DevFW-CICD/ingress-nginx-helm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ci pin deps (#8720)

Browse source 
* pinning deps for CI

* update all the actions and pin them

* missed one

* update helm to another action

* typo on step

* typo on step

* Update .github/workflows/ci.yaml

Co-authored-by: Jintao Zhang <tao12345666333@163.com>

Co-authored-by: Jintao Zhang <tao12345666333@163.com>
This commit is contained in:
James Strong 2022-06-23 18:55:20 -05:00 committed by GitHub
parent bb1f9deafd
commit 0f30cb04e4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 50 additions and 171 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
.github/workflows/ci.yaml vendored
View file

@ -26,9 +26,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
@ -49,7 +49,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
- name: Run Gosec Security Scanner
uses: securego/gosec@b99b5f7838e43a4104354ad92a6a1774302ee1f9 # master
@ -67,20 +67,22 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
- name: Set up Go 1.18
id: go
uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v2
uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0
with:
go-version: '1.18.2'
- name: Set up QEMU
uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 #v2.0.0
- name: Set up Docker Buildx
id: buildx
uses: crazy-max/ghaction-docker-buildx@126d331dc69f4a1aa02452e374835e6a5d565613 # v1
uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # v2.0.0
with:
buildx-version: latest
qemu-version: latest
version: latest
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
@ -111,7 +113,7 @@ jobs:
| pigz > docker.tar.gz
- name: cache
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v2
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
with:
name: docker.tar.gz
path: docker.tar.gz
@ -128,15 +130,15 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
- name: Setup Go
uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v2
uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0
with:
go-version: '1.18.2'
- name: cache
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3
with:
name: docker.tar.gz
@ -146,7 +148,7 @@ jobs:
- name: Run helm-docs
run: |
GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.8.1
GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@e91c4c3337d3bf3fdad8de1763999a5c3325567f # v1.8.1
./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts
DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md)
if [ ! -z "$DIFF" ]; then
@ -169,7 +171,7 @@ jobs:
- name: Create Kubernetes cluster
id: kind
uses: engineerd/setup-kind@v0.5.0
uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0
with:
version: v0.14.0
image: kindest/node:v1.21.12
@ -209,7 +211,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
- name: cache
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2
@ -218,7 +220,7 @@ jobs:
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
uses: engineerd/setup-kind@v0.5.0
uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0
with:
version: v0.14.0
config: test/e2e/kind.yaml
@ -230,12 +232,10 @@ jobs:
failOnError: false
- name: Prepare cluster for testing
uses: azure/setup-helm@217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba #v2.1
with:
version: 'v3.8.0'
id: local-path
run: |
kubectl version
echo
echo "installing helm 3..."
curl -sSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
- name: Load images from cache
run: |
@ -267,7 +267,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
- name: cache
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
@ -276,24 +276,22 @@ jobs:
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
uses: engineerd/setup-kind@v0.5.0
uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0
with:
version: v0.14.0
config: test/e2e/kind.yaml
image: kindest/node:${{ matrix.k8s }}
- uses: geekyeggo/delete-artifact@v1
- uses: geekyeggo/delete-artifact@a6ab43859c960a8b74cbc6291f362c7fb51829ba
with:
name: docker.tar.gz
failOnError: false
- name: Prepare cluster for testing
uses: azure/setup-helm@217bf70cbd2e930ba2e81ba7e1de2f7faecc42ba #v2.1
with:
version: 'v3.8.0'
id: local-path
run: |
kubectl version
echo
echo "installing helm 3..."
curl -sSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
- name: Load images from cache
run: |
@ -319,9 +317,9 @@ jobs:
PLATFORMS: linux/amd64,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
@ -385,9 +383,9 @@ jobs:
PLATFORMS: linux/amd64
steps:
- name: Checkout
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
@ -398,7 +396,7 @@ jobs:
- name: Create Kubernetes cluster
id: kind
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
uses: engineerd/setup-kind@v0.5.0
uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 #v0.5.0
with:
version: v0.14.0
image: kindest/node:v1.21.12
@ -406,7 +404,7 @@ jobs:
- name: Set up Go 1.18
id: go
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v2
uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0
with:
go-version: '1.18.2'

4
.github/workflows/depreview.yaml vendored
View file

@ -9,6 +9,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2
- name: 'Dependency Review'
uses: actions/dependency-review-action@v2
uses: actions/dependency-review-action@1c59cdf2a9c7f29c90e8da32237eb04b81bad9f0 #v2.0.2

9
.github/workflows/docs.yaml vendored
View file

@ -5,6 +5,9 @@ on:
branches:
- main
permissions:
contents: read
jobs:
changes:
@ -21,9 +24,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
@ -46,7 +49,7 @@ jobs:
steps:
- name: Checkout master
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2
- name: Deploy
uses: ./.github/actions/mkdocs

9
.github/workflows/helm.yaml vendored
View file

@ -6,6 +6,9 @@ on:
- main
- legacy
permissions:
contents: read
jobs:
changes:
@ -22,9 +25,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 # v2.10.2
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
@ -49,7 +52,7 @@ jobs:
steps:
- name: Checkout master
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
with:
# Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
fetch-depth: 0

3
.github/workflows/perftest.yaml vendored
View file

@ -9,6 +9,9 @@ on:
tags:
description: 'K6 Load Test'
permissions:
contents: read
jobs:
k6_test_run:
runs-on: ubuntu-latest

128
.github/workflows/release.txt vendored
View file

@ -1,128 +0,0 @@
name: Release
on:
watch:
types: [started]
jobs:
release:
runs-on: ubuntu-latest
if: github.actor == 'aledbf'
steps:
- name: Checkout master
uses: actions/checkout@v2
- name: Set up Go 1.14
uses: actions/setup-go@master
with:
go-version: 1.14
- name: Build krew plugin
shell: bash
run: |
export PATH=${PATH}:`go env GOPATH`/bin
make build-plugin
# - name: Build and publish images
# shell: bash
# run: |
# cat <<EOF | > build/images/nginx/aws.tfvars
# access_key = "${{ secrets.AWS_ACCESS_KEY }}"
# secret_key = "${{ secrets.AWS_ACCESS_SECRET_KEY }}"
# EOF
#
# cat <<EOF | > build/images/nginx/env.tfvars
# docker_username="${{ secrets.DOCKER_USERNAME }}"
# docker_password="${{ secrets.DOCKER_PASSWORD }}"
# EOF
#
# ./build/build-ingress-controller.sh
- name: Create env variables
shell: bash
run: |
# $(cat cmd/plugin/release/ingress-nginx.yaml)
echo "::set-env name=RELEASE_VERSION::$(make show-version)"
echo "::set-env name=RELEASE_CHANGELOG::##CHANGELOG##"
- name: Create release
id: create_release
uses: actions/create-release@v1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/controller')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: controller-${{ env.RELEASE_VERSION }}
release_name: "NGINX: ${{ env.RELEASE_VERSION }}"
body: |
**Image:** `quay.io/kubernetes-ingress-controller/nginx-ingress-controller:${{ env.RELEASE_VERSION }}`
${{ env.RELEASE_CHANGELOG }}
Complete changelog [here](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md)
draft: false
prerelease: false
- name: Upload krew plugin Darwin
uses: actions/upload-release-asset@v1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/controller')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: cmd/plugin/release/kubectl-ingress_nginx-darwin-amd64.tar.gz
asset_name: kubectl-ingress_nginx-darwin-amd64.tar.gz
asset_content_type: application/tar+gzip
- name: Upload krew plugin Linux
uses: actions/upload-release-asset@v1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/controller')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: cmd/plugin/release/kubectl-ingress_nginx-linux-amd64.tar.gz
asset_name: kubectl-ingress_nginx-linux-amd64.tar.gz
asset_content_type: application/tar+gzip
- name: Upload krew plugin Windows
uses: actions/upload-release-asset@v1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/controller')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: cmd/plugin/release/kubectl-ingress_nginx-windows-amd64.tar.gz
asset_name: kubectl-ingress_nginx-windows-amd64.tar.gz
asset_content_type: application/tar+gzip
- name: Upload krew plugin
uses: actions/upload-release-asset@v1
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/controller')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: cmd/plugin/release/ingress-nginx.yaml
asset_name: ingress-nginx.yaml
asset_content_type: text/x-yaml
- name: Create KREW_PLUGIN_BODY_PR env variable
shell: bash
run: |
echo "::set-env name=KREW_PLUGIN_BODY_PR::$(cat cmd/plugin/release/ingress-nginx.yaml)"
# - name: Open PR for new release of Krew Plugin
# uses: gha-utilities/init-pull-request@v0.1.2
# env:
# GITHUB_REPOSITORY: maintainer/repo-name
# with:
# verbose: true
# draft: false
# pull_request_token: ${{ secrets.GITHUB_TOKEN }}
# head: ingress-nginx:krew
# base: krew
# title: 'Update ingress-nginx krew plugin to ${{ env.RELEASE_VERSION }}'
# body: |
# ${{ env.KREW_PLUGIN_BODY_PR }}