sign release artifacts using cosign #1093
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: test-gh | |
on: | |
push: | |
branches: | |
- develop | |
paths-ignore: | |
- 'docs/**' | |
- '*.md' | |
- 'examples/**' | |
pull_request: | |
types: [opened, reopened, synchronize] | |
paths-ignore: | |
- 'docs/**' | |
- '*.md' | |
- 'examples/**' | |
jobs: | |
test-all: | |
name: Test GH | |
runs-on: ubuntu-latest | |
environment: DockerHub E2E | |
steps: | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/[email protected] | |
with: | |
# this might remove tools that are actually needed, | |
# if set to "true" but frees about 6 GB | |
tool-cache: true | |
- name: Set up Go 1.x | |
uses: actions/setup-go@v3 | |
with: | |
go-version: "1.21.3" | |
- name: Check out code into the Go module directory | |
uses: actions/[email protected] | |
with: | |
path: src/github.com/${{ github.repository }} | |
fetch-depth: 0 | |
- name: Install Carvel Tools | |
uses: carvel-dev/setup-action@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
only: ytt, kapp | |
- name: Run Tests | |
env: | |
DOCKERHUB_USERNAME: k8slt | |
DOCKERHUB_ACCESS_TOKEN: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
run: | | |
set -e -x | |
minikube start --driver=docker --wait=all --mount --mount-string "$HOME:$HOME" | |
eval $(minikube docker-env --shell=bash) | |
# when this workflow runs of a pull request based on a fork, secrets are unavailable | |
# https://docs.github.com/en/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow | |
if [[ "${DOCKERHUB_ACCESS_TOKEN}" != "" ]]; then | |
# Authenticate to DockerHub to avoid test failures due to rate limiting | |
# ... for builders using Docker | |
set +x | |
echo "${DOCKERHUB_ACCESS_TOKEN}" | docker login --username "${DOCKERHUB_USERNAME}" --password-stdin | |
# ... for kubectl-buildkit | |
minikube kubectl --ssh=true -- create secret docker-registry buildkit \ | |
--docker-username="${DOCKERHUB_USERNAME}" \ | |
--docker-password="${DOCKERHUB_ACCESS_TOKEN}" | |
# ... for any other service account that pulls images from DockerHub | |
minikube kubectl --ssh=true -- create secret docker-registry dockerhub-credentials \ | |
--docker-username="${DOCKERHUB_USERNAME}" \ | |
--docker-password="${DOCKERHUB_ACCESS_TOKEN}" | |
set -x | |
else | |
echo "No DockerHub Access Token set; skipping Docker authentication. There may be rate limit errors." | |
fi | |
# Ensure that there is no existing kbld installed | |
rm -f /tmp/bin/kbld | |
cd "src/github.com/${{ github.repository }}" | |
export KBLD_E2E_SKIP_WHEN_HTTP_REGISTRY=true | |
./hack/build-binaries.sh | |
./hack/test-all-locally.sh |