Merge pull request #304 from turkenf/vulnerability-fix-0.19 #684
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-FileCopyrightText: 2024 The Crossplane Authors <https://crossplane.io> | |
# | |
# SPDX-License-Identifier: CC0-1.0 | |
name: CI | |
on: | |
push: | |
branches: | |
- main | |
- release-* | |
pull_request: {} | |
workflow_dispatch: {} | |
env: | |
GO_VERSION: "1.22" | |
jobs: | |
detect-noop: | |
runs-on: ubuntu-latest | |
outputs: | |
noop: ${{ steps.noop.outputs.should_skip }} | |
steps: | |
- name: Detect No-op Changes | |
id: noop | |
uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1 | |
with: | |
paths_ignore: '["**.md", "**.png", "**.jpg"]' | |
do_not_skip: '["workflow_dispatch", "schedule", "push"]' | |
report-breaking-changes: | |
runs-on: ubuntu-latest | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
submodules: true | |
- name: Get modified CRDs | |
id: modified-crds | |
uses: tj-actions/changed-files@b2d17f51244a144849c6b37a3a6791b98a51d86f # v35.9.2 (breaks the 'Report native schema version changes' step on newer versions) | |
with: | |
files: | | |
package/crds/** | |
- name: Report breaking CRD OpenAPI v3 schema changes | |
if: steps.modified-crds.outputs.any_changed == 'true' | |
env: | |
MODIFIED_CRD_LIST: ${{ steps.modified-crds.outputs.all_changed_files }} | |
run: | | |
make crddiff | |
lint: | |
runs-on: ubuntu-latest | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Cleanup Disk | |
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 | |
with: | |
large-packages: false | |
swap-storage: false | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
submodules: true | |
- name: Setup Go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Find the Analysis Cache | |
id: analysis_cache | |
run: | | |
echo "analysis_cache=$HOME/.cache/golangci-lint" >> $GITHUB_OUTPUT && \ | |
echo "analysis_cache_key=$(make go.lint.analysiskey)" >> $GITHUB_OUTPUT && \ | |
echo "analysis_cache_key_int=$(make go.lint.analysiskey-interval)" >> $GITHUB_OUTPUT | |
- name: Cache Linter Analysis | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 | |
id: cache-analysis | |
with: | |
path: ${{ steps.analysis_cache.outputs.analysis_cache }} | |
key: ${{ steps.analysis_cache.outputs.analysis_cache_key }} | |
restore-keys: | | |
${{ steps.analysis_cache.outputs.analysis_cache_key_int }} | |
- name: Vendor Dependencies | |
run: make vendor vendor.check | |
- name: Lint | |
env: | |
GOLANGCI_LINT_CACHE: ${{ steps.go_cache.outputs.analysis_cache }} | |
SKIP_LINTER_ANALYSIS: false | |
RUN_BUILDTAGGER: true | |
GOGC: "50" | |
run: make lint | |
check-diff: | |
runs-on: ubuntu-latest | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Cleanup Disk | |
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 | |
with: | |
large-packages: false | |
swap-storage: false | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
submodules: true | |
- name: Setup Go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Install goimports | |
run: go install golang.org/x/tools/cmd/goimports | |
- name: Vendor Dependencies | |
run: make vendor vendor.check | |
- name: Check Diff | |
id: check-diff | |
run: | | |
mkdir _output | |
make check-diff | |
env: | |
# check-diff depends on the generate Make target, and we would like | |
# to save a skipped resource list | |
SKIPPED_RESOURCES_CSV: ../_output/skipped_resources.csv | |
- name: Show diff | |
if: failure() && steps.check-diff.outcome == 'failure' | |
run: git diff | |
- name: Publish skipped resources CSV to Github | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: skipped_resources | |
path: _output/skipped_resources.csv | |
unit-tests: | |
runs-on: ubuntu-latest | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Cleanup Disk | |
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 | |
with: | |
large-packages: false | |
swap-storage: false | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
submodules: true | |
- name: Fetch History | |
run: git fetch --prune --unshallow | |
- name: Setup Go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Vendor Dependencies | |
run: make vendor vendor.check | |
- name: Run Unit Tests | |
run: make -j2 test | |
local-deploy: | |
runs-on: ubuntu-latest | |
needs: detect-noop | |
if: needs.detect-noop.outputs.noop != 'true' | |
steps: | |
- name: Cleanup Disk | |
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 | |
with: | |
large-packages: false | |
swap-storage: false | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
submodules: true | |
- name: Fetch History | |
run: git fetch --prune --unshallow | |
- name: Setup Go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Vendor Dependencies | |
run: make vendor vendor.check | |
- name: Deploying locally built provider package | |
run: make local-deploy | |
check-examples: | |
runs-on: ubuntu-latest | |
needs: detect-noop | |
if: ${{ needs.detect-noop.outputs.noop != 'true' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
submodules: true | |
- name: Check Example Manifests | |
run: | | |
./scripts/check-examples.py package/crds examples |