ci: bump Gatekeeper matrix #3852
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build-pr | |
on: | |
pull_request_target: | |
types: [labeled] | |
pull_request: | |
branches: | |
- main | |
- 1.0.0* | |
push: | |
branches: | |
- 1.0.0* | |
- main | |
workflow_dispatch: | |
permissions: read-all | |
jobs: | |
check-license: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- name: Check license header | |
uses: apache/skywalking-eyes/header@a790ab8dd23a7f861c18bd6aaa9b012e3a234bce | |
with: | |
mode: check | |
config: .github/licenserc.yml | |
- name: Check dependencies license | |
uses: apache/skywalking-eyes/dependency@a790ab8dd23a7f861c18bd6aaa9b012e3a234bce | |
with: | |
config: .github/licenserc.yml | |
flags: | |
--weak-compatible=true | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- name: setup go environment | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version: "1.20" | |
- name: Run tidy | |
run: go mod tidy | |
- name: Build CLI | |
run: make | |
- name: Check build | |
run: bin/ratify version | |
- name: Upload coverage to codecov.io | |
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 | |
- name: Run helm lint | |
run: helm lint charts/ratify | |
build_test_cli: | |
name: "Build and run tests for CLI" | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: setup go environment | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version: "1.20" | |
- name: Run tidy | |
run: go mod tidy | |
- name: Build CLI | |
run: make | |
- name: Check build | |
run: bin/ratify version | |
- name: Test CLI | |
run: | | |
make install ratify-config install-bats | |
make test-e2e-cli LOCAL_REGISTRY_IMAGE=registry GOCOVERDIR=${GITHUB_WORKSPACE}/test/e2e/.cover | |
- name: Upload coverage to codecov.io | |
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 | |
build_test_e2e: | |
name: "Build and run e2e Test" | |
runs-on: ubuntu-latest | |
timeout-minutes: 35 | |
continue-on-error: true | |
permissions: | |
contents: read | |
strategy: | |
matrix: | |
KUBERNETES_VERSION: ["1.26.10", "1.27.7"] | |
GATEKEEPER_VERSION: ["3.12.0", "3.13.0", "3.14.0"] | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Set up Go 1.20 | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version: '1.20' | |
- name: Bootstrap e2e | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
make e2e-bootstrap KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }} | |
make generate-certs | |
- name: Run e2e with config policy | |
run: | | |
make e2e-deploy-gatekeeper GATEKEEPER_VERSION=${{ matrix.GATEKEEPER_VERSION }} | |
make e2e-deploy-ratify GATEKEEPER_VERSION=${{ matrix.GATEKEEPER_VERSION }} | |
make test-e2e GATEKEEPER_VERSION=${{ matrix.GATEKEEPER_VERSION }} | |
- name: Save logs | |
if: ${{ always() }} | |
run: | | |
kubectl logs -n gatekeeper-system -l app=ratify --tail=-1 > logs-ratify-preinstall-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}-config-policy.json | |
kubectl logs -n gatekeeper-system -l app.kubernetes.io/name=ratify --tail=-1 > logs-ratify-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}-config-policy.json | |
- name: Run e2e with Rego policy | |
run: | | |
make deploy-rego-policy | |
make test-e2e | |
- name: Save logs | |
if: ${{ always() }} | |
run: | | |
kubectl logs -n gatekeeper-system -l control-plane=controller-manager --tail=-1 > logs-externaldata-controller-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}.json | |
kubectl logs -n gatekeeper-system -l control-plane=audit-controller --tail=-1 > logs-externaldata-audit-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}.json | |
kubectl logs -n gatekeeper-system -l app=ratify --tail=-1 > logs-ratify-preinstall-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}-rego-policy.json | |
kubectl logs -n gatekeeper-system -l app.kubernetes.io/name=ratify --tail=-1 > logs-ratify-${{ matrix.KUBERNETES_VERSION }}-${{ matrix.GATEKEEPER_VERSION }}-rego-policy.json | |
- name: Upload artifacts | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
if: ${{ always() }} | |
with: | |
name: e2e-logs | |
path: | | |
logs-*.json | |
build_test_aks_e2e: | |
name: "Build and run e2e Test on AKS" | |
env: | |
AZURE_CLIENT_ID: 814e6e97-120c-4534-b8a9-f1645bc99500 | |
AZURE_TENANT_ID: 72f988bf-86f1-41af-91ab-2d7cd011db47 | |
AZURE_SUBSCRIPTION_ID: daae1e1a-63dc-454f-825d-b39289070f79 | |
runs-on: ubuntu-latest | |
if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'workflow_dispatch' || github.event_name == 'push' | |
timeout-minutes: 30 | |
continue-on-error: true | |
permissions: | |
id-token: write | |
contents: read | |
strategy: | |
matrix: | |
KUBERNETES_VERSION: ["1.26.10", "1.27.7"] | |
GATEKEEPER_VERSION: ["3.12.0", "3.13.0", "3.14.0"] | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Set up Go 1.20 | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version: '1.20' | |
- name: Az CLI login | |
uses: azure/login@4c88f01b0e3a5600e08a37889921afd060f75cf0 # v1.5.0 | |
with: | |
creds: '{"clientId":"${{ env.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ env.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ env.AZURE_TENANT_ID }}"}' | |
- name: Dependencies e2e | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
make e2e-docker-credential-store-setup | |
make e2e-dependencies | |
- name: Run e2e on Azure | |
run: | | |
make e2e-aks KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }} GATEKEEPER_VERSION=${{ matrix.GATEKEEPER_VERSION }} TENANT_ID=${{ env.AZURE_TENANT_ID }} | |
- name: Upload artifacts | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
if: ${{ always() }} | |
with: | |
name: e2e-logs | |
path: | | |
logs-*.json | |
markdown-link-check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: recursive | |
- name: Run link check | |
uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec #3.10.3 | |
with: | |
use-quiet-mode: 'no' | |
use-verbose-mode: 'yes' | |
config-file: '.github/workflows/markdown.links.config.json' | |
folder-path: 'docs/' | |
test-cleanup: | |
env: | |
AZURE_SUBSCRIPTION_ID: daae1e1a-63dc-454f-825d-b39289070f79 | |
AZURE_CLIENT_ID: 814e6e97-120c-4534-b8a9-f1645bc99500 | |
AZURE_TENANT_ID: 72f988bf-86f1-41af-91ab-2d7cd011db47 | |
needs: ['build_test_aks_e2e'] | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Set up Go 1.20 | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version: '1.20' | |
- name: Az CLI login | |
uses: azure/login@4c88f01b0e3a5600e08a37889921afd060f75cf0 # v1.5.0 | |
with: | |
creds: '{"clientId":"${{ env.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ env.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ env.AZURE_TENANT_ID }}"}' | |
- name: clean up | |
run: | | |
make e2e-cleanup AZURE_SUBSCRIPTION_ID=${{ env.AZURE_SUBSCRIPTION_ID }} |