From 2f0cbae629ddab52f080a7fdb41fae388522d80b Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Sun, 7 Jan 2024 21:41:23 +0000 Subject: [PATCH] Reuse workflow CI --- .github/workflows/ci.yaml | 286 ++----------------------- .github/workflows/golangci-lint.yml | 9 +- .github/workflows/images.yaml | 172 +++++++++++++++ .github/workflows/zz-tmpl-images.yaml | 36 ++++ .github/workflows/zz-tmpl-k8s-e2e.yaml | 57 +++++ images/cfssl/rootfs/Dockerfile | 2 +- 6 files changed, 287 insertions(+), 275 deletions(-) create mode 100644 .github/workflows/images.yaml create mode 100644 .github/workflows/zz-tmpl-images.yaml create mode 100644 .github/workflows/zz-tmpl-k8s-e2e.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 750de5203..14dabf580 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,6 +8,7 @@ on: - 'docs/**' - 'deploy/**' - '**.md' + - 'images/**' # Images changes should be tested on their own workflow push: branches: @@ -16,6 +17,7 @@ on: - 'docs/**' - 'deploy/**' - '**.md' + - 'images/**' # Images changes should be tested on their own workflow workflow_dispatch: inputs: @@ -86,7 +88,7 @@ jobs: runs-on: ubuntu-latest needs: changes if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') steps: - name: Checkout @@ -147,7 +149,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }} + (needs.changes.outputs.charts == 'true') strategy: matrix: @@ -225,296 +227,44 @@ jobs: kubernetes: name: Kubernetes - runs-on: ubuntu-latest needs: - changes - build if: | - (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} - + (needs.changes.outputs.go == 'true') strategy: matrix: k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0] - - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: cache - uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 - with: - name: docker.tar.gz - - - name: Create Kubernetes ${{ matrix.k8s }} cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - - - name: Load images from cache - run: | - echo "loading docker images..." - gzip -dc docker.tar.gz | docker load - - - name: Run e2e tests - env: - KIND_CLUSTER_NAME: kind - SKIP_CLUSTER_CREATION: true - SKIP_IMAGE_CREATION: true - run: | - kind get kubeconfig > $HOME/.kube/kind-config-kind - make kind-e2e-test - - - name: Upload e2e junit-reports - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 - if: success() || failure() - with: - name: e2e-test-reports-${{ matrix.k8s }} - path: 'test/junitreports/report*.xml' + uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml + with: + k8s-version: ${{ matrix.k8s }} kubernetes-validations: name: Kubernetes with Validations - runs-on: ubuntu-latest needs: - changes - build if: | - (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} - + (needs.changes.outputs.go == 'true') strategy: matrix: k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0] - - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: cache - uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 - with: - name: docker.tar.gz - - - name: Create Kubernetes ${{ matrix.k8s }} cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - - - name: Load images from cache - run: | - echo "loading docker images..." - gzip -dc docker.tar.gz | docker load - - - name: Run e2e tests - env: - KIND_CLUSTER_NAME: kind - SKIP_CLUSTER_CREATION: true - SKIP_IMAGE_CREATION: true - ENABLE_VALIDATIONS: true - run: | - kind get kubeconfig > $HOME/.kube/kind-config-kind - make kind-e2e-test - - - name: Upload e2e junit-reports - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 - if: success() || failure() - with: - name: e2e-test-reports-validations-${{ matrix.k8s }} - path: 'test/junitreports/report*.xml' - + uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml + with: + k8s-version: ${{ matrix.k8s }} + variation: "VALIDATIONS" kubernetes-chroot: name: Kubernetes chroot - runs-on: ubuntu-latest needs: - changes - build if: | - (needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }} - + (needs.changes.outputs.go == 'true') strategy: matrix: k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0] - - steps: - - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: cache - uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 - with: - name: docker.tar.gz - - - name: Create Kubernetes ${{ matrix.k8s }} cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - - - name: Load images from cache - run: | - echo "loading docker images..." - gzip -dc docker.tar.gz | docker load - - - name: Run e2e tests - env: - KIND_CLUSTER_NAME: kind - SKIP_CLUSTER_CREATION: true - SKIP_IMAGE_CREATION: true - IS_CHROOT: true - run: | - kind get kubeconfig > $HOME/.kube/kind-config-kind - make kind-e2e-test - - - name: Upload e2e junit-reports - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 - if: success() || failure() - with: - name: e2e-test-reports-chroot-${{ matrix.k8s }} - path: 'test/junitreports/report*.xml' - - test-nginx-image-build: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - env: - PLATFORMS: linux/amd64,linux/arm64 - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - id: filter-images - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - nginx-base: - - 'images/nginx/**' - - name: nginx-base-image - if: ${{ steps.filter-images.outputs.nginx-base == 'true' }} - run: | - cd images/nginx/rootfs && docker build -t docker.io/nginx-test-workflow/nginx:${{ github.sha }} . - - name: Run Trivy on NGINX Image - if: ${{ steps.filter-images.outputs.nginx-base == 'true' }} - uses: aquasecurity/trivy-action@master - with: - image-ref: 'docker.io/nginx-test-workflow/nginx:${{ github.sha }}' - format: 'sarif' - ignore-unfixed: true - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to GitHub Security tab - if: ${{ steps.filter-images.outputs.nginx-base == 'true' && always() }} - uses: github/codeql-action/upload-sarif@v3.22.12 - with: - sarif_file: 'trivy-results.sarif' - - - test-image-build: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - env: - PLATFORMS: linux/amd64,linux/arm64 - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - id: filter-images - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - custom-error-pages: - - 'images/custom-error-pages/**' - cfssl: - - 'images/cfssl/**' - fastcgi-helloserver: - - 'images/fastcgi-helloserver/**' - echo: - - 'images/echo/**' - go-grpc-greeter-server: - - 'images/go-grpc-greeter-server/**' - httpbun: - - 'images/httpbun/**' - kube-webhook-certgen: - - 'images/kube-webhook-certgen/**' - ext-auth-example-authsvc: - - 'images/ext-auth-example-authsvc/**' - - name: custom-error-pages image build - if: ${{ steps.filter-images.outputs.custom-error-pages == 'true' }} - run: | - cd images/custom-error-pages && make build - - name: cfssl image build - if: ${{ steps.filter-images.outputs.cfssl == 'true' }} - run: | - cd images/cfssl && make build - - name: fastcgi-helloserver - if: ${{ steps.filter-images.outputs.fastcgi-helloserver == 'true' }} - run: | - cd images/fastcgi-helloserver && make build - - name: echo image build - if: ${{ steps.filter-images.outputs.echo == 'true' }} - run: | - cd images/echo && make build - - name: go-grpc-greeter-server image build - if: ${{ steps.filter-images.outputs.go-grpc-greeter-server == 'true' }} - run: | - cd images/go-grpc-greeter-server && make build - - name: httpbun image build - if: ${{ steps.filter-images.outputs.httpbin == 'true' }} - run: | - cd images/httpbun && make build - - name: kube-webhook-certgen image build - if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - run: | - cd images/kube-webhook-certgen && make build - - name: ext-auth-example-authsvc - if: ${{ steps.filter-images.outputs.ext-auth-example-authsvc == 'true' }} - run: | - cd images/ext-auth-example-authsvc && make build - - test-image: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - - runs-on: ubuntu-latest - - env: - PLATFORMS: linux/amd64 - - strategy: - matrix: - k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0] - - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - id: filter-images - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - kube-webhook-certgen: - - 'images/kube-webhook-certgen/**' - - - name: Create Kubernetes cluster - id: kind - if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - run: | - kind create cluster --image=kindest/node:${{ matrix.k8s }} - - - name: Set up Go - id: go - if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: '1.21.5' - check-latest: true - - - name: kube-webhook-certgen image build - if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }} - run: | - cd images/kube-webhook-certgen && make test test-e2e - + uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml + with: + k8s-version: ${{ matrix.k8s }} + variation: "CHROOT" diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 9cfb43a96..0a856adeb 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -2,13 +2,10 @@ name: golangci-lint on: pull_request: - push: branches: - - main - paths-ignore: - - 'docs/**' - - 'deploy/**' - - '**.md' + - "*" + paths: + - '**/*.go' permissions: contents: read diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml new file mode 100644 index 000000000..087c2b093 --- /dev/null +++ b/.github/workflows/images.yaml @@ -0,0 +1,172 @@ +name: Container Images + +on: + pull_request: + branches: + - "*" + paths: + - 'images/**' + + push: + branches: + - main + paths: + - 'images/**' + +permissions: + contents: read + +env: + PLATFORMS: linux/amd64 + +jobs: + changes: + permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests + runs-on: ubuntu-latest + outputs: + custom-error-pages: ${{ steps.filter.outputs.custom-error-pages }} + cfssl: ${{ steps.filter.outputs.cfssl }} + fastcgi-helloserver: ${{ steps.filter.outputs.fastcgi-helloserver }} + echo: ${{ steps.filter.outputs.echo }} + go-grpc-greeter-server: ${{ steps.filter.outputs.go-grpc-greeter-server }} + httpbun: ${{ steps.filter.outputs.httpbun }} + kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }} + ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }} + nginx: ${{ steps.filter.outputs.nginx }} + + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + id: filter + with: + token: ${{ secrets.GITHUB_TOKEN }} + filters: | + custom-error-pages: + - 'images/custom-error-pages/**' + cfssl: + - 'images/cfssl/**' + fastcgi-helloserver: + - 'images/fastcgi-helloserver/**' + echo: + - 'images/echo/**' + go-grpc-greeter-server: + - 'images/go-grpc-greeter-server/**' + httpbun: + - 'images/httpbun/**' + kube-webhook-certgen: + - 'images/kube-webhook-certgen/**' + ext-auth-example-authsvc: + - 'images/ext-auth-example-authsvc/**' + nginx: + - 'images/nginx/**' + + #### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here) + cfssl: + needs: changes + if: | + (needs.changes.outputs.cfssl == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: cfssl + + custom-error-pages: + needs: changes + if: | + (needs.changes.outputs.custom-error-pages == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: custom-error-pages + + echo: + needs: changes + if: | + (needs.changes.outputs.echo == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: echo + + ext-auth-example-authsvc: + needs: changes + if: | + (needs.changes.outputs.ext-auth-example-authsvc == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: ext-auth-example-authsvc + + fastcfgi-helloserver: + needs: changes + if: | + (needs.changes.outputs.fastcfgi-helloserver == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: fastcfgi-helloserver + + go-grpc-greeter-server: + needs: changes + if: | + (needs.changes.outputs.go-grpc-greeter-server == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: go-grpc-greeter-server + + httpbun: + needs: changes + if: | + (needs.changes.outputs.httpbun == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: httpbun + + kube-webhook-certgen: + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.kube-webhook-certgen == 'true') + strategy: + matrix: + k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0] + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Set up Go + id: go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: '1.21.5' + check-latest: true + - name: image build + run: | + cd images/kube-webhook-certgen && make build + - name: Create Kubernetes cluster + id: kind + run: | + kind create cluster --image=kindest/node:${{ matrix.k8s }} + - name: image test + run: | + cd images/kube-webhook-certgen && make test test-e2e + + nginx: + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.nginx == 'true') + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: nginx-base-image + run: | + cd images/nginx/rootfs && docker build -t docker.io/nginx-test-workflow/nginx:${{ github.sha }} . + - name: Run Trivy on NGINX Image + uses: aquasecurity/trivy-action@master + with: + image-ref: 'docker.io/nginx-test-workflow/nginx:${{ github.sha }}' + format: 'sarif' + ignore-unfixed: true + output: 'trivy-results.sarif' + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3.22.12 + with: + sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml new file mode 100644 index 000000000..40ca1e6fd --- /dev/null +++ b/.github/workflows/zz-tmpl-images.yaml @@ -0,0 +1,36 @@ +#### THIS IS A TEMPLATE #### +# This workflow is created to be a template for every time an e2e teest is required, + +on: + workflow_call: + inputs: + name: + required: true + type: string + platforms-test: + type: string + default: linux/amd64 + platforms-publish: + type: string + default: linux/amd64 + +env: + PLATFORMS: ${{ inputs.platforms-test }} + +permissions: + contents: read + +jobs: + image-build: + name: Build ${{ inputs.name }} + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Build + run: | + cd images/${{ inputs.name }} && make build + + diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml new file mode 100644 index 000000000..61e188941 --- /dev/null +++ b/.github/workflows/zz-tmpl-k8s-e2e.yaml @@ -0,0 +1,57 @@ +#### THIS IS A TEMPLATE #### +# This workflow is created to be a template for every time an e2e teest is required, + +on: + workflow_call: + inputs: + k8s-version: + required: true + type: string + variation: + type: string + +permissions: + contents: read + +jobs: + kubernetes: + name: Kubernetes ${{ inputs.variation }} + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: cache + uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 + with: + name: docker.tar.gz + + - name: Create Kubernetes ${{ inputs.k8s-version }} cluster + id: kind + run: | + kind create cluster --image=kindest/node:${{ inputs.k8s-version }} --config test/e2e/kind.yaml + + - name: Load images from cache + run: | + echo "loading docker images..." + gzip -dc docker.tar.gz | docker load + + - name: Run e2e tests ${{ inputs.variation }} + env: + KIND_CLUSTER_NAME: kind + SKIP_CLUSTER_CREATION: true + SKIP_IMAGE_CREATION: true + ENABLE_VALIDATIONS: ${{ inputs.variation == 'VALIDATIONS' }} + IS_CHROOT: ${{ inputs.variation == 'CHROOT' }} + run: | + kind get kubeconfig > $HOME/.kube/kind-config-kind + make kind-e2e-test + + - name: Upload e2e junit-reports ${{ inputs.variation }} + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 + if: success() || failure() + with: + name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }} + path: 'test/junitreports/report*.xml' + diff --git a/images/cfssl/rootfs/Dockerfile b/images/cfssl/rootfs/Dockerfile index 569756d79..8b8f1632e 100644 --- a/images/cfssl/rootfs/Dockerfile +++ b/images/cfssl/rootfs/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. FROM alpine:3.19.0 - +# BLA RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN apk update \