-
Notifications
You must be signed in to change notification settings - Fork 1
190 lines (165 loc) · 6.01 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
name: CI
on:
push:
branches:
- main
paths-ignore:
- '**.md'
pull_request:
branches:
- main
paths-ignore:
- '**.md'
env:
IMG: candidate
GOLANG_VERSION: 1.19.1
DOCKER_ORG: jkremser
permissions:
contents: read
jobs:
lint:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
name: Lint
runs-on: ubuntu-20.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
storage.googleapis.com:443
sum.golang.org:443
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
- name: Lint using golangci-lint
uses: reviewdog/action-golangci-lint@94d61e3205b61acf4ddabfeb13c5f8a13eb4167b # v2
with:
golangci_lint_version: v1.50.1
go_version: ${{ env.GOLANG_VERSION }}
level: warning
- name: gokart
run: |
go install github.com/praetorian-inc/gokart@3d38a9ae72f7d67d5c13f83ec5669630868e409e # tag=v0.5.1
gokart scan --globalsTainted
build-and-test:
name: Build and Test
runs-on: ubuntu-20.04
needs: lint
steps:
- name: Harden Runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
gotest-release.s3.amazonaws.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
storage.googleapis.com:443
sum.golang.org:443
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Build
run: |
go version
make build
- name: Test
run: |
# curl -s https://gotest-release.s3.amazonaws.com/gotest_linux > gotest && chmod +x gotest
# (set -o pipefail && ./gotest ./... | tee $GITHUB_STEP_SUMMARY)
(set -o pipefail && go test ./... | tee $GITHUB_STEP_SUMMARY)
e2e-on-k8s:
name: e2e tests against kubernetes
runs-on: ubuntu-20.04
needs: build-and-test
steps:
- name: Harden Runner
uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
auth.docker.io:443
docker.io:443
cdn02.quay.io:443
cdn03.quay.io:443
quay.io:443
gcr.io:443
ghcr.io:443
github.com:443
gotest-release.s3.amazonaws.com:443
objects.githubusercontent.com:443
pkg-containers.githubusercontent.com:443
production.cloudflare.docker.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
registry-1.docker.io:443
storage.googleapis.com:443
sum.golang.org:443
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Install stuff
run: |
curl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash
# curl -s https://gotest-release.s3.amazonaws.com/gotest_linux > gotest && chmod +x gotest
- name: Build container image
run: |
make container-img
- name: Spawn k8s cluster and import the image
run: |
k3d cluster create --no-lb --k3s-arg "--disable=traefik,servicelb,metrics-server,local-storage@server:*"
echo "importing image: ${IMG}"
k3d image import ${IMG}:latest
echo "Kubernetes vesion:"
kubectl version
- name: Deploy the operator
run: |
make install deploy
kubectl wait deploy/log2rbac -n log2rbac --for condition=available --timeout=2m && sleep 10
- name: Test
run: |
# (cd e2e-test/ && set -o pipefail && ../gotest ./... | tee $GITHUB_STEP_SUMMARY)
(cd e2e-test/ && set -o pipefail && go test ./... | tee $GITHUB_STEP_SUMMARY)
- name: Login to Dockerhub
if: ${{ github.event_name == 'push' }}
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0
with:
username: ${{ env.DOCKER_ORG }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Push the :latest container image
if: ${{ github.event_name == 'push' }}
run: |
docker tag ${IMG} docker.io/${DOCKER_ORG}/log2rbac:latest
docker push docker.io/${DOCKER_ORG}/log2rbac:latest
- name: Print test logs & debug
if: always()
run: |
echo "::group::env | sort"
env | sort
echo "::endgroup::"
echo "::group::k get events"
kubectl get events -A || true
echo "::endgroup::"
echo "::group::k describe deploy log2rbac"
kubectl describe deploy -nlog2rbac log2rbac || true
echo "::endgroup::"
echo "::group::k describe clusterrole new-k8gb-role"
kubectl describe clusterrole new-k8gb-role || true
echo "::endgroup::"
echo -e "\n\nCRs:"
kubectl get rn -A -owide || true
echo -e "\n\n Deployments:"
kubectl get deployment -A || true
echo -e "\n\n Operator logs:"
kubectl logs -nlog2rbac -lid=log2rbac --tail=200 || true