mr-cassop migration #67
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request Workflow | |
| on: | |
| pull_request: | |
| env: | |
| GO_VERSION: 1.18 | |
| HELM_VERSION: v3.9.2 | |
| ICARUS_VERSION: 2.0.4 | |
| PYTHON_VERSION: 3.7 # required for helm tester | |
| ICR_NAMESPACE: mr-cassop | |
| TRIVY_SEVERITY: CRITICAL | |
| jobs: | |
| run-unit-tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Go Lint | |
| uses: golangci/golangci-lint-action@v3 | |
| with: | |
| args: --timeout=5m --enable exportloopref | |
| skip-pkg-cache: true | |
| skip-build-cache: true | |
| - name: Get dependencies | |
| run: go mod download | |
| - name: Run operator unit tests | |
| run: go test ./controllers/... -v -coverprofile=operator_unit.out -coverpkg=./... | |
| - name: Run prober unit tests | |
| run: | | |
| cd ./prober | |
| go test ./... -v -coverprofile=prober_unit.out -coverpkg=./... | |
| - name: Get tests coverage | |
| run: | | |
| go tool cover -func=operator_unit.out | tail -n1 | awk "{print \"Operator unit tests coverage: \" \$3}" | |
| go tool cover -func=prober_unit.out | tail -n1 | awk "{print \"Prober unit tests coverage: \" \$3}" | |
| run-integration-tests: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| # k8s: [1.20.2, 1.21.2, 1.22.1, 1.23.1, 1.24.2] | |
| k8s: [1.24.2] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Setup Kubebuilder assets | |
| run: | | |
| curl -sSLo envtest-bins.tar.gz "https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$k8s-linux-amd64.tar.gz" | |
| mkdir kubebuilder-$k8s | |
| tar -C kubebuilder-$k8s/ --strip-components=1 -zvxf envtest-bins.tar.gz && rm -f envtest-bins.tar.gz | |
| echo "KUBEBUILDER_ASSETS=$(pwd)/kubebuilder-$k8s/bin" >> $GITHUB_ENV | |
| $(pwd)/kubebuilder-$k8s/bin/kube-apiserver --version | |
| env: | |
| k8s: ${{ matrix.k8s }} | |
| - name: Get dependencies | |
| run: go mod download | |
| - name: Run integration tests | |
| run: go test ./tests/integration -v -coverprofile=integration.out -coverpkg=./... | |
| - name: Get tests coverage | |
| run: | | |
| go tool cover -func=integration.out | tail -n1 | awk "{print \"Integration tests coverage: \" \$3}" | |
| build-operator: | |
| runs-on: ubuntu-latest | |
| needs: [run-unit-tests, run-integration-tests, validate-helm-charts] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Inject slug/short variables | |
| uses: rlespinasse/github-slug-action@v4 | |
| - name: Modify GITHUB_REF_SLUG | |
| run: echo "GITHUB_REF_SLUG=$GITHUB_REF_SLUG-${{ github.run_id }}" >> $GITHUB_ENV | |
| - name: Setup Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Authenticate to Docker Proxy Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build operator image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| file: Dockerfile | |
| build-args: | | |
| VERSION=${{ env.GITHUB_REF_SLUG }} | |
| tags: cinple/mr-cassop:${{ env.GITHUB_REF_SLUG }} | |
| outputs: type=docker,dest=mr-cassop.tar | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| input: "mr-cassop.tar" | |
| exit-code: "1" | |
| ignore-unfixed: true | |
| severity: ${{ env.TRIVY_SEVERITY }} | |
| - name: Upload mr-cassop image artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: mr-cassop | |
| path: mr-cassop.tar | |
| retention-days: 1 | |
| build-cassandra: | |
| runs-on: ubuntu-latest | |
| needs: [run-unit-tests, run-integration-tests, validate-helm-charts] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Inject slug/short variables | |
| uses: rlespinasse/github-slug-action@v4 | |
| - name: Modify GITHUB_REF_SLUG | |
| run: echo "GITHUB_REF_SLUG=$GITHUB_REF_SLUG-${{ github.run_id }}" >> $GITHUB_ENV | |
| - name: Setup Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Authenticate to Docker Proxy Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build cassandra image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| file: ./cassandra/Dockerfile | |
| context: ./cassandra | |
| tags: cinple/cassandra:${{ env.GITHUB_REF_SLUG }} | |
| outputs: type=docker,dest=cassandra.tar | |
| # - name: Run Trivy vulnerability scanner | |
| # uses: aquasecurity/[email protected] | |
| # with: | |
| # input: "cassandra.tar" | |
| # exit-code: "1" | |
| # ignore-unfixed: true | |
| # severity: ${{ env.TRIVY_SEVERITY }} | |
| - name: Upload cassandra image artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: cassandra | |
| path: cassandra.tar | |
| retention-days: 1 | |
| build-prober: | |
| runs-on: ubuntu-latest | |
| needs: [run-unit-tests, run-integration-tests, validate-helm-charts] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Inject slug/short variables | |
| uses: rlespinasse/github-slug-action@v4 | |
| - name: Modify GITHUB_REF_SLUG | |
| run: echo "GITHUB_REF_SLUG=$GITHUB_REF_SLUG-${{ github.run_id }}" >> $GITHUB_ENV | |
| - name: Setup Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Authenticate to Docker Proxy Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build prober image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| file: ./prober/Dockerfile | |
| context: ./prober | |
| build-args: | | |
| VERSION=${{ env.GITHUB_REF_SLUG }} | |
| tags: cinple/prober:${{ env.GITHUB_REF_SLUG }} | |
| outputs: type=docker,dest=prober.tar | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| input: "prober.tar" | |
| exit-code: "1" | |
| ignore-unfixed: true | |
| severity: ${{ env.TRIVY_SEVERITY }} | |
| - name: Upload prober image artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: prober | |
| path: prober.tar | |
| retention-days: 1 | |
| build-jolokia: | |
| runs-on: ubuntu-latest | |
| needs: [run-unit-tests, run-integration-tests, validate-helm-charts] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Inject slug/short variables | |
| uses: rlespinasse/github-slug-action@v4 | |
| - name: Modify GITHUB_REF_SLUG | |
| run: echo "GITHUB_REF_SLUG=$GITHUB_REF_SLUG-${{ github.run_id }}" >> $GITHUB_ENV | |
| - name: Setup Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Authenticate to Docker Proxy Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build jolokia image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| file: ./jolokia/Dockerfile | |
| context: ./jolokia | |
| tags: cinple/jolokia:${{ env.GITHUB_REF_SLUG }} | |
| outputs: type=docker,dest=jolokia.tar | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| input: "jolokia.tar" | |
| exit-code: "1" | |
| ignore-unfixed: true | |
| severity: ${{ env.TRIVY_SEVERITY }} | |
| - name: Upload jolokia image artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: jolokia | |
| path: jolokia.tar | |
| retention-days: 1 | |
| build-icarus: | |
| runs-on: ubuntu-latest | |
| needs: [run-unit-tests, run-integration-tests, validate-helm-charts] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Inject slug/short variables | |
| uses: rlespinasse/github-slug-action@v4 | |
| - name: Modify GITHUB_REF_SLUG | |
| run: echo "GITHUB_REF_SLUG=$GITHUB_REF_SLUG-${{ github.run_id }}" >> $GITHUB_ENV | |
| - name: Setup Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Authenticate to Docker Proxy Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build icarus image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| file: ./icarus/Dockerfile | |
| context: ./icarus | |
| build-args: | | |
| ICARUS_VERSION: ${{ env.ICARUS_VERSION }} | |
| tags: cinple/icarus:${{ env.GITHUB_REF_SLUG }} | |
| outputs: type=docker,dest=icarus.tar | |
| # - name: Run Trivy vulnerability scanner | |
| # uses: aquasecurity/[email protected] | |
| # with: | |
| # input: "icarus.tar" | |
| # exit-code: "1" | |
| # ignore-unfixed: true | |
| # severity: ${{ env.TRIVY_SEVERITY }} | |
| - name: Upload jolokia image artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: icarus | |
| path: icarus.tar | |
| retention-days: 1 | |
| validate-helm-charts: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # ct needs history to compare | |
| - name: Setup Helm | |
| uses: azure/[email protected] | |
| with: | |
| version: ${{ env.HELM_VERSION }} | |
| - name: Setup Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Setup chart-testing | |
| uses: helm/[email protected] | |
| - name: Run chart-testing (list-changed) | |
| id: list-changed | |
| run: | | |
| changed=$(ct list-changed --target-branch=main) | |
| if [[ -n "$changed" ]]; then | |
| echo "::set-output name=changed::true" | |
| fi | |
| - name: Run chart-testing (lint) | |
| run: ct lint --target-branch=main --check-version-increment=false | |
| - name: Download Pluto | |
| uses: FairwindsOps/pluto/[email protected] | |
| - name: Scan for deprecated k8s APIs | |
| run: helm template mr-cassop/ | pluto detect - | |
| check-docs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 16 | |
| - name: Build docs website | |
| run: | | |
| npm -v | |
| node -v | |
| cd docs | |
| npm ci | |
| npm run build | |
| push-images-for-e2e: | |
| if: "!contains(github.event.head_commit.message, 'e2e skip')" | |
| needs: | |
| [ | |
| build-operator, | |
| build-cassandra, | |
| build-prober, | |
| build-jolokia, | |
| build-icarus, | |
| validate-helm-charts, | |
| ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Inject slug/short variables | |
| uses: rlespinasse/github-slug-action@v4 | |
| # We have below variable value replacement to prevent re-push of the image within branch during parallel workflows run | |
| - name: Modify GITHUB_REF_SLUG | |
| run: echo "GITHUB_REF_SLUG=$GITHUB_REF_SLUG-${{ github.run_id }}" >> $GITHUB_ENV | |
| - name: Authenticate to Docker Proxy Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Authenticate to Docker Proxy Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Download operator image artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: mr-cassop | |
| - name: Download cassandra image artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: cassandra | |
| - name: Download prober image artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: prober | |
| - name: Download jolokia image artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: jolokia | |
| - name: Download icarus image artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: icarus | |
| - name: Load container images | |
| run: | | |
| docker load -i mr-cassop.tar | |
| docker load -i cassandra.tar | |
| docker load -i prober.tar | |
| docker load -i jolokia.tar | |
| docker load -i icarus.tar | |
| - name: Push Images to ICR | |
| run: | | |
| docker push "cinple/mr-cassop:$GITHUB_REF_SLUG" | |
| docker push "cinple/prober:$GITHUB_REF_SLUG" | |
| docker push "cinple/cassandra:$GITHUB_REF_SLUG" | |
| docker push "cinple/jolokia:$GITHUB_REF_SLUG" | |
| docker push "cinple/icarus:$GITHUB_REF_SLUG" |