auth #79
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Go | |
on: [push] | |
permissions: | |
contents: read | |
pull-requests: read | |
checks: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare OCI metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: "quay.io/stackrox-io/image-prefetcher" | |
# generate Docker tags based on the following events/attributes | |
# See https://github.com/docker/metadata-action | |
tags: | | |
type=ref,event=branch,prefix=branch- | |
type=semver,pattern=v{{major}}.{{minor}}.{{patch}} | |
type=semver,pattern=v{{major}}.{{minor}} | |
type=semver,pattern=v{{major}} | |
type=sha | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- name: Verify | |
run: go mod verify | |
- name: Build | |
run: go build ./... | |
- name: Test | |
run: go test ./... | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v4 | |
with: | |
version: latest | |
install-mode: binary | |
- name: Prepare manifests for linting | |
run: | | |
go build -C deploy . | |
mkdir manifests | |
./deploy/deploy --k8s-flavor vanilla my-images > manifests/vanilla.yaml | |
./deploy/deploy --k8s-flavor ocp my-images > manifests/ocp.yaml | |
./deploy/deploy --k8s-flavor vanilla --secret my-secret my-images > manifests/vanilla-with-secret.yaml | |
./deploy/deploy --k8s-flavor ocp --secret my-secret my-images > manifests/ocp-with-secret.yaml | |
./deploy/deploy --k8s-flavor vanilla --collect-metrics my-images > manifests/vanilla-metrics.yaml | |
./deploy/deploy --k8s-flavor ocp --collect-metrics my-images > manifests/ocp-metrics.yaml | |
./deploy/deploy --k8s-flavor vanilla --secret my-secret --collect-metrics my-images > manifests/vanilla-with-secret-metrics.yaml | |
./deploy/deploy --k8s-flavor ocp --secret my-secret --collect-metrics my-images > manifests/ocp-with-secret-metrics.yaml | |
- name: kubeconform | |
run: | | |
make -C deploy kubeconform MANIFESTS=`pwd`/manifests | |
- name: kube-linter | |
uses: stackrox/[email protected] | |
with: | |
directory: manifests | |
- name: Build binary | |
run: CGO_ENABLED=0 go build -a -ldflags '-extldflags "-static"' . | |
- name: Login to Quay | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} | |
password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} | |
- name: Build and push OCI image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
e2e: | |
if: github.event_name != 'pull_request' | |
needs: build | |
runs-on: ubuntu-latest | |
env: | |
CLUSTER_NAME: img-prefetch-${{ github.run_id }} | |
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- uses: "google-github-actions/auth@v2" | |
with: | |
credentials_json: "${{ secrets.GCP_IMAGE_PREFETCHER_CI_SA }}" | |
- name: Install GKE auth plugin | |
uses: "google-github-actions/setup-gcloud@v2" | |
with: | |
install_components: "gke-gcloud-auth-plugin" | |
- name: Install infractl | |
uses: stackrox/actions/infra/install-infractl@main | |
- name: Create GKE cluster | |
uses: stackrox/actions/infra/[email protected] | |
with: | |
token: ${{ secrets.INFRA_TOKEN }} | |
flavor: gke-default | |
name: img-prefetch-${{ github.run_id }} | |
lifespan: 1h | |
args: nodes=2 | |
wait: "true" | |
no-slack: "true" | |
- name: Setup environment from cluster artifacts | |
env: | |
ARTIFACTS_DIR: ${{ runner.temp }}/gke-artifacts | |
run: | | |
# Fetch the artifacts for the GKE cluster. | |
infractl artifacts --download-dir=${ARTIFACTS_DIR} ${CLUSTER_NAME} >/dev/null | |
# Set both URL and admin password. | |
KUBECONFIG="${ARTIFACTS_DIR}/kubeconfig" | |
echo "KUBECONFIG=$KUBECONFIG" >> $GITHUB_ENV | |
- name: Build deploy tool | |
run: go build -C deploy . | |
- name: Deploy prefetcher | |
run: | | |
set -e | |
name=basic | |
ns=prefetch | |
echo busybox:latest >> images.txt | |
echo debian:sid >> images.txt | |
kubectl create --dry-run=client -o yaml --namespace=$ns configmap "$name" --from-file="images.txt=images.txt" > manifest.yaml | |
echo --- >> manifest.yaml | |
./deploy/deploy \ | |
--version=$(git rev-parse --short HEAD) \ | |
--k8s-flavor=vanilla \ | |
--collect-metrics \ | |
"${name}" >> manifest.yaml | |
kubectl create ns $ns | |
kubectl apply -n $ns manifest.yaml | |
- name: Wait for prefetcher to finish | |
run: | | |
set -e | |
name=basic | |
ns=prefetch | |
info() { echo "$@"; } | |
die() { info "$@"; exit 1; } | |
attempt=0 | |
service="service/${name}-metrics" | |
while [[ -z $(kubectl -n "${ns}" get "${service}" -o jsonpath="{.status.loadBalancer.ingress}" 2>/dev/null) ]]; do | |
if [ "$attempt" -lt "10" ]; then | |
info "Waiting for ${service} to obtain endpoint ..." | |
((attempt++)) | |
sleep 10 | |
else | |
die "ERROR: Timeout waiting for ${service} to obtain endpoint!" | |
fi | |
done | |
endpoint="$(kubectl -n "${ns}" get "${service}" -o json | jq -r '.status.loadBalancer.ingress[] | .ip')" | |
curl --silent --show-error --fail --retry 3 --retry-connrefused "http://${endpoint}:8080/metrics" > metrics.json | |
- name: Dump metrics | |
run: jq metrics.json | |
- name: Teardown cluster | |
if: always() | |
env: | |
INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }} | |
run: | | |
infractl delete ${CLUSTER_NAME} || echo "Failed to remove the infra cluster" |