-
Notifications
You must be signed in to change notification settings - Fork 82
167 lines (164 loc) · 5.92 KB
/
pull_request.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
name: Integration checks
on:
push:
branches:
- main
pull_request:
env:
FDB_VER: "6.2.29"
jobs:
lint-go:
name: Lint go code
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.22.7
- name: Get dependencies
run: curl -L --fail "https://github.com/apple/foundationdb/releases/download/${FDB_VER}/foundationdb-clients_${FDB_VER}-1_amd64.deb" -o fdb.deb
- name: Install dependencies
run: sudo dpkg -i fdb.deb
- name: Run golangci-lint
run: make fmt lint
build:
name: Build
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# With a new supported Kubernetes version we should adjust the version
# See https://kubernetes.io/releases for the current releases
kubever: [ "v1.21.1", "v1.22.0", "v1.23.0" ]
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.22.7
- name: Fetch all tags
run: git fetch --force --tags
- name: Get dependencies
env:
KIND_VER: "v0.11.1"
run: |
# Only download all dependencies
curl -L --fail "https://github.com/apple/foundationdb/releases/download/${FDB_VER}/foundationdb-clients_${FDB_VER}-1_amd64.deb" -o fdb.deb
curl -Lo kind https://kind.sigs.k8s.io/dl/${KIND_VER}/kind-linux-amd64
- name: Install dependencies
env:
KUBE_VERSION: ${{ matrix.kubever }}
run: |
# Install dependencies either from cache or freshly downloaded
sudo dpkg -i fdb.deb
# Install Kind and start a local Kind cluster.
chmod +x kind
sudo mv kind /usr/local/bin/kind
./e2e/scripts/start_kind_cluster.sh
# https://github.com/goreleaser/goreleaser/issues/1311
- name: Get current semver tag
run: echo "::set-output name=CURRENT_TAG::$(git describe --tags --match "v*" --abbrev=0)"
id: current-tag
- name: Check for uncommitted changes
env:
# Don't run any tests we run them in the next step
SKIP_TEST: "1"
GORELEASER_CURRENT_TAG: ${{ steps.current-tag.outputs.CURRENT_TAG }}
run: |
make clean all
git diff --exit-code
- name: Ensure CRD can be upgrade from main
run: |
# Install the current manifests to ensure we can apply the manifests without any issue
kubectl apply -f https://raw.githubusercontent.com/FoundationDB/fdb-kubernetes-operator/main/config/crd/bases/apps.foundationdb.org_foundationdbbackups.yaml
kubectl apply -f https://raw.githubusercontent.com/FoundationDB/fdb-kubernetes-operator/main/config/crd/bases/apps.foundationdb.org_foundationdbclusters.yaml
kubectl apply -f https://raw.githubusercontent.com/FoundationDB/fdb-kubernetes-operator/main/config/crd/bases/apps.foundationdb.org_foundationdbrestores.yaml
# Ensure that the CRDs are established
kubectl wait --for condition="established" crd --all
# Ensure we can upgrade the CRD with the current changes
make install
kubectl wait --for condition="established" crd --all
# Add additional buffer time because we do not have a strong signal on
# when the CRD updates are complete.
# TODO: Find a way to get a stronger signal on this.
sleep 60
- name: Ensure samples are in a valid format
run: |
kubectl apply -f ./config/samples --dry-run=server
testing:
name: Testing
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.22.7
- name: Fetch all tags
run: git fetch --force --tags
- name: Get dependencies
run: |
# Only download all dependencies
curl -L --fail "https://github.com/apple/foundationdb/releases/download/${FDB_VER}/foundationdb-clients_${FDB_VER}-1_amd64.deb" -o fdb.deb
- name: Install dependencies
run: |
# Install dependencies either from cache or freshly downloaded
sudo dpkg -i fdb.deb
- name: Run tests
env:
TEST_RACE_CONDITIONS: "1"
run: |
make test
build_images:
name: Build Docker images
runs-on: ubuntu-latest
strategy:
matrix:
image:
- fdb-kubernetes-operator
- fdb-data-loader
include:
- context: ./
name: foundationdb/fdb-kubernetes-operator
file: ./Dockerfile
- context: ./sample-apps/data-loader
name: foundationdb/fdb-data-loader
file: ./sample-apps/data-loader/Dockerfile
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: github.ref == 'refs/heads/main'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build image
uses: docker/build-push-action@v5
with:
build-args: |
TAG=${{ github.sha }}
push: ${{ github.ref == 'refs/heads/main' }}
context: ${{ matrix.context }}
tags: ${{ matrix.name }}:latest
file: ${{ matrix.file }}
- name: Run Trivy vulnerability scanner
if: ${{ matrix.name == 'foundationdb/fdb-kubernetes-operator' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/${{ matrix.name }}:latest"
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'