm64
path: dist/bin/psp-migration-alpine-arm64
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: psp-migration-alpine-x64
path: dist/bin/psp-migration-alpine-x64
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: psp-migration-linux-arm64
path: dist/bin/psp-migration-linux-arm64
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: psp-migration-linux-x64
path: dist/bin/psp-migration-linux-x64
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: psp-migration-linuxstatic-arm64
path: dist/bin/psp-migration-linuxstatic-arm64
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: psp-migration-linuxstatic-x64
path: dist/bin/psp-migration-linuxstatic-x64
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: psp-migration-win-arm64.exe
path: dist/bin/psp-migration-win-arm64.exe
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: psp-migration-win-x64.exe
path: dist/bin/psp-migration-win-x64.exe
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: psp-migration-macos-arm64
path: dist/bin/psp-migration-macos-arm64
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: psp-migration-macos-x64
path: dist/bin/psp-migration-macos-x64
policytests:
runs-on: ubuntu-latest
needs:
- checkout
- js-build-binaries
permissions:
checks: write
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
system:
- psp
- gatekeeper
- kyverno
- kubewarden
- pss
- krail
e2e: ["fixtures"]
include:
- system: kubewarden
e2e: "e2e"
- system: gatekeeper
e2e: "e2e"
- system: kyverno
e2e: "e2e"
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: checkout.tar
- name: Untar files
run: tar -xf checkout.tar ./
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
if: matrix.e2e == 'e2e'
with:
name: psp-migration-linuxstatic-x64
- if: matrix.e2e == 'e2e'
run: chmod +x psp-migration-linuxstatic-x64
- uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
timeout-minutes: 5
with:
config: tests/kind-config-${{matrix.system}}.yaml
- uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: 'v3.7.1'
- if: matrix.system == 'gatekeeper'
name: Install gatekeeper
run: |
kubectl apply --wait -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/release-3.12/deploy/gatekeeper.yaml
kubectl wait --for=condition=available --timeout=600s -n gatekeeper-system \
deployment/gatekeeper-audit \
deployment/gatekeeper-controller-manager
kubectl apply --wait -k submodules/gatekeeper-library/library/pod-security-policy
kubectl apply --wait -k patched_gatekeeper_templates
until kubectl wait --for condition=established --timeout=60s \
crd/constrainttemplates.templates.gatekeeper.sh \
crd/k8spspvolumetypes.constraints.gatekeeper.sh
do
sleep 1
done
- if: matrix.system == 'kubewarden'
name: Install kubewarden
run: |
helm repo add jetstack https://charts.jetstack.io
helm repo add kubewarden https://charts.kubewarden.io
helm repo update
helm install --wait \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.5.3 \
--set installCRDs=true
helm install --create-namespace -n kubewarden kubewarden-crds kubewarden/kubewarden-crds
helm install --wait -n \
kubewarden kubewarden-controller kubewarden/kubewarden-controller \
--set telemetry.enabled=False
helm install --wait -n kubewarden kubewarden-defaults kubewarden/kubewarden-defaults \
--set policyServer.telemetry.enabled=False
- if: matrix.system == 'kyverno'
name: Install kyverno
run: |
helm repo add kyverno https://kyverno.github.io/kyverno/
helm repo update
helm install kyverno kyverno/kyverno -n kyverno --create-namespace --version 3.0.9
kubectl wait --for=condition=available --timeout=600s -n kyverno \
deployment/kyverno-admission-controller
- if: matrix.system == 'krail'
name: Install k-rail
run: |
helm repo add k-rail https://cruise-automation.github.io/k-rail/
helm repo update
kubectl create namespace k-rail
kubectl label namespace k-rail k-rail/ignore=true
helm install --wait --set webhookTimeout=30 --set replicaCount=1 k-rail k-rail/k-rail --namespace k-rail
- name: BATS tests
continue-on-error: false
run: submodules/bats/bin/bats --report-formatter junit tests
env:
SYSTEM: ${{ matrix.system }}
E2E_TEST: ${{ matrix.e2e == 'e2e' && './psp-migration-linuxstatic-x64' }}
- name: Test Report
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
if: always()
with:
name: Test results (${{ matrix.system }}) ${{ matrix.e2e == 'e2e' && 'end-to-end' || 'static policy'}}
path: report.xml
reporter: java-junit
fail-on-error: true
release-binaries:
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
needs:
- js-build-binaries
- semver
permissions:
contents: write
id-token: write
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: psp-migration-alpine-arm64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: psp-migration-alpine-x64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: psp-migration-linux-arm64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: psp-migration-linux-x64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: psp-migration-linuxstatic-arm64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: psp-migration-linuxstatic-x64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: psp-migration-win-arm64.exe
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: psp-migration-win-x64.exe
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: psp-migration-macos-arm64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: psp-migration-macos-x64
- uses: marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0 # tag=v1.2.1
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
automatic_release_tag: v${{ needs.semver.outputs.semantic_version}}
prerelease: false
title: v${{ needs.semver.outputs.semantic_version}}
files: "*"
codeql:
runs-on: ubuntu-latest
permissions:
security-events: write
needs: checkout
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: checkout.tar
- name: Untar files
run: tar -xf checkout.tar ./
- name: Initialize CodeQL
uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
semver:
name: Generate a semantic version number
runs-on: ubuntu-latest
outputs:
semantic_version: ${{ steps.semver.outputs.semantic_version }}
steps:
- name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: '0'
- name: Semver run
id: semver
uses: lukaszraczylo/semver-generator@d7f5610110d853be94c9db072e976c8d646c4d92 # 1.12.141
with:
config_file: .github/semver.yaml
repository_local: true