Skip to content

feat: support multiple sync sources #6723

feat: support multiple sync sources

feat: support multiple sync sources #6723

Workflow file for this run

name: build_test
on:
push:
paths-ignore:
- ".github/workflows/website.yaml"
- "docs/**"
- "library/**"
- "demo/**"
- "deprecated/**"
- "example/**"
- "website/**"
- "**.md"
- "!cmd/build/helmify/static/README.md"
pull_request:
paths-ignore:
- ".github/workflows/website.yaml"
- "docs/**"
- "library/**"
- "demo/**"
- "deprecated/**"
- "example/**"
- "website/**"
- "**.md"
- "!cmd/build/helmify/static/README.md"
permissions: read-all
jobs:
lint:
name: "Lint"
runs-on: ubuntu-22.04
timeout-minutes: 5
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
with:
egress-policy: audit
- name: Set up Go 1.20
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: "1.20"
- name: Check out code into the Go module directory
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
# source: https://github.com/golangci/golangci-lint-action
- name: golangci-lint
uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0
with:
# version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
version: v1.51.2
test:
name: "Unit test"
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
with:
egress-policy: audit
- name: Set up Go 1.20
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: "1.20"
- name: Check out code into the Go module directory
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- name: Unit test
run: make native-test
- name: Codecov Upload
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
with:
flags: unittests
file: ./cover.out
fail_ci_if_error: false
check_manifest:
name: "Check codegen and manifest"
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set up Go 1.20
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: "1.20"
- name: Check go.mod and manifests
run: |
# there should be no additional manifest or go.mod changes
go mod tidy
git diff --exit-code
make generate manifests
git diff --exit-code
gator_test:
name: "Test Gator"
runs-on: ubuntu-22.04
timeout-minutes: 5
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
with:
egress-policy: audit
- name: Set up Go 1.20
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: "1.20"
- name: Check out code into the Go module directory
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- name: Download e2e dependencies
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
make e2e-dependencies KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }}
- name: gator test
run: make test-gator-containerized
build_test:
name: "Build and Test"
runs-on: ubuntu-22.04
timeout-minutes: 15
strategy:
matrix:
KUBERNETES_VERSION: ["1.24.12", "1.25.8", "1.26.3", "1.27.1"]
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- name: Set up Go 1.20
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: "1.20"
- name: Bootstrap e2e
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
make e2e-bootstrap KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }}
- name: Run e2e
run: |
make docker-buildx \
IMG=gatekeeper-e2e:latest
make e2e-build-load-externaldata-image
kind load docker-image --name kind \
gatekeeper-e2e:latest
make deploy \
IMG=gatekeeper-e2e:latest \
USE_LOCAL_IMG=true
make test-e2e
- name: Save logs
if: ${{ always() }}
run: |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-controller.json
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit.json
- name: Upload artifacts
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: ${{ always() }}
with:
name: logs
path: |
logs-*.json
helm_build_test:
name: "[Helm] Build and Test"
runs-on: ubuntu-22.04
timeout-minutes: 15
strategy:
matrix:
HELM_VERSION: ["3.7.2"]
GATEKEEPER_NAMESPACE: ["gatekeeper-system", "custom-namespace"]
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- name: Bootstrap e2e
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
make e2e-bootstrap
- name: Run e2e
run: |
make docker-buildx \
IMG=gatekeeper-e2e:latest \
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }}
make docker-buildx-crds \
CRD_IMG=gatekeeper-crds:latest \
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }}
make e2e-build-load-externaldata-image \
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }}
kind load docker-image --name kind \
gatekeeper-e2e:latest \
gatekeeper-crds:latest
make e2e-helm-deploy \
HELM_REPO=gatekeeper-e2e \
HELM_CRD_REPO=gatekeeper-crds \
HELM_RELEASE=latest \
HELM_VERSION=${{ matrix.HELM_VERSION }} \
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }}
make test-e2e \
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }}
- name: Save logs
if: ${{ always() }}
run: |
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l control-plane=controller-manager --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-controller.json
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l control-plane=audit-controller --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-audit.json
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l run=dummy-provider --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-dummy-provider.json
- name: Upload artifacts
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: ${{ always() }}
with:
name: helm-logs
path: |
logs-*.json
build_test_generator_expansion:
name: "[Generator Resource Expansion] Build and Test"
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- name: Set up Go 1.20
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: "1.20"
- name: Bootstrap e2e
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
make e2e-bootstrap
- name: Run e2e
run: |
make docker-buildx \
IMG=gatekeeper-e2e:latest
make e2e-build-load-externaldata-image
kind load docker-image --name kind \
gatekeeper-e2e:latest
make deploy \
IMG=gatekeeper-e2e:latest \
USE_LOCAL_IMG=true \
ENABLE_GENERATOR_EXPANSION=true
go mod tidy
# there should be no additional manifest or go.mod changes
git diff --exit-code
make test-e2e ENABLE_GENERATOR_EXPANSION_TESTS=1
- name: Save logs
if: ${{ always() }}
run: |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-generatorexpansion-controller.json
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-generatorexpansion-audit.json
- name: Upload artifacts
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: ${{ always() }}
with:
name: generatorexpansion-logs
path: |
logs-*.json
scan_vulnerabilities:
name: "[Trivy] Scan for vulnerabilities"
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- name: Download trivy
run: |
pushd $(mktemp -d)
wget https://github.com/aquasecurity/trivy/releases/download/v${{ env.TRIVY_VERSION }}/trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
echo "$(pwd)" >> $GITHUB_PATH
env:
TRIVY_VERSION: "0.41.0"
- name: Run trivy on git repository
run: |
trivy fs --format table --ignore-unfixed --skip-dirs website --scanners vuln .
- name: Build docker images
run: |
make docker-buildx \
IMG=gatekeeper-e2e:latest
make docker-buildx-crds \
CRD_IMG=gatekeeper-crds:latest
- name: Run trivy on images
run: |
for img in "gatekeeper-e2e:latest" "gatekeeper-crds:latest"; do
trivy image --ignore-unfixed --vuln-type="os,library" "${img}"
done