Bump gopkg.in/yaml.v3 from 3.0.0-20200615113413-eeeca48fe776 to 3.0.0 in /promotion-service #45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: builder | |
on: | |
push: | |
branches: | |
- 'main' | |
- 'release-*' | |
pull_request: | |
paths: | |
- 'git-operator/**' | |
- 'promotion-service/**' | |
branches: | |
- 'main' | |
- 'release-*' | |
env: | |
TRIVY_IGNORE_UNFIXED: true | |
TRIVY_VULN_TYPE: 'os,library' | |
TRIVY_SEVERITY: 'CRITICAL,HIGH' | |
DOCKER_ORGANIZATION: "keptnsandbox" | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
prepare_ci_run: | |
name: Prepare CI Run | |
# Prepare CI Run looks at what has been changed in this commit/PR/... and determines which artifacts should be | |
# built afterwards (in other jobs that depend on this one). | |
runs-on: ubuntu-20.04 | |
outputs: # declare what this job outputs (so it can be re-used for other jobs) | |
# build config | |
# metadata | |
GIT_SHA: ${{ steps.extract_branch.outputs.GIT_SHA }} | |
BRANCH: ${{ steps.extract_branch.outputs.BRANCH }} | |
BRANCH_SLUG: ${{ steps.extract_branch.outputs.BRANCH_SLUG }} | |
VERSION: ${{ steps.get_version.outputs.VERSION }} | |
PUSH_IMAGE: ${{ steps.get_version.outputs.PUSH_IMAGE }} | |
DATE: ${{ steps.get_datetime.outputs.DATE }} | |
TIME: ${{ steps.get_datetime.outputs.TIME }} | |
DATETIME: ${{ steps.get_datetime.outputs.DATETIME }} | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 # need to checkout "all commits" for certain features to work (e.g., get all changed files) | |
- name: Extract branch name | |
id: extract_branch | |
# see https://github.com/keptn/gh-action-extract-branch-name for details | |
uses: keptn/gh-action-extract-branch-name@main | |
- name: 'Get Previous tag' | |
id: get_previous_tag | |
uses: "WyriHaximus/github-action-get-previous-tag@v1.1" | |
with: | |
fallback: "0.0.1" | |
- name: 'Get next patch version' | |
id: get_next_semver_tag | |
uses: "WyriHaximus/github-action-next-semvers@v1.1" | |
with: | |
version: ${{ steps.get_previous_tag.outputs.tag }} | |
- name: Get the version | |
id: get_version | |
env: | |
BRANCH: ${{ steps.extract_branch.outputs.BRANCH }} | |
BRANCH_SLUG: ${{ steps.extract_branch.outputs.BRANCH_SLUG }} | |
shell: bash | |
run: | | |
# determine version | |
GIT_LAST_TAG=${{ steps.get_previous_tag.outputs.tag }} | |
GIT_NEXT_TAG=${{ steps.get_next_semver_tag.outputs.patch }} | |
echo "GIT_LAST_TAG=${GIT_LAST_TAG}, GIT_NEXT_TAG=${GIT_NEXT_TAG}" | |
if [[ "$BRANCH" == "release-"* ]]; then | |
# Release Branch: extract version from branch name | |
VERSION=${BRANCH#"release-"} | |
else | |
if [[ "$BRANCH" == "master" ]]; then | |
# master branch = latest-dev | |
VERSION="${GIT_NEXT_TAG}-dev" | |
else | |
# Feature/Development Branch - use last tag with branch slug | |
VERSION="${GIT_NEXT_TAG}-dev-${BRANCH_SLUG}" | |
fi | |
fi | |
echo "VERSION=${VERSION}" | |
echo "##[set-output name=VERSION;]$(echo ${VERSION})" | |
- name: Get current date and time | |
id: get_datetime | |
run: | | |
echo "::set-output name=DATE::$(date +'%Y%m%d')" | |
echo "::set-output name=TIME::$(date +'%H%M')" | |
echo "::set-output name=DATETIME::$(date +'%Y%m%d')$(date +'%H%M')" | |
############################################################################ | |
# Build Checks # | |
############################################################################ | |
build_checks: | |
needs: [prepare_ci_run] | |
strategy: | |
matrix: | |
component: [ "ci-connect-cli", "promotion-service", "git-operator" ] | |
runs-on: ubuntu-20.04 | |
env: | |
BRANCH: ${{ needs.prepare_ci_run.outputs.BRANCH }} | |
VERSION: ${{ needs.prepare_ci_run.outputs.VERSION }} | |
DATETIME: ${{ needs.prepare_ci_run.outputs.DATE }}${{ needs.prepare_ci_run.outputs.TIME }} | |
GIT_SHA: ${{ needs.prepare_ci_run.outputs.GIT_SHA }} | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v2 | |
- uses: actions/cache@v2 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Lint | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
version: v1.38 | |
working-directory: ${{ matrix.component }} | |
args: --timeout 120s | |
- name: Test | |
working-directory: ${{ matrix.component }} | |
run: go test ./... | |
############################################################################ | |
# Build Container Images # | |
############################################################################ | |
container_build: | |
needs: [prepare_ci_run, build_checks] | |
strategy: | |
matrix: | |
component: [ "ci-connect-cli", "promotion-service", "git-operator" ] | |
runs-on: ubuntu-20.04 | |
env: | |
BRANCH: ${{ needs.prepare_ci_run.outputs.BRANCH }} | |
VERSION: ${{ needs.prepare_ci_run.outputs.VERSION }} | |
DATETIME: ${{ needs.prepare_ci_run.outputs.DATE }}${{ needs.prepare_ci_run.outputs.TIME }} | |
GIT_SHA: ${{ needs.prepare_ci_run.outputs.GIT_SHA }} | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v2 | |
- uses: actions/cache@v2 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Login to GitHub Container Registry | |
if: (github.event_name == 'push') || (github.event.pull_request.head.repo.full_name == github.repository) | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Build | |
if: (github.event_name == 'push') || (github.event.pull_request.head.repo.full_name == github.repository) | |
id: docker_build | |
uses: docker/build-push-action@v2 | |
with: | |
context: ${{ matrix.component }}/. | |
push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release-*' }} | |
file: ${{ matrix.component }}/docker/Dockerfile | |
platforms: linux/amd64 | |
tags: | | |
${{ env.DOCKER_ORGANIZATION }}/${{ matrix.component }}:latest-dev | |
${{ env.DOCKER_ORGANIZATION }}/${{ matrix.component }}:${{ env.VERSION }} | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: '${{ env.DOCKER_ORGANIZATION }}/${{ matrix.component }}:${{ env.VERSION }}' | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: '${{ env.TRIVY_IGNORE_UNFIXED }}' | |
vuln-type: '${{ env.TRIVY_VULN_TYPE }}' | |
severity: '${{ env.TRIVY_SEVERITY }}' | |
artefact_build: | |
needs: [prepare_ci_run, build_checks] | |
name: Build binary | |
runs-on: 'ubuntu-latest' | |
strategy: | |
matrix: | |
goosarch: | |
- 'darwin/amd64' | |
- 'darwin/arm64' | |
- 'linux/amd64' | |
- 'linux/arm' | |
- 'linux/arm64' | |
- 'windows/386' | |
- 'windows/amd64' | |
- 'windows/arm' | |
component: [ "ci-connect-cli" ] | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v2.3.4 | |
- name: Install Go | |
uses: actions/setup-go@v1 | |
with: | |
go-version: 1.16 | |
- uses: actions/cache@v2 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Get OS and arch info | |
run: | | |
GOOSARCH=${{matrix.goosarch}} | |
GOOS=${GOOSARCH%/*} | |
GOARCH=${GOOSARCH#*/} | |
BINARY_NAME=${{matrix.component}}-$GOOS-$GOARCH | |
echo "BINARY_NAME=$BINARY_NAME" >> $GITHUB_ENV | |
echo "GOOS=$GOOS" >> $GITHUB_ENV | |
echo "GOARCH=$GOARCH" >> $GITHUB_ENV | |
- name: Build | |
working-directory: ${{ matrix.component }} | |
run: | | |
go build -o "$BINARY_NAME" -v | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: ${{ env.BINARY_NAME }} | |
path: ${{matrix.component}}/${{ env.BINARY_NAME }} | |
test_kubectl_deployment: | |
name: Test single kubectl deployment | |
needs: [prepare_ci_run, container_build] | |
# Prepare CI Run looks at what has been changed in this commit/PR/... and determines which artifacts should be | |
# built afterwards (in other jobs that depend on this one). | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release-*' }} | |
env: | |
VERSION: ${{ needs.prepare_ci_run.outputs.VERSION }} | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v2 | |
- name: Create k8s Kind Cluster | |
uses: helm/kind-action@v1.2.0 | |