Fix http/2 CVE #475
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: | |
| - "*" | |
| push: | |
| branches: | |
| - master | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Set up Go 1.20 | |
| uses: actions/setup-go@v1 | |
| with: | |
| go-version: '1.20' | |
| id: go | |
| - uses: actions/checkout@v1 | |
| - name: Set up QEMU | |
| id: qemu | |
| uses: docker/setup-qemu-action@v1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Prepare Host | |
| run: | | |
| # install yq | |
| curl -fsSL -o yq https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64 | |
| chmod +x yq | |
| sudo mv yq /usr/local/bin/yq | |
| # install kubectl | |
| curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/amd64/kubectl | |
| chmod +x ./kubectl | |
| sudo mv ./kubectl /usr/local/bin/kubectl | |
| - name: Run checks | |
| run: | | |
| make ci | |
| - name: Test Vulnerability | |
| run: | | |
| # https://go.dev/blog/vuln | |
| GOBIN=/usr/local/bin go install golang.org/x/vuln/cmd/govulncheck@latest | |
| govulncheck ./... | |
| - name: Build | |
| env: | |
| REGISTRY: appscodeci | |
| DOCKER_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| USERNAME: 1gtm | |
| run: | | |
| docker login --username ${USERNAME} --password ${DOCKER_TOKEN} | |
| make push | |
| - name: Install link checker | |
| run: | | |
| curl -fsSL -o liche https://github.com/appscodelabs/liche/releases/download/v0.1.0/liche-linux-amd64 | |
| chmod +x liche | |
| sudo mv liche /usr/local/bin/liche | |
| - name: Check links | |
| run: | | |
| liche -r docs -d $(pwd) -c 10 -p -h -l -x '^(.*github.com.*|.*twitter.com.*)$' | |
| kubernetes: | |
| name: Kubernetes | |
| runs-on: ubuntu-20.04 | |
| needs: build | |
| strategy: | |
| matrix: | |
| k8s: [v1.19.16, v1.27.1] | |
| steps: | |
| - uses: actions/checkout@v1 | |
| - name: Check out installer | |
| run: | | |
| cd .. | |
| git clone https://github.com/kubeops/installer.git | |
| - name: Create Kubernetes ${{ matrix.k8s }} cluster | |
| id: kind | |
| uses: engineerd/setup-kind@v0.5.0 | |
| with: | |
| version: v0.17.0 | |
| config: hack/kubernetes/kind.yaml | |
| image: kindest/node:${{ matrix.k8s }} | |
| - name: Prepare cluster for testing | |
| id: local-path | |
| run: | | |
| echo "waiting for nodes to be ready ..." | |
| kubectl wait --for=condition=Ready nodes --all --timeout=5m | |
| kubectl get nodes | |
| echo | |
| kubectl version | |
| echo | |
| echo "install helm 3" | |
| curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash | |
| - name: Run e2e tests | |
| env: | |
| REGISTRY: appscodeci | |
| REGISTRY_SECRET: regcred | |
| TEST_CREDENTIALS: ${{ secrets.TEST_CREDENTIALS }} | |
| GOOGLE_SERVICE_ACCOUNT_JSON_KEY: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_JSON_KEY }} | |
| run: | | |
| echo "preparing test credentials" | |
| mkdir -p hack/config | |
| echo -n "$TEST_CREDENTIALS" > hack/config/.env | |
| echo >> hack/config/.env | |
| echo "GOOGLE_SERVICE_ACCOUNT_JSON_KEY=$(echo $GOOGLE_SERVICE_ACCOUNT_JSON_KEY)" >> hack/config/.env | |
| make install || ( kubectl describe deployment -n kubeops config-syncer; kubectl logs -n kubeops deployment/config-syncer; exit 1; ) | |
| echo | |
| make e2e-tests |