feat: support multiple sync sources #6724
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build_test | |
on: | |
push: | |
paths-ignore: | |
- ".github/workflows/website.yaml" | |
- "docs/**" | |
- "library/**" | |
- "demo/**" | |
- "deprecated/**" | |
- "example/**" | |
- "website/**" | |
- "**.md" | |
- "!cmd/build/helmify/static/README.md" | |
pull_request: | |
paths-ignore: | |
- ".github/workflows/website.yaml" | |
- "docs/**" | |
- "library/**" | |
- "demo/**" | |
- "deprecated/**" | |
- "example/**" | |
- "website/**" | |
- "**.md" | |
- "!cmd/build/helmify/static/README.md" | |
permissions: read-all | |
jobs: | |
lint: | |
name: "Lint" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 5 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 | |
with: | |
egress-policy: audit | |
- name: Set up Go 1.20 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: "1.20" | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
# source: https://github.com/golangci/golangci-lint-action | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0 | |
with: | |
# version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version | |
version: v1.51.2 | |
test: | |
name: "Unit test" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 | |
with: | |
egress-policy: audit | |
- name: Set up Go 1.20 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: "1.20" | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
- name: Unit test | |
run: make native-test | |
- name: Codecov Upload | |
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 | |
with: | |
flags: unittests | |
file: ./cover.out | |
fail_ci_if_error: false | |
check_manifest: | |
name: "Check codegen and manifest" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
- name: Set up Go 1.20 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: "1.20" | |
- name: Check go.mod and manifests | |
run: | | |
# there should be no additional manifest or go.mod changes | |
go mod tidy | |
git diff --exit-code | |
make generate manifests | |
git diff --exit-code | |
gator_test: | |
name: "Test Gator" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 5 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 | |
with: | |
egress-policy: audit | |
- name: Set up Go 1.20 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: "1.20" | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
- name: Download e2e dependencies | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
make e2e-dependencies KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }} | |
- name: gator test | |
run: make test-gator-containerized | |
build_test: | |
name: "Build and Test" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
strategy: | |
matrix: | |
KUBERNETES_VERSION: ["1.24.12", "1.25.8", "1.26.3", "1.27.1"] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
- name: Set up Go 1.20 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: "1.20" | |
- name: Bootstrap e2e | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
make e2e-bootstrap KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }} | |
- name: Run e2e | |
run: | | |
make docker-buildx \ | |
IMG=gatekeeper-e2e:latest | |
make e2e-build-load-externaldata-image | |
kind load docker-image --name kind \ | |
gatekeeper-e2e:latest | |
make deploy \ | |
IMG=gatekeeper-e2e:latest \ | |
USE_LOCAL_IMG=true | |
make test-e2e | |
- name: Save logs | |
if: ${{ always() }} | |
run: | | |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-controller.json | |
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-audit.json | |
- name: Upload artifacts | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: ${{ always() }} | |
with: | |
name: logs | |
path: | | |
logs-*.json | |
helm_build_test: | |
name: "[Helm] Build and Test" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
strategy: | |
matrix: | |
HELM_VERSION: ["3.7.2"] | |
GATEKEEPER_NAMESPACE: ["gatekeeper-system", "custom-namespace"] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
- name: Bootstrap e2e | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
make e2e-bootstrap | |
- name: Run e2e | |
run: | | |
make docker-buildx \ | |
IMG=gatekeeper-e2e:latest \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} | |
make docker-buildx-crds \ | |
CRD_IMG=gatekeeper-crds:latest \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} | |
make e2e-build-load-externaldata-image \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} | |
kind load docker-image --name kind \ | |
gatekeeper-e2e:latest \ | |
gatekeeper-crds:latest | |
make e2e-helm-deploy \ | |
HELM_REPO=gatekeeper-e2e \ | |
HELM_CRD_REPO=gatekeeper-crds \ | |
HELM_RELEASE=latest \ | |
HELM_VERSION=${{ matrix.HELM_VERSION }} \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} | |
make test-e2e \ | |
GATEKEEPER_NAMESPACE=${{ matrix.GATEKEEPER_NAMESPACE }} | |
- name: Save logs | |
if: ${{ always() }} | |
run: | | |
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l control-plane=controller-manager --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-controller.json | |
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l control-plane=audit-controller --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-audit.json | |
kubectl logs -n ${{ matrix.GATEKEEPER_NAMESPACE }} -l run=dummy-provider --tail=-1 > logs-helm-${{ matrix.HELM_VERSION }}-${{ matrix.GATEKEEPER_NAMESPACE }}-dummy-provider.json | |
- name: Upload artifacts | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: ${{ always() }} | |
with: | |
name: helm-logs | |
path: | | |
logs-*.json | |
build_test_generator_expansion: | |
name: "[Generator Resource Expansion] Build and Test" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
- name: Set up Go 1.20 | |
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version: "1.20" | |
- name: Bootstrap e2e | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
make e2e-bootstrap | |
- name: Run e2e | |
run: | | |
make docker-buildx \ | |
IMG=gatekeeper-e2e:latest | |
make e2e-build-load-externaldata-image | |
kind load docker-image --name kind \ | |
gatekeeper-e2e:latest | |
make deploy \ | |
IMG=gatekeeper-e2e:latest \ | |
USE_LOCAL_IMG=true \ | |
ENABLE_GENERATOR_EXPANSION=true | |
go mod tidy | |
# there should be no additional manifest or go.mod changes | |
git diff --exit-code | |
make test-e2e ENABLE_GENERATOR_EXPANSION_TESTS=1 | |
- name: Save logs | |
if: ${{ always() }} | |
run: | | |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-generatorexpansion-controller.json | |
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-generatorexpansion-audit.json | |
- name: Upload artifacts | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: ${{ always() }} | |
with: | |
name: generatorexpansion-logs | |
path: | | |
logs-*.json | |
scan_vulnerabilities: | |
name: "[Trivy] Scan for vulnerabilities" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
- name: Download trivy | |
run: | | |
pushd $(mktemp -d) | |
wget https://github.com/aquasecurity/trivy/releases/download/v${{ env.TRIVY_VERSION }}/trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz | |
tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz | |
echo "$(pwd)" >> $GITHUB_PATH | |
env: | |
TRIVY_VERSION: "0.41.0" | |
- name: Run trivy on git repository | |
run: | | |
trivy fs --format table --ignore-unfixed --skip-dirs website --scanners vuln . | |
- name: Build docker images | |
run: | | |
make docker-buildx \ | |
IMG=gatekeeper-e2e:latest | |
make docker-buildx-crds \ | |
CRD_IMG=gatekeeper-crds:latest | |
- name: Run trivy on images | |
run: | | |
for img in "gatekeeper-e2e:latest" "gatekeeper-crds:latest"; do | |
trivy image --ignore-unfixed --vuln-type="os,library" "${img}" | |
done |