Update gcr.io/distroless/static Docker digest to f4a57e8 #1321
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- '**.md' | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- '**.md' | |
env: | |
IMG: candidate | |
GOLANG_VERSION: 1.19.1 | |
DOCKER_ORG: jkremser | |
permissions: | |
contents: read | |
jobs: | |
lint: | |
permissions: | |
contents: read # for actions/checkout to fetch code | |
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests | |
name: Lint | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0 | |
with: | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
github.com:443 | |
objects.githubusercontent.com:443 | |
proxy.golang.org:443 | |
raw.githubusercontent.com:443 | |
storage.googleapis.com:443 | |
sum.golang.org:443 | |
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 | |
- name: Lint using golangci-lint | |
uses: reviewdog/action-golangci-lint@94d61e3205b61acf4ddabfeb13c5f8a13eb4167b # v2 | |
with: | |
golangci_lint_version: v1.50.1 | |
go_version: ${{ env.GOLANG_VERSION }} | |
level: warning | |
- name: gokart | |
run: | | |
go install github.com/praetorian-inc/gokart@3d38a9ae72f7d67d5c13f83ec5669630868e409e # tag=v0.5.1 | |
gokart scan --globalsTainted | |
build-and-test: | |
name: Build and Test | |
runs-on: ubuntu-20.04 | |
needs: lint | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0 | |
with: | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
github.com:443 | |
gotest-release.s3.amazonaws.com:443 | |
objects.githubusercontent.com:443 | |
proxy.golang.org:443 | |
storage.googleapis.com:443 | |
sum.golang.org:443 | |
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 | |
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 | |
with: | |
go-version: ${{ env.GOLANG_VERSION }} | |
- name: Build | |
run: | | |
go version | |
make build | |
- name: Test | |
run: | | |
# curl -s https://gotest-release.s3.amazonaws.com/gotest_linux > gotest && chmod +x gotest | |
# (set -o pipefail && ./gotest ./... | tee $GITHUB_STEP_SUMMARY) | |
(set -o pipefail && go test ./... | tee $GITHUB_STEP_SUMMARY) | |
e2e-on-k8s: | |
name: e2e tests against kubernetes | |
runs-on: ubuntu-20.04 | |
needs: build-and-test | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0 | |
with: | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
auth.docker.io:443 | |
docker.io:443 | |
cdn02.quay.io:443 | |
cdn03.quay.io:443 | |
quay.io:443 | |
gcr.io:443 | |
ghcr.io:443 | |
github.com:443 | |
gotest-release.s3.amazonaws.com:443 | |
objects.githubusercontent.com:443 | |
pkg-containers.githubusercontent.com:443 | |
production.cloudflare.docker.com:443 | |
proxy.golang.org:443 | |
raw.githubusercontent.com:443 | |
registry-1.docker.io:443 | |
storage.googleapis.com:443 | |
sum.golang.org:443 | |
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 | |
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 | |
with: | |
go-version: ${{ env.GOLANG_VERSION }} | |
- name: Install stuff | |
run: | | |
curl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash | |
# curl -s https://gotest-release.s3.amazonaws.com/gotest_linux > gotest && chmod +x gotest | |
- name: Build container image | |
run: | | |
make container-img | |
- name: Spawn k8s cluster and import the image | |
run: | | |
k3d cluster create --no-lb --k3s-arg "--disable=traefik,servicelb,metrics-server,local-storage@server:*" | |
echo "importing image: ${IMG}" | |
k3d image import ${IMG}:latest | |
echo "Kubernetes vesion:" | |
kubectl version | |
- name: Deploy the operator | |
run: | | |
make install deploy | |
kubectl wait deploy/log2rbac -n log2rbac --for condition=available --timeout=2m && sleep 10 | |
- name: Test | |
run: | | |
# (cd e2e-test/ && set -o pipefail && ../gotest ./... | tee $GITHUB_STEP_SUMMARY) | |
(cd e2e-test/ && set -o pipefail && go test ./... | tee $GITHUB_STEP_SUMMARY) | |
- name: Login to Dockerhub | |
if: ${{ github.event_name == 'push' }} | |
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0 | |
with: | |
username: ${{ env.DOCKER_ORG }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Push the :latest container image | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
docker tag ${IMG} docker.io/${DOCKER_ORG}/log2rbac:latest | |
docker push docker.io/${DOCKER_ORG}/log2rbac:latest | |
- name: Print test logs & debug | |
if: always() | |
run: | | |
echo "::group::env | sort" | |
env | sort | |
echo "::endgroup::" | |
echo "::group::k get events" | |
kubectl get events -A || true | |
echo "::endgroup::" | |
echo "::group::k describe deploy log2rbac" | |
kubectl describe deploy -nlog2rbac log2rbac || true | |
echo "::endgroup::" | |
echo "::group::k describe clusterrole new-k8gb-role" | |
kubectl describe clusterrole new-k8gb-role || true | |
echo "::endgroup::" | |
echo -e "\n\nCRs:" | |
kubectl get rn -A -owide || true | |
echo -e "\n\n Deployments:" | |
kubectl get deployment -A || true | |
echo -e "\n\n Operator logs:" | |
kubectl logs -nlog2rbac -lid=log2rbac --tail=200 || true | |