Skip to content

auth

auth #79

Workflow file for this run

name: Go
on: [push]
permissions:
contents: read
pull-requests: read
checks: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Prepare OCI metadata
id: meta
uses: docker/metadata-action@v5
with:
images: "quay.io/stackrox-io/image-prefetcher"
# generate Docker tags based on the following events/attributes
# See https://github.com/docker/metadata-action
tags: |
type=ref,event=branch,prefix=branch-
type=semver,pattern=v{{major}}.{{minor}}.{{patch}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}
type=sha
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Verify
run: go mod verify
- name: Build
run: go build ./...
- name: Test
run: go test ./...
- name: golangci-lint
uses: golangci/golangci-lint-action@v4
with:
version: latest
install-mode: binary
- name: Prepare manifests for linting
run: |
go build -C deploy .
mkdir manifests
./deploy/deploy --k8s-flavor vanilla my-images > manifests/vanilla.yaml
./deploy/deploy --k8s-flavor ocp my-images > manifests/ocp.yaml
./deploy/deploy --k8s-flavor vanilla --secret my-secret my-images > manifests/vanilla-with-secret.yaml
./deploy/deploy --k8s-flavor ocp --secret my-secret my-images > manifests/ocp-with-secret.yaml
./deploy/deploy --k8s-flavor vanilla --collect-metrics my-images > manifests/vanilla-metrics.yaml
./deploy/deploy --k8s-flavor ocp --collect-metrics my-images > manifests/ocp-metrics.yaml
./deploy/deploy --k8s-flavor vanilla --secret my-secret --collect-metrics my-images > manifests/vanilla-with-secret-metrics.yaml
./deploy/deploy --k8s-flavor ocp --secret my-secret --collect-metrics my-images > manifests/ocp-with-secret-metrics.yaml
- name: kubeconform
run: |
make -C deploy kubeconform MANIFESTS=`pwd`/manifests
- name: kube-linter
uses: stackrox/[email protected]
with:
directory: manifests
- name: Build binary
run: CGO_ENABLED=0 go build -a -ldflags '-extldflags "-static"' .
- name: Login to Quay
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }}
password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }}
- name: Build and push OCI image
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
e2e:
if: github.event_name != 'pull_request'
needs: build
runs-on: ubuntu-latest
env:
CLUSTER_NAME: img-prefetch-${{ github.run_id }}
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
steps:
- uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- uses: "google-github-actions/auth@v2"
with:
credentials_json: "${{ secrets.GCP_IMAGE_PREFETCHER_CI_SA }}"
- name: Install GKE auth plugin
uses: "google-github-actions/setup-gcloud@v2"
with:
install_components: "gke-gcloud-auth-plugin"
- name: Install infractl
uses: stackrox/actions/infra/install-infractl@main
- name: Create GKE cluster
uses: stackrox/actions/infra/[email protected]
with:
token: ${{ secrets.INFRA_TOKEN }}
flavor: gke-default
name: img-prefetch-${{ github.run_id }}
lifespan: 1h
args: nodes=2
wait: "true"
no-slack: "true"
- name: Setup environment from cluster artifacts
env:
ARTIFACTS_DIR: ${{ runner.temp }}/gke-artifacts
run: |
# Fetch the artifacts for the GKE cluster.
infractl artifacts --download-dir=${ARTIFACTS_DIR} ${CLUSTER_NAME} >/dev/null
# Set both URL and admin password.
KUBECONFIG="${ARTIFACTS_DIR}/kubeconfig"
echo "KUBECONFIG=$KUBECONFIG" >> $GITHUB_ENV
- name: Build deploy tool
run: go build -C deploy .
- name: Deploy prefetcher
run: |
set -e
name=basic
ns=prefetch
echo busybox:latest >> images.txt
echo debian:sid >> images.txt
kubectl create --dry-run=client -o yaml --namespace=$ns configmap "$name" --from-file="images.txt=images.txt" > manifest.yaml
echo --- >> manifest.yaml
./deploy/deploy \
--version=$(git rev-parse --short HEAD) \
--k8s-flavor=vanilla \
--collect-metrics \
"${name}" >> manifest.yaml
kubectl create ns $ns
kubectl apply -n $ns manifest.yaml
- name: Wait for prefetcher to finish
run: |
set -e
name=basic
ns=prefetch
info() { echo "$@"; }
die() { info "$@"; exit 1; }
attempt=0
service="service/${name}-metrics"
while [[ -z $(kubectl -n "${ns}" get "${service}" -o jsonpath="{.status.loadBalancer.ingress}" 2>/dev/null) ]]; do
if [ "$attempt" -lt "10" ]; then
info "Waiting for ${service} to obtain endpoint ..."
((attempt++))
sleep 10
else
die "ERROR: Timeout waiting for ${service} to obtain endpoint!"
fi
done
endpoint="$(kubectl -n "${ns}" get "${service}" -o json | jq -r '.status.loadBalancer.ingress[] | .ip')"
curl --silent --show-error --fail --retry 3 --retry-connrefused "http://${endpoint}:8080/metrics" > metrics.json
- name: Dump metrics
run: jq metrics.json
- name: Teardown cluster
if: always()
env:
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }}
run: |
infractl delete ${CLUSTER_NAME} || echo "Failed to remove the infra cluster"