Skip to content
CI

CI #11

Sign in to view logs

CI

CI #11

Workflow file for this run

.github/workflows/ci.yaml at 678ac5e
name: CI
on:
workflow_dispatch:
inputs:
git-ref:
description: The target `git` branch, `git` tag or `git` SHA to be released.
required: true
publish:
description: Push the image to ghcr
required: true
type: boolean
jobs:
security:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
with:
ref: ${{ github.event.inputs.git-ref }}
- name: Run Gosec Security Scanner
uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # v2.14.0
with:
# G601 for zz_generated.deepcopy.go
# G306 TODO: Expect WriteFile permissions to be 0600 or less
# G307 TODO: Deferring unsafe method "Close"
args: -exclude=G109,G601,G104,G204,G304,G306,G307 -tests=false -exclude-dir=test -exclude-dir=images/ -exclude-dir=docs/ ./...
test-and-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
with:
ref: ${{ github.event.inputs.git-ref }}
- name: Set up Go
id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: '1.20'
check-latest: true
- name: Run Lint
run: ./hack/verify-golint.sh
- name: Run go-fmt
run: ./hack/verify-gofmt.sh
- name: Run test
run: make test
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
with:
ref: ${{ github.event.inputs.git-ref }}
- name: Set up Go
id: go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: '1.20'
check-latest: true
- name: Set up QEMU
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
with:
version: latest
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Prepare Host
env:
KUBECTL_VERSION: ${{ vars.KUBECTL_VERSION }}
run: |
sudo apt-get -qq update || true
sudo apt-get install -y pigz
curl -LO https://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
- name: Build images
env:
REGISTRY: ingress-controller
TAG: 1.0.0-dev
run: |
echo "building e2e images..."
make clean-image build image
make -C test/e2e-image image
echo "creating images cache..."
docker save \
nginx-ingress-controller:e2e \
ingress-controller/controller:1.0.0-dev \
| pigz > docker.tar.gz
- name: cache
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
with:
name: docker.tar.gz
path: docker.tar.gz
release:
if: ${{ github.event.inputs.publish }}
name: Release
runs-on: ubuntu-latest
needs:
- build
steps:
- name: Check out ingress-nginx
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
with:
ref: ${{ github.event.inputs.git-ref }}
# Based on https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#publishing-a-package-using-an-action
- name: Log in to the Container registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: blend
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push release image
env:
REGISTRY: ghcr.io/blend
TAG: ${{ github.event.inputs.git-ref }}
COMMIT_SHA: ${{ github.sha }}
PLATFORMS: amd64
BUILDX_PLATFORMS: linux/amd64
run: |
echo "creating release image..."
make release
docker push --all-tags "$REGISTRY/controller"