chore: automatic update sec-scanners-config.yaml (#1556) #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Post Main Workflow | |
permissions: | |
id-token: write # This is required for requesting the JWT token | |
contents: read # This is required for actions/checkout | |
on: | |
push: | |
paths-ignore: | |
- "docs/**" | |
- "**/*.md" | |
- "CODEOWNERS" | |
- "sec-scanners-config.yaml" | |
- "external-images.yaml" | |
branches: | |
- main | |
schedule: | |
- cron: '0 5 * * *' # Run every day at 05:00 AM | |
jobs: | |
build: | |
name: build api-gateway image | |
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
if: ${{ github.event_name != 'schedule' }} | |
with: | |
name: api-gateway/main/api-gateway-manager | |
dockerfile: Dockerfile | |
context: . | |
build-args: | | |
VERSION=${{ github.sha }} | |
tags: "${{ github.sha }}" | |
get-sha: | |
name: Get manager SHA | |
runs-on: ubuntu-latest | |
needs: [ build ] | |
# The additional if is required, because there are optional jobs | |
if: ${{ always() && !failure() && !cancelled() }} | |
outputs: | |
sha: ${{ steps.get-sha.outputs.sha }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- id: get-sha | |
uses: ./.github/actions/get-latest-sha | |
unit-tests: | |
name: Unit, integration tests & lint | |
if: ${{ always() && !failure() && !cancelled() }} | |
needs: [get-sha] | |
uses: ./.github/workflows/call-unit-lint.yaml | |
secrets: inherit | |
e2e-tests-k3d: | |
name: E2E tests K3D | |
runs-on: ubuntu-latest | |
needs: [get-sha] | |
# The additional if is required, because there are optional jobs | |
if: ${{ always() && !failure() && !cancelled() }} | |
strategy: | |
fail-fast: false | |
matrix: | |
test_make_target: [ "test-integration-ory", "test-integration-istio", "test-integration-v2alpha1", "test-integration-gateway" ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: ./.github/actions/e2e-test-k3d | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}" | |
test_client_id: ${{ secrets.CLIENT_ID }} | |
test_client_secret: ${{ secrets.CLIENT_SECRET }} | |
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration" | |
test_make_target: ${{ matrix.test_make_target }} | |
e2e-tests-aws: | |
name: E2E tests AWS | |
runs-on: ubuntu-latest | |
needs: [ get-sha ] | |
# The additional if is required, because there are optional jobs | |
if: ${{ always() && !failure() && !cancelled() }} | |
strategy: | |
fail-fast: false | |
matrix: | |
test_make_target: [ "test-integration-ory", "test-integration-istio", "test-integration-v2alpha1", "test-integration-gateway" ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
- uses: ./.github/actions/e2e-test-gardener | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}" | |
gardener_secret: ${{ secrets.GARDENER_TOKEN }} | |
gardener_project_name: ${{ vars.GARDENER_PROJECT_NAME }} | |
gardener_provider: aws | |
test_client_id: ${{ secrets.CLIENT_ID }} | |
test_client_secret: ${{ secrets.CLIENT_SECRET }} | |
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration" | |
test_make_target: ${{ matrix.test_make_target }} | |
migration-downtime-tests: | |
name: Zero Downtime Migration Tests | |
runs-on: ubuntu-latest | |
needs: [get-sha] | |
# The additional if is required, because there are optional jobs | |
if: ${{ always() && !failure() && !cancelled() }} | |
strategy: | |
fail-fast: false | |
matrix: | |
handler: [ "no_auth", "allow", "noop", "jwt", "oauth2_introspection" ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: ./.github/actions/e2e-test-k3d | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HANDLER: ${{ matrix.handler }} | |
with: | |
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}" | |
test_make_target: test-migration-zero-downtime-${{ matrix.handler }} | |
migration-downtime-tests-aws: | |
name: Zero Downtime Migration Tests AWS | |
runs-on: ubuntu-latest | |
needs: [ get-sha ] | |
# The additional if is required, because there are optional jobs | |
if: ${{ always() && !failure() && !cancelled() }} | |
strategy: | |
fail-fast: false | |
matrix: | |
handler: [ "no_auth", "allow", "noop", "jwt", "oauth2_introspection" ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: ./.github/actions/e2e-test-gardener | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}" | |
gardener_secret: ${{ secrets.GARDENER_TOKEN }} | |
gardener_project_name: ${{ vars.GARDENER_PROJECT_NAME }} | |
gardener_provider: aws | |
test_client_id: ${{ secrets.CLIENT_ID }} | |
test_client_secret: ${{ secrets.CLIENT_SECRET }} | |
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration" | |
test_make_target: test-migration-zero-downtime-${{ matrix.handler }} | |
upgrade-tests-k3d: | |
name: Upgrade tests | |
runs-on: ubuntu-latest | |
needs: [get-sha] | |
# The additional if is required, because there are optional jobs | |
if: ${{ always() && !failure() && !cancelled() }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: ./.github/actions/upgrade-test | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}" | |
test_client_id: ${{ secrets.CLIENT_ID }} | |
test_client_secret: ${{ secrets.CLIENT_SECRET }} | |
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration" | |
target_branch: ${{github.ref_name}} | |
e2e-custom-domain-gcp: | |
name: E2E custom domain tests GCP | |
runs-on: ubuntu-latest | |
needs: [get-sha] | |
# The additional if is required, because there are optional jobs | |
if: ${{ always() && !failure() && !cancelled() }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
- uses: ./.github/actions/e2e-test-gardener | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}" | |
gardener_secret: ${{ secrets.GARDENER_TOKEN }} | |
gardener_project_name: ${{ vars.GARDENER_PROJECT_NAME }} | |
gardener_provider: gcp | |
test_client_id: ${{ secrets.CLIENT_ID }} | |
test_client_secret: ${{ secrets.CLIENT_SECRET }} | |
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration" | |
dns_secret_json: ${{ secrets.DNS_SECRET_JSON }} | |
test_custom_domain: ${{ vars.TEST_CUSTOM_DOMAIN }} | |
test_make_target: 'test-custom-domain' | |
e2e-custom-domain-aws: | |
name: E2E custom domain tests AWS | |
runs-on: ubuntu-latest | |
needs: [get-sha] | |
# The additional if is required, because there are optional jobs | |
if: ${{ always() && !failure() && !cancelled() }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
- uses: ./.github/actions/e2e-test-gardener | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
manager_image: "europe-docker.pkg.dev/kyma-project/prod/api-gateway/main/api-gateway-manager:${{ needs.get-sha.outputs.sha }}" | |
gardener_secret: ${{ secrets.GARDENER_TOKEN }} | |
gardener_project_name: ${{ vars.GARDENER_PROJECT_NAME }} | |
gardener_provider: aws | |
test_client_id: ${{ secrets.CLIENT_ID }} | |
test_client_secret: ${{ secrets.CLIENT_SECRET }} | |
test_oidc_well_known_url: "${{ secrets.OIDC_ISSUER_URL }}/.well-known/openid-configuration" | |
dns_secret_json: ${{ secrets.DNS_SECRET_JSON }} | |
test_custom_domain: ${{ vars.TEST_CUSTOM_DOMAIN }} | |
test_make_target: 'test-custom-domain' | |
slack_failed_notification: | |
name: Slack Notification | |
runs-on: ubuntu-latest | |
if: ${{ failure() }} | |
needs: [e2e-tests-k3d, e2e-tests-aws, upgrade-tests-k3d, e2e-custom-domain-gcp, e2e-custom-domain-aws, migration-downtime-tests, migration-downtime-tests-aws] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Notify | |
uses: ./.github/actions/slack-notification-failed-workflow | |
with: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |