Skip to content

feat: support caCerts in secrets #11243

feat: support caCerts in secrets

feat: support caCerts in secrets #11243

Workflow file for this run

name: Build and Test
on:
push:
branches:
- "main"
- "release/v*"
paths-ignore:
- "**/*.png"
pull_request:
branches:
- "main"
- "release/v*"
paths-ignore:
- "**/*.png"
permissions:
contents: read
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ./tools/github-actions/setup-deps
# Generate the installation manifests first, so it can check
# for errors while running `make -k lint`
- run: IMAGE_PULL_POLICY=Always make generate-manifests
- run: make lint-deps
- run: make -k lint
gen-check:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ./tools/github-actions/setup-deps
- run: make -k gen-check
license-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ./tools/github-actions/setup-deps
- run: make -k licensecheck
coverage-test:
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout
id-token: write # for fetching OIDC token
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ./tools/github-actions/setup-deps
# test
- name: Run Coverage Tests
run: make go.test.coverage
- name: Upload coverage to Codecov
uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1
with:
fail_ci_if_error: true
files: ./coverage.xml
name: codecov-envoy-gateway
verbose: true
use_oidc: true
build:
runs-on: ubuntu-latest
needs: [lint, gen-check, license-check, coverage-test]
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ./tools/github-actions/setup-deps
- name: Build EG Multiarch Binaries
run: make build-multiarch PLATFORMS="linux_amd64 linux_arm64"
- name: Upload EG Binaries
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: envoy-gateway
path: bin/
conformance-test:
runs-on: ubuntu-latest
needs: [build]
strategy:
matrix:
version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ]
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ./tools/github-actions/setup-deps
- name: Download EG Binaries
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: envoy-gateway
path: bin/
- name: Give Privileges To EG Binaries
run: |
chmod +x bin/linux/amd64/envoy-gateway
chmod +x bin/linux/arm64/envoy-gateway
# conformance
- name: Run Standard Conformance Tests
env:
KIND_NODE_TAG: ${{ matrix.version }}
IMAGE_PULL_POLICY: IfNotPresent
run: make conformance
e2e-test:
runs-on: ubuntu-latest
needs: [build]
strategy:
matrix:
version: [ v1.26.14, v1.27.11, v1.28.7, v1.29.2 ]
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ./tools/github-actions/setup-deps
- name: Download EG Binaries
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: envoy-gateway
path: bin/
- name: Give Privileges To EG Binaries
run: |
chmod +x bin/linux/amd64/envoy-gateway
chmod +x bin/linux/arm64/envoy-gateway
# E2E
- name: Run E2E Tests
env:
KIND_NODE_TAG: ${{ matrix.version }}
IMAGE_PULL_POLICY: IfNotPresent
run: make e2e
publish:
runs-on: ubuntu-latest
needs: [conformance-test, e2e-test]
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ./tools/github-actions/setup-deps
- name: Download EG Binaries
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: envoy-gateway
path: bin/
- name: Give Privileges To EG Binaries
run: |
chmod +x bin/linux/amd64/envoy-gateway
chmod +x bin/linux/arm64/envoy-gateway
# build and push image
- name: Login to DockerHub
if: github.event_name == 'push'
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Setup Multiarch Environment
if: github.event_name == 'push'
run: make image.multiarch.setup
- name: Build and Push EG Commit Image
if: github.event_name == 'push'
# tag is set to the short SHA of the commit
run: make image.push.multiarch PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev
- name: Build and Push EG Latest Image
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
# tag is set to `latest` when pushing to main branch
run: make image.push.multiarch TAG=latest PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev
- name: Build and Push EG Latest Helm Chart
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
# use `0.0.0` as the default latest version.
# use `Always` image pull policy for latest version.
run: IMAGE_PULL_POLICY=Always OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=v0.0.0-latest TAG=latest make helm-package helm-push