Merge pull request #323 from sergenyalcin/fix-cve-0.15 #523
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
- release-* | |
pull_request: {} | |
workflow_dispatch: {} | |
env: | |
# Common versions | |
GO_VERSION: '1.21.7' | |
GOLANGCI_VERSION: 'v1.55.2' | |
DOCKER_BUILDX_VERSION: 'v0.8.2' | |
# Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run | |
# a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether | |
# credentials have been provided before trying to run steps that need them. | |
CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }} | |
XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }} | |
AWS_USR: ${{ secrets.AWS_USR }} | |
jobs: | |
detect-noop: | |
runs-on: ubuntu-20.04 | |
outputs: | |
noop: ${{ steps.noop.outputs.should_skip }} | |
steps: | |
- name: Detect No-op Changes | |
id: noop | |
uses: fkirc/skip-duplicate-actions@v2.0.0 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
paths_ignore: '["**.md", "**.png", "**.jpg"]' | |
do_not_skip: '["workflow_dispatch", "schedule", "push"]' | |
lint: | |
runs-on: ubuntu-20.04 | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
submodules: true | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Find the Go Build Cache | |
id: go | |
run: echo "::set-output name=cache::$(go env GOCACHE)" | |
- name: Cache the Go Build Cache | |
uses: actions/cache@v2 | |
with: | |
path: ${{ steps.go.outputs.cache }} | |
key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-build-lint- | |
- name: Cache Go Dependencies | |
uses: actions/cache@v2 | |
with: | |
path: .work/pkg | |
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-pkg- | |
- name: Vendor Dependencies | |
run: make vendor vendor.check | |
# Go version coming with golangci-lint-action may not be our desired | |
# go version. We deploy our desired go version and then skip go | |
# installation in golangci-lint-action in the next step as suggested | |
# in https://github.com/golangci/golangci-lint-action/issues/183 | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
# This action uses its own setup-go, which always seems to use the latest | |
# stable version of Go. We could run 'make lint' to ensure our desired Go | |
# version, but we prefer this action because it leaves 'annotations' (i.e. | |
# it comments on PRs to point out linter violations). | |
- name: Lint | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
version: ${{ env.GOLANGCI_VERSION }} | |
skip-go-installation: true | |
check-diff: | |
runs-on: ubuntu-20.04 | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
submodules: true | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Find the Go Build Cache | |
id: go | |
run: echo "::set-output name=cache::$(go env GOCACHE)" | |
- name: Cache the Go Build Cache | |
uses: actions/cache@v2 | |
with: | |
path: ${{ steps.go.outputs.cache }} | |
key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-build-check-diff- | |
- name: Cache Go Dependencies | |
uses: actions/cache@v2 | |
with: | |
path: .work/pkg | |
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-pkg- | |
- name: Vendor Dependencies | |
run: make vendor vendor.check | |
- name: Check Diff | |
run: make check-diff | |
unit-tests: | |
runs-on: ubuntu-20.04 | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
submodules: true | |
- name: Fetch History | |
run: git fetch --prune --unshallow | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Find the Go Build Cache | |
id: go | |
run: echo "::set-output name=cache::$(go env GOCACHE)" | |
- name: Cache the Go Build Cache | |
uses: actions/cache@v2 | |
with: | |
path: ${{ steps.go.outputs.cache }} | |
key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-build-unit-tests- | |
- name: Cache Go Dependencies | |
uses: actions/cache@v2 | |
with: | |
path: .work/pkg | |
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-pkg- | |
- name: Vendor Dependencies | |
run: make vendor vendor.check | |
- name: Run Unit Tests | |
run: make -j2 test | |
- name: Publish Unit Test Coverage | |
uses: codecov/codecov-action@v1 | |
with: | |
flags: unittests | |
file: _output/tests/linux_amd64/coverage.txt | |
e2e-tests: | |
runs-on: ubuntu-20.04 | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@v1 | |
with: | |
platforms: all | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: ${{ env.DOCKER_BUILDX_VERSION }} | |
install: true | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
submodules: true | |
- name: Fetch History | |
run: git fetch --prune --unshallow | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Find the Go Build Cache | |
id: go | |
run: echo "::set-output name=cache::$(go env GOCACHE)" | |
- name: Cache the Go Build Cache | |
uses: actions/cache@v2 | |
with: | |
path: ${{ steps.go.outputs.cache }} | |
key: ${{ runner.os }}-build-e2e-tests-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-build-e2e-tests- | |
- name: Cache Go Dependencies | |
uses: actions/cache@v2 | |
with: | |
path: .work/pkg | |
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-pkg- | |
- name: Vendor Dependencies | |
run: make vendor vendor.check | |
- name: Run the end to end tests | |
run: make e2e | |
env: | |
# We're using docker buildx, which doesn't actually load the images it | |
# builds by default. Specifying --load does so. | |
BUILD_ARGS: "--load" | |
publish-artifacts: | |
runs-on: ubuntu-20.04 | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@v1 | |
with: | |
platforms: all | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: ${{ env.DOCKER_BUILDX_VERSION }} | |
install: true | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
submodules: true | |
- name: Fetch History | |
run: git fetch --prune --unshallow | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Find the Go Build Cache | |
id: go | |
run: echo "::set-output name=cache::$(go env GOCACHE)" | |
- name: Cache the Go Build Cache | |
uses: actions/cache@v2 | |
with: | |
path: ${{ steps.go.outputs.cache }} | |
key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-build-publish-artifacts- | |
- name: Cache Go Dependencies | |
uses: actions/cache@v2 | |
with: | |
path: .work/pkg | |
key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-pkg- | |
- name: Vendor Dependencies | |
run: make vendor vendor.check | |
- name: Build Artifacts | |
run: make -j2 build.all | |
env: | |
# We're using docker buildx, which doesn't actually load the images it | |
# builds by default. Specifying --load does so. | |
BUILD_ARGS: "--load" | |
- name: Publish Artifacts to GitHub | |
uses: actions/upload-artifact@v4 | |
with: | |
name: output | |
path: _output/** | |
- name: Login to Docker | |
uses: docker/login-action@v1 | |
if: env.CONTRIB_DOCKER_USR != '' | |
with: | |
username: ${{ secrets.CONTRIB_DOCKER_USR }} | |
password: ${{ secrets.CONTRIB_DOCKER_PSW }} | |
- name: Login to Upbound | |
uses: docker/login-action@v1 | |
if: env.XPKG_ACCESS_ID != '' | |
with: | |
registry: xpkg.upbound.io | |
username: ${{ secrets.XPKG_ACCESS_ID }} | |
password: ${{ secrets.XPKG_TOKEN }} | |
- name: Publish Artifacts to S3 and Docker Hub | |
run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} | |
if: env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != '' | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} | |
GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Promote Artifacts in S3 and Docker Hub | |
if: github.ref == 'refs/heads/main' && env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != '' | |
run: make -j2 promote | |
env: | |
BRANCH_NAME: main | |
CHANNEL: main | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} |