Skip to content

Commit

Permalink
chore: add github workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
@wcrum
wcrum committed Apr 9, 2024
1 parent 04d2fcf commit be53017
Show file tree
Hide file tree
Showing 2 changed files with 195 additions and 0 deletions.
111 changes: 111 additions & 0 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
name: Release

on:
push:
branches:
- main
- '[0-9]+.[0-9]+.x'
workflow_dispatch:

env:
REGISTRY: quay.io
GITHUB_PAGES_BRANCH: gh_pages

defaults:
run:
shell: bash

jobs:
release-please:
permissions:
contents: write # for google-github-actions/release-please-action to create release commit
pull-requests: write # for google-github-actions/release-please-action to create release PR
runs-on: [self-hosted, Linux, X64, validator]
outputs:
releases_created: ${{ steps.release.outputs.releases_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
# Release-please creates a PR that tracks all changes
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- uses: google-github-actions/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4
id: release
with:
command: manifest
token: ${{secrets.PAT}}
default-branch: main

release-charts:
needs: release-please
permissions:
contents: write
runs-on: [self-hosted, Linux, X64, validator]
if: needs.release-please.outputs.releases_created == 'true'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Publish Helm chart
uses: stefanprodan/helm-gh-pages@master
with:
token: ${{ secrets.PAT }}
charts_dir: chart
owner: spectrocloud-labs
branch: ${{ env.GITHUB_PAGES_BRANCH }}
commit_username: spectrocloud-labs-bot
commit_email: bot@noreply.spectrocloud-labs.io

build-container:
if: needs.release-please.outputs.releases_created == 'true'
needs:
- release-please
runs-on: [self-hosted, Linux, X64, validator]
permissions:
contents: write
packages: write
id-token: write
env:
IMAGE_TAG: quay.io/spectrocloud-labs/validator-plugin-kubescape:${{ needs.release-please.outputs.tag_name }}
IMAGE_NAME: validator-plugin-kubescape
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
submodules: recursive

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3

- name: Login to GitHub Container Registry
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3
with:
registry: "quay.io"
username: tgillson
password: ${{ secrets.QUAY_TOKEN }}

- name: Build Docker Image
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
target: production
tags: |
${{ env.IMAGE_TAG }}
builder: ${{ steps.buildx.outputs.name }}
push: true
cache-from: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }}
cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }}

- name: Generate SBOM
uses: anchore/sbom-action@9fece9e20048ca9590af301449208b2b8861333b # v0.15.9
with:
image: ${{ env.IMAGE_TAG }}
artifact-name: sbom-${{ env.IMAGE_NAME }}
output-file: ./sbom-${{ env.IMAGE_NAME }}.spdx.json

- name: Attach SBOM to release
uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2
with:
tag_name: ${{ needs.release-please.outputs.tag_name }}
files: ./sbom-${{ env.IMAGE_NAME }}.spdx.json
84 changes: 84 additions & 0 deletions .github/workflows/test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: Test

on:
push:
branches:
- main
pull_request:
workflow_dispatch:

concurrency:
group: test-${{ github.ref }}
cancel-in-progress: true

jobs:
test-unit:
name: Run Unit Tests
runs-on: [self-hosted, Linux, X64, validator]
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- name: Set up Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version-file: go.mod

- name: Test
run: make test

- name: Workaround for https://github.com/codecov/feedback/issues/263
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Codecov
uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4
with:
file: ./cover.out
fail_ci_if_error: true
token: ${{ secrets.CODECOV_TOKEN }}

test-chart:
name: Run Helm Chart Tests
runs-on: [self-hosted, Linux, X64, validator]
if: "!(contains(github.head_ref, 'release-please') || contains(github.ref, 'release-please'))"
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 0

- name: Set up Helm
uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4
with:
version: v3.11.2

- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5
with:
python-version: '3.9'
check-latest: true

- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

- name: Run chart-testing (list-changed)
id: list-changed
run: |
set -ex
changed=$(ct list-changed --chart-dirs chart --target-branch ${{ github.event.repository.default_branch }})
echo $changed
if [[ -n "$changed" ]]; then
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Run chart-testing (lint)
if: steps.list-changed.outputs.changed == 'true'
run: |
cd $GITHUB_WORKSPACE
ct lint --validate-maintainers=false --check-version-increment=false --chart-dirs chart --target-branch ${{ github.event.repository.default_branch }}
- name: Create kind cluster
if: steps.list-changed.outputs.changed == 'true'
uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0

- name: Run chart-testing (install)
if: steps.list-changed.outputs.changed == 'true'
run: ct install --chart-dirs chart --target-branch ${{ github.event.repository.default_branch }}

0 comments on commit be53017

Please sign in to comment.