Skip to content

chore: document skip-deny-step and add helm parameter #785

chore: document skip-deny-step and add helm parameter

chore: document skip-deny-step and add helm parameter #785

Workflow file for this run

name: Publish
on:
- push
- workflow_dispatch
jobs:
check-dockerhub-token:
runs-on: ubuntu-latest
outputs:
HAS_DOCKERHUB_TOKEN: ${{ steps.gh-token.outputs.HAS_DOCKERHUB_TOKEN }}
steps:
- id: gh-token
env:
HAS_DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN != '' }}
run: |
echo "HAS_DOCKERHUB_TOKEN=$HAS_DOCKERHUB_TOKEN" >> $GITHUB_OUTPUT
echo "HAS_DOCKERHUB_TOKEN=$HAS_DOCKERHUB_TOKEN" >> $GITHUB_STEP_SUMMARY
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.22"
- name: install and run golangci-lint
uses: golangci/[email protected]
with:
version: v1.56.2
args: --timeout=3m
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.22"
- name: Download K8s envtest - local K8s cluster control plane
run: |
go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
mkdir -p local/envtest-bin/
setup-envtest use -p env 1.30.x --bin-dir local/envtest-bin > local/envtest-bin/env
- name: Run Unit tests @
run: |
source local/envtest-bin/env
export KUBEBUILDER_ASSETS=$(pwd)/$KUBEBUILDER_ASSETS
go test -race -covermode atomic -coverprofile=profile.cov ./...
- name: Send coverage
env:
COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
go install github.com/mattn/[email protected]
goveralls -coverprofile=profile.cov -service=github
test-helm:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: v3.5.0
- uses: actions/setup-python@v5
with:
python-version: 3.7
- name: Set up chart-testing
uses: helm/[email protected]
- uses: actions/setup-go@v5
with:
go-version: "1.22"
- uses: ko-build/[email protected]
name: Setup ko
env:
KO_DOCKER_REPO: ko.local
- name: Run ko publish
run: |
export REF=${{ github.ref}}
export COMMIT=${{ github.sha}}
ko publish ./cmd/kubelet-csr-approver/ --base-import-paths --platform=linux/amd64 --local
- name: Run chart-testing (lint)
run: ct lint --target-branch=main --check-version-increment=false --chart-dirs=charts
- name: Create kind cluster
uses: helm/[email protected]
with:
cluster_name: kind
- name: Load image
run: kind load docker-image ko.local/kubelet-csr-approver:latest
- name: Update chart values
run: |
sed -i \
-e 's|repository:.*|repository: ko.local/kubelet-csr-approver|g' \
-e 's|tag:.*|tag: latest|g' \
-e 's|providerRegex:.*|providerRegex: ^.+$|g' \
-e 's|maxExpirationSeconds:.*|maxExpirationSeconds: "86400"|g' \
-e 's|bypassDnsResolution:.*|bypassDnsResolution: true|g' \
-e 's|providerIpPrefixes:.*|providerIpPrefixes: [ '192.168.8.0/22', 'fc00::/7' ]|g' \
charts/kubelet-csr-approver/values.yaml
cat charts/kubelet-csr-approver/values.yaml
- name: Run chart-testing (install)
run: ct install --target-branch=main --chart-dirs=charts
publish-tagged:
needs:
- lint
- test
- check-dockerhub-token
if: |
startsWith(github.ref, 'refs/tags/v') &&
!github.event.pull_request.head.repo.fork &&
needs.check-dockerhub-token.outputs.HAS_DOCKERHUB_TOKEN == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.22"
- uses: ko-build/[email protected]
name: Setup ko
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: postfinance
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Run ko publish for docker.io
env:
KO_DOCKER_REPO: docker.io/postfinance
run: |
export REF=${{ github.ref}}
export COMMIT=${{ github.sha}}
export TAG=$(echo ${{ github.ref }} | cut -d "/" -f 3 - )
ko publish ./cmd/kubelet-csr-approver/ --base-import-paths --platform=linux/amd64,linux/arm64,linux/arm --tags $TAG
ko publish ./cmd/kubelet-csr-approver/ --base-import-paths --platform=linux/amd64,linux/arm64,linux/arm
- name: Log in to ghcr.io registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
- name: Run ko publish for ghcr.io/postfinance
env:
KO_DOCKER_REPO: ghcr.io/postfinance
run: |
export REF=${{ github.ref}}
export COMMIT=${{ github.sha}}
export TAG=$(echo ${{ github.ref }} | cut -d "/" -f 3 - )
ko publish ./cmd/kubelet-csr-approver/ --base-import-paths --platform=linux/amd64,linux/arm64,linux/arm --tags $TAG
ko publish ./cmd/kubelet-csr-approver/ --base-import-paths --platform=linux/amd64,linux/arm64,linux/arm
publish-helm-charts:
needs:
- lint
- test-helm
- check-dockerhub-token
if: |
startsWith(github.ref, 'refs/tags/v') &&
!github.event.pull_request.head.repo.fork &&
needs.check-dockerhub-token.outputs.HAS_DOCKERHUB_TOKEN == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.22"
- name: Install Helm
uses: azure/setup-helm@v4
with:
version: v3.5.0
- name: Prepare version
run: |
export TAG=$(echo ${{ github.ref }} | cut -d '/' -f 3 - )
export VERSION=${TAG#v}
echo TAG=${TAG} >> $GITHUB_ENV
echo VERSION=${VERSION} >> $GITHUB_ENV
echo "TAG: ${TAG}"
echo "VERSION: ${VERSION}"
- name: Run chart-releaser
uses: stefanprodan/[email protected]
with:
token: "${{ secrets.GITHUB_TOKEN }}"
app_version: "${{env.TAG}}"
chart_version: "${{env.VERSION}}"
publish-untagged:
needs:
- lint
- test
- check-dockerhub-token
if: |
github.ref == 'refs/heads/main' &&
!github.event.pull_request.head.repo.fork &&
needs.check-dockerhub-token.outputs.HAS_DOCKERHUB_TOKEN == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.22"
- uses: ko-build/[email protected]
name: Setup ko
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: postfinance
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Run ko publish for docker.io
env:
KO_DOCKER_REPO: docker.io/postfinance
run: |
export REF=${{ github.ref}}
export COMMIT=${{ github.sha}}
ko publish ./cmd/kubelet-csr-approver/ --base-import-paths --platform=linux/amd64,linux/arm64,linux/arm -t dev
- name: Log in to ghcr.io registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
- name: Run ko publish for ghcr.io/postfinance
env:
KO_DOCKER_REPO: ghcr.io/postfinance
run: |
export REF=${{ github.ref}}
export COMMIT=${{ github.sha}}
ko publish ./cmd/kubelet-csr-approver/ --base-import-paths --platform=linux/amd64,linux/arm64,linux/arm -t dev
publish-feature:
needs:
- lint
- test
- check-dockerhub-token
if: |
startsWith(github.ref, 'refs/heads/feat') &&
!github.event.pull_request.head.repo.fork &&
needs.check-dockerhub-token.outputs.HAS_DOCKERHUB_TOKEN == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.22"
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: postfinance
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: ko-build/[email protected]
name: Setup ko
- name: Run ko publish for docker.io
env:
KO_DOCKER_REPO: docker.io/postfinance
run: |
export REF=${{ github.ref}}
export COMMIT=${{ github.sha}}
export FEAT=$(echo $REF | awk -F 'feat/' '{print $2}')
ko publish ./cmd/kubelet-csr-approver/ --base-import-paths --platform=linux/amd64,linux/arm64,linux/arm -t $FEAT
- name: Log in to ghcr.io registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
- name: Run ko publish for ghcr.io/postfinance
env:
KO_DOCKER_REPO: ghcr.io/postfinance
run: |
export REF=${{ github.ref}}
export COMMIT=${{ github.sha}}
export FEAT=$(echo $REF | awk -F 'feat/' '{print $2}')
ko publish ./cmd/kubelet-csr-approver/ --base-import-paths --platform=linux/amd64,linux/arm64,linux/arm -t $FEAT