/
envoy.istio
/
crossplane
GigaCode
beta
ОбзорЦентр заботыВойти

crossplane

Форк
0
Ветки: 48Коммиты: 6497Теги: 121
crossplane
/.github
/workflows
/
ci.yml 
495 строк · 16.2 Кб
1
name: CI
2


3
on:
4
  push:
5
    branches:
6
      - master
7
      - release-*
8
  pull_request: {}
9
  workflow_dispatch: {}
10


11
env:
12
  # Common versions
13
  GO_VERSION: '1.22.0'
14
  GOLANGCI_VERSION: 'v1.56.2'
15
  DOCKER_BUILDX_VERSION: 'v0.10.0'
16


17
  # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
18
  # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether
19
  # credentials have been provided before trying to run steps that need them.
20
  DOCKER_USR: ${{ secrets.DOCKER_USR }}
21
  AWS_USR: ${{ secrets.AWS_USR }}
22
  UPBOUND_MARKETPLACE_PUSH_ROBOT_USR: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }}
23


24
jobs:
25
  check-diff:
26
    runs-on: ubuntu-22.04
27


28
    steps:
29
      - name: Checkout
30
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
31
        with:
32
          submodules: true
33


34
      - name: Setup Go
35
        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
36
        with:
37
          go-version: ${{ env.GO_VERSION }}
38


39
      - name: Find the Go Build Cache
40
        id: go
41
        run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT
42


43
      - name: Cache the Go Build Cache
44
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
45
        with:
46
          path: ${{ steps.go.outputs.cache }}
47
          key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }}
48
          restore-keys: ${{ runner.os }}-build-check-diff-
49


50
      - name: Cache Go Dependencies
51
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
52
        with:
53
          path: .work/pkg
54
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
55
          restore-keys: ${{ runner.os }}-pkg-
56


57
      - name: Vendor Dependencies
58
        run: make vendor vendor.check
59


60
      - name: Check Diff
61
        run: make check-diff
62


63
  detect-noop:
64
    runs-on: ubuntu-22.04
65
    outputs:
66
      noop: ${{ steps.noop.outputs.should_skip }}
67
    steps:
68
      - name: Detect No-op Changes
69
        id: noop
70
        uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
71
        with:
72
          github_token: ${{ secrets.GITHUB_TOKEN }}
73
          paths_ignore: '["**.md", "**.png", "**.jpg"]'
74
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
75
          concurrent_skipping: false
76


77
  lint:
78
    runs-on: ubuntu-22.04
79
    needs: detect-noop
80
    if: needs.detect-noop.outputs.noop != 'true'
81


82
    steps:
83
      - name: Checkout
84
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
85
        with:
86
          submodules: true
87


88
      - name: Setup Go
89
        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
90
        with:
91
          go-version: ${{ env.GO_VERSION }}
92


93
      - name: Find the Go Build Cache
94
        id: go
95
        run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT
96


97
      - name: Cache the Go Build Cache
98
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
99
        with:
100
          path: ${{ steps.go.outputs.cache }}
101
          key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }}
102
          restore-keys: ${{ runner.os }}-build-lint-
103


104
      - name: Cache Go Dependencies
105
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
106
        with:
107
          path: .work/pkg
108
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
109
          restore-keys: ${{ runner.os }}-pkg-
110


111
      - name: Vendor Dependencies
112
        run: make vendor vendor.check
113


114
      # We could run 'make lint' to ensure our desired Go version, but we prefer
115
      # this action because it leaves 'annotations' (i.e. it comments on PRs to
116
      # point out linter violations).
117
      - name: Lint
118
        uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3
119
        with:
120
          version: ${{ env.GOLANGCI_VERSION }}
121
          skip-cache: true # We do our own caching.
122


123
  codeql:
124
    runs-on: ubuntu-22.04
125
    needs: detect-noop
126
    if: needs.detect-noop.outputs.noop != 'true'
127


128
    steps:
129
      - name: Checkout
130
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
131
        with:
132
          submodules: true
133


134
      - name: Setup Go
135
        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
136
        with:
137
          go-version: ${{ env.GO_VERSION }}
138


139
      - name: Find the Go Build Cache
140
        id: go
141
        run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT
142


143
      - name: Cache the Go Build Cache
144
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
145
        with:
146
          path: ${{ steps.go.outputs.cache }}
147
          key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }}
148
          restore-keys: ${{ runner.os }}-build-check-diff-
149


150
      - name: Cache Go Dependencies
151
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
152
        with:
153
          path: .work/pkg
154
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
155
          restore-keys: ${{ runner.os }}-pkg-
156


157
      - name: Vendor Dependencies
158
        run: make vendor vendor.check
159


160
      - name: Initialize CodeQL
161
        uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3
162
        with:
163
          languages: go
164


165
      - name: Perform CodeQL Analysis
166
        uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3
167


168
  trivy-scan-fs:
169
    runs-on: ubuntu-22.04
170
    needs: detect-noop
171
    if: needs.detect-noop.outputs.noop != 'true'
172
    steps:
173
      - name: Checkout
174
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
175
        with:
176
          submodules: true
177


178
      - name: Run Trivy vulnerability scanner in fs mode
179
        uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef # 0.17.0
180
        with:
181
          scan-type: 'fs'
182
          ignore-unfixed: true
183
          skip-dirs: design
184
          scan-ref: '.'
185
          exit-code: '1'
186
          severity: 'CRITICAL,HIGH'
187


188
  unit-tests:
189
    runs-on: ubuntu-22.04
190
    needs: detect-noop
191
    if: needs.detect-noop.outputs.noop != 'true'
192


193
    steps:
194
      - name: Checkout
195
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
196
        with:
197
          submodules: true
198


199
      - name: Fetch History
200
        run: git fetch --prune --unshallow
201


202
      - name: Setup Go
203
        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
204
        with:
205
          go-version: ${{ env.GO_VERSION }}
206


207
      - name: Find the Go Build Cache
208
        id: go
209
        run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT
210


211
      - name: Cache the Go Build Cache
212
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
213
        with:
214
          path: ${{ steps.go.outputs.cache }}
215
          key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
216
          restore-keys: ${{ runner.os }}-build-unit-tests-
217


218
      - name: Cache Go Dependencies
219
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
220
        with:
221
          path: .work/pkg
222
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
223
          restore-keys: ${{ runner.os }}-pkg-
224


225
      - name: Vendor Dependencies
226
        run: make vendor vendor.check
227


228
      - name: Run Unit Tests
229
        run: make -j2 test
230


231
      - name: Publish Unit Test Coverage
232
        uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3
233
        with:
234
          flags: unittests
235
          file: _output/tests/linux_amd64/coverage.txt
236


237
  e2e-tests:
238
    runs-on: ubuntu-22.04
239
    needs: detect-noop
240
    if: needs.detect-noop.outputs.noop != 'true'
241
    strategy:
242
      fail-fast: false
243
      matrix:
244
        test-suite:
245
          - base
246
          - environment-configs
247
          - usage
248
          - ssa-claims
249


250
    steps:
251
      - name: Setup QEMU
252
        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
253
        with:
254
          platforms: all
255


256
      - name: Setup Docker Buildx
257
        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
258
        with:
259
          version: ${{ env.DOCKER_BUILDX_VERSION }}
260
          install: true
261


262
      - name: Checkout
263
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
264
        with:
265
          submodules: true
266


267
      - name: Fetch History
268
        run: git fetch --prune --unshallow
269


270
      - name: Setup Go
271
        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
272
        with:
273
          go-version: ${{ env.GO_VERSION }}
274


275
      - name: Find the Go Build Cache
276
        id: go
277
        run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT
278


279
      - name: Cache the Go Build Cache
280
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
281
        with:
282
          path: ${{ steps.go.outputs.cache }}
283
          key: ${{ runner.os }}-build-e2e-tests-${{ hashFiles('**/go.sum') }}
284
          restore-keys: ${{ runner.os }}-build-e2e-tests-
285


286
      - name: Cache Go Dependencies
287
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
288
        with:
289
          path: .work/pkg
290
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
291
          restore-keys: |
292
            ${{ runner.os }}-pkg-
293


294
      - name: Vendor Dependencies
295
        run: make vendor vendor.check
296


297
      - name: Build Helm Chart
298
        run: make -j2 build
299
        env:
300
          # We're using docker buildx, which doesn't actually load the images it
301
          # builds by default. Specifying --load does so.
302
          BUILD_ARGS: "--load"
303


304
      - name: Run E2E Tests
305
        run: make e2e E2E_TEST_FLAGS="-test.v -test.failfast -fail-fast --kind-logs-location ./logs-kind --test-suite ${{ matrix.test-suite }}"
306


307
      - name: Upload artifacts
308
        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4
309
        if: failure()
310
        with:
311
          name: e2e-kind-logs-${{ matrix.test-suite }}
312
          path: ./logs-kind
313
          if-no-files-found: error
314
          retention-days: 7
315


316
  publish-artifacts:
317
    runs-on: ubuntu-22.04
318
    needs: detect-noop
319
    if: needs.detect-noop.outputs.noop != 'true'
320


321
    steps:
322
      - name: Cleanup Disk
323
        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
324
        with:
325
          android: true
326
          dotnet: true
327
          haskell: true
328
          tool-cache: true
329
          large-packages: false
330
          swap-storage: false
331


332
      - name: Setup QEMU
333
        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
334
        with:
335
          platforms: all
336


337
      - name: Setup Docker Buildx
338
        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
339
        with:
340
          version: ${{ env.DOCKER_BUILDX_VERSION }}
341
          install: true
342


343
      - name: Checkout
344
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
345
        with:
346
          submodules: true
347


348
      - name: Fetch History
349
        run: git fetch --prune --unshallow
350


351
      - name: Setup Go
352
        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
353
        with:
354
          go-version: ${{ env.GO_VERSION }}
355


356
      - name: Find the Go Build Cache
357
        id: go
358
        run: echo "cache=$(make go.cachedir)" >> $GITHUB_OUTPUT
359


360
      - name: Cache the Go Build Cache
361
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
362
        with:
363
          path: ${{ steps.go.outputs.cache }}
364
          key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }}
365
          restore-keys: ${{ runner.os }}-build-publish-artifacts-
366


367
      - name: Cache Go Dependencies
368
        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
369
        with:
370
          path: .work/pkg
371
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
372
          restore-keys: ${{ runner.os }}-pkg-
373


374
      - name: Vendor Dependencies
375
        run: make vendor vendor.check
376


377
      - name: Build Artifacts
378
        run: make -j2 build.all
379
        env:
380
          # We're using docker buildx, which doesn't actually load the images it
381
          # builds by default. Specifying --load does so.
382
          BUILD_ARGS: "--load"
383


384
      - name: Publish Artifacts to GitHub
385
        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4
386
        with:
387
          name: output
388
          path: _output/**
389


390
      - name: Login to DockerHub
391
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
392
        if: env.DOCKER_USR != ''
393
        with:
394
          username: ${{ secrets.DOCKER_USR }}
395
          password: ${{ secrets.DOCKER_PSW }}
396


397
      - name: Login to Upbound
398
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
399
        if: env.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR != ''
400
        with:
401
          registry: xpkg.upbound.io
402
          username: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR }}
403
          password: ${{ secrets.UPBOUND_MARKETPLACE_PUSH_ROBOT_PSW }}
404


405
      - name: Publish Artifacts to S3, Marketplace, DockerHub
406
        run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/}
407
        if: env.AWS_USR != '' && env.DOCKER_USR != '' && env.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR != ''
408
        env:
409
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
410
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}
411
          AWS_DEFAULT_REGION: us-east-1
412
          GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
413
          DOCS_GIT_USR: ${{ secrets.UPBOUND_BOT_GITHUB_USR }}
414
          DOCS_GIT_PSW: ${{ secrets.UPBOUND_BOT_GITHUB_PSW }}
415


416
      - name: Promote Artifacts in S3, DockerHub
417
        if: github.ref == 'refs/heads/master' && env.AWS_USR != '' && env.DOCKER_USR != '' && env.UPBOUND_MARKETPLACE_PUSH_ROBOT_USR != ''
418
        run: make -j2 promote
419
        env:
420
          BRANCH_NAME: master
421
          CHANNEL: master
422
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }}
423
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }}
424
          AWS_DEFAULT_REGION: us-east-1
425


426
  fuzz-test:
427
    runs-on: ubuntu-22.04
428
    needs: detect-noop
429
    if: needs.detect-noop.outputs.noop != 'true'
430


431
    steps:
432
      # TODO(negz): Can we make this use our Go build and dependency cache? It
433
      # seems to build Crossplane inside of a Docker image.
434
      - name: Build Fuzzers
435
        id: build
436
        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
437
        with:
438
          oss-fuzz-project-name: "crossplane"
439
          language: go
440


441
      - name: Run Fuzzers
442
        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
443
        with:
444
          oss-fuzz-project-name: "crossplane"
445
          fuzz-seconds: 300
446
          language: go
447


448
      - name: Upload Crash
449
        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4
450
        if: failure() && steps.build.outcome == 'success'
451
        with:
452
          name: artifacts
453
          path: ./out/artifacts
454


455
  # TODO(negz): Refactor this job. Should the parts pertaining to release
456
  # branches live in promote.yaml instead?
457
  protobuf-schemas:
458
    runs-on: ubuntu-22.04
459
    needs: detect-noop
460
    if: needs.detect-noop.outputs.noop != 'true'
461


462
    steps:
463
      - name: Checkout
464
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
465


466
      - name: Setup Buf
467
        uses: bufbuild/buf-setup-action@v1
468
      
469
      - name: Lint Protocol Buffers
470
        uses: bufbuild/buf-lint-action@v1
471
        with:
472
          input: apis
473


474
      - name: Detect Breaking Changes in Protocol Buffers (Master Branch)
475
        uses: bufbuild/buf-breaking-action@a074e988ee34efcd4927079e79c611f428354c01 # v1
476
        # We want to run this for the master branch, and PRs.
477
        if: ${{ ! startsWith(github.ref, 'refs/heads/release-') }}
478
        with:
479
          input: apis
480
          against: "https://github.com/${GITHUB_REPOSITORY}.git#branch=master,subdir=apis"
481


482
      - name: Detect Breaking Changes in Protocol Buffers (Release Branch)
483
        uses: bufbuild/buf-breaking-action@a074e988ee34efcd4927079e79c611f428354c01 # v1
484
        # We want to run this only on release branches.
485
        if: ${{ startsWith(github.ref, 'refs/heads/release-') }}
486
        with:
487
          input: apis
488
          against: "https://github.com/${GITHUB_REPOSITORY}.git#branch=${GITHUB_REF_NAME},subdir=apis"
489
        
490
      - name: Push Protocol Buffers to Buf Schema Registry
491
        if: ${{ github.repository == 'crossplane/crossplane' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release-')) }}
492
        uses: bufbuild/buf-push-action@v1
493
        with:
494
          input: apis
495
          buf_token: ${{ secrets.BUF_TOKEN }}
496

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.