CI #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
workflow_dispatch: | |
inputs: | |
git-ref: | |
description: The target `git` branch, `git` tag or `git` SHA to be released. | |
required: true | |
publish: | |
description: Push the image to ghcr | |
required: true | |
type: boolean | |
jobs: | |
security: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 | |
with: | |
ref: ${{ github.event.inputs.git-ref }} | |
- name: Run Gosec Security Scanner | |
uses: securego/gosec@1af1d5bb49259b62e45c505db397dd2ada5d74f8 # v2.14.0 | |
with: | |
# G601 for zz_generated.deepcopy.go | |
# G306 TODO: Expect WriteFile permissions to be 0600 or less | |
# G307 TODO: Deferring unsafe method "Close" | |
args: -exclude=G109,G601,G104,G204,G304,G306,G307 -tests=false -exclude-dir=test -exclude-dir=images/ -exclude-dir=docs/ ./... | |
test-and-lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 | |
with: | |
ref: ${{ github.event.inputs.git-ref }} | |
- name: Set up Go | |
id: go | |
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 | |
with: | |
go-version: '1.20' | |
check-latest: true | |
- name: Run Lint | |
run: ./hack/verify-golint.sh | |
- name: Run go-fmt | |
run: ./hack/verify-gofmt.sh | |
- name: Run test | |
run: make test | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 | |
with: | |
ref: ${{ github.event.inputs.git-ref }} | |
- name: Set up Go | |
id: go | |
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 | |
with: | |
go-version: '1.20' | |
check-latest: true | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1 | |
with: | |
version: latest | |
- name: Available platforms | |
run: echo ${{ steps.buildx.outputs.platforms }} | |
- name: Prepare Host | |
env: | |
KUBECTL_VERSION: ${{ vars.KUBECTL_VERSION }} | |
run: | | |
sudo apt-get -qq update || true | |
sudo apt-get install -y pigz | |
curl -LO https://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl | |
chmod +x ./kubectl | |
sudo mv ./kubectl /usr/local/bin/kubectl | |
- name: Build images | |
env: | |
REGISTRY: ingress-controller | |
TAG: 1.0.0-dev | |
run: | | |
echo "building e2e images..." | |
make clean-image build image | |
make -C test/e2e-image image | |
echo "creating images cache..." | |
docker save \ | |
nginx-ingress-controller:e2e \ | |
ingress-controller/controller:1.0.0-dev \ | |
| pigz > docker.tar.gz | |
- name: cache | |
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 | |
with: | |
name: docker.tar.gz | |
path: docker.tar.gz | |
release: | |
if: ${{ github.event.inputs.publish }} | |
name: Release | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
steps: | |
- name: Check out ingress-nginx | |
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b | |
with: | |
ref: ${{ github.event.inputs.git-ref }} | |
# Based on https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#publishing-a-package-using-an-action | |
- name: Log in to the Container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: blend | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push release image | |
env: | |
REGISTRY: ghcr.io/blend | |
TAG: ${{ github.event.inputs.git-ref }} | |
COMMIT_SHA: ${{ github.sha }} | |
PLATFORMS: amd64 | |
BUILDX_PLATFORMS: linux/amd64 | |
run: | | |
echo "creating release image..." | |
make release | |
docker push --all-tags "$REGISTRY/controller" |