Add dashboard configmap annotations #1631
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
env: | |
controller_registry: docker.io | |
controller_repository: bitnami/sealed-secrets-controller | |
controller_tag: latest | |
jobs: | |
load-versions: | |
name: Load versions.env | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout repo | |
uses: actions/[email protected] | |
- id: load-versions | |
run: | | |
source $GITHUB_WORKSPACE/versions.env | |
# env vars | |
echo "GO_VERSION=$GO_VERSION" >> $GITHUB_ENV | |
echo "GO_VERSION_LIST=$GO_VERSION_LIST" >> $GITHUB_ENV | |
# outputs | |
echo "go_version=${GO_VERSION}" >> $GITHUB_OUTPUT | |
echo "go_version_list=${GO_VERSION_LIST}" >> $GITHUB_OUTPUT | |
outputs: | |
go_version: ${{ steps.load-versions.outputs.go_version }} | |
go_version_list: ${{ steps.load-versions.outputs.go_version_list }} | |
linter: | |
needs: load-versions | |
name: Run linters | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
go: ${{ fromJSON(needs.load-versions.outputs.go_version_list) }} | |
os: [ubuntu-latest] | |
golangci-lint: ["1.52.2"] | |
steps: | |
- name: Set up Go 1.x | |
uses: actions/[email protected] | |
with: | |
go-version: ${{ matrix.go }} | |
id: go | |
- name: Check out code into the Go module directory | |
uses: actions/[email protected] | |
- name: Install dependencies | |
run: | | |
go install github.com/golangci/golangci-lint/cmd/golangci-lint@v${{ matrix.golangci-lint }} | |
- name: Run linter | |
run: make lint | |
gosec: | |
needs: load-versions | |
name: Run gosec | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
go: ${{ fromJSON(needs.load-versions.outputs.go_version_list) }} | |
os: [ubuntu-latest] | |
gosec: ["2.15.0"] | |
steps: | |
- name: Set up Go 1.x | |
uses: actions/[email protected] | |
with: | |
go-version: ${{ matrix.go }} | |
id: go | |
- name: Check out code into the Go module directory | |
uses: actions/[email protected] | |
- name: Install dependencies | |
run: | | |
go install github.com/securego/gosec/v2/cmd/gosec@v${{ matrix.gosec }} | |
- name: Run gosec | |
run: make lint-gosec | |
test: | |
needs: load-versions | |
name: Build | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
go: ${{ fromJSON(needs.load-versions.outputs.go_version_list) }} | |
os: [macos-latest, windows-latest, ubuntu-latest] | |
gotestsum: ["1.8.1"] | |
steps: | |
- name: Set up Go 1.x | |
uses: actions/[email protected] | |
with: | |
go-version: ${{ matrix.go }} | |
id: go | |
- name: Check out code into the Go module directory | |
uses: actions/[email protected] | |
- name: Install dependencies | |
run: | | |
go install gotest.tools/gotestsum@v${{ matrix.gotestsum }} | |
- name: Test | |
run: make GO_FLAGS="--junitfile report.xml --format testname" test | |
- name: Test Summary | |
uses: test-summary/action@v2 | |
with: | |
paths: | | |
report.xml | |
container: | |
needs: load-versions | |
name: Build Container | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Set environmental variables" | |
run: | | |
echo "CONTROLLER_IMAGE=$controller_registry/$controller_repository:$controller_tag" >> $GITHUB_ENV | |
- name: Check out code | |
uses: actions/[email protected] | |
- name: Install Cosign | |
uses: sigstore/[email protected] | |
- name: Distroless verify | |
run: | | |
diff <(grep FROM docker/kubeseal.Dockerfile | awk '{print $2}') \ | |
<(grep FROM docker/controller.Dockerfile | awk '{print $2}') | |
cosign verify "$(grep FROM docker/controller.Dockerfile | awk '{print $2}')" --certificate-oidc-issuer https://accounts.google.com --certificate-identity [email protected] | |
- name: Setup kubecfg | |
run: | | |
mkdir -p ~/bin | |
curl -sLf https://github.com/kubecfg/kubecfg/releases/download/v0.26.0/kubecfg_Linux_X64 >~/bin/kubecfg | |
chmod +x ~/bin/kubecfg | |
- name: Set up Go 1.x | |
uses: actions/[email protected] | |
with: | |
go-version: ${{ needs.load-versions.outputs.go_version }} | |
id: go | |
- name: Docker build | |
run: | | |
export PATH=~/bin:$PATH | |
make CONTROLLER_IMAGE=$CONTROLLER_IMAGE IMAGE_PULL_POLICY=Never controller.yaml | |
make CONTROLLER_IMAGE=$CONTROLLER_IMAGE controller.image.linux-amd64 | |
docker tag $CONTROLLER_IMAGE-linux-amd64 $CONTROLLER_IMAGE | |
docker save $CONTROLLER_IMAGE -o /tmp/controller-image.tar | |
- name: Upload manifest artifact | |
uses: actions/[email protected] | |
with: | |
name: controller-manifest | |
path: controller.yaml | |
- name: Upload container image artifact | |
uses: actions/[email protected] | |
with: | |
name: controller-image | |
path: /tmp/controller-image.tar | |
integration-yaml: | |
needs: [ load-versions, container ] | |
name: Integration (controller.yaml) | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
k8s: ["1.24.15","1.25.11","1.26.6","1.27.3"] | |
env: | |
MINIKUBE_WANTUPDATENOTIFICATION: "false" | |
MINIKUBE_WANTREPORTERRORPROMPT: "false" | |
CHANGE_MINIKUBE_NONE_USER: "true" | |
steps: | |
- name: "Set environmental variables" | |
run: | | |
echo "CONTROLLER_IMAGE=$controller_registry/$controller_repository:$controller_tag" >> $GITHUB_ENV | |
- name: Set up Go 1.x | |
uses: actions/[email protected] | |
with: | |
go-version: ${{ needs.load-versions.outputs.go_version }} | |
id: go | |
- name: Set up Ginkgo | |
run: | | |
go install github.com/onsi/ginkgo/[email protected] | |
- name: Check out code into the Go module directory | |
uses: actions/[email protected] | |
- uses: medyagh/[email protected] | |
with: | |
minikube-version: 1.30.1 | |
kubernetes-version: ${{ matrix.k8s }} | |
# need to delete old state of the cluster, see: | |
# https://github.com/kubernetes/minikube/issues/8765 | |
- name: K8s setup | |
run: | | |
minikube delete | |
minikube config set kubernetes-version v${{ matrix.k8s }} | |
minikube start --vm-driver=docker | |
minikube update-context | |
kubectl cluster-info | |
- name: Download manifest artifact | |
uses: actions/[email protected] | |
with: | |
name: controller-manifest | |
- name: Download container image artifact | |
uses: actions/[email protected] | |
with: | |
name: controller-image | |
- name: Load docker image | |
run: | | |
eval $(minikube docker-env) | |
docker load -i controller-image.tar | |
docker inspect $CONTROLLER_IMAGE | |
- name: Testing environment setup | |
run: | | |
kubectl apply -f controller.yaml | |
kubectl rollout status deployment/sealed-secrets-controller -n kube-system -w --timeout=1m || kubectl -n kube-system describe pod -lname=sealed-secrets-controller | |
- name: Integration tests | |
run: make integrationtest CONTROLLER_IMAGE=$CONTROLLER_IMAGE GINKGO="ginkgo -v --randomizeSuites --failOnPending --trace --progress --compilers=2 --nodes=4" | |
integration-chart: | |
needs: [ load-versions, container ] | |
name: Integration (Helm Chart) | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
k8s: ["1.24.15","1.25.11","1.26.6","1.27.3"] | |
env: | |
MINIKUBE_WANTUPDATENOTIFICATION: "false" | |
MINIKUBE_WANTREPORTERRORPROMPT: "false" | |
CHANGE_MINIKUBE_NONE_USER: "true" | |
steps: | |
- name: "Set environmental variables" | |
run: | | |
echo "CONTROLLER_IMAGE=$controller_registry/$controller_repository:$controller_tag" >> $GITHUB_ENV | |
- name: Set up Go 1.x | |
uses: actions/[email protected] | |
with: | |
go-version: ${{ needs.load-versions.outputs.go_version }} | |
id: go | |
- name: Set up Ginkgo | |
run: | | |
go install github.com/onsi/ginkgo/[email protected] | |
- name: Check out code into the Go module directory | |
uses: actions/[email protected] | |
- uses: medyagh/[email protected] | |
with: | |
minikube-version: 1.30.1 | |
kubernetes-version: ${{ matrix.k8s }} | |
- name: Install Helm | |
uses: azure/[email protected] | |
with: | |
version: v3.12.0 | |
# need to delete old state of the cluster, see: | |
# https://github.com/kubernetes/minikube/issues/8765 | |
- name: K8s setup | |
run: | | |
minikube delete | |
minikube config set kubernetes-version v${{ matrix.k8s }} | |
minikube start --vm-driver=docker | |
minikube update-context | |
kubectl cluster-info | |
- name: Download container image artifact | |
uses: actions/[email protected] | |
with: | |
name: controller-image | |
- name: Load docker image | |
run: | | |
eval $(minikube docker-env) | |
docker load -i controller-image.tar | |
docker inspect $CONTROLLER_IMAGE | |
- name: Testing environment setup | |
run: | | |
helm install sealed-secrets -n kube-system --set fullnameOverride=sealed-secrets-controller --set image.registry=$controller_registry --set image.repository=$controller_repository --set image.tag=$controller_tag --set image.pullPolicy=Never helm/sealed-secrets | |
kubectl rollout status deployment/sealed-secrets-controller -n kube-system -w --timeout=1m || kubectl -n kube-system describe pod -lapp.kubernetes.io/name=sealed-secrets | |
- name: Integration tests | |
run: make integrationtest CONTROLLER_IMAGE=$CONTROLLER_IMAGE GINKGO="ginkgo -v --randomizeSuites --failOnPending --trace --progress --compilers=2 --nodes=4" |