feat: linodemachine: add validating admission webhook on create #1532
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- "*" | |
workflow_dispatch: | |
permissions: | |
contents: read | |
pull-requests: read | |
actions: read | |
concurrency: | |
group: build-test-ci-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
changes: | |
runs-on: ubuntu-latest | |
outputs: | |
# Expose matched filters as job 'src' output variable | |
src: ${{ steps.filter.outputs.src }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Harden Runner | |
uses: step-security/harden-runner@v2 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
github.com:443 | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
predicate-quantifier: 'every' | |
filters: | | |
src: | |
- '!**/**.md' | |
- '!docs/**' | |
go-build-test: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: ${{ needs.changes.outputs.src == 'true' }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@v2 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
github.com:443 | |
golang.org:443 | |
proxy.golang.org:443 | |
sum.golang.org:443 | |
objects.githubusercontent.com:443 | |
storage.googleapis.com:443 | |
cli.codecov.io:443 | |
api.codecov.io:443 | |
- uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
check-latest: true | |
- name: Build | |
run: make build | |
- name: Check for generated diff | |
run: make check-gen-diff | |
- name: Test | |
run: make test | |
- name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
files: ./coverage.out | |
fail_ci_if_error: true | |
verbose: true | |
token: ${{ secrets.CODECOV_TOKEN }} | |
slug: linode/cluster-api-provider-linode | |
e2e-test: | |
needs: changes | |
if: ${{ github.event.pull_request.draft == false && needs.changes.outputs.src == 'true' }} | |
uses: ./.github/workflows/e2e-test.yaml | |
secrets: inherit | |
with: | |
e2e-selector: ${{ github.ref == 'refs/heads/main' && 'all' || 'quick' }} | |
e2e-flags: ${{ github.ref == 'refs/heads/main' && '--assert-timeout 15m0s' || '' }} | |
docker-build: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: ${{ needs.changes.outputs.src == 'true' }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@v2 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
github.com:443 | |
proxy.golang.org:443 | |
sum.golang.org:443 | |
go.dev:443 | |
dl.google.com:443 | |
golang.org:443 | |
objects.githubusercontent.com:443 | |
registry-1.docker.io:443 | |
auth.docker.io:443 | |
production.cloudflare.docker.com:443 | |
gcr.io:443 | |
storage.googleapis.com:443 | |
- uses: actions/checkout@v4 | |
- name: Docker cache | |
uses: ScribeMD/[email protected] | |
with: | |
key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }} | |
- name: Build the Docker image | |
run: make docker-build |