diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b7232d4..7bb5304 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,7 +3,7 @@ name: CI on: push: branches: - - master + - main - release-* pull_request: {} workflow_dispatch: {} @@ -14,68 +14,41 @@ env: GOLANGCI_VERSION: 'v1.55.2' DOCKER_BUILDX_VERSION: 'v0.8.2' - # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run - # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether - # credentials have been provided before trying to run steps that need them. - CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }} - XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }} - jobs: detect-noop: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest outputs: noop: ${{ steps.noop.outputs.should_skip }} steps: - name: Detect No-op Changes id: noop - uses: fkirc/skip-duplicate-actions@v2.0.0 + uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} paths_ignore: '["**.md", "**.png", "**.jpg"]' do_not_skip: '["workflow_dispatch", "schedule", "push"]' - lint: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest needs: detect-noop if: needs.detect-noop.outputs.noop != 'true' steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ env.GO_VERSION }} - - name: Find the Go Build Cache - id: go - run: echo "::set-output name=cache::$(make go.cachedir)" - - - name: Cache the Go Build Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go.outputs.cache }} - key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-build-lint- - - - name: Cache Go Dependencies - uses: actions/cache@v2 - with: - path: .work/pkg - key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-pkg- - - name: Vendor Dependencies run: make vendor vendor.check - # We could run 'make lint' but we prefer this action because it leaves - # 'annotations' (i.e. it comments on PRs to point out linter violations). - name: Lint - uses: golangci/golangci-lint-action@v3 + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 with: version: ${{ env.GOLANGCI_VERSION }} @@ -86,33 +59,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ env.GO_VERSION }} - - name: Find the Go Build Cache - id: go - run: echo "::set-output name=cache::$(make go.cachedir)" - - - name: Cache the Go Build Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go.outputs.cache }} - key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-build-check-diff- - - - name: Cache Go Dependencies - uses: actions/cache@v2 - with: - path: .work/pkg - key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-pkg- - - name: Vendor Dependencies run: make vendor vendor.check @@ -120,13 +75,13 @@ jobs: run: make check-diff unit-tests: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest needs: detect-noop if: needs.detect-noop.outputs.noop != 'true' steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true @@ -134,28 +89,10 @@ jobs: run: git fetch --prune --unshallow - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ env.GO_VERSION }} - - name: Find the Go Build Cache - id: go - run: echo "::set-output name=cache::$(make go.cachedir)" - - - name: Cache the Go Build Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go.outputs.cache }} - key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-build-unit-tests- - - - name: Cache Go Dependencies - uses: actions/cache@v2 - with: - path: .work/pkg - key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-pkg- - - name: Vendor Dependencies run: make vendor vendor.check @@ -169,24 +106,24 @@ jobs: file: _output/tests/linux_amd64/coverage.txt e2e-tests: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest needs: detect-noop if: needs.detect-noop.outputs.noop != 'true' steps: - name: Setup QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: platforms: all - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 with: version: ${{ env.DOCKER_BUILDX_VERSION }} install: true - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true @@ -194,29 +131,10 @@ jobs: run: git fetch --prune --unshallow - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ env.GO_VERSION }} - - name: Find the Go Build Cache - id: go - run: echo "::set-output name=cache::$(make go.cachedir)" - - - name: Cache the Go Build Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go.outputs.cache }} - key: ${{ runner.os }}-build-e2e-tests-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-build-e2e-tests- - - - name: Cache Go Dependencies - uses: actions/cache@v2 - with: - path: .work/pkg - key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-pkg- - - name: Vendor Dependencies run: make vendor vendor.check @@ -228,96 +146,4 @@ jobs: BUILD_ARGS: "--load" - name: Run E2E Tests - run: make e2e USE_HELM3=true - - publish-artifacts: - runs-on: ubuntu-20.04 - needs: detect-noop - if: needs.detect-noop.outputs.noop != 'true' - - steps: - - name: Setup QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: all - - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v1 - with: - version: ${{ env.DOCKER_BUILDX_VERSION }} - install: true - - - name: Checkout - uses: actions/checkout@v2 - with: - submodules: true - - - name: Fetch History - run: git fetch --prune --unshallow - - - name: Setup Go - uses: actions/setup-go@v2 - with: - go-version: ${{ env.GO_VERSION }} - - - name: Find the Go Build Cache - id: go - run: echo "::set-output name=cache::$(make go.cachedir)" - - - name: Cache the Go Build Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go.outputs.cache }} - key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-build-publish-artifacts- - - - name: Cache Go Dependencies - uses: actions/cache@v2 - with: - path: .work/pkg - key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-pkg- - - - name: Vendor Dependencies - run: make vendor vendor.check - - - name: Build Artifacts - run: make -j2 build.all - env: - # We're using docker buildx, which doesn't actually load the images it - # builds by default. Specifying --load does so. - BUILD_ARGS: "--load" - - - name: Publish Artifacts to GitHub - uses: actions/upload-artifact@v4 - with: - name: output - path: _output/** - - - name: Login to Docker - uses: docker/login-action@v1 - if: env.CONTRIB_DOCKER_USR != '' - with: - username: ${{ secrets.CONTRIB_DOCKER_USR }} - password: ${{ secrets.CONTRIB_DOCKER_PSW }} - - - name: Login to Upbound - uses: docker/login-action@v1 - if: env.XPKG_ACCESS_ID != '' - with: - registry: xpkg.upbound.io - username: ${{ secrets.XPKG_ACCESS_ID }} - password: ${{ secrets.XPKG_TOKEN }} - - - name: Publish Artifacts to S3 and Docker Hub - run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} - if: env.CONTRIB_DOCKER_USR != '' - env: - GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Promote Artifacts in S3 and Docker Hub - if: github.ref == 'refs/heads/master' && env.CONTRIB_DOCKER_USR != '' - run: make -j2 promote - env: - BRANCH_NAME: master - CHANNEL: master + run: make e2e USE_HELM3=true \ No newline at end of file diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml deleted file mode 100644 index 581a17f..0000000 --- a/.github/workflows/promote.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: Promote - -on: - workflow_dispatch: - inputs: - version: - description: 'Release version (e.g. v0.1.0)' - required: true - channel: - description: 'Release channel' - required: true - default: 'alpha' - -env: - # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run - # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether - # credentials have been provided before trying to run steps that need them. - CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }} - -jobs: - promote-artifacts: - runs-on: ubuntu-20.04 - - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - submodules: true - - - name: Fetch History - run: git fetch --prune --unshallow - - - name: Login to Docker - uses: docker/login-action@v1 - if: env.CONTRIB_DOCKER_USR != '' - with: - username: ${{ secrets.CONTRIB_DOCKER_USR }} - password: ${{ secrets.CONTRIB_DOCKER_PSW }} - - - name: Promote Artifacts in S3 and Docker Hub - if: env.CONTRIB_DOCKER_USR != '' - run: make -j2 promote BRANCH_NAME=${GITHUB_REF##*/} - env: - VERSION: ${{ github.event.inputs.version }} - CHANNEL: ${{ github.event.inputs.channel }} - \ No newline at end of file