Skip to content

Update ca-certificates version pin: #390

Update ca-certificates version pin:

Update ca-certificates version pin: #390

Workflow file for this run

name: Tink
on:
push:
branches:
- "*"
tags-ignore:
- "v*"
pull_request: {}
workflow_dispatch: {}
env:
CGO_ENABLED: "0"
GO_VERSION: "1.22"
jobs:
verify:
name: Verify
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "${{ env.GO_VERSION }}"
- run: make verify
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
- uses: actions/setup-go@v5
with:
go-version: "${{ env.GO_VERSION }}"
- name: Run unit tests
run: make test
- name: Run e2e tests
run: make e2e-test
- name: Upload codecov
uses: codecov/codecov-action@v5
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
checks:
name: CI Checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install nix
uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Run ci-checks.sh
run: nix-shell --run 'make ci-checks'
# We preemptively build the binaries for efficiency instead of waiting on unit tests to pass
# hence this doesn't depend on anything.
build:
name: Build
runs-on: ubuntu-latest
strategy:
matrix:
platform: [amd64, arm64]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "${{ env.GO_VERSION }}"
- name: Build linux/${{ matrix.platform }}
run: make build -j$(nproc) GOOS=linux GOARCH=${{ matrix.platform }}
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.platform }}-binaries
path: bin/*
package:
name: Package
runs-on: ubuntu-latest
needs:
- verify
- test
- checks
- build
strategy:
matrix:
include:
- repository: quay.io/tinkerbell/tink
binary: tink-server
- repository: quay.io/tinkerbell/tink-worker
binary: tink-worker
- repository: quay.io/tinkerbell/tink-controller
binary: tink-controller
steps:
- name: Create docker image tags
id: docker-image-tag
run: echo ::set-output name=tags::${{ matrix.repository }}:latest,${{ matrix.repository }}:sha-${GITHUB_SHA::8}
- uses: actions/checkout@v4
- name: Login to quay.io
uses: docker/login-action@v3
if: ${{ startsWith(github.ref, 'refs/heads/main') }}
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download all binaries
uses: actions/download-artifact@v4
with:
path: ./bin
merge-multiple: true
# Artifact upload doesn't preserve permissions so we need to fix them before use in
# the Dockerfiles.
- name: Fix permissions
run: chmod +x bin/*
- name: Build ${{ matrix.repository }} and push
uses: docker/build-push-action@v6
with:
context: .
file: cmd/${{ matrix.binary }}/Dockerfile
cache-from: type=registry,ref=${{ matrix.repository }}:latest
push: ${{ startsWith(github.ref, 'refs/heads/main') }}
tags: ${{ steps.docker-image-tag.outputs.tags }}
platforms: linux/amd64,linux/arm64