-
Notifications
You must be signed in to change notification settings - Fork 16
416 lines (400 loc) · 14.6 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
name: CI
on:
push:
branches:
- '**'
- '!dependabot/**'
tags:
- '**'
pull_request: {}
jobs:
unit-ubuntu:
env:
TANZU_CLI_NO_INIT: true
TANZU_HOME: $HOME/tanzu
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: 1.20.x
- name: Grype scan
run: |
echo "##[group]Install grype"
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
echo "##[endgroup]"
echo "##[group]Scan source ."
grype dir:. --exclude ./hack,./vendor --exclude '**/testdata/**'
echo "##[endgroup]"
- name: Install tanzu cli
run: |
TANZU_VERSION=$(cat TANZU_VERSION)
mkdir -p ${TANZU_HOME}
curl -Lo tanzu-framework.tar.gz https://github.com/vmware-tanzu/tanzu-cli/releases/download/${TANZU_VERSION}/tanzu-cli-linux-amd64.tar.gz
tar -xzf tanzu-framework.tar.gz -C ${TANZU_HOME}
sudo mv ${TANZU_HOME}/${TANZU_VERSION}/tanzu-cli-linux_amd64 /usr/local/bin/tanzu
chmod +x /usr/local/bin/tanzu
tanzu config eula accept
tanzu version
tanzu plugin source init
tanzu plugin install builder --version ${TANZU_VERSION}
tanzu plugin list
- name: Scan Inclusive Terminology
uses: get-woke/woke-action@v0
with:
fail-on-error: true
woke-args: -c https://via.vmw.com/its-woke-rules
- name: Test
run: make test
- name: Codecov
uses: codecov/codecov-action@v3.1.4
- name: Build Version
run: echo "PLUGIN_BUILD_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
if: startsWith(github.ref, 'refs/tags/')
- name: Build
run: make plugin-build
- uses: actions/upload-artifact@v3
with:
name: tanzu-apps-plugin.tar.gz
path: ./artifacts/tanzu-apps-plugin*.tar.gz
retention-days: 1
- name: Install
run: |
if [[ -z ${PLUGIN_BUILD_VERSION} ]]; then
PLUGIN_BUILD_SHA_SHORT=$(git rev-parse --short HEAD)
PLUGIN_BUILD_VERSION=$(cat APPS_PLUGIN_VERSION)-dev-$PLUGIN_BUILD_SHA_SHORT
fi
echo $PLUGIN_BUILD_VERSION
tanzu plugin install apps --version $PLUGIN_BUILD_VERSION --local ./artifacts/plugins/linux/amd64
- name: Verify docs
run: |
rm -rf docs/command-reference
tanzu apps docs --directory docs/command-reference
git diff --exit-code docs
continue-on-error: true
unit-windows:
env:
TANZU_CLI_NO_INIT: true
TANZU_HOME: c:/Program\ Files/tanzu
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: 1.20.x
- name: Install tanzu cli
run: |
$TANZU_VERSION = type .\TANZU_VERSION
mkdir "C:\Program Files\tanzu"
$Env:PATH += ";C:\Program Files\tanzu"
$TANZU_HOME = "C:\Program Files\tanzu"
$Env:TANZU_CLI_NO_INIT = "true"
curl -Lo tanzu-framework-windows-amd64.zip https://github.com/vmware-tanzu/tanzu-cli/releases/download/$TANZU_VERSION/tanzu-cli-windows-amd64.zip
tar -xf tanzu-framework-windows-amd64.zip
cp "$TANZU_VERSION\tanzu-cli-windows_amd64.exe" "C:\Program Files\tanzu\tanzu.exe"
tanzu config eula accept
tanzu plugin source init
tanzu plugin install builder --version ${TANZU_VERSION}
tanzu plugin list
- name: Test
run: |
$Env:PATH += ";C:\Program Files\tanzu"
make test
- name: Build
run: |
$Env:PATH += ";C:\Program Files\tanzu"
make plugin-build
- name: Install
run: |
$Env:PATH += ";C:\Program Files\tanzu"
$PLUGIN_BUILD_SHA_SHORT=git rev-parse --short HEAD
$APP_PLUGIN_VERSION=type .\APPS_PLUGIN_VERSION
$PLUGIN_BUILD_VERSION=$APP_PLUGIN_VERSION+'-dev-'+$PLUGIN_BUILD_SHA_SHORT
tanzu plugin install apps --version $PLUGIN_BUILD_VERSION --local ./artifacts/plugins/windows/amd64
unit-macos:
env:
TANZU_CLI_NO_INIT: true
TANZU_HOME: $HOME/tanzu
runs-on: macos-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: 1.20.x
- name: Install tanzu cli
run: |
TANZU_VERSION=$(cat TANZU_VERSION)
TANZU_HOME=$HOME/tanzu
mkdir -p $HOME/tanzu
curl -Lo tanzu-framework.tar.gz https://github.com/vmware-tanzu/tanzu-cli/releases/download/${TANZU_VERSION}/tanzu-cli-darwin-amd64.tar.gz
tar -xzf tanzu-framework.tar.gz -C ${TANZU_HOME}
sudo mv ${TANZU_HOME}/${TANZU_VERSION}/tanzu-cli-darwin_amd64 /usr/local/bin/tanzu
chmod +x /usr/local/bin/tanzu
tanzu config eula accept
tanzu plugin source init
tanzu plugin install builder --version ${TANZU_VERSION}
tanzu plugin list
- name: Test
run: make test
- name: Build Version
run: echo "PLUGIN_BUILD_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
if: startsWith(github.ref, 'refs/tags/')
- name: Build
run: make plugin-build
- name: Install
run: |
if [[ -z ${PLUGIN_BUILD_VERSION} ]]; then
PLUGIN_BUILD_SHA_SHORT=$(git rev-parse --short HEAD)
PLUGIN_BUILD_VERSION=$(cat APPS_PLUGIN_VERSION)-dev-$PLUGIN_BUILD_SHA_SHORT
fi
echo $PLUGIN_BUILD_VERSION
tanzu plugin install apps --version $PLUGIN_BUILD_VERSION --local ./artifacts/plugins/darwin/amd64
acceptance:
needs: [unit-ubuntu, unit-windows, unit-macos]
runs-on: ubuntu-latest
strategy:
matrix:
k8s:
- 1.22.7
- 1.23.5
- 1.24.6
- 1.25.2
- 1.26.0
- 1.27.2
env:
REGISTRY_NAME: registry.local
REGISTRY_USERNAME: ruser
REGISTRY_PASSWORD: rpass
BUNDLE: registry.local/integration-test/hellojar:source
TANZU_CLI_NO_INIT: true
TANZU_HOME: $HOME/tanzu
OS_ARCH: linux-amd64
steps:
- uses: actions/checkout@v3
- uses: vmware-tanzu/carvel-setup-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/setup-go@v4
with:
go-version: 1.20.x
- name: Download plugin bundle
uses: actions/download-artifact@v3
with:
name: tanzu-apps-plugin.tar.gz
- name: Install tanzu cli
run: |
TANZU_VERSION=$(cat TANZU_VERSION)
mkdir -p ${TANZU_HOME}
curl -Lo tanzu-framework.tar.gz https://github.com/vmware-tanzu/tanzu-cli/releases/download/${TANZU_VERSION}/tanzu-cli-linux-amd64.tar.gz
tar -xzf tanzu-framework.tar.gz -C ${TANZU_HOME}
sudo mv ${TANZU_HOME}/${TANZU_VERSION}/tanzu-cli-linux_amd64 /usr/local/bin/tanzu
chmod +x /usr/local/bin/tanzu
tanzu config eula accept
- name: Build dev version
run: |
PLUGIN_BUILD_SHA_SHORT=$(git rev-parse --short HEAD)
echo "PLUGIN_BUILD_VERSION=$(cat APPS_PLUGIN_VERSION)-dev-$PLUGIN_BUILD_SHA_SHORT" >> $GITHUB_ENV
echo $PLUGIN_BUILD_VERSION
if: startsWith(github.ref, 'refs/tags/') != true
- name: Build tag version
run: echo "PLUGIN_BUILD_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
if: startsWith(github.ref, 'refs/tags/')
- name: Install apps plugin
run: |
set -o errexit
set -o nounset
set -o pipefail
set -u
tar -xvf tanzu-apps-plugin.tar.gz
tanzu plugin install apps --local ./linux/amd64 --version ${PLUGIN_BUILD_VERSION:-v0.0.0-dev}
- name: Generate certs
run: |
set -o errexit
set -o nounset
set -o pipefail
CERT_DIR=$(mktemp -d -t certs.XXXX)
echo "CERT_DIR=$CERT_DIR" >> $GITHUB_ENV
echo "##[group]Install cfssl"
go install github.com/cloudflare/cfssl/cmd/cfssl@v1.6.2
go install github.com/cloudflare/cfssl/cmd/cfssljson@v1.6.2
echo "##[endgroup]"
echo "##[group]Generate CA"
cfssl gencert -initca ./.github/tls/root-csr.json \
| cfssljson -bare ${CERT_DIR}/root-ca
cfssl gencert -ca ${CERT_DIR}/root-ca.pem -ca-key ${CERT_DIR}/root-ca-key.pem \
-config=".github/tls/config.json" \
-profile="intermediate" ./.github/tls/intermediate-csr.json \
| cfssljson -bare ${CERT_DIR}/signing-ca
cat ${CERT_DIR}/signing-ca.pem ${CERT_DIR}/root-ca.pem > ${CERT_DIR}/ca.pem
echo "##[endgroup]"
echo "##[group]Install CA"
# https://ubuntu.com/server/docs/security-trust-store
sudo apt-get install -y ca-certificates
echo "##[endgroup]"
echo "##[group]Generate cert"
cfssl gencert -ca ${CERT_DIR}/signing-ca.pem -ca-key ${CERT_DIR}/signing-ca-key.pem \
-config=".github/tls/config.json" \
-profile="server" \
-hostname="${REGISTRY_NAME},local-registry" \
.github/tls/server-csr.json \
| cfssljson -bare ${CERT_DIR}/server
echo "##[endgroup]"
- name: Setup local registry
run: |
set -o errexit
set -o nounset
set -o pipefail
# Create password file
REGISTRY_HTPWD=$(mktemp -d -t htpwd.XXXX)
docker run \
--entrypoint htpasswd \
httpd:2 -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} > ${REGISTRY_HTPWD}/htpasswd
# Run a registry.
docker run -d \
--restart=always \
--name local-registry \
-v ${CERT_DIR}:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.pem \
-e REGISTRY_HTTP_TLS_KEY=/certs/server-key.pem \
-p "443:443" \
registry:2
# Make the $REGISTRY_NAME -> local-registry
echo "$(hostname -I | cut -d' ' -f1) $REGISTRY_NAME" | sudo tee -a /etc/hosts
- name: Install kind
run: |
cd $(mktemp -d -t kind.XXXX)
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.16.0/kind-$(go env GOHOSTOS)-$(go env GOHOSTARCH)
chmod +x ./kind
sudo mv ./kind /usr/local/bin
cd -
- name: Create Cluster
run: |
set -o errexit
set -o nounset
set -o pipefail
# KinD configuration.
# create a cluster with the local registry enabled in containerd
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."${REGISTRY_NAME}"]
endpoint = ["https://local-registry"]
- |-
[plugins."io.containerd.grpc.v1.cri".registry.configs."local-registry".tls]
ca_file = "/etc/docker/certs.d/local-registry/ca.pem"
nodes:
- role: control-plane
image: kindest/node:v${{ matrix.k8s }}
extraMounts:
- containerPath: /etc/docker/certs.d/local-registry
hostPath: ${CERT_DIR}
EOF
# connect the registry to the cluster network
docker network connect kind local-registry
# Document the local registry
# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry wokeignore:rule=master
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
name: local-registry-hosting
namespace: kube-public
data:
localRegistryHosting.v1: |
host: "localhost"
help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
EOF
- name: Deploy Cartographer
run: |
set -o errexit
set -o nounset
set -o pipefail
echo "##[group]Apply cartographer"
kubectl create namespace cartographer-system
kapp deploy -y -a cartographer -n kube-system -f ./acceptance/vendor/cartographer/
echo "##[endgroup]"
- name: Integration test
run: |
set -o errexit
set -o nounset
set -o pipefail
echo "##[group]Integration Test"
make integration-test
echo "##[endgroup]"
continue-on-error: false
- name: Delete Gracefully
run: |
set -o errexit
set -o nounset
set -o pipefail
echo "##[group]Delete workload"
printf 'y' | tanzu apps workload delete petclinic
echo "##[endgroup]"
echo "##[group]Delete cartographer"
kapp delete -y -a cartographer -n kube-system
kubectl delete namespace cartographer-system
echo "##[endgroup]"
if: always()
- name: Cleanup cluster
run: kind delete cluster
if: always()
create-release:
needs:
- unit-ubuntu
- unit-windows
- unit-macos
- acceptance
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
- name: Get the version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
- name: Draft release
id: create_release
uses: actions/create-release@v1.1.4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ steps.get_version.outputs.VERSION }}
draft: true
- name: Create release info files
run: |
echo "${{ steps.get_version.outputs.VERSION }}" > RELEASE_INFO_VERSION
echo "${{ steps.create_release.outputs.upload_url }}" > RELEASE_INFO_UPLOAD_URL
- name: Upload release files
uses: actions/upload-artifact@v3
with:
name: tanzu-apps-plugin.tar.gz
path: RELEASE_INFO_*
retention-days: 1
release:
needs:
- create-release
if: startsWith(github.ref, 'refs/tags/')
strategy:
matrix:
os-arch: ["", -darwin-amd64, -linux-amd64, -windows-amd64]
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Download staged CLI binaries${{ matrix.os-arch }}
uses: actions/download-artifact@v3
with:
name: tanzu-apps-plugin.tar.gz
- name: Get release info
run: |
echo "RELEASE_VERSION=$(cat RELEASE_INFO_VERSION)" >> $GITHUB_ENV
echo "UPLOAD_URL=$(cat RELEASE_INFO_UPLOAD_URL)" >> $GITHUB_ENV
- name: Upload CLI release${{ matrix.os-arch }}
uses: actions/upload-release-asset@v1.0.2
with:
upload_url: ${{ env.UPLOAD_URL }}
asset_path: tanzu-apps-plugin${{ matrix.os-arch }}.tar.gz
asset_name: tanzu-apps-plugin${{ matrix.os-arch }}-${{ env.RELEASE_VERSION }}.tar.gz
asset_content_type: application/gzip